In Namespaces that previously did not have the "DefaultDeny" annotation, you should delete any existing NetworkPolicy objects. These had no effect in the v1beta1 API, but with v1 semantics they might cause some traffic to be unintentionally blocked.


### Storage

- Extended ContainerStatus CRI API to allow runtime response with container resource requests and limits that are in effect.
  - UpdateContainerResources CRI API now supports both Linux and Windows. ([#111645](https://github.com/kubernetes/kubernetes/pull/111645), [@vinaykul](https://github.com/vinaykul))

- The OpenAPI spec and documentation now reflect the 202 Accepted response path for delete requests. Note that this change in the openapi spec may affect some clients that depend on the error paths.  ([#63418](https://github.com/kubernetes/kubernetes/pull/63418), [@roycaihw](https://github.com/roycaihw))

will use the local kube-apiserver endpoint for the kubelet when creating a cluster with `kubeadm init` or when joining control plane nodes with `kubeadm join`. Enabling the feature gate also affects the `kubeadm init phase kubeconfig kubelet` phase, where the flag `--control-plane-endpoint` no longer affects the generated kubeconfig `Server` field, but the flag `--apiserver-advertise-address` can now be used for the same purpose. ([#129956](https://github.com/kubernetes/kubernetes/pull/129956), ...

        byte[] r15 = NtlmUtil.getPreNTLMResponse(cifsContext, password15, challenge);

        // Assert: equal because only first 14 OEM bytes are used
        assertArrayEquals(r14, r15, "Only first 14 OEM bytes affect Pre-NTLM response");
        assertEquals(24, r14.length);

        // Verify collaborator interactions
        verify(cifsContext, atLeastOnce()).getConfig();

longer crash when a DRA(Dynamic Resource Allocation) driver returns a nil as part of the Node(Un)PrepareResources response instead of an empty struct (Did not affect drivers written in Go, first showed up with a driver written in Rust). returns a nil as part of the Node(Un)PrepareResources response instead of an empty struct (did not affect drivers written in Go, first showed up with a driver written in Rust). ([#124091](https://github.com/kubernetes/kubernetes/pull/124091), [@bitoku](https://github.com/bitoku))...

   * (key) bits 'affects' a strictly smaller set of output bits. Funneling is bad because it can
   * result in more-than-ideal collisions for a non-uniformly distributed key space. In practice,
   * most key spaces are ANYTHING BUT uniformly distributed. A bit(i) in the input is said to
   * 'affect' a bit(j) in the output if two inputs, identical but for bit(i), will differ at output

 * `-android` "flavors.")
 *
 * (We could consider releasing a listenablefuture:1.0.1 someday. But we would want to look into how
 * that affects users, especially users of the Android Gradle Plugin, since the plugin developers
 * put in a special hack for us: https://issuetracker.google.com/issues/131431257)
 */

- hyperkube: Use debian-hyperkube-base@v1.1.0 image
  
    A previous release built hyperkube using the debian-hyperkube-base@v1.0.0,
    which was updated to address a CVE in the CNI plugins.
    
    A side-effect of using this new image was that the networking packages
    (namely `iptables`) drifted from the versions used in the kube-proxy images.
  
    The following issues were filed on kube-proxy failures when using hyperkube:

        String retrievedPassword = authenticator.getPassword();
        assertEquals("charArrayPassword", retrievedPassword, "Password should match");

        // Modify original array - should not affect stored password
        passwordChars[0] = 'X';
        String retrievedPassword2 = authenticator.getPassword();