diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml
new file mode 100644
index 000000000..5e25bab09
--- /dev/null
+++ b/.github/workflows/release-notes.yml
@@ -0,0 +1,26 @@
+name: Collect all
+on:
+  workflow_dispatch
+
+permissions:
+  contents: write
+  pull-requests: write
+jobs:
+  collect-all:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Generate release notes
+        run: |
+          rm docs/release-notes/*.md
+          scripts/collect-all-release-notes.sh
+        env:
+          GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }}
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        with:
+          commit-message: update release-notes/k3s-*.md
+          title: Update Release Notes
+          body: Automated release notes update
+          branch: update-release-notes
\ No newline at end of file
diff --git a/.remarkignore b/.remarkignore
new file mode 100644
index 000000000..83ae50fdd
--- /dev/null
+++ b/.remarkignore
@@ -0,0 +1 @@
+docs/release-notes/*
\ No newline at end of file
diff --git a/docs/release-notes/v1.24.X.md b/docs/release-notes/v1.24.X.md
new file mode 100644
index 000000000..5f5dd40f6
--- /dev/null
+++ b/docs/release-notes/v1.24.X.md
@@ -0,0 +1,494 @@
+---
+hide_table_of_contents: true
+---
+
+# v1.24.X
+
+:::caution Upgrade Notice
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#urgent-upgrade-notes).
+:::
+
+| Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner  |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -----  |
+| [v1.24.16+k3s1](v1.24.X.md#release-v12416k3s1) | Jul 27 2023| [v1.24.16](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v12416) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.21.3-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.21.3-k3s1.23) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.2](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.2) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.24.15+k3s1](v1.24.X.md#release-v12415k3s1) | Jun 26 2023| [v1.24.15](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v12415) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.21.3-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.21.3-k3s1.23) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.24.14+k3s1](v1.24.X.md#release-v12414k3s1) | May 26 2023| [v1.24.14](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v12414) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.21.3-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.21.3-k3s1.23) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.14.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.14.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.24.13+k3s1](v1.24.X.md#release-v12413k3s1) | Apr 20 2023| [v1.24.13](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v12413) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.19-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1) | [v1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5) | [v0.21.3-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.21.3-k3s1.23) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.13.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.3) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.24.12+k3s1](v1.24.X.md#release-v12412k3s1) | Mar 27 2023| [v1.24.12](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v12412) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.19-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.21.3-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.21.3-k3s1.23) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.24.11+k3s1](v1.24.X.md#release-v12411k3s1) | Mar 10 2023| [v1.24.11](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v12411) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.15-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.21.1-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.21.1-k3s1.23) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.24.10+k3s1](v1.24.X.md#release-v12410k3s1) | Jan 26 2023| [v1.24.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v12410) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.15-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.20.2-k3s1.23) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.24.9+k3s2](v1.24.X.md#release-v1249k3s2) | Jan 11 2023| [v1.24.9](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1249) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.14-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.14-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.20.2-k3s1.23) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.24.9+k3s1](v1.24.X.md#release-v1249k3s1) | Dec 20 2022| [v1.24.9](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1249) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.12-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.12-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.20.2-k3s1.23) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.24.8+k3s1](v1.24.X.md#release-v1248k3s1) | Nov 18 2022| [v1.24.8](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1248) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.8-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.8-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.1-k3s1.23](https://github.com/flannel-io/flannel/releases/tag/v0.20.1-k3s1.23) | [v0.6.