* azure: fix Azure Container Registry integration ([#40142](https://github.com/kubernetes/kubernetes/pull/40142), [@colemickens](https://github.com/colemickens))
* azure disk: restrict name length for Azure specifications ([#40030](https://github.com/kubernetes/kubernetes/pull/40030), [@colemickens](https://github.com/colemickens))

* Try self-repair scheduler cache or panic ([#37379](https://github.com/kubernetes/kubernetes/pull/37379), [@wojtek-t](https://github.com/wojtek-t))

### Volume Plugins

#### Azure Disk
* restrict name length for Azure specifications ([#40030](https://github.com/kubernetes/kubernetes/pull/40030), [@colemickens](https://github.com/colemickens))

#### GlusterFS

  * Mark all static pods on the Master node as critical to prevent preemption ([#47356](https://github.com/kubernetes/kubernetes/pull/47356), [@dashpole](https://github.com/dashpole))

  * Restrict active deadline seconds max allowed value to be maximum uint32 to avoid overflow ([#46640](https://github.com/kubernetes/kubernetes/pull/46640), [@derekwaynecarr](https://github.com/derekwaynecarr))

* kubectl: add the --no-headers flag to `kubectl top ...` ([#67890](https://github.com/kubernetes/kubernetes/pull/67890), [@WanLinghao](https://github.com/WanLinghao))
* Restrict redirect following from the apiserver to same-host redirects, and ignore redirects in some cases. ([#66516](https://github.com/kubernetes/kubernetes/pull/66516), [@tallclair](https://github.com/tallclair))

- CEL: added name formats library. ([#123572](https://github.com/kubernetes/kubernetes/pull/123572), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery]
- Changed Linux swap handling to restrict access to swap for containers in high priority Pods.
  New Pods that have a node- or cluster-critical priority are prohibited from accessing swap on Linux,

  limit: Int = length,
  encodeSet: String,
  alreadyEncoded: Boolean = false,
  strict: Boolean = false,
  plusIsSpace: Boolean = false,
  unicodeAllowed: Boolean = false,
): String =
  canonicalizeWithCharset(
    pos = pos,
    limit = limit,
    encodeSet = encodeSet,
    alreadyEncoded = alreadyEncoded,
    strict = strict,
    plusIsSpace = plusIsSpace,
    unicodeAllowed = unicodeAllowed,
  )

     * even when Unsafe isn't available. But it's nice to have a check here to make sure that
     * nothing somehow goes wrong as the JDK restricts access to Unsafe.
     */
    checkHelperVersion(NO_UNSAFE, "AtomicReferenceFieldUpdaterAtomicHelper");
    /*
     * SynchronizedHelper is meant for Android, but our best way to test it is under the JVM.
     *

"2.3 OK"
"2.4 OK"
"2.5 OK"
"2.6 OK"
"2.7 OK"
"2.8 OK"
"2.9 OK"
"3.1 OK"
"3.2 NON-STRICT"
"3.3 NON-STRICT"
"3.4 NON-STRICT"
"3.5 OK"
"3.6 OK"
"3.7 OK"
"4.1.1 OK"
"4.1.2 OK"
"4.1.3 NON-STRICT"
"4.1.4 NON-STRICT"
"4.1.5 OK"
"4.2.1 OK"
"4.2.2 OK"
"4.2.3 NON-STRICT"
"4.2.4 OK"
"4.2.5 OK"
"5.1 OK"
"5.10 OK"
"5.11 OK"
"5.12 OK"
"5.13 OK"
"5.14 OK"

                "{\"bool\":{\"should\":[{\"geo_distance\":{\"location\":[151.0,35.0],\"distance\":1000.0,\"distance_type\":\"arc\",\"validation_method\":\"STRICT\",\"ignore_unmapped\":false,\"boost\":1.0}},{\"geo_distance\":{\"location\":[150.0,34.0],\"distance\":10000.0,\"distance_type\":\"arc\",\"validation_method\":\"STRICT\",\"ignore_unmapped\":false,\"boost\":1.0}}],\"adjust_pure_negative\":true,\"boost\":1.0}}";

- As of v1.25, the PodSecurity `restricted` level no longer requires pods that set .spec.os.name="windows" to also set Linux-specific securityContext fields. If a 1.25+ cluster has unsupported [out-of-skew](https://kubernetes.io/releases/version-skew-policy/#kubelet) nodes prior to v1.23 and wants to ensure namespaces enforcing the `restricted` policy continue to require Linux-specific securityContext fields on all pods, ensure a version...