- Service load balancers no longer exclude nodes marked unschedulable from the candidate nodes. The service load balancer exclusion label should be used instead.
  

    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind)

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-2)

     * log n) on average.
     *
     * <p>The online hash flooding detecting in RegularSetBuilderImpl.add can detect e.g. many
     * exactly matching hash codes, which would cause construction to take O(n^2), but can't detect
     * e.g. hash codes adversarially designed to go into ascending table locations, which keeps
     * construction O(n) (as desired) but then can have O(n) queries later.
     *

    /**
     * Copies properties from one Bean to another Bean.
     *
     * @param src The source Bean. Must not be {@literal null}.
     * @param dest The destination Bean. Must not be {@literal null}.
     */
    public static void copyBeanToBean(final Object src, final Object dest) {
        copyBeanToBean(src, dest, DEFAULT_OPTIONS);
    }

    /**
     * Copies properties from one Bean to another Bean.

    protected static final int DEFAULT_BUF_SIZE = 4096;

    // ////////////////////////////////////////////////////////////////
    // from InputStream to OutputStream
    //
    /**
     * Copies from an input stream to an output stream.
     * <p>
     * Neither the input stream nor the output stream is closed.
     * </p>
     *
     * @param in the input stream (must not be {@literal null})

* use valid_resources to replace kubectl.PossibleResourceTypes ([#30955](https://github.com/kubernetes/kubernetes/pull/30955), [@lojies](https://github.com/lojies))
* oidc auth provider: don't trim issuer URL ([#30944](https://github.com/kubernetes/kubernetes/pull/30944), [@ericchiang](https://github.com/ericchiang))

   * EndpointPair [N2, N1] - skip
   * EndpointPair [N2, N3] - return
   * Visited Nodes = {N1, N2}
   * EndpointPair [N3, N1] - skip
   * EndpointPair [N3, N2] - skip
   * Visited Nodes = {N1, N2, N3}
   * EndpointPair [N4, N4] - return
   * Visited Nodes = {N1, N2, N3, N4}
   * </pre>
   */
  private static final class Undirected<N> extends EndpointPairIterator<N> {

      assertThat(network.nodes()).isEmpty();
      assertThat(network.edges()).isEmpty();
      AbstractNetworkTest.validateNetwork(network);

      while (network.nodes().size() < NUM_NODES) {
        network.addNode(gen.nextInt(NODE_POOL_SIZE));
      }
      ArrayList<Integer> nodeList = new ArrayList<>(network.nodes());
      for (int i = 0; i < NUM_EDGES; ++i) {

      assertThat(graph.nodes()).isEmpty();
      assertThat(graph.edges()).isEmpty();
      AbstractGraphTest.validateGraph(graph);

      while (graph.nodes().size() < NUM_NODES) {
        graph.addNode(gen.nextInt(NODE_POOL_SIZE));
      }
      ArrayList<Integer> nodeList = new ArrayList<>(graph.nodes());
      while (graph.edges().size() < NUM_EDGES) {