* Fix Azure client requests stuck issues on http.StatusTooManyRequests (HTTP Code 429). ([#81279](https://github.com/kubernetes/kubernetes/pull/81279), [@feiskyer](https://github.com/feiskyer))
* Update the GCE windows node image to include hot fixes since July. ([#81236](https://github.com/kubernetes/kubernetes/pull/81236), [@YangLu1031](https://github.com/YangLu1031))

- The `system:aggregate-to-edit` role no longer includes write access to the Endpoints API. For new Kubernetes 1.22 clusters, the `edit` and `admin` roles will no longer include that access in newly created Kubernetes 1.22 clusters. This will have no affect on existing clusters upgrading to Kubernetes 1.22. To retain write access to Endpoints in the aggregated `edit`...

- Do not include preemptor pod metadata in the event message ([#114946](https://github.com/kubernetes/kubernetes/pull/114946), [@mimowo](https://github.com/mimowo)) [SIG Scheduling]

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

**Affected Versions**:
  - kubelet <= v1.28.0
  - kubelet <= v1.27.4
  - kubelet <= v1.26.7
  - kubelet <= v1.25.12
  - kubelet <= v1.24.16

**Fixed Versions**:

		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSSEMultipartEncrypted: {
		Code:           "InvalidRequest",
		Description:    "The multipart upload initiate requested encryption. Subsequent part requests must include the appropriate encryption parameters.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSSEEncryptedObject: {
		Code:           "InvalidRequest",

 *
 * <p>The caches produced by {@code CacheBuilder} are serializable, and the deserialized caches
 * retain all the configuration properties of the original cache. Note that the serialized form does
 * <i>not</i> include cache contents, but only configuration.
 *
 * <p>See the Guava User Guide article on <a
 * href="https://github.com/google/guava/wiki/CachesExplained">caching</a> for a higher-level
 * explanation.
 *

// This input was created by taking the instruction productions in
// the old assembler's (5a's) grammar and hand-writing complete
// instructions for each rule, to guarantee we cover the same space.

#include "../../../../../runtime/textflag.h"

TEXT	foo(SB), DUPOK|NOSPLIT, $0

// ADD
//
//	LTYPE1 cond imsr ',' spreg ',' reg
//	{
//		outcode($1, $2, &$3, $5, &$7);
//	}
// Cover some operand space here too.

  - [Changelog since v1.5.0-beta.3](#changelog-since-v150-beta3)
    - [Other notable changes](#other-notable-changes-7)
    - [Previous Releases Included in v1.5.0](#previous-releases-included-in-v150)
- [v1.5.0-beta.3](#v150-beta3)
  - [Downloads for v1.5.0-beta.3](#downloads-for-v150-beta3)
    - [Client Binaries](#client-binaries-9)
    - [Server Binaries](#server-binaries-9)

	apiEndpoints := getAPIEndpoints()
	for _, ep := range apiEndpoints {
		if len(ep) == 0 {
			continue
		}
		if url, err := xnet.ParseHTTPURL(ep); err == nil {
			// In FS mode the drive names don't include the host.
			// So mapping just the host should be sufficient.
			hostAnonymizer[url.Host] = "server1"
		}
	}
	return hostAnonymizer
}

		Groups:   set.CreateStringSet(q.Groups...),
		Policies: set.CreateStringSet(q.Policy...),
	}

	if ldap {
		// Validate and normalize users, then fetch and normalize their groups
		// Also include unvalidated users for backward compatibility.
		for _, user := range q.Users {
			lookupRes, actualGroups, _ := sys.LDAPConfig.GetValidatedDNWithGroups(user)
			if lookupRes != nil {