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.1) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.0) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.24.7+k3s1](v1.24.X.md#release-v1247k3s1) | Oct 25 2022| [v1.24.7](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1247) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.8-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.8-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.19.2](https://github.com/flannel-io/flannel/releases/tag/v0.19.2) | [v0.6.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.1) | [v2.9.1](https://github.com/traefik/traefik/releases/tag/v2.9.1) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.24.6+k3s1](v1.24.X.md#release-v1246k3s1) | Sep 28 2022| [v1.24.6](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1246) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.8-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.8-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.19.2](https://github.com/flannel-io/flannel/releases/tag/v0.19.2) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.24.4+k3s1](v1.24.X.md#release-v1244k3s1) | Aug 25 2022| [v1.24.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1244) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.5.13-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.5.13-k3s1) | [v1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3) | [v0.19.1](https://github.com/flannel-io/flannel/releases/tag/v0.19.1) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.24.3+k3s1](v1.24.X.md#release-v1243k3s1) | Jul 19 2022| [v1.24.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1243) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.5.13-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.5.13-k3s1) | [v1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3) | [v0.18.1](https://github.com/flannel-io/flannel/releases/tag/v0.18.1) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.24.2+k3s2](v1.24.X.md#release-v1242k3s2) | Jul 06 2022| [v1.24.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1242) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.5.13-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.5.13-k3s1) | [v1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2) | [v0.18.1](https://github.com/flannel-io/flannel/releases/tag/v0.18.1) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.24.2+k3s1](v1.24.X.md#release-v1242k3s1) | Jun 27 2022| [v1.24.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1242) | [v0.9.1](https://github.com/k3s-io/kine/releases/tag/v0.9.1) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.6-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.6-k3s1) | [v1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2) | [v0.18.1](https://github.com/flannel-io/flannel/releases/tag/v0.18.1) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.24.1+k3s1](v1.24.X.md#release-v1241k3s1) | Jun 11 2022| [v1.24.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#v1241) | [v0.9.1](https://github.com/k3s-io/kine/releases/tag/v0.9.1) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.5.11-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.5.11-k3s1) | [v1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1) | [v0.17.0](https://github.com/flannel-io/flannel/releases/tag/v0.17.0) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.1) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+
+<br />
+
+## Release v1.24.16+k3s1
+<!-- v1.24.16+k3s1 -->
+
+This release updates Kubernetes to v1.24.16, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v12415).
+
+### Changes since v1.24.14+k3s1:
+
+* Fix code spell check [(#7861)](https://github.com/k3s-io/k3s/pull/7861)
+* Remove file_windows.go [(#7857)](https://github.com/k3s-io/k3s/pull/7857)
+* Allow k3s to customize apiServerPort on helm-controller [(#7872)](https://github.com/k3s-io/k3s/pull/7872)
+* Fix rootless node password [(#7899)](https://github.com/k3s-io/k3s/pull/7899)
+* Backports for 2023-07 release [(#7910)](https://github.com/k3s-io/k3s/pull/7910)
+  * Resolved an issue that caused agents joined with kubeadm-style bootstrap tokens to fail to rejoin the cluster when their node object is deleted.
+  * The `k3s certificate rotate-ca` command now supports the data-dir flag.
+* Adding cli to custom klipper helm image [(#7916)](https://github.com/k3s-io/k3s/pull/7916)
+  * The default helm-controller job image can now be overridden with the --helm-job-image CLI flag
+* Generation of certs and keys for etcd gated if etcd is disabled [(#7946)](https://github.com/k3s-io/k3s/pull/7946)
+* Don't use zgrep in `check-config` if apparmor profile is enforced [(#7955)](https://github.com/k3s-io/k3s/pull/7955)
+* Fix image_scan.sh script and download trivy version (#7950) [(#7970)](https://github.com/k3s-io/k3s/pull/7970)
+* Adjust default kubeconfig file permissions [(#7985)](https://github.com/k3s-io/k3s/pull/7985)
+* Update to v1.24.16 [(#8023)](https://github.com/k3s-io/k3s/pull/8023)
+
+-----
+## Release v1.24.15+k3s1
+<!-- v1.24.15+k3s1 -->
+This release updates Kubernetes to v1.24.15, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v12414).
+
+### Changes since v1.24.14+k3s1:
+
+* E2E Backports - June [(#7726)](https://github.com/k3s-io/k3s/pull/7726)
+  * Shortcircuit commands with version or help flags #7683
+  * Add Rotation certification Check, remove func to restart agents #7097
+  * E2E: Sudo for RunCmdOnNode #7686
+* Fix spelling check [(#7753)](https://github.com/k3s-io/k3s/pull/7753)
+* Backport version bumps and bugfixes [(#7719)](https://github.com/k3s-io/k3s/pull/7719)
+  * The bundled metrics-server has been bumped to v0.6.3, and now uses only secure TLS ciphers by default.
