- Added full cgroup v2 swap support for both `Limited` and `Unlimited` swap.
  
  When `LimitedSwap` is enabled the swap limit would be automatically calculated for
  Burstable QoS pods. For Best-Effort/Guaranteed QoS pods, swap would be disabled.
  
  Containers with memory requests equal to their memory limits also won't have

  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._

than the minimum font size\n    @if $fs <= $rfs-base-font-size or not $enable-responsive-font-sizes {\n      font-size: #{$rfs-static}#{$rfs-suffix};\n    }\n    @else {\n      // Calculate the minimum font size for $fs\n      $fs-min: $rfs-base-font-size + divide($fs - $rfs-base-font-size, $rfs-factor);\n\n      // Calculate difference between $fs and the minimum font size\n      $fs-diff: $fs - $fs-min;\n\n      // Base font-size formatting\n      $min-width: if($rfs-font-size-unit == rem, #{divide($fs-min,...

  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was reported by Tomer Peled @tomerpeled92


**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

  - kube-apiserver v1.32.8
  - kube-apiserver v1.33.4

This vulnerability was reported by Paul Viossat.


**CVSS Rating:** Medium (6.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)

## Changes by Kind

### Feature

        } catch (final IOException e) {
            logger.warn("Failed to reindex from {} to {}", fromIndex, toIndex, e);
        }
        return false;
    }

    /**
     * Calculates the requests per second setting for reindex operations.
     *
     * @param fessConfig the Fess configuration
     * @return the requests per second value, or null for no limit
     */

- Consolidate ScoreWithNormalizePlugin into the ScorePlugin interface ([#83042](https://github.com/kubernetes/kubernetes/pull/83042), [@draveness](https://github.com/draveness))
- New APIs to allow adding/removing pods from pre-calculated prefilter state in the scheduling framework ([#82912](https://github.com/kubernetes/kubernetes/pull/82912), [@ahg-g](https://github.com/ahg-g))

- Explicitly writes memory.min=0 for QoS cgroups when the calculated requests are zero ([#137637](https://github.com/kubernetes/kubernetes/pull/137637), [@QiWang19](https://github.com/QiWang19)) [SIG Node]

      // https://github.com/openjdk/jdk/commit/3e393047e12147a81e2899784b943923fc34da8e, a bug
      // meant that sometimes a too-large threshold is calculated. However, this new threshold is
      // independent of the initial capacity, except that it won't be lower than the threshold
      // computed from that capacity. Because the internal table is only allocated on the first

      // https://github.com/openjdk/jdk/commit/3e393047e12147a81e2899784b943923fc34da8e, a bug
      // meant that sometimes a too-large threshold is calculated. However, this new threshold is
      // independent of the initial capacity, except that it won't be lower than the threshold
      // computed from that capacity. Because the internal table is only allocated on the first