* its capacity threshold.
   *
   * The Least Recently Used page replacement algorithm was chosen due to its simplicity, high hit
   * rate, and ability to be implemented with O(1) time complexity. The initial LRU implementation
   * operates per-segment rather than globally for increased implementation simplicity. We expect

- Added ability for kubectl wait to wait on arbitary JSON path (#105776, @lauchokyip) [SIG CLI]

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4
  - kubelet = v1.32.0

    - `extensions/v1beta1/daemonsets=true,extensions/v1beta1/deployments=true,extensions/v1beta1/replicasets=true,extensions/v1beta1/networkpolicies=true,extensions/v1beta1/podsecuritypolicies=true`

    The ability to serve these resources will be completely removed in v1.18. ([#70672](https://github.com/kubernetes/kubernetes/pull/70672), [@liggitt](https://github.com/liggitt))

### Bug or Regression

- Add `/sys/devices/virtual/powercap` to default masked paths. It avoids the potential security risk that the ability to read these files may offer a power-based sidechannel attack against any workloads running on the same kernel. ([#125970](https://github.com/kubernetes/kubernetes/pull/125970), [@carlory](https://github.com/carlory)) [SIG Node]

- Adds the ability to pass --strict-transport-security-directives to the kube-apiserver to set the HSTS header appropriately.  Be sure you understand the consequences to browsers before setting this field. ([#96502](https://github.com/kubernetes/kubernetes/pull/96502),...

## Changelog since v1.32.0

## Urgent Upgrade Notes 

### (No, really, you MUST read this before you upgrade)

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4
  - kubelet = v1.32.0

{\n    font-size: 16px;\n    font-weight: 600;\n    margin: 0;\n    padding: 0;\n  }\n\n  > .description-text {\n    text-transform: uppercase;\n  }\n\n  // Description Block Extension\n  .description-icon {\n    font-size: 16px;\n  }\n}\n\n// List utility classes\n.list-group-unbordered {\n  > .list-group-item {\n    border-left: 0;\n    border-radius: 0;\n    border-right: 0;\n    padding-left: 0;\n    padding-right: 0;\n  }\n}\n\n.list-header {\n  color: $gray-600;\n  font-size: 15px;\n  font-weight:...

- Fixes a regression on Kubelet restart and pod statuses. (#105560, @rphillips) [SIG Node and Testing]
- Fixes kubelet memory regression in 1.22 (#105452, @liggitt) [SIG Node]
- Fixes the kubelet's ability to restart static pods (#105075, @rphillips) [SIG Node and Testing]
- Kube-proxy(ipvs mode) : delete stale conntrack UDP entries for loadbalancer ingress IP. (#105650, @VivekThrivikraman-est) [SIG Network]