From 6805632abb8d2e71c3cf45a24cbd5a8f50344a71 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Thu, 24 Aug 2023 01:12:31 +0000 Subject: [PATCH] CHANGELOG: Update directory for v1.26.8 release --- CHANGELOG/CHANGELOG-1.26.md | 306 ++++++++++++++++++++++++++++-------- 1 file changed, 239 insertions(+), 67 deletions(-) diff --git a/CHANGELOG/CHANGELOG-1.26.md b/CHANGELOG/CHANGELOG-1.26.md index f8d54413235..3a46bd6973d 100644 --- a/CHANGELOG/CHANGELOG-1.26.md +++ b/CHANGELOG/CHANGELOG-1.26.md @@ -1,13 +1,16 @@ -- [v1.26.7](#v1267) - - [Downloads for v1.26.7](#downloads-for-v1267) +- [v1.26.8](#v1268) + - [Downloads for v1.26.8](#downloads-for-v1268) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.26.6](#changelog-since-v1266) + - [Changelog since v1.26.7](#changelog-since-v1267) + - [Important Security Information](#important-security-information) + - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) + - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) - [Changes by Kind](#changes-by-kind) - [API Change](#api-change) - [Feature](#feature) @@ -16,234 +19,403 @@ - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.26.6](#v1266) - - [Downloads for v1.26.6](#downloads-for-v1266) +- [v1.26.7](#v1267) + - [Downloads for v1.26.7](#downloads-for-v1267) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.26.5](#changelog-since-v1265) - - [Important Security Information](#important-security-information) - - [CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2023-2728-bypassing-enforce-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) + - [Changelog since v1.26.6](#changelog-since-v1266) - [Changes by Kind](#changes-by-kind-1) + - [API Change](#api-change-1) - [Feature](#feature-1) - [Bug or Regression](#bug-or-regression-1) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.26.5](#v1265) - - [Downloads for v1.26.5](#downloads-for-v1265) +- [v1.26.6](#v1266) + - [Downloads for v1.26.6](#downloads-for-v1266) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.26.4](#changelog-since-v1264) + - [Changelog since v1.26.5](#changelog-since-v1265) + - [Important Security Information](#important-security-information-1) + - [CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2023-2728-bypassing-enforce-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) - [Changes by Kind](#changes-by-kind-2) - - [API Change](#api-change-1) - [Feature](#feature-2) - - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-2) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.26.4](#v1264) - - [Downloads for v1.26.4](#downloads-for-v1264) +- [v1.26.5](#v1265) + - [Downloads for v1.26.5](#downloads-for-v1265) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.26.3](#changelog-since-v1263) + - [Changelog since v1.26.4](#changelog-since-v1264) - [Changes by Kind](#changes-by-kind-3) + - [API Change](#api-change-2) - [Feature](#feature-3) + - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-3) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.26.3](#v1263) - - [Downloads for v1.26.3](#downloads-for-v1263) +- [v1.26.4](#v1264) + - [Downloads for v1.26.4](#downloads-for-v1264) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.26.2](#changelog-since-v1262) + - [Changelog since v1.26.3](#changelog-since-v1263) - [Changes by Kind](#changes-by-kind-4) - - [API Change](#api-change-2) - [Feature](#feature-4) - - [Failing Test](#failing-test-1) - [Bug or Regression](#bug-or-regression-4) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.26.2](#v1262) - - [Downloads for v1.26.2](#downloads-for-v1262) +- [v1.26.3](#v1263) + - [Downloads for v1.26.3](#downloads-for-v1263) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.26.1](#changelog-since-v1261) + - [Changelog since v1.26.2](#changelog-since-v1262) - [Changes by Kind](#changes-by-kind-5) - [API Change](#api-change-3) - [Feature](#feature-5) + - [Failing Test](#failing-test-1) - [Bug or Regression](#bug-or-regression-5) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.26.1](#v1261) - - [Downloads for v1.26.1](#downloads-for-v1261) +- [v1.26.2](#v1262) + - [Downloads for v1.26.2](#downloads-for-v1262) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.26.0](#changelog-since-v1260) + - [Changelog since v1.26.1](#changelog-since-v1261) - [Changes by Kind](#changes-by-kind-6) - [API Change](#api-change-4) - [Feature](#feature-6) - - [Failing Test](#failing-test-2) - [Bug or Regression](#bug-or-regression-6) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.26.0](#v1260) - - [Downloads for v1.26.0](#downloads-for-v1260) +- [v1.26.1](#v1261) + - [Downloads for v1.26.1](#downloads-for-v1261) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.25.0](#changelog-since-v1250) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.26.0](#changelog-since-v1260) - [Changes by Kind](#changes-by-kind-7) - - [Deprecation](#deprecation) - [API Change](#api-change-5) - [Feature](#feature-7) - - [Documentation](#documentation) + - [Failing Test](#failing-test-2) - [Bug or Regression](#bug-or-regression-7) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.26.0-rc.1](#v1260-rc1) - - [Downloads for v1.26.0-rc.1](#downloads-for-v1260-rc1) +- [v1.26.0](#v1260) + - [Downloads for v1.26.0](#downloads-for-v1260) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.26.0-rc.0](#changelog-since-v1260-rc0) + - [Changelog since v1.25.0](#changelog-since-v1250) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-8) + - [Deprecation](#deprecation) + - [API Change](#api-change-6) + - [Feature](#feature-8) + - [Documentation](#documentation) - [Bug or Regression](#bug-or-regression-8) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.26.0-rc.0](#v1260-rc0) - - [Downloads for v1.26.0-rc.0](#downloads-for-v1260-rc0) +- [v1.26.0-rc.1](#v1260-rc1) + - [Downloads for v1.26.0-rc.1](#downloads-for-v1260-rc1) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.26.0-beta.0](#changelog-since-v1260-beta0) + - [Changelog since v1.26.0-rc.0](#changelog-since-v1260-rc0) - [Changes by Kind](#changes-by-kind-9) - - [API Change](#api-change-6) - - [Feature](#feature-8) - [Bug or Regression](#bug-or-regression-9) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) -- [v1.26.0-beta.0](#v1260-beta0) - - [Downloads for v1.26.0-beta.0](#downloads-for-v1260-beta0) +- [v1.26.0-rc.0](#v1260-rc0) + - [Downloads for v1.26.0-rc.0](#downloads-for-v1260-rc0) - [Source Code](#source-code-10) - [Client Binaries](#client-binaries-10) - [Server Binaries](#server-binaries-10) - [Node Binaries](#node-binaries-10) - [Container Images](#container-images-10) - - [Changelog since v1.26.0-alpha.3](#changelog-since-v1260-alpha3) + - [Changelog since v1.26.0-beta.0](#changelog-since-v1260-beta0) - [Changes by Kind](#changes-by-kind-10) - - [Deprecation](#deprecation-1) - [API Change](#api-change-7) - [Feature](#feature-9) - [Bug or Regression](#bug-or-regression-10) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-10) - [Added](#added-10) - [Changed](#changed-10) - [Removed](#removed-10) -- [v1.26.0-alpha.3](#v1260-alpha3) - - [Downloads for v1.26.0-alpha.3](#downloads-for-v1260-alpha3) +- [v1.26.0-beta.0](#v1260-beta0) + - [Downloads for v1.26.0-beta.0](#downloads-for-v1260-beta0) - [Source Code](#source-code-11) - [Client Binaries](#client-binaries-11) - [Server Binaries](#server-binaries-11) - [Node Binaries](#node-binaries-11) - [Container Images](#container-images-11) - - [Changelog since v1.26.0-alpha.2](#changelog-since-v1260-alpha2) + - [Changelog since v1.26.0-alpha.3](#changelog-since-v1260-alpha3) - [Changes by Kind](#changes-by-kind-11) + - [Deprecation](#deprecation-1) - [API