This release contains changes that address the following vulnerabilities:

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8

    * - Fix a bug in DNS resolution for externalName services
    * and PTR records that need to query from upstream nameserver.
* Fix machineID getting for vmss nodes when using instance metadata ([#62611](https://github.com/kubernetes/kubernetes/pull/62611), [@feiskyer](https://github.com/feiskyer))

    <glob pattern="*.sldprt" />
    <glob pattern="*.sldasm" />
    <glob pattern="*.slddrw" />
    <sub-class-of type="application/x-tika-msoffice" />
  </mime-type>

  <mime-type type="application/sparql-query">
    <glob pattern="*.rq"/>
  </mime-type>
  <mime-type type="application/sparql-results+xml">
    <glob pattern="*.srx"/>
  </mime-type>
  <mime-type type="application/spirits-event+xml"/>

	}

	// Read escaped copy source path to check for parameters.
	cpSrcPath := r.Header.Get(xhttp.AmzCopySource)
	var vid string
	if u, err := url.Parse(cpSrcPath); err == nil {
		vid = strings.TrimSpace(u.Query().Get(xhttp.VersionID))
		// Note that url.Parse does the unescaping
		cpSrcPath = u.Path
	}

	srcBucket, srcObject := path2BucketObject(cpSrcPath)

This release contains changes that address the following vulnerabilities:

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8

			mkGetReq(oi, "", caseNumber, sf)
			caseNumber++

			// No range requests are possible if the
			// object length is 0
			if objLen == 0 {
				continue
			}

			// Various ranges to query - all are valid!
			rangeHdrs := []string{
				// Read first byte of object
				fmt.Sprintf("bytes=%d-%d", 0, 0),
				// Read second byte of object
				fmt.Sprintf("bytes=%d-%d", 1, 1),

of type meta.k8s.io/v1alpha1 with Table, and contain column and row information related to the resource. Each row will contain information about the resource - by default it will be the object metadata, but callers can add the ?includeObject=Object query parameter and receive the full object. In the future kubectl will use this to retrieve the results of `kubectl get`. ([#40848](https://github.com/kubernetes/kubernetes/pull/40848), [@smarterclayton](https://github.com/smarterclayton))

*...

	if isLDAPSTS {
		// Need to lookup the groups from LDAP.
		_, ldapGroups, err := globalIAMSys.LDAPConfig.LookupUserDN(ldapUser)
		if err != nil {
			return fmt.Errorf("unable to query LDAP server for %s: %w", ldapUser, err)
		}

		cred.Groups = ldapGroups
	}

	// Set these credentials to IAM.

pkg database/sql/driver, type Conn interface, Begin //deprecated
pkg database/sql/driver, type Execer //deprecated
pkg database/sql/driver, type Queryer //deprecated
pkg database/sql/driver, type Stmt interface, Exec //deprecated
pkg database/sql/driver, type Stmt interface, Query //deprecated
pkg debug/gosym, method (*LineTable) LineToPC //deprecated
pkg debug/gosym, method (*LineTable) PCToLine //deprecated

        isomorphic to GraphDef and will be used to replace GraphDef-based (e.g.,
        Grappler) optimizations.
    *   Deprecated and removed `attrs()` function in shape inference. All
        attributes should be queried by name now (rather than range returned) to
        enable changing the underlying storage there.
    *   The following Python symbols were accidentally added in earlier versions