- [API-Machinery](#api-machinery-1)
    - [Network](#network-1)
    - [Azure](#azure-1)
    - [Scheduling](#scheduling)
    - [Other changes](#other-changes)
  - [Non-user-facing Changes](#non-user-facing-changes)
  - [External Dependencies](#external-dependencies)
- [v1.10.0-rc.1](#v1100-rc1)
  - [Downloads for v1.10.0-rc.1](#downloads-for-v1100-rc1)
    - [Client Binaries](#client-binaries-14)

**Fixed Versions**:
  - kubelet v1.22.2
  - kubelet v1.21.5
  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Bug or Regression

1F0C1..1F0CF  ; valid                  ;      ; NV8    # 6.0  PLAYING CARD ACE OF DIAMONDS..PLAYING CARD BLACK JOKER
1F0D0         ; disallowed                             # NA   <reserved-1F0D0>
1F0D1..1F0DF  ; valid                  ;      ; NV8    # 6.0  PLAYING CARD ACE OF CLUBS..PLAYING CARD WHITE JOKER
1F0E0..1F0F5  ; valid                  ;      ; NV8    # 7.0  PLAYING CARD FOOL..PLAYING CARD TRUMP-21

acing","fontWeight","setPositiveNumber","subtract","max","boxModelAdjustment","dimension","box","isBorderBox","styles","computedVal","extra","delta","marginDelta","ceil","getWidthOrHeight","valueIsBorderBox","offsetProp","getClientRects","Tween","easing","cssHooks","opacity","animationIterationCount","aspectRatio","borderImageSlice","columnCount","flexGrow","flexShrink","gridArea","gridColumn","gridColumnEnd","gridColumnStart","gridRow","gridRowEnd","gridRowStart","lineHeight","order","orphans",...

  Date:           Nov 11, 2016
  Kernel:         ChromiumOS-4.4
  Kubernetes:     v1.4.5
  Docker:         v1.11.2
  Changelog (vs 55-8872-18-0)
    * Cherry-pick runc PR#608: Eliminate redundant parsing of mountinfo
    * Updated kubernetes to v1.4.5

  * `kubectl get podsecuritypolicies -o yaml > psp.yaml`
2. Review and delete any PodSecurityPolicy objects you do not want all pod-creating users to be able to use (NOTE: Privileged users that were making use of those policies will also lose access to those policies). For example:
  * `kubectl delete podsecuritypolicies/my-privileged-policy`
3. After upgrading to 1.5.5, re-create the exported PodSecurityPolicy objects:

acing","fontWeight","setPositiveNumber","subtract","max","boxModelAdjustment","dimension","box","isBorderBox","styles","computedVal","extra","delta","marginDelta","ceil","getWidthOrHeight","valueIsBorderBox","offsetProp","getClientRects","Tween","easing","cssHooks","opacity","animationIterationCount","aspectRatio","borderImageSlice","columnCount","flexGrow","flexShrink","gridArea","gridColumn","gridColumnEnd","gridColumnStart","gridRow","gridRowEnd","gridRowStart","lineHeight","order","orphans",...

	if _, err = s.adm.DetachPolicyLDAP(ctx, userReq); err != nil {
		c.Fatalf("Unable to detach user policy: %v", err)
	}
}

// In this test, the parent users gets their permissions from a group, rather
// than having a policy set directly on them.
func (s *TestSuiteIAM) TestLDAPSTSServiceAccountsWithGroups(c *check) {
	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
	defer cancel()

feature gate `UnversionedKubeletConfigMap` to GA and locked it to `true` by default. The kubelet related ConfigMap and RBAC rules are now locked to have a simplified naming `*kubelet-config` instead of the legacy naming `*kubelet-config-x.yy`, where `x.yy` was the version of the control plane. If you have previously used the old naming format with `UnversionedKubeletConfigMap=false`, you must manually copy the config map from `kube-system/kubelet-config-x.yy` to `kube-system/kubelet-config` before...

**Fixed Versions**:
  - kubelet v1.28.4
  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change