+  * The `coredns-custom` ConfigMap now allows for `*.override` sections to be included in the `.:53` default server block.
+  * The K3s core controllers (supervisor, deploy, and helm) no longer use the admin kubeconfig. This makes it easier to determine from access and audit logs which actions are performed by the system, and which are performed by an administrative user.
+  * Bumped klipper-lb image to v0.4.4 to resolve an issue that prevented access to ServiceLB ports from localhost when the Service ExternalTrafficPolicy was set to Local.
+  * Make LB image configurable when compiling k3s
+  * K3s now allows nodes to join the cluster even if the node password secret cannot be created at the time the node joins. The secret create will be retried in the background. This resolves a potential deadlock created by fail-closed validating webhooks that block secret creation, where the webhook is unavailable until new nodes join the cluster to run the webhook pod.
+  * The bundled containerd's aufs/devmapper/zfs snapshotter plugins have been restored. These were unintentionally omitted when moving containerd back into the k3s multicall binary in the previous release.
+  * The embedded helm controller has been bumped to v0.15.0, and now supports creating the chart's target namespace if it does not exist.
+* Remove unused libvirt config [(#7759)](https://github.com/k3s-io/k3s/pull/7759)
+* Add format command on Makefile [(#7764)](https://github.com/k3s-io/k3s/pull/7764)
+* Update Kubernetes to v1.24.15 [(#7785)](https://github.com/k3s-io/k3s/pull/7785)
+
+-----
+## Release v1.24.14+k3s1
+<!-- v1.24.14+k3s1 -->
+This release updates Kubernetes to v1.24.14, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v12413).
+
+### Changes since v1.24.13+k3s1:
+
+* Add E2E testing in Drone [(#7376)](https://github.com/k3s-io/k3s/pull/7376)
+* Add integration tests for etc-snapshot server flags [(#7379)](https://github.com/k3s-io/k3s/pull/7379)
+* CLI + Config Enhancement [(#7407)](https://github.com/k3s-io/k3s/pull/7407)
+  * `--Tls-sans` now accepts multiple arguments: `--tls-sans="foo,bar"`
+  * `Prefer-bundled-bin: true` now works properly when set in `config.yaml.d` files
+* Migrate netutil methods into /utils/net.go [(#7435)](https://github.com/k3s-io/k3s/pull/7435)
+* Bump Runc + Containerd + Docker for CVE fixes [(#7453)](https://github.com/k3s-io/k3s/pull/7453)
+* Bump kube-router version to fix a bug when a port name is used [(#7462)](https://github.com/k3s-io/k3s/pull/7462)
+* Kube flags and longhorn tests 1.24 [(#7467)](https://github.com/k3s-io/k3s/pull/7467)
+* Local-storage: Fix permission [(#7472)](https://github.com/k3s-io/k3s/pull/7472)
+* Backport version bumps and bugfixes [(#7516)](https://github.com/k3s-io/k3s/pull/7516)
+  * K3s now retries the cluster join operation when receiving a "too many learners" error from etcd. This most frequently occurred when attempting to add multiple servers at the same time.
+  * K3s once again supports aarch64 nodes with page size > 4k
+  * The packaged Traefik version has been bumped to v2.9.10 / chart 21.2.0
+  * K3s now prints a more meaningful error when attempting to run from a filesystem mounted `noexec`.
+  * K3s now exits with a proper error message when the server token uses a bootstrap token `id.secret` format.
+  * Fixed an issue where Addon, HelmChart, and HelmChartConfig CRDs were created without structural schema, allowing the creation of custom resources of these types with invalid content.
+  * Servers started with the (experimental) --disable-agent flag no longer attempt to run the tunnel authorizer agent component.
+  * Fixed an regression that prevented the pod and cluster egress-selector modes from working properly.
+  * K3s now correctly passes through etcd-args to the temporary etcd that is used to extract cluster bootstrap data when restarting managed etcd nodes.
+  * K3s now properly handles errors obtaining the current etcd cluster member list when a new server is joining the managed etcd cluster.
