Kubernetes v1.33.2 is live!
51 views
Skip to first unread message
Marko Mudrinić
Jun 18, 2025, 3:06:48 PMJun 18
to kubernete...@googlegroups.com, d...@kubernetes.io
Kubernetes Community,
Kubernetes v1.33.2 has been built and pushed using Golang version 1.24.4.
The release notes have been updated in CHANGELOG-1.33.md, with a pointer to them on GitHub:
v1.33.2
Downloads for v1.33.2
Source Code
| filename | sha512 hash |
|---|---|
| kubernetes.tar.gz | 6983c9b0c8005ab8b332eba337ed1ca8d14a1419d6cb26473ffdcf1a3ec564e107ff3baadc7306d01d1cd722470034de8ab936a1040e0d367efdaccbea911432 |
| kubernetes-src.tar.gz | ab55d41194cdcef73331add791ae438705436f1d280ba615293aa27727cf0cbf82c8d93b50e71ca2a2ab72d77a13232894a6e56a190c5ea7ffac3633606761a9 |
Client Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 2ee37c2e6592a6f1c5da07c53098747985c644174a0dcba1aab55850382c19fb6ee96ac5f718d8b9a3df42a200d0ef6517deb3396f241a107805ef3e8c5a5729 |
| kubernetes-client-darwin-arm64.tar.gz | 7ef489ef82f1e6d3a4ca0424cf5a09b289a4d8778e52c567ee5dc80779c0d652015343f224f2556ff80b59d9745dd2ec8294955a33f1c6af2073256d8fc54b92 |
| kubernetes-client-linux-386.tar.gz | 0d1ee8cd9db1a131845bdaab59ff07fcc960468d4d231506ba500e7c361992dcec1530c0f6ba13742f6846052357dbff7b412ee7b95ef4e613afb6b311805f6b |
| kubernetes-client-linux-amd64.tar.gz | 1d20d5f3705b2c585afc2814e7cc56f8cf0de223345f8dffb62c625697ae97698c5e9d62a13d9def2db4152c3d636e7eefba9cd6d750167c8bf5150c2034c272 |
| kubernetes-client-linux-arm.tar.gz | 41a3043805f20f98157464c3ddd0310336ca417a4775460344fe421dfdd04e3f69b7d99b2495fc1959e566230ae3280d998b5a689de473928d2f8895ea68e3bb |
| kubernetes-client-linux-arm64.tar.gz | c82a54169ca775ac85aaa9ed17370eee2addb471442a85d52fa8cf4fbba59b31cef57d328e4cd56f5f6c1489c51203d658aa24ead855bd3518afae5ad993b823 |
| kubernetes-client-linux-ppc64le.tar.gz | 0e29bc915785911d6f23c1a6de3ec603db8edcb4504d5d87fca373943d6427fd47f1dfa874afded1157c870953a36caa4da24ca2008857cf664b417d66812f22 |
| kubernetes-client-linux-s390x.tar.gz | 00a38841c1a6419f63db255b76932db7cfd448177b8ae17f9147f4850e4030dce075eeebde5052ac818e5104f21c47b766af10043f0b739aa479509c19b5eb5d |
| kubernetes-client-windows-386.tar.gz | 963980e4e11ee925a6c4d7b4c82e5e9bb357353be7aaa12368451f507074484a6085367f153c615d25905f3d0d3de67c2793a9e5ee7ed4e67779f646f7ab285c |
| kubernetes-client-windows-amd64.tar.gz | e15af258c113f5e0b5d83812b53a4f62fa3550b0c0301a116d91a62fbec0448dc9ac9b825bce11dd5c2c649aa084ae1fc418381de1c51eeb06c38ab99096ec47 |
| kubernetes-client-windows-arm64.tar.gz | 25e3690418010cb8d5bb9882a60af91e39768650f80f9b2fca910e09917f6d8dec000c17c22011b501e6d72e4ecb4faaed1bc165cb7af4ba82361dce6e664e8c |
Server Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 1831758107a36c6915d6b4257b44c63cd68e1788fdf412f40401015f483407de116d7cfd4d1e61b5e8ff959d2182a41d6f9b70e2248eb97cba718f3f8715eaa2 |
| kubernetes-server-linux-arm64.tar.gz | c355f704091efd969c0af60d87d4320b8f9ce6617dcb0429d7702ac85466a40c4ed71d1996c0e480e7bc562ecd49ec36213ee43fb0c98f6502eee1293b0ad01c |
| kubernetes-server-linux-ppc64le.tar.gz | e1711fcdb303b1685712dd6e3a7cbf2ca209c2a49fa010e36fec1bde6b4df4675b873f843804602dab5705c7d0d7db61d98cc344c5aace009bd008b115d084cc |