Change](#api-change-8) - [Feature](#feature-10) - [Bug or Regression](#bug-or-regression-11) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-11) - [Added](#added-11) - [Changed](#changed-11) - [Removed](#removed-11) -- [v1.26.0-alpha.2](#v1260-alpha2) - - [Downloads for v1.26.0-alpha.2](#downloads-for-v1260-alpha2) +- [v1.26.0-alpha.3](#v1260-alpha3) + - [Downloads for v1.26.0-alpha.3](#downloads-for-v1260-alpha3) - [Source Code](#source-code-12) - [Client Binaries](#client-binaries-12) - [Server Binaries](#server-binaries-12) - [Node Binaries](#node-binaries-12) - [Container Images](#container-images-12) - - [Changelog since v1.26.0-alpha.1](#changelog-since-v1260-alpha1) + - [Changelog since v1.26.0-alpha.2](#changelog-since-v1260-alpha2) - [Changes by Kind](#changes-by-kind-12) - - [Deprecation](#deprecation-2) - [API Change](#api-change-9) - [Feature](#feature-11) - [Bug or Regression](#bug-or-regression-12) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-12) - [Added](#added-12) - [Changed](#changed-12) - [Removed](#removed-12) -- [v1.26.0-alpha.1](#v1260-alpha1) - - [Downloads for v1.26.0-alpha.1](#downloads-for-v1260-alpha1) +- [v1.26.0-alpha.2](#v1260-alpha2) + - [Downloads for v1.26.0-alpha.2](#downloads-for-v1260-alpha2) - [Source Code](#source-code-13) - [Client Binaries](#client-binaries-13) - [Server Binaries](#server-binaries-13) - [Node Binaries](#node-binaries-13) - [Container Images](#container-images-13) - - [Changelog since v1.25.0](#changelog-since-v1250-1) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changelog since v1.26.0-alpha.1](#changelog-since-v1260-alpha1) - [Changes by Kind](#changes-by-kind-13) - - [Deprecation](#deprecation-3) + - [Deprecation](#deprecation-2) - [API Change](#api-change-10) - [Feature](#feature-12) - - [Documentation](#documentation-1) - [Bug or Regression](#bug-or-regression-13) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-13) - [Added](#added-13) - [Changed](#changed-13) - [Removed](#removed-13) +- [v1.26.0-alpha.1](#v1260-alpha1) + - [Downloads for v1.26.0-alpha.1](#downloads-for-v1260-alpha1) + - [Source Code](#source-code-14) + - [Client Binaries](#client-binaries-14) + - [Server Binaries](#server-binaries-14) + - [Node Binaries](#node-binaries-14) + - [Container Images](#container-images-14) + - [Changelog since v1.25.0](#changelog-since-v1250-1) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changes by Kind](#changes-by-kind-14) + - [Deprecation](#deprecation-3) + - [API Change](#api-change-11) + - [Feature](#feature-13) + - [Documentation](#documentation-1) + - [Bug or Regression](#bug-or-regression-14) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Dependencies](#dependencies-14) + - [Added](#added-14) + - [Changed](#changed-14) + - [Removed](#removed-14) +# v1.26.8 + + +## Downloads for v1.26.8 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes.tar.gz) | d05a927b6bc3a8f2f2518e26b8403b3659ddd9f6453052e8c5e1041fadba556ebe8b5a114e9bb518a3a284f545a80c52cddc7e596289c09aaa1724f79244a56e +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-src.tar.gz) | 753830d94c25788d0f4cfed0f5ee3422a469b51347567d636eeb41ef35ef3fc9d6854ee53ee3617df43e4b89368fbc708a0c34392a66a20eefc170a48a4711f1 + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-darwin-amd64.tar.gz) | e736767bdd069afb4b05dd6c8fb827095a9196ec84f05ef23fc70474da4f58a8b2bf3f86c832c0903a1b6ae1d250a0632c0982ecb4d0d7bbdcf8bb1df759e449 +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-darwin-arm64.tar.gz) | bc9d2da1ee1c5d1b409fa3a0655960585565a621777641118e2f174d1d7b78ceeacd7520dac98c312a937142ee486078481a5849fdc7c8ae680dd2f535ce92b3 +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-linux-386.tar.gz) | 073ba93363d7876a60149215e086aedcbdde587ddf0097a879839035bd6eb67e49ecc35f9aca8efae87e8cde85ea1e9d23ee812b9f6946b51823a99917c43bd0 +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-linux-amd64.tar.gz) | 98d7f82c1e3b2615e13b5e6b05d9711859908dd6bdc2d1a546bbc7a89ee59e17b9396e11f543e2165dcf090227cffad0cdf984a1348ff6a0b444458f0bfaa6e3 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-linux-arm.tar.gz) | db99eef429747e01a6a6abb3eac3d3559d19ade94e14bdc0d541311a681ea3a645ef8aa95c3c8ad9e55b5f3bad080b3c652c39f245f92661db31367751ea6c68 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-linux-arm64.tar.gz) | 8f0a39a9dc5ebe13227dfcfd558de792c8de8eafcca636570c65463ced79d65907fd302f766f0f69f5724c45ee1dc33005b25f915e9218f699268b41d6ef438d +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-linux-ppc64le.tar.gz) | c67800e40946d7ddd13ed6652624bb44bba7c1e58f20ba0265ebe1d05fa1fb58096dc1510d2331785e81fc51d3e8395ecebf20cd09ac4d6fba78a623b10408f2 +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-linux-s390x.tar.gz) | d244e243d165291a593bfff7598383063ee64c4fdf1494f4ec7ab39109fd249b82c08e861da70105d84e5dbbdbbba0cda8d4187ee21749523891fdcbf8aa1b49 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-windows-386.tar.gz) | 548f91a91173be73cbe048410ad02c1d0f44cce1bafd2b53437a1a4b08dd34f0c015ea1795a112982ac0e72058c4c3272b73ddd350b6859691406658f4329806 +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-windows-amd64.tar.gz) | b3dd181d6191eaa156895175bf71e1fd1493d46faf95e7b107536d11fdaf165058ce061f6a009f7c7926e44ed2b60a1fed2eac065091192b8d946f0abe54036e +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-client-windows-arm64.tar.gz) | f031a47a955e3f517af324eba81b7a67b0d3c7f2fca55dc61df1fee323998b86f956ab803c05f2dd49fa0b277d73e21f1183b3efa08a5c879eab933d52eca6a4 + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-server-linux-amd64.tar.gz) | d6b8d6c65ed2cd6cd3c9fcceca8b94febcfeec8ea4bdc868020473dbc3ab92b55483bdcd62d8cd71e70e1a85a427db9378075156bd4bda6566b61644f9bda9e3 +[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-server-linux-arm.tar.gz) | 73319f07a94b5a3188a49aab2d94c1064c805a91227f135b2906e8f43c2ff7a5c3e23dc7393ba253b2a1807ad5de278539f72c343423c32b97fcad0eea7ca48f +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-server-linux-arm64.tar.gz) | 7eaa74d7db28642a5cc377721cedba1521bbe4f9f64f54827d847d94a2578d3f42f2bf2dc8fce78618e87263808c789581f5818a93261cb6ba458b6743989ee7 +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-server-linux-ppc64le.tar.gz) | 7a410a48a78dd5ba39baba16890c4f8a7a63bf66195442649a471f9ddfe07ea6de0d8d3f8365106728f4c535c4eb4790776870eae4cd84c5e51ca0c9b5b21f4c +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-server-linux-s390x.tar.gz) | c688e667404a627c2e150410ab461141018249c79f2cf8a105fa0c384f44541c9b9b6a5fae9e4a84f0e26a5a7ae0a815940d2883f0a15a4f16fc6f7269fb81e0 + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-node-linux-amd64.tar.gz) | d43905822a0ee9ec7e249e41fbac5301513719e624a13761f226e2a745f288697b2ae1180bdfd76ecdc380d5be74de59129372c815d143d03561c4d27684abc6 +[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-node-linux-arm.tar.gz) | e2631abb69a80618f4dee64b8c0f769bee159e9938cf623d243ea581a827e94ae300604b5b0bb872c8be453b86970e7afceeae93461f6703a45a37ecab4d4fb4 +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-node-linux-arm64.tar.gz) | 722e8ef87b7424c3e84f4eb3b45fe5cc6350651ea3247b1b37e9875d536122580ca84c49732f477dd7ca98e32bf920020a43d505dcf0406524c027008a875802 +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-node-linux-ppc64le.tar.gz) | 98924287839ee63e3d4340df22efc1871c4ee19ed7ebb4620ce965a2e60192250221360880dc6d32503bf1db7ee30aa1c45a6a4be9cd35b659bb61f18fb99d76 +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-node-linux-s390x.tar.gz) | d1276aa1972c16e7002438bd057cc32a9fbea76a7cb71c1a1551fca9e118d2c1c525eb13c4c1ff80e4b5f6c8ba1465eb812b6ecdd7e7b126410cb074faea0a87 +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.26.8/kubernetes-node-windows-amd64.tar.gz) | 8ec8392b98492522f54fdc4599cecc7c80fff73c2bdec8041b454f42df0f739ebb8cbc777b3e78f6da4b811dbebe7682f7e3a60a8068dfac26ce26f91f050f64 + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.26.