* want to accept ASCII digits only, you can use something like {@code
   * CharMatcher.ascii().matchesAllOf(ipString)}.
   *
   * <p>The scope ID is validated against the interfaces on the machine, which requires permissions
   * under Android.
   *
   * <p><b>Android users on API >= 29:</b> Prefer {@code InetAddresses.parseNumericAddress}.
   *

- Pod Affinity/AntiAffinity label selectors are now validated in the pod affinity score plugin ([#93758](https://github.com/kubernetes/kubernetes/pull/93758), [@damemi](https://github.com/damemi)) [SIG Scheduling]

    - Leaked File descriptors ([#275](https://github.com/docker/containerd/issues/275))
    - Additional memory overhead per container ([#21737]((https://github.com/docker/docker/issues/21737))
  * Docker version 1.12.1 [has been validated](https://github.com/kubernetes/kubernetes/issues/28698) through the Kubernetes docker automated validation framework as has Docker version 1.12.3

- The minimum value validation of ReplicationController's `replicas` and `minReadySeconds` fields have been migrated to declarative validation. The requiredness of both fields is also declaratively validated.
  If the `DeclarativeValidation` feature gate is enabled, mismatches with existing validation are reported via metrics.

  - This changes the tokens provided to containers at `/var/run/secrets/kubernetes.io/serviceaccount/token` to be time-limited, auto-refreshed, and invalidated when the containing pod is deleted.

  }

  @Test
  fun requestMaxStaleNotHonoredWithMustRevalidate() {
    server.enqueue(
      MockResponse
        .Builder()
        .body("A")
        .addHeader("Cache-Control: max-age=120, must-revalidate")
        .addHeader("Date: " + formatDate(-4, TimeUnit.MINUTES))
        .build(),
    )
    server.enqueue(
      MockResponse
        .Builder()
        .body("B")
        .build(),

- Kubeadm now propagates proxy environment variables to kube-proxy ([#84559](https://github.com/kubernetes/kubernetes/pull/84559), [@yastij](https://github.com/yastij))
- Update the latest validated version of Docker to 19.03 ([#84476](https://github.com/kubernetes/kubernetes/pull/84476), [@neolit123](https://github.com/neolit123))

    You can disable CRI explicitly (`--enable-cri=false`) as a
    temporary workaround.
      * The standard `bridge` plugin have been validated to interoperate with
         the new CRI + CNI code path.
      * If you are using plugins other than `bridge`, make sure you have
        updated custom plugins to the latest version that is compatible.

    * 4. Max 20 bit for range (min network bits `<v6>/108` or <v4>/12)
    * kube-controller-manager: convert service CIDR to list `--service-cluster-ip-range=<CIDR>,<CIDR>` and make sure `IPv6DualStack` feature flag is turned on. The flag is validated as above.
    * + to use:

Continuous integration builds use Docker versions 1.11.2, 1.12.6, 1.13.1,
and 17.03.2. These versions were validated on Kubernetes 1.8. However,
consult an appropriate installation or upgrade guide before deciding what
versions of Docker to use.

- Docker 1.13.1 and 17.03.2

    - Shared PID namespace, live-restore, and overlay2 were validated.

    - **Known issues**