| kubernetes-server-linux-s390x.tar.gz | 570ec1707d9b08803ab9c307eef3c8a54cba6ffde032246ab3fe2186d6d9c199f353f65f1d798df522c40af53e195bff99ef64e56bfa2c9f3ee6b776ead3ce6f |
Node Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-node-linux-amd64.tar.gz | ac478b9504b153cee9d5fea8595621d65380c1040013d2f55070c1fab5a06a035d1e8ca6c62da3f70d8e2a980d7d30765607fde57c6a27c3b42c2de1270cf18c |
| kubernetes-node-linux-arm64.tar.gz | b7a0c5d2e51c81a879bc8785eabc10226d7c00e9cb337e572f41f00c8e5d122050401da6cc3a981db2eb8b5295d47fa69a4dc72de8ae4dad9964aa192f2f28ff |
| kubernetes-node-linux-ppc64le.tar.gz | a64c192e0961089662351f1d74b9de66433064e86e1b986ef704c8e8ecfd9acc5dbe94cd906302666adc7a7463d1e04a36098f4f892ce2350dd66beb8c36d388 |
| kubernetes-node-linux-s390x.tar.gz | 4fcdde7c52f82c463effb13bce8b59014a585edff716203dfb33f25223710346501fc49acb245a90e2bc1e99642f23d951ac16aece1d4b167dd71e7c2c622c13 |
| kubernetes-node-windows-amd64.tar.gz | 89d12b1359b15f030afab110195d90227a38420a6ad93c84237317b958c4c13826e35fc9dba687e345c04f38f03e92045714acaee88f4f9c21f3a12a575de609 |
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.33.1
Important Security Information
This release contains changes that address the following vulnerabilities:
CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.
Affected Versions:
- kube-apiserver v1.32.0 - v1.32.5
- kube-apiserver v1.33.0 - v1.33.1
Fixed Versions:
- kube-apiserver v1.32.6
- kube-apiserver v1.33.2
This vulnerability was reported by amitschendel.
CVSS Rating: Low (2.7) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Changes by Kind
Feature
- Kubernetes is now built using Go 1.24.3 (#131935, @cpanato) [SIG Release and Testing]
- Kubernetes is now built using Go 1.24.4 (#132226, @cpanato) [SIG Release and Testing]
Bug or Regression
- Do not expand volume on the node, if controller expansion is finished (#131987, @gnufied) [SIG Storage]
- Do not log error event when waiting for expansion on the kubelet (#132098, @gnufied) [SIG Storage]
- Fixes an issue where Windows kube-proxy's ModifyLoadBalancer API updates did not match HNS state in version 15.4. ModifyLoadBalancer policy is supported from Kubernetes 1.31+. (#131649, @princepereira) [SIG Windows]
- Kubelet: close a loophole where static pods could reference arbitrary ResourceClaims. The pods created by the kubelet then don't run due to a sanity check, but such references shouldn't be allowed regardless. (#131876, @pohly) [SIG Apps, Auth and Node]
- The shorthand for --output flag in kubectl explain was accidentally deleted, but has been added back. (#131993, @superbrothers) [SIG CLI]
Other (Cleanup or Flake)
- Improve error message when a pod with user namespaces is created and the runtime doesn't support user namespaces. (#131781, @rata) [SIG Node]
Dependencies
Added
Nothing has changed.
Changed
Removed
Nothing has changed.
Contributors, the CHANGELOG-1.33.md has been bootstrapped with v1.33.2 release notes and you may edit now as needed.
Published by your Kubernetes Release Managers.
Reply all
Reply to author
Forward
0 new messages