hn-authz/admission-controllers/#noderestriction). In authentication, we added alpha-level support for automounting improved service account tokens through projected volumes. We also enabled [audience validation in TokenReview](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.13/#tokenreview-v1-authentication-k8s-io) for the new tokens for improved scoping. Under audit logging, the new alpha-level "dynamic audit configuration" adds support for [dynamically registering webhooks to receive...

will have priority over `clientId` and/or `clientSecret`` existingClientSecret: "" existingClientIdKey: "" existingClientSecret: "" claimName: "policy" scopes: "openid,profile,email" redirectUri: "https://console-endpoint-url/oauth_callback" # Can leave empty claimPrefix: "" comment: "" displayName: "" networkPolicy: enabled: false # Specifies whether the policies created will be standard Network Policies (flavor: kubernetes) # or Cilium Network Policies (flavor: cilium) flavor: kubernetes allowExternal:...

will have priority over `clientId` and/or `clientSecret`` existingClientSecret: "" existingClientIdKey: "" existingClientSecret: "" claimName: "policy" scopes: "openid,profile,email" redirectUri: "https://console-endpoint-url/oauth_callback" # Can leave empty claimPrefix: "" comment: "" displayName: "" networkPolicy: enabled: false # Specifies whether the policies created will be standard Network Policies (flavor: kubernetes) # or Cilium Network Policies (flavor: cilium) flavor: kubernetes allowExternal:...

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-2)

* Fix metrics API group name in audit configuration ([#53493](https://github.com/kubernetes/kubernetes/pull/53493), [@piosz](https://github.com/piosz))
* Use separate client for leader election in scheduler to avoid starving leader election by regular scheduler operations. ([#53793](https://github.com/kubernetes/kubernetes/pull/53793), [@wojtek-t](https://github.com/wojtek-t))

- Changed the Pod API to support `resources` at `spec` level for pod-level resources. ([#128407](https://github.com/kubernetes/kubernetes/pull/128407), [@ndixita](https://github.com/ndixita)) [SIG API Machinery, Apps, CLI, Cluster Lifecycle, Node, Release, Scheduling and Testing]

        </field>
      </fields>
      <comment>We could probably have a specific element for a dev mailing list for things like CI,
        and maybe even a specific element for the user and scm mailing lists. Then leave the more
        lose structure for any other type of mailing list.</comment>
      <codeSegments>
        <codeSegment>
          <version>4.0.0+</version>
          <code>
            <![CDATA[
    /**

### Feature

- Add flag --lease-max-object-size and metric etcd_lease_object_counts for kube-apiserver to config and observe max objects attached to a single etcd lease. ([#97480](https://github.com/kubernetes/kubernetes/pull/97480), [@lingsamuel](https://github.com/lingsamuel)) [SIG API Machinery, Instrumentation and Scalability]

  - Expanded support for federated hybrid-cloud resources including ReplicaSets, Secrets, Namespaces and Events.
- **Security**
  - Increased pod-level security granularity (eg: Container Image Policies, AppArmor and `sysctl` support)
  - Increased cluster-level security granularity (eg: Access Review API)

## Features

2018..2023    ; valid                  ;      ; NV8    # 1.1  LEFT SINGLE QUOTATION MARK..TRIANGULAR BULLET
2024..2026    ; disallowed                             # 1.1  ONE DOT LEADER..HORIZONTAL ELLIPSIS
2027          ; valid                  ;      ; NV8    # 1.1  HYPHENATION POINT
2028..202E    ; disallowed                             # 1.1  LINE SEPARATOR..RIGHT-TO-LEFT OVERRIDE