- [Important Security Information](#important-security-information-1)
    - [CVE-2021-25735: Validating Admission Webhook does not observe some previous fields](#cve-2021-25735-validating-admission-webhook-does-not-observe-some-previous-fields)
  - [Changes by Kind](#changes-by-kind-6)
    - [API Change](#api-change-1)
    - [Feature](#feature-4)
    - [Bug or Regression](#bug-or-regression-5)

* Fix device mountable volume names in DSW to prevent races in device mountable plugin, e.g. local. ([#71509](https://github.com/kubernetes/kubernetes/pull/71509), [@cofyc](https://github.com/cofyc))
* Fixes a bug in previous releases where a pod could be placed inside another pod's cgroup when specifying --cgroup-root ([#70678](https://github.com/kubernetes/kubernetes/pull/70678), [@dashpole](https://github.com/dashpole))

For initial installations, see the [Setup topics](https://kubernetes.io/docs/setup/pick-right-solution/) in the Kubernetes documentation.

To upgrade to this release from a previous version, first take any actions required [Before Upgrading](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.9.md#before-upgrading).

	MOVQ DR7, SI // 0f21fe
	// Test other movtab entries.
	PUSHQ GS // 0fa8
	PUSHQ FS // 0fa0
	POPQ FS  // 0fa1
	POPQ GS  // 0fa9
	// All instructions below semantically have unsigned operands,
	// but previous assembler permitted negative arguments.
	// This behavior is preserved for compatibility reasons.
	VPSHUFD $-79, X7, X7         // c5f970ffb1
	RORXL $-1, (AX), DX          // c4e37bf010ff

  - [Important Security Information](#important-security-information-1)
    - [CVE-2021-25735: Validating Admission Webhook does not observe some previous fields](#cve-2021-25735-validating-admission-webhook-does-not-observe-some-previous-fields)
  - [Changes by Kind](#changes-by-kind-9)
    - [API Change](#api-change-2)
    - [Feature](#feature-5)
    - [Bug or Regression](#bug-or-regression-9)

    assertEquals(0, iterator.nextIndex());
    assertEquals(-1, iterator.previousIndex());
    assertThrows(NoSuchElementException.class, () -> iterator.next());
    assertThrows(NoSuchElementException.class, () -> iterator.previous());
    assertThrows(UnsupportedOperationException.class, () -> iterator.remove());
    assertThrows(UnsupportedOperationException.class, () -> iterator.set("a"));

				}
				addedFiles := 0
			compareFile:
				for otherKey, other := range files[partIdx] {
					addedFiles++
					if attempt > 0 && len(m.filled) == len(combineFilled) {
						fmt.Println("Merging previous global data")
						filled := 0
						missing := 0
						for i, v := range combineFilled {
							if v == 1 {
								m.filled[i] = 1
								m.mapped[i] = combineShared[i]
								filled++

## Urgent Upgrade Notes

### (No, really, you MUST do this before you upgrade)

Setting the `status.loadBalancer` of a Service whose `spec.type` is not `LoadBalancer` was previously allowed, but any update to the `metadata` or `spec` would wipe that field. Setting this field is no longer permitted unless `spec.type` is  `LoadBalancer`.  In the very unlikely event that this has unexpected impact, you can enable the `AllowServiceLBStatusOnNonLB` feature gate, which will restore the previous behavior.  If you do need to set this, please file an issue with the Kubernetes project to...

The assembler also supports some (not necessarily all) addressing modes
specific to each architecture.
The sections below list these.
</p>

<p>
One detail evident in the examples from the previous sections is that data in the instructions flows from left to right:
<code>MOVQ</code> <code>$0,</code> <code>CX</code> clears <code>CX</code>.