- A new kubelet metric `image_pull_duration_seconds` was added. The metric tracks the duration (in seconds) it takes for an image to be pulled, including the time spent in the waiting queue of image puller. The metric is broken down by bucketed image size. ([#121719](https://github.com/kubernetes/kubernetes/pull/121719), [@ruiwen-zhao](https://github.com/ruiwen-zhao))

  * Special notice for kube-proxy in 1.7+ (including 1.7.0):
    * Healthz server (/healthz) will be served on 0.0.0.0:10256 by default.
    * Metrics server (/metrics and /proxyMode) will be served on 127.0.0.1:10249 by default.

### Other (Cleanup or Flake)

- A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor ([#117214](https://github.com/kubernetes/kubernetes/pull/117214), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Scheduling]

## Dependencies

### Added
_Nothing has changed._

A security issue was discovered in Kubernetes where a user may be able to
create a container with subpath volume mounts to access files &
directories outside of the volume, including on the host filesystem.

**Affected Versions**:
  - kubelet v1.22.0 - v1.22.1
  - kubelet v1.21.0 - v1.21.4
  - kubelet v1.20.0 - v1.20.10
  - kubelet <= v1.19.14

**Fixed Versions**:

#              , InScope, NotInScope, PrefixSearch, LikeSearch, NotLikeSearch
#              , EmptyString, FromTo, DateFromTo, RangeOf, ...
#              , (and prefix '!' means excluding, '%' means reviving)
# table: table name (hint) or $$ALL$$
# column: column name (hint) or $$CommonColumn$$ or $$VersionNo$$
#
# Example:
# map:{

  # package
  bazel query --keep_going 'deps(//tensorflow/tools/pip_package:build_pip_package)' | sort -u > $BATS_TEST_TMPDIR/pip_deps
  # Find all Python py_test targets not tagged "no_pip" or "manual", excluding
  # any targets in ignored packages. Combine this list of targets into a bazel
  # query list (e.g. the list becomes "target+target2+target3")

  },
  {
    "input": "x01234567890123456789012345678901234567890123456789012345678901x.ß",
    "output": "x01234567890123456789012345678901234567890123456789012345678901x.xn--zca"
  },
  {
    "comment": "Domain excluding TLD longer than 253 code points",

Java serialization tends to produce larger serialized objects because it includes class metadata and other overhead.

- **Flexibility and Control:**
Java serialization offers limited control over the serialization process, such as excluding certain fields, customizing naming conventions, and handling complex data structures more gracefully.

- **Security:**
Java serialization poses security risks, especially related to deserialization vulnerabilities.

    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....
  </description>
  <build>
    <plugins>
      <plugin>
        <artifactId>maven-source-plugin</artifactId>

  // with a pod's existing nodeSelector. Any conflicts will cause the pod to
  // be rejected in admission.
  // +optional
  // +mapType=atomic
  map<string, string> nodeSelector = 1;

  // tolerations are appended (excluding duplicates) to pods running with this
  // RuntimeClass during admission, effectively unioning the set of nodes
  // tolerated by the pod and the RuntimeClass.
  // +optional
  // +listType=atomic