- kube-apiserver v1.23.0 - v1.23.10
  - kube-apiserver v1.22.0 - v1.22.14
  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.1
  - kube-apiserver v1.24.5
  - kube-apiserver v1.23.11
  - kube-apiserver v1.22.14

This vulnerability was reported by Nicolas Joly & Weinong Wang from Microsoft

- golang.org/x/sys: 3b52091 → fde4db3
- golang.org/x/text: e6919f6 → v0.3.2
- golang.org/x/time: f51c127 → 9d24e82
- golang.org/x/tools: 6e04913 → 65e3620
- google.golang.org/grpc: v1.23.0 → v1.23.1
- gopkg.in/inf.v0: v0.9.0 → v0.9.1
- k8s.io/klog: v0.4.0 → v1.0.0
- k8s.io/kube-openapi: 743ec37 → 30be4d1
- k8s.io/repo-infra: 00fe14e → v0.0.1-alpha.1
- k8s.io/utils: 581e001 → e782cd3

mounts made inside a container can be seen by the host. (Note that this is [not supported on Windows](https://github.com/kubernetes/kubernetes/pull/60275).) [Local Ephemeral Storage Capacity Isolation](https://github.com/kubernetes/enhancements/issues/361) makes it possible to set requests and limits on ephemeral local storage resources. In addition, you can now create [Local Persistent Storage](https://github.com/kubernetes/enhancements/issues/121), which enables PersistentVolumes to be created with...

  - kube-apiserver v1.23.0 - v1.23.10
  - kube-apiserver v1.22.0 - v1.22.14
  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.1
  - kube-apiserver v1.24.5
  - kube-apiserver v1.23.11
  - kube-apiserver v1.22.14

This vulnerability was reported by Nicolas Joly & Weinong Wang from Microsoft

It doesn't affect any of the vanilla Kubernetes behavior, but, may break custom PreEnqueue plugins.

The cause PR is [reverted](https://github.com/kubernetes/kubernetes/pull/117194) by v1.26.1.

## Urgent Upgrade Notes 

### (No, really, you MUST read this before you upgrade)

- 'The `IPv6DualStack` feature gate for external cloud providers was removed.