- [Server Binaries](#server-binaries-4)
    - [Node Binaries](#node-binaries-4)
    - [Container Images](#container-images-4)
  - [Changelog since v1.28.0](#changelog-since-v1280)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
  - [Changes by Kind](#changes-by-kind-4)
    - [Deprecation](#deprecation)

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-8)

APIs are disabled by default.

* The `system:node` role is no longer automatically granted to the `system:nodes` group in new clusters. The role gives broad read access to resources, including secrets and configmaps. Use the `Node` authorization mode to authorize the nodes in new clusters. To continue providing the `system:node` role to the members of the `system:nodes` group, create an installation-specific `ClusterRoleBinding` in the installation. ([#49638](https://github.com/kubern...

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-7)

pkg syscall (darwin-arm64), const NOTE_LINK = 16
pkg syscall (darwin-arm64), const NOTE_LINK ideal-int
pkg syscall (darwin-arm64), const NOTE_LOWAT = 1
pkg syscall (darwin-arm64), const NOTE_LOWAT ideal-int
pkg syscall (darwin-arm64), const NOTE_NONE = 128
pkg syscall (darwin-arm64), const NOTE_NONE ideal-int
pkg syscall (darwin-arm64), const NOTE_NSECONDS = 4

- [`KT-46047`](https://youtrack.jetbrains.com/issue/KT-46047) FIR: incorrect type of integer literals
- [`KT-57487`](https://youtrack.jetbrains.com/issue/KT-57487) [K2/N] Stdlib ArraysTest fails with `Class found but error nodes are not allowed`
- [`KT-56951`](https://youtrack.jetbrains.com/issue/KT-56951) K2: False negative error on compound assignment for property of type Byte

pkg syscall (netbsd-arm64-cgo), const NOTE_EXIT = 2147483648
pkg syscall (netbsd-arm64-cgo), const NOTE_EXIT ideal-int
pkg syscall (netbsd-arm64-cgo), const NOTE_EXTEND = 4
pkg syscall (netbsd-arm64-cgo), const NOTE_EXTEND ideal-int
pkg syscall (netbsd-arm64-cgo), const NOTE_FORK = 1073741824
pkg syscall (netbsd-arm64-cgo), const NOTE_FORK ideal-int
pkg syscall (netbsd-arm64-cgo), const NOTE_LINK = 16

  // NodeTaintsPolicy indicates how we will treat node taints when calculating
  // pod topology spread skew. Options are:
  // - Honor: nodes without taints, along with tainted nodes for which the incoming pod
  // has a toleration, are included.
  // - Ignore: node taints are ignored. All nodes are included.
  //
  // If this value is nil, the behavior is equivalent to the Ignore policy.