- Enabled use of pods with volumes and user namespaces. The feature gate was renamed...

- Wait for all CRDs to show up in discovery endpoint before reporting readiness. ([#89145](https://github.com/kubernetes/kubernetes/pull/89145), [@sttts](https://github.com/sttts)) [SIG API Machinery]
- When evicting, Pods in Pending state are removed without checking PDBs. ([#83906](https://github.com/kubernetes/kubernetes/pull/83906), [@michaelgugino](https://github.com/michaelgugino)) [SIG API Machinery, Apps, Node and Scheduling]

    * The apiserver also now takes an optional flag "--maximum-startup-sequence-duration". This allows you to explicitly define an upper bound on the apiserver startup sequences before healthz begins to fail. By keeping the kubelet liveness initial delay short, this can enable quick kubelet recovery as soon as we have a boot sequence which has not completed in our expected time frame, despite lack of completion from longer boot sequences (like RBAC). Kube-apiserver...

bg: #{$table-hover-bg};\n\n  width: 100%;\n  margin-bottom: $spacer;\n  vertical-align: $table-cell-vertical-align;\n  border-color: var(--#{$prefix}table-border-color);\n\n  // Target th & td\n  // We need the child combinator to prevent styles leaking to nested tables which doesn't have a `.table` class.\n  // We use the universal selectors here to simplify the selector (else we would need 6 different selectors).\n  // Another advantage is that this generates less code and makes the selector less...

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

There is no mitigation from this issue.  Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties.

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

There is no mitigation from this issue.  Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties.

1F930         ; valid                  ;      ; NV8    # 9.0  PREGNANT WOMAN
1F931..1F932  ; valid                  ;      ; NV8    # 10.0 BREAST-FEEDING..PALMS UP TOGETHER
1F933..1F93E  ; valid                  ;      ; NV8    # 9.0  SELFIE..HANDBALL
1F93F         ; valid                  ;      ; NV8    # 12.0 DIVING MASK

s[0] = byteorder.BEUint64(x[24:]) s[1] = byteorder.BEUint64(x[16:]) s[2] = byteorder.BEUint64(x[8:]) s[3] = byteorder.BEUint64(x[:]) // Ensure s is in the range [0, ord(G)-1]. Since 2 * ord(G) > 2²⁵⁶, we can // just conditionally subtract ord(G), keeping the result if it doesn't // underflow. t0, b := bits.Sub64(s[0], 0xf3b9cac2fc632551, 0) t1, b := bits.Sub64(s[1], 0xbce6faada7179e84, b) t2, b := bits.Sub64(s[2], 0xffffffffffffffff, b) t3, b := bits.Sub64(s[3], 0xffffffff00000000, b) tMask := b -...

pkg net/http/httputil, method (*ClientConn) Do(*http.Request) (*http.Response, error)
pkg net/http/httputil, method (*ClientConn) Hijack() (net.Conn, *bufio.Reader)
pkg net/http/httputil, method (*ClientConn) Pending() int
pkg net/http/httputil, method (*ClientConn) Read(*http.Request) (*http.Response, error)
pkg net/http/httputil, method (*ClientConn) Write(*http.Request) error