* Resolves x509 verification issue with masters dialing nodes when started with --kubelet-certificate-authority ([#33141](https://github.com/kubernetes/kubernetes/pull/33141), [@liggitt](https://github.com/liggitt))

### CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes
where BUILTIN\Users may be able to read container logs and NT
AUTHORITY\Authenticated Users may be able to modify container logs.

**Affected Versions**:
  - kubelet <= 1.27.15
  - kubelet <= 1.28.11
  - kubelet <= 1.29.6
  - kubelet <= 1.30.2 

**Fixed Versions**:

- The `--certificate-authority` flag now correctly overrides existing skip-TLS or CA data settings in the kubeconfig file ([#83547](https://github.com/kubernetes/kubernetes/pull/83547), [@liggitt](https://github.com/liggitt))
### Cloud Provider

labels.spnego_exclude_dirs=Exclude Directories
labels.general_menu_entraid=Entra ID
labels.entraid_client_id=Client ID
labels.entraid_client_secret=Client Secret
labels.entraid_tenant=Tenant
labels.entraid_authority=Authority
labels.entraid_reply_url=Reply URL
labels.entraid_state_ttl=State TTL
labels.entraid_default_groups=Default Groups
labels.entraid_default_roles=Default Roles
labels.entraid_permission_fields=Permission Fields

labels.spnego_exclude_dirs=Exclude Directories
labels.general_menu_entraid=Entra ID
labels.entraid_client_id=Client ID
labels.entraid_client_secret=Client Secret
labels.entraid_tenant=Tenant
labels.entraid_authority=Authority
labels.entraid_reply_url=Reply URL
labels.entraid_state_ttl=State TTL
labels.entraid_default_groups=Default Groups
labels.entraid_default_roles=Default Roles
labels.entraid_permission_fields=Permission Fields

labels.spnego_exclude_dirs=Exclude Directories
labels.general_menu_entraid=Entra ID
labels.entraid_client_id=Client ID
labels.entraid_client_secret=Client Secret
labels.entraid_tenant=Tenant
labels.entraid_authority=Authority
labels.entraid_reply_url=Reply URL
labels.entraid_state_ttl=State TTL
labels.entraid_default_groups=Default Groups
labels.entraid_default_roles=Default Roles
labels.entraid_permission_fields=Permission Fields

labels.spnego_exclude_dirs=Exclude Directories
labels.general_menu_entraid=Entra ID
labels.entraid_client_id=Client ID
labels.entraid_client_secret=Client Secret
labels.entraid_tenant=Tenant
labels.entraid_authority=Authority
labels.entraid_reply_url=Reply URL
labels.entraid_state_ttl=State TTL
labels.entraid_default_groups=Default Groups
labels.entraid_default_roles=Default Roles
labels.entraid_permission_fields=Permission Fields

- Kubeadm: tolerate whitespace when validating certificate authority PEM data in kubeconfig files ([#86705](https://github.com/kubernetes/kubernetes/pull/86705), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]

    /** The key of the message: Tenant */
    public static final String LABELS_entraid_tenant = "{labels.entraid_tenant}";

    /** The key of the message: Authority */
    public static final String LABELS_entraid_authority = "{labels.entraid_authority}";

    /** The key of the message: Reply URL */

labels.spnego_exclude_dirs=Exclude Directories
labels.general_menu_entraid=Entra ID
labels.entraid_client_id=Client ID
labels.entraid_client_secret=Client Secret
labels.entraid_tenant=Tenant
labels.entraid_authority=Authority
labels.entraid_reply_url=Reply URL
labels.entraid_state_ttl=State TTL
labels.entraid_default_groups=Default Groups
labels.entraid_default_roles=Default Roles
labels.entraid_permission_fields=Permission Fields