- Kube-proxy now trims extra spaces found in loadBalancerSourceRanges to match Service validation. ([#94107](https://github.com/kubernetes/kubernetes/pull/94107), [@robscott](https://github.com/robscott)) [SIG Network]

## Dependencies

### Added

	quarkus/extensions/smallrye-stork/runtime/pom.xml
	quarkus/core/deployment/pom.xml
	quarkus/extensions/arc/deployment/pom.xml
	quarkus/extensions/vertx/deployment/pom.xml
quarkus/integration-tests/simple with space/pom.xml
	quarkus/extensions/resteasy-classic/resteasy/runtime/pom.xml
	quarkus/test-framework/junit5/pom.xml
quarkus/extensions/resteasy-reactive/rest-client-reactive-jaxb/deployment/pom.xml

- Fixed a 1.26.7 regression where kube-controller-manager can crash when StatefulSet with Parallel policy and PVC labels is scaled up. ([#121186](https://github.com/kubernetes/kubernetes/pull/121186), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps]

- Fixed a 1.28.0 regression where kube-controller-manager can crash when StatefulSet with Parallel policy and PVC labels is scaled up. ([#121184](https://github.com/kubernetes/kubernetes/pull/121184), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps]

* When creating a service with annotation: service.beta.kubernetes.io/load-balancer-source-ranges containing multiple source ranges and service.beta.kubernetes.io/azure-shared-securityrule: "false",  the NSG rules will be collapsed. ([#71484](https://github.com/kubernetes/kubernetes/pull/71484), [@ritazh](https://github.com/ritazh))

additional terms that apply to those files, or a notice indicating
where to find the applicable terms.

  Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.

  8. Termination.

  You may not propagate or modify a covered work except as expressly

## Changelog since v1.15.0

### Other notable changes

* kubeadm: implement support for concurrent add/remove of stacked etcd members ([#79677](https://github.com/kubernetes/kubernetes/pull/79677), [@neolit123](https://github.com/neolit123))

**Detection**:

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact ******@****.***

**Additional Details**:

### Detection

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact ******@****.***

#### Additional Details

pkg syscall (linux-386), type TCPInfo struct, Rto uint32
pkg syscall (linux-386), type TCPInfo struct, Rtt uint32
pkg syscall (linux-386), type TCPInfo struct, Rttvar uint32
pkg syscall (linux-386), type TCPInfo struct, Sacked uint32
pkg syscall (linux-386), type TCPInfo struct, Snd_cwnd uint32
pkg syscall (linux-386), type TCPInfo struct, Snd_mss uint32
pkg syscall (linux-386), type TCPInfo struct, Snd_ssthresh uint32