- Fix: ignore not a VMSS error for VMAS nodes in EnsureBackendPoolDeleted. (#105400, @ialidzhikov) [SIG Cloud Provider]
- Fixes a regression on Kubelet restart and pod statuses. (#105560, @rphillips) [SIG Node and Testing]
- Fixes kubelet memory regression in 1.22 (#105452, @liggitt) [SIG Node]
- Fixes the kubelet's ability to restart static pods (#105075, @rphillips) [SIG Node and Testing]

- Fixes a bug where EndpointSlices would not be recreated after rapid Service recreation. ([#94730](https://github.com/kubernetes/kubernetes/pull/94730), [@robscott](https://github.com/robscott)) [SIG Apps, Network and Testing]

### Fixes

* ⬆ Upgrade Swagger UI copy of `oauth2-redirect.html` to include fixes for flavors of authorization code flows in Swagger UI. PR [#3439](https://github.com/tiangolo/fastapi/pull/3439) initial PR by [@koonpeng](https://github.com/koonpeng).

                    "Cannot read metadata from '" + mappingFile + "': " + e.getMessage(), e);
        }
    }

    /**
     * Ensures the last updated timestamp of the specified metadata does not refer to the future and fixes the local
     * metadata if necessary to allow proper merging/updating of metadata during deployment.
     */
    private void fixTimestamp(File metadataFile, Metadata metadata, Metadata reference) {

- Fixes a bug where a partial EndpointSlice update could cause node name information to be dropped from endpoints that were not updated. ([#108203](https://github.com/kubernetes/kubernetes/pull/108203), [@robscott](https://github.com/robscott)) [SIG Network]

- Kube-apiserver: fixes a 1.27+ regression watching a single namespace via the deprecated /api/v1/watch/namespaces/$name endpoint where watch events were not delivered after the watch was established ([#126150](https://github.com/kubernetes/kubernetes/pull/126150), [@xyz-li](https://github.com/xyz-li)) [SIG API Machinery and Testing]

open-source software development.

## Patching guidelines

Follow these steps to patch a specific version of TensorFlow, for example, to
apply fixes to bugs or security vulnerabilities:

*   Clone the TensorFlow repository and switch to the appropriate branch for
    your desired version—for example, `r2.8` for version 2.8.

* Fixes the panic that occurs in the federation controller manager when registering a GKE cluster to the federation. Fixes issue [#30790](https://github.com/kubernetes/kubernetes/pull/30790). ([#30940](https://github.com/kubernetes/kubernetes/pull/30940), [@madhusudancs](https://github.com/madhusudancs))

_2023-12-17_

We took too long to cut this release and there's a lot of changes in it. We've been busy.

Although this release is labeled _alpha_, the only unstable thing in it is our new APIs. This
release has many critical bug fixes and is safe to run in production. We're eager to stabilize our
new APIs so we can get out of alpha.

 *  New: Support Java 21's virtual threads (‘OpenJDK Project Loom’). We changed OkHttp's internals

    were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,
    `org.bouncycastle`, and `org.openjsse`.
 *  Upgrade: Explicitly depend on `kotlin-stdlib-jdk8`. This fixes a problem with dependency
    locking. That's a potential security vulnerability, tracked as [CVE-2022-24329].
 *  Upgrade: [publicsuffix.org data][public_suffix]. This powers `HttpUrl.topPrivateDomain()`.