**What is the impact?**

A user that is authorized to create pods can make use of any existing PodSecurityPolicy, even ones they are not authorized to use.

**How can I mitigate this prior to installing 1.5.5?**

1. Export existing PodSecurityPolicy objects:
  * `kubectl get podsecuritypolicies -o yaml > psp.yaml`

		for _, targetDir := range targetDirs {
			if err := file.AtomicCopy(srcFilepath, targetDir, filename); err != nil {
				installLog.Errorf("failed file copy of %s to %s: %s", srcFilepath, targetDir, err.Error())
				return copiedFilenames, err
			}
			installLog.Infof("Copied %s to %s", filename, targetDir)
		}

		copiedFilenames.Insert(filename)
	}

	return copiedFilenames, nil

  https://github.com/kubernetes-sigs/cri-tools/releases or a different location.
  
  The `kubeadm` package will stop depending on the `cri-tools` package in Kubernetes 1.32, which means that
  installing `kubeadm` will no longer automatically ensure installation of `crictl`. ([#124685](https://github.com/kubernetes/kubernetes/pull/124685), [@saschagrunert](https://github.com/saschagrunert))

		AmbientIPv6:              viper.GetBool(constants.AmbientIPv6),
		AmbientTPROXYRedirection: viper.GetBool(constants.AmbientTPROXYRedirection),
	}

	if len(installCfg.K8sNodeName) == 0 {
		var err error
		installCfg.K8sNodeName, err = os.Hostname()
		if err != nil {
			return nil, err
		}
	}

	repairCfg := config.RepairConfig{
		Enabled:            viper.GetBool(constants.RepairEnabled),

	if err := file.AtomicWrite(kubeconfigFilepath, []byte(kc.Full), os.FileMode(cfg.KubeconfigMode)); err != nil {
		installLog.Debugf("error writing kubeconfig: %w", err)
		return err
	}
	installLog.Infof("wrote kubeconfig file %s with: \n%+v", kubeconfigFilepath, kc.Redacted)
	return nil

        packages that cannot be found unless the user installs them beforehand
        or provides additional installation flags.
    *   This dependency affected anyone installing TensorFlow 2.15 alongside
        NVIDIA CUDA dependencies via `pip install tensorflow[and-cuda]`.
    *   Depending on the installation method, TensorFlow 2.14 would be installed

- Added support for installing `arm64` node artifacts. ([#99242](https://github.com/kubernetes/kubernetes/pull/99242), [@liu-cong](https://github.com/liu-cong))

    }
  }

  /**
   * This test reproduces a crash where OkHttp attempted to use a deferred connection when the call
   * already had a healthy connection. It sets up a deferred connection by stalling the IPv6
   * connect, and it sets up a same-connection retry with [ErrorCode.REFUSED_STREAM].
   *
   * https://github.com/square/okhttp/pull/7190
   */
  @Test
  fun preferCallConnectionOverDeferredConnection() {

* The new default value for the --allow-privileged parameter of the Kubernetes-worker charm has been set to true based on changes which went into the Kubernetes 1.10 release. Before this change the default value was set to false. If you're installing Canonical Kubernetes you should expect this value to now be true by default and you should now look to use PSP (pod security policies).  ([#64104](https://github.com/kubernetes/kubernetes/pull/64104), [@CalvinHartwell](https://github.com/CalvinHartwell))...

* The new default value for the --allow-privileged parameter of the Kubernetes-worker charm has been set to true based on changes which went into the Kubernetes 1.10 release. Before this change the default value was set to false. If you're installing Canonical Kubernetes you should expect this value to now be true by default and you should now look to use PSP (pod security policies).  ([#64104](https://github.com/kubernetes/kubernetes/pull/64104), [@CalvinHartwell](https://github.com/CalvinHartwell))...