* Fix a string comparison bug in IPVS graceful termination where UDP real servers are not deleted. ([#78999](https://github.com/kubernetes/kubernetes/pull/78999), [@andrewsykim](https://github.com/andrewsykim))

- Makes kubelet's /metrics/slis endpoint always available ([#130084](https://github.com/kubernetes/kubernetes/pull/130084), [@richabanker](https://github.com/richabanker)) [SIG Architecture, Instrumentation and Node]

- Fix endpoint reconciler not being able to delete the apiserver lease on shutdown ([#114137](https://github.com/kubernetes/kubernetes/pull/114137), [@aojea](https://github.com/aojea)) [SIG API Machinery]
- Resolves an issue that causes winkernel proxier to treat stale VIPs as valid ([#113558](https://github.com/kubernetes/kubernetes/pull/113558), [@daschott](https://github.com/daschott)) [SIG Network and Windows]

*   Fixes a security vulnerability caused by accessing heap data outside of
    bounds when loading a specially crafted `SavedModel`
    ([CVE-2020-26271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26271))
*   Solves an OOM issue on TPUs when XLA contexts use fused average updates
*   Updates `libjpeg-turbo` to `2.0.5` to handle
    [CVE-2020-13790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790).

### Upgrades

* ⬆️ Upgrade Starlette to 0.25.0. PR [#5996](https://github.com/tiangolo/fastapi/pull/5996) by [@tiangolo](https://github.com/tiangolo).
    * This solves a vulnerability that could allow denial of service attacks by using many small multipart fields/files (parts), consuming high CPU and memory.
    * Only applications using forms (e.g. file uploads) could be affected.

numbers. For more details and proof of // correctness, see https://github.com/mit-plv/fiat-crypto/pull/333/files. // // Following the proof linked in the PR above, the changes are: // // 1. Negate [B] and [C] so they are positive. The invariant now involves a // subtraction. // 2. If step 2 (both [x] and [y] are even) runs, abort immediately. This // case needs to be handled by the caller. // 3. Subtract copies of [x] and [y] as needed in step 6 (both [u] and [v] // are odd) so coefficients stay in...

numbers. For more details and proof of // correctness, see https://github.com/mit-plv/fiat-crypto/pull/333/files. // // Following the proof linked in the PR above, the changes are: // // 1. Negate [B] and [C] so they are positive. The invariant now involves a // subtraction. // 2. If step 2 (both [x] and [y] are even) runs, abort immediately. This // case needs to be handled by the caller. // 3. Subtract copies of [x] and [y] as needed in step 6 (both [u] and [v] // are odd) so coefficients stay in...