tabular output for API resources via a new mime-type `application/json;as=Table;v=v1alpha1;g=meta.k8s.io`.  The returned object (if the server supports it) will be of type `meta.k8s.io/v1alpha1` with `Table`, and contain column and row information related to the resource.  Each row will contain information about the resource - by default it will be the object metadata, but callers can add the `?includeObject=Object` query parameter and receive the full object.  In the future kubectl will use this to...

## Changelog since v1.25.15

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

## Changelog since v1.21.4

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

A security issue was discovered in Kubernetes where a user may be able to

pkg go/types, method (*Pointer) Elem() Type
pkg go/types, method (*Pointer) String() string
pkg go/types, method (*Pointer) Underlying() Type
pkg go/types, method (*Scope) Child(int) *Scope
pkg go/types, method (*Scope) Contains(token.Pos) bool
pkg go/types, method (*Scope) End() token.Pos
pkg go/types, method (*Scope) Innermost(token.Pos) *Scope
pkg go/types, method (*Scope) Insert(Object) Object
pkg go/types, method (*Scope) Len() int

- Kubelet might fail to restart if an existing flexvolume mounted pvc contains a large number of directories, or is full. [#75019](https://github.com/kubernetes/kubernetes/pull/75019)

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

- kube-apiserver:

	b := NewReader(new(negativeReader))
	defer func() {
		switch err := recover().(type) {
		case nil:
			t.Fatal("read did not panic")
		case error:
			if !strings.Contains(err.Error(), "reader returned negative count from Read") {
				t.Fatalf("wrong panic: %v", err)
			}
		default:
			t.Fatalf("unexpected panic value: %T(%v)", err, err)
		}
	}()

## Changelog since v1.20.10

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

A security issue was discovered in Kubernetes where a user may be able to

 * <tt>jcifs.Config.registerSmbURLHandler();</tt> method. This is required
 * to register the SMB protocol handler.
 * <p>
 * The userinfo component of the SMB URL (<tt>domain;user:pass</tt>) must
 * be URL encoded if it contains reserved characters. According to RFC 2396
 * these characters are non US-ASCII characters and most meta characters
 * however jCIFS will work correctly with anything but '@' which is used

restrictions" within the meaning of section 10.  If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term.  If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms

## Changelog since v1.24.16

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation