request itself.
 *  New: `Headers.Builder.addAll(Headers)`.
 *  New: `ResponseBody.create(MediaType, ByteString)`.
 *  New: Embed R8/ProGuard rules in the jar. These will be applied automatically by R8.
 *  Fix: Release the connection if `Authenticator` throws an exception.
 *  Fix: Change the declaration of `OkHttpClient.cache()` to return a `@Nullable Cache`. The return

  - [Important Security Information](#important-security-information-2)
    - [CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2023-2728-bypassing-enforce-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin)
  - [Changes by Kind](#changes-by-kind-4)
    - [Feature](#feature-4)
    - [Bug or Regression](#bug-or-regression-4)

    * try to only update vm if detach a non-existing disk when got <200, error> after detach disk operation
* kubeadm: fix a regression related to taints not being applied from JoinConfiguration ([#79107](https://github.com/kubernetes/kubernetes/pull/79107), [@joerocklin](https://github.com/joerocklin))

- Update pause container to run as pseudo user and group `65535:65535`. This implies the release of version 3.5 of the container images. ([#97963](https://github.com/kubernetes/kubernetes/pull/97963), [@saschagrunert](https://github.com/saschagrunert)) [SIG CLI, Cloud Provider, Cluster Lifecycle, Node, Release, Security and Testing]...

* fixes a panic applying json patches containing out of bounds operations ([#64355](https://github.com/kubernetes/kubernetes/pull/64355), [@liggitt](https://github.com/liggitt))
* Fixed NoTaintMaster to remove master taint and keep all other applied taints.  ([#64986](https://github.com/kubernetes/kubernetes/pull/64986), [@ashleyschuett](https://github.com/ashleyschuett))

  - [Changelog since v1.29.3](#changelog-since-v1293)
  - [Important Security Information](#important-security-information-2)
    - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin)
  - [Changes by Kind](#changes-by-kind-11)
    - [Feature](#feature-7)
    - [Bug or Regression](#bug-or-regression-8)

  - [beta] AppArmor profiles can be specified & applied to pod containers ([docs](http://kubernetes.io/docs/admin/apparmor/)) ([kubernetes/features#24](https://github.com/kubernetes/enhancements/issues/24))

  * New commands

    * Add `kubectl config rename-context` ([#46114](https://github.com/kubernetes/kubernetes/pull/46114), [@arthur0](https://github.com/arthur0))

    * Add `kubectl apply edit-last-applied` subcommand ([#42256](https://github.com/kubernetes/kubernetes/pull/42256), [@shiywang](https://github.com/shiywang))

  * Strategic Merge Patch

  username.expression or extra[*].valueExpression or claimValidationRules[*].expression.
  An example claim validation rule expression that matches the validation automatically
  applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true) == true'. 
  By explicitly comparing the value to true, we let type-checking see the result will be a boolean, 

  - [Changelog since v1.28.8](#changelog-since-v1288)
  - [Important Security Information](#important-security-information-1)
    - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin)
  - [Changes by Kind](#changes-by-kind-6)
    - [Feature](#feature-4)
    - [Bug or Regression](#bug-or-regression-6)