}
    LinkedHashSet<E> set = new LinkedHashSet<>();
    Iterables.addAll(set, elements);
    return set;
  }

  /**
   * Creates a {@code LinkedHashSet} instance, with a high enough "initial capacity" that it
   * <i>should</i> hold {@code expectedSize} elements without growth. This behavior cannot be
   * broadly guaranteed, but it is observed to be true for OpenJDK 1.7. It also can't be guaranteed

**Fixed Versions**:
  - kubelet v1.28.4
  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

- kube-proxy: Fixed a potential memory leak that could occur in clusters with a high volume of UDP workflows. ([#130032](https://github.com/kubernetes/kubernetes/pull/130032), [@aroradaman](https://github.com/aroradaman))

**Fixed Versions**:
  - kubelet v1.28.4
  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

   * and accesses that were performed on the map. The queue is drained on writes and when it exceeds
   * its capacity threshold.
   *
   * The Least Recently Used page replacement algorithm was chosen due to its simplicity, high hit
   * rate, and ability to be implemented with O(1) time complexity. The initial LRU implementation
   * operates per-segment rather than globally for increased implementation simplicity. We expect

   * and accesses that were performed on the map. The queue is drained on writes and when it exceeds
   * its capacity threshold.
   *
   * The Least Recently Used page replacement algorithm was chosen due to its simplicity, high hit
   * rate, and ability to be implemented with O(1) time complexity. The initial LRU implementation
   * operates per-segment rather than globally for increased implementation simplicity. We expect

- The SchedulerAsyncAPICalls feature gate has been disabled to mitigate a bug where its interaction with asynchronous preemption in could degrade kube-scheduler performance, particularly under high kube-apiserver load. ([#134401](https://github.com/kubernetes/kubernetes/pull/134401), [@macsko](https://github.com/macsko)) [SIG Scheduling]

### Other (Cleanup or Flake)

**Fixed Versions**:
  - kubelet v1.28.4
  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

**Fixed Versions**:
  - kubelet v1.22.2
  - kubelet v1.21.5
  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Bug or Regression

gcmFieldElement { // Addition in a characteristic 2 field is just XOR. return gcmFieldElement{x.low ^ y.low, x.high ^ y.high} } // ghashDouble returns the result of doubling an element of GF(2¹²⁸). func ghashDouble(x *gcmFieldElement) (double gcmFieldElement) { msbSet := x.high&1 == 1 // Because of the bit-ordering, doubling is actually a right shift. double.high = x.high >> 1 double.high |= x.low << 63 double.low = x.low >> 1 // If the most-significant bit was set before shifting then it, // conceptually,...