- [(No, really, you MUST do this before you upgrade)](#no-really-you-must-do-this-before-you-upgrade)
  - [Major Themes](#major-themes)
    - [SIG API Machinery](#sig-api-machinery)
    - [SIG Auth](#sig-auth)
    - [SIG CLI](#sig-cli)
    - [SIG Cluster Lifecycle](#sig-cluster-lifecycle)
    - [SIG Instrumentation](#sig-instrumentation)
    - [SIG Network](#sig-network)
    - [SIG Node](#sig-node)

### Feature

- Graduated the `LegacyServiceAccountTokenTracking` feature gate to GA. The usage of auto-generated secret-based service account token now produces warnings, and relevant Secrets are labeled with a last-used timestamp (label key `kubernetes.io/legacy-token-last-used`). ([#117591](https://github.com/kubernetes/kubernetes/pull/117591), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth and Testing]

    /** The key of the message: The number of shards */
    public static final String LABELS_number_of_shards_for_doc = "{labels.number_of_shards_for_doc}";

    /** The key of the message: Auto expand replicas */
    public static final String LABELS_auto_expand_replicas_for_doc = "{labels.auto_expand_replicas_for_doc}";

    /** The key of the message: Crawler Indices */

key":"requests_deadline","value":"10s"},{"key":"cluster_deadline","value":"10s"},{"key":"cors_allow_origin","value":"*"},{"key":"remote_transport_deadline","value":"2h"},{"key":"list_quorum","value":"strict"},{"key":"replication_priority","value":"auto"},{"key":"replication_max_workers","value":"500"},{"key":"transition_workers","value":"100"},{"key":"stale_uploads_cleanup_interval","value":"6h"},{"key":"stale_uploads_expiry","value":"24h"},{"key":"delete_cleanup_interval","value":"5m"},{"key":"...

        FtpAuthentication auth = new FtpAuthentication();
        auth.setServer("hostname");
        auth.setPort(21);
        auth.setUsername("testuser");
        auth.setPassword("testpass");

        assertTrue(auth.matches("ftp://hostname:21/test/aaa.html"));
        assertTrue(auth.matches("ftp://hostname/test/aaa.html"));
        assertTrue(auth.matches("ftp://hostname:21/test"));

- Create HPA v2 from v2beta2 with some fields changed. (#102534, @wangyysde) [SIG API Machinery, Apps, Auth, Autoscaling and Testing]

                    session.removeAttribute(SAML_STATE);
                    try {
                        final Auth auth = new Auth(getSettings(), request, response);
                        auth.processResponse();

                        if (!auth.isAuthenticated()) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Authentication is failed.");

            }
        }
        t = new SmbTree( this, share, service );
        trees.addElement( t );
        return t;
    }
    boolean matches( NtlmPasswordAuthentication auth ) {
        return this.auth == auth || this.auth.equals( auth );
    }
    synchronized SmbTransport transport() {
        if( transport == null ) {
            transport = SmbTransport.getSmbTransport( address, port, localAddr, localPort, null );

            Map<String, Object> params = new HashMap<String, Object>();
            FtpAuthentication auth = new FtpAuthentication();
            auth.setUsername(username);
            auth.setPassword(password);
            params.put(FtpClient.FTP_AUTHENTICATIONS_PROPERTY, new FtpAuthentication[] { auth });
            ftpClient.setInitParameterMap(params);

            ftpClient.doGet("ftp://localhost:" + FTP_PORT + "/");