* [fluentd-gcp addon] Bug with event-exporter leaking memory on metrics in clusters with CA is fixed. ([#52263](https://github.com/kubernetes/kubernetes/pull/52263), [@crassirostris](https://github.com/crassirostris))



# v1.7.6

    <sub-class-of type="application/x-bplist"/>
    <glob pattern="*.webarchive"/>
  </mime-type>

  <mime-type type="application/x-x509-cert">
    <alias type="application/x-x509-ca-cert"/>
    <alias type="application/x-x509-user-cert"/>
    <glob pattern="*.crt"/>
  </mime-type>
  <mime-type type="application/x-x509-cert;format=pem">
    <sub-class-of type="application/x-x509-cert"/>

### Feature

- Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync.

AA,SACA,IAAA,EACA,MAAA,EACA,QAAA,EACA,QAAA,OAAA,QACA,MAAA,QAUF,eC/CA,MAAA,QpBKE,iBAAA,QoBHF,aAAA,QAEA,kBACE,iBAAA,QAGF,2BACE,MAAA,QDsCF,iBC/CA,MAAA,QpBKE,iBAAA,QoBHF,aAAA,QAEA,oBACE,iBAAA,QAGF,6BACE,MAAA,QDsCF,eC/CA,MAAA,QpBKE,iBAAA,QoBHF,aAAA,QAEA,kBACE,iBAAA,QAGF,2BACE,MAAA,QDsCF,YC/CA,MAAA,QpBKE,iBAAA,QoBHF,aAAA,QAEA,eACE,iBAAA,QAGF,wBACE,MAAA,QDsCF,eC/CA,MAAA,QpBKE,iBAAA,QoBHF,aAAA,QAEA,kBACE,iBAAA,QAGF,2BACE,MAAA,QDsCF,cC/CA,MAAA,QpBKE,iBAAA,QoBHF,aAAA,QAEA,iBACE,iBAAA,QAGF,0BACE,MAAA,QDsCF...

**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Feature

- Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync.

EAAA,EAAA,KAMF,IHyEA,IGvEE,eAAA,OAQF,MACE,aAAA,OACA,gBAAA,SAGF,QACE,YAAA,MACA,eAAA,MACA,MAAA,0BACA,WAAA,KAOF,GAEE,WAAA,QACA,WAAA,qBHkEF,MAGA,GAFA,MAGA,GGnEA,MHiEA,GG3DE,aAAA,QACA,aAAA,MACA,aAAA,EAQF,MACE,QAAA,aAMF,OAEE,cAAA,EAQF,iCACE,QAAA,EHoDF,OG/CA,MHiDA,SADA,OAEA,SG7CE,OAAA,EACA,YAAA,QF3HI,UAAA,QE6HJ,YAAA,QAIF,OH8CA,OG5CE,eAAA,KAKF,cACE,OAAA,QAGF,OAGE,UAAA,OAGA,gBACE,QAAA,EAOJ,0IACE,QAAA,eHwCF,cACA,aACA,cGlCA,OAIE,mBAAA,OHkCF,6BACA,4BACA,6BGjCI,sBACE,OAAA,QAON,mBACE,QAAA,EACA,aAAA,KAKF,SACE,...

non-canonical encodings that are accepted are // 1) the ones where the field element is not reduced (see the // (*field.Element).SetBytes docs) and // 2) the ones where the x-coordinate is zero and the sign bit is set. // // Read more at https://hdevalence.ca/blog/2020-10-04-its-25519am, // specifically the "Canonical A, R" section. y, err := new(field.Element).SetBytes(x) if err != nil { return nil, errors.New("edwards25519: invalid point encoding length") } // -x² + y² = 1 + dx²y² // x² + dx²y² = x²(dy²...

non-canonical encodings that are accepted are // 1) the ones where the field element is not reduced (see the // (*field.Element).SetBytes docs) and // 2) the ones where the x-coordinate is zero and the sign bit is set. // // Read more at https://hdevalence.ca/blog/2020-10-04-its-25519am, // specifically the "Canonical A, R" section. y, err := new(field.Element).SetBytes(x) if err != nil { return nil, errors.New("edwards25519: invalid point encoding length") } // -x² + y² = 1 + dx²y² // x² + dx²y² = x²(dy²...