- [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-14)

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-7)

    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind)
    - [Feature](#feature)

### SIG VMWare

- The vmUUID is now preserved when renewing nodeinfo in the vSphere cloud provider. ([#66007](https://github.com/kubernetes/kubernetes/pull/66007), [@w-leads](https://github.com/w-leads))

* Preserve vmUUID when renewing nodeinfo in vSphere cloud provider ([#66007](https://github.com/kubernetes/kubernetes/pull/66007), [@w-leads](https://github.com/w-leads))



# v1.10.6

[Documentation](https://docs.k8s.io) & [Examples](https://releases.k8s.io/release-1.10/examples)

## Downloads for v1.10.6


filename | sha256 hash

* Preserve vmUUID when renewing nodeinfo in vSphere cloud provider ([#66007](https://github.com/kubernetes/kubernetes/pull/66007), [@w-leads](https://github.com/w-leads))



# v1.11.1

[Documentation](https://docs.k8s.io)

## Downloads for v1.11.1


filename | sha256 hash
-------- | -----------

little-endian, the rightmost bits are the most significant // bits (dropped with a mask) and the leftmost bits are the least // significant bits (dropped with a right shift). var a nttElement var j int // index into a var buf [24]byte // buffered reads from B off := len(buf) // index into buf, starts in a "buffer fully consumed" state for { if off >= len(buf) { B.Read(buf[:]) off = 0 } d1 := byteorder.LEUint16(buf[off:]) & 0b1111_1111_1111 d2 := byteorder.LEUint16(buf[off+1:]) >> 4 off += 3 if d1...

* Fix issue that vSphere cloud provider cannot delete volume which is provisioned in datastore specified in storageclass ([#65550](https://github.com/kubernetes/kubernetes/pull/65550), [@w-leads](https://github.com/w-leads))
* Fix a scalability issue where high rates of event writes degraded etcd performance. ([#64539](https://github.com/kubernetes/kubernetes/pull/64539), [@ccding](https://github.com/ccding))

network, you should also make sure that it provides a way for users to
get its source.  For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code.  There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.

- New configuration is introduced to the kubelet that allows it to track container images and the list of authentication information that leads to their successful pulls. This data is persisted across reboots of the host and restarts of the kubelet.