- In `kube-apiserver`, custom resources can now be specified in the `--encryption-provider-config` file and can be encrypted in etcd. ([#113015](https://github.com/kubernetes/kubernetes/pull/113015), [@ritazh](https://github.com/ritazh))

)

type TreeNode struct {
	left, right *TreeNode
	value *Comparable
}

type Block interface {
	BlockSize() int
	Encrypt(src, dst []byte)
	Decrypt(src, dst []byte)
}
</pre>

<p>
A defined type may have <a href="#Method_declarations">methods</a> associated with it.
It does not inherit any methods bound to the given type,

 - Encrypted data with DEK using AES-GCM instead of AES-CBC for kms data encryption. No user action required. Reads with AES-GCM and AES-CBC will continue to be allowed. ([#111119](https://github.com/kubernetes/kubernetes/pull/111119), [@aramase](https://github.com/aramase))...

)

type TreeNode struct {
	left, right *TreeNode
	value any
}

type Block interface {
	BlockSize() int
	Encrypt(src, dst []byte)
	Decrypt(src, dst []byte)
}
</pre>

<p>
A defined type may have <a href="#Method_declarations">methods</a> associated with it.
It does not inherit any methods bound to the given type,

### Bug or Regression

- Fixed a bug where clusters that use KMS v1 with skewed API servers on versions v1.24 and v1.25 would see internal errors when attempting to read encrypted data via the v1.24 API servers. ([#119387](https://github.com/kubernetes/kubernetes/pull/119387), [@enj](https://github.com/enj)) [SIG API Machinery and Auth]

## Dependencies

### Added
_Nothing has changed._

pkg crypto/cipher, method (StreamWriter) Write([]uint8) (int, error)
pkg crypto/cipher, type Block interface { BlockSize, Decrypt, Encrypt }
pkg crypto/cipher, type Block interface, BlockSize() int
pkg crypto/cipher, type Block interface, Decrypt([]uint8, []uint8)
pkg crypto/cipher, type Block interface, Encrypt([]uint8, []uint8)
pkg crypto/cipher, type BlockMode interface { BlockSize, CryptBlocks }