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.26.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.26.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.26.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.26.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) + +## Changelog since v1.26.7 + +## Important Security Information + +This release contains changes that address the following vulnerabilities: + +### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation + +A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. + +**Affected Versions**: + - kubelet <= v1.28.0 + - kubelet <= v1.27.4 + - kubelet <= v1.26.7 + - kubelet <= v1.25.12 + - kubelet <= v1.24.16 + +**Fixed Versions**: + - kubelet v1.28.1 + - kubelet v1.27.5 + - kubelet v1.26.8 + - kubelet v1.25.13 + - kubelet v1.24.17 + +This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92) + + +**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) + + +### CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation + +A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. + +**Affected Versions**: + - kubelet <= v1.28.0 + - kubelet <= v1.27.4 + - kubelet <= v1.26.7 + - kubelet <= v1.25.12 + - kubelet <= v1.24.16 + +**Fixed Versions**: + - kubelet v1.28.1 + - kubelet v1.27.5 + - kubelet v1.26.8 + - kubelet v1.25.13 + - kubelet v1.24.17 + +This vulnerability was reported by Tomer Peled @tomerpeled92 + + +**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) + +## Changes by Kind + +### API Change + +- Aggregated discovery now returns `responseKind: {}` for resources which are missing group/version/kind information, to ensure compatibility with v0.26.0-v0.26.3 clients. ([#119835](https://github.com/kubernetes/kubernetes/pull/119835), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] + +### Feature + +- Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync. + client-go: allow to set NotBefore in NewSelfSignedCACert() ([#119114](https://github.com/kubernetes/kubernetes/pull/119114), [@champtar](https://github.com/champtar)) [SIG API Machinery, Auth and Cluster Lifecycle] +- Kubernetes is now built with Go 1.20.7 ([#119830](https://github.com/kubernetes/kubernetes/pull/119830), [@jeremyrickard](https://github.com/jeremyrickard)) [SIG Release and Testing] + +### Bug or Regression + +- Fix Topology Aware Hints not working when the `topology.kubernetes.io/zone` label is added after Node creation + - Fix a data race in TopologyCache when `AddHints` and `SetNodes` are called concurrently ([#117268](https://github.com/kubernetes/kubernetes/pull/117268), [@tnqn](https://github.com/tnqn)) [SIG Apps and Network] +- Revert kubelet prober metrics `pod` tag to include actual pod name ([#118549](https://github.com/kubernetes/kubernetes/pull/118549), [@a7i](https://github.com/a7i)) [SIG Node] +- Update kube-apiserver's priority & fairness work estimator such that 'max seats' is MIN(0.15 x nominalCL, nominalCL / handSize) + + This fixes a bug where clients with requests using hand size x max seats greater than the nominal concurrency limit can starve other requests in the same priority level. ([#118601](https://github.com/kubernetes/kubernetes/pull/118601), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery] +- Update the Event series starting count when emitting isomorphic events from 1 to 2. ([#119375](https://github.com/kubernetes/kubernetes/pull/119375), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Testing] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.26.7