- Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet. ([#120055](https://github.com/kubernetes/kubernetes/pull/120055), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node]

* Updates Cinder AttachDisk operation to be more reliable by delegating Detaches to volume manager. ([#50042](https://github.com/kubernetes/kubernetes/pull/50042), [@jingxu97](https://github.com/jingxu97))

odaZd5EBNzrr/CKaDAivj60uC9nEEZX3k/Hb9il/tLGPr1m32xHeYGAT2iuz==","X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm":"DAREv2-HMAC-SHA256","content-type":"text/plain"}},{"Bucket":"buck1","Name":"go_113/src/cmd/go/testdata/modlegacy/src/new/sub/inner/go.mod","UserDef":{"X-Minio-Internal-Server-Side-Encryption-Iv":"cOc9vbeXH/unNrvRc7m69u1CMfc8pR=","X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id":"my-minio-key","X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key":"IAAfAMqJ0EyJ4B0b7...

- Added new option to the `InterPodAffinity` scheduler plugin to ignore existing
  pods` preferred inter-pod affinities if the incoming pod has no preferred inter-pod
  affinities. This option can be used as an optimization for higher scheduling throughput
  (at the cost of an occasional pod being scheduled non-optimally/violating existing
  pods preferred inter-pod affinities). To enable this scheduler option, set the

* Added bool type support for jsonpath. ([#39063](https://github.com/kubernetes/kubernetes/pull/39063), [@xingzhou](https://github.com/xingzhou))
* Preventing nil pointer reference in client_config ([#40508](https://github.com/kubernetes/kubernetes/pull/40508), [@vjsamuel](https://github.com/vjsamuel))

- Fixes a 1.28 regression handling negative index json patches ([#120329](https://github.com/kubernetes/kubernetes/pull/120329), [@liggitt](https://github.com/liggitt)) [SIG API Machinery]
- Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet. ([#120053](https://github.com/kubernetes/kubernetes/pull/120053), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node]

- Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet. ([#120056](https://github.com/kubernetes/kubernetes/pull/120056), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node]

  
  When we switched to go-runner for building the apiserver,
  controller-manager, and scheduler server components, we no longer
  reference the individual architectures in the image names, specifically
  in the 'FROM' directive of the server image Dockerfiles.
  
  As a result, server images for non-amd64 images copy in the go-runner
  amd64 binary instead of the go-runner that matches that architecture.
  

*   Fixes a null pointer dereference in `CompressElement`
    ([CVE-2021-37637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37637))
*   Fixes a null pointer dereference in `RaggedTensorToTensor`
    ([CVE-2021-37638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37638))
*   Fixes a null pointer dereference and a heap OOB read arising from operations
    restoring tensors