+  * The embedded kine version has been bumped to v0.10.1. This replaces the legacy `lib/pq` postgres driver with `pgx`.
+  * The bundled CNI plugins have been upgraded to v1.2.0-k3s1. The bandwidth and firewall plugins are now included in the bundle.
+  * The embedded Helm controller now supports authenticating to chart repositories via credentials stored in a Secret, as well as passing repo CAs via ConfigMap.
+* Bump containerd/runc to v1.7.1-k3s1/v1.1.7 [(#7536)](https://github.com/k3s-io/k3s/pull/7536)
+  * The bundled containerd and runc versions have been bumped to v1.7.1-k3s1/v1.1.7
+* Wrap error stating that it is coming from netpol [(#7549)](https://github.com/k3s-io/k3s/pull/7549)
+* Update to v1.24.14-k3s1 [(#7577)](https://github.com/k3s-io/k3s/pull/7577)
+
+-----
+## Release v1.24.13+k3s1
+<!-- v1.24.13+k3s1 -->
+This release updates Kubernetes to v1.24.13, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v12412).
+
+### Changes since v1.24.12+k3s1:
+
+* Enhance `check-config` [(#7165)](https://github.com/k3s-io/k3s/pull/7165)
+* Remove deprecated nodeSelector label beta.kubernetes.io/os (#6970) [(#7122)](https://github.com/k3s-io/k3s/pull/7122)
+* Backport version bumps and bugfixes [(#7229)](https://github.com/k3s-io/k3s/pull/7229)
+  * The bundled local-path-provisioner version has been bumped to v0.0.24
+  * The bundled runc version has been bumped to v1.1.5
+  * The bundled coredns version has been bumped to v1.10.1
+  * When using an external datastore, K3s now locks the bootstrap key while creating initial cluster bootstrap data, preventing a race condition when multiple servers attempted to initialize the cluster simultaneously.
+  * The client load-balancer that maintains connections to active server nodes now closes connections to servers when they are removed from the cluster. This ensures that agent components immediately reconnect to a current cluster member.
+  * Fixed a race condition during cluster reset that could cause the operation to hang and time out.
+* Updated kube-router to move the default ACCEPT rule at the end of the chain [(#7222)](https://github.com/k3s-io/k3s/pull/7222)
+  * The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
+* Update klipper lb and helm-controller [(#7241)](https://github.com/k3s-io/k3s/pull/7241)
+* Update Kube-router ACCEPT rule insertion and install script to clean rules before start [(#7277)](https://github.com/k3s-io/k3s/pull/7277)
+  * The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
+* Update to v1.24.13-k3s1 [(#7284)](https://github.com/k3s-io/k3s/pull/7284)
+
+-----
+## Release v1.24.12+k3s1
+<!-- v1.24.12+k3s1 -->
+This release updates Kubernetes to v1.24.12, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v12411).
+
+### Changes since v1.24.11+k3s1:
+
+* Update flannel and kube-router [(#7063)](https://github.com/k3s-io/k3s/pull/7063)
+* Bump various dependencies for CVEs [(#7042)](https://github.com/k3s-io/k3s/pull/7042)
+* Enable dependabot [(#7046)](https://github.com/k3s-io/k3s/pull/7046)
+* Wait for kubelet port to be ready before setting [(#7065)](https://github.com/k3s-io/k3s/pull/7065)
+  * The agent tunnel authorizer now waits for the kubelet to be ready before reading the kubelet port from the node object.
+* Improve support for rotating the default self-signed certs [(#7080)](https://github.com/k3s-io/k3s/pull/7080)
+  * The `k3s certificate rotate-ca` checks now support rotating self-signed certificates without the `--force` option.
+* Adds a warning about editing to the containerd config.toml file [(#7076)](https://github.com/k3s-io/k3s/pull/7076)
+* Update to v1.24.12-k3s1 [(#7105)](https://github.com/k3s-io/k3s/pull/7105)
+
+-----
+## Release v1.24.11+k3s1
+<!-- v1.24.11+k3s1 -->
+This release updates Kubernetes to v1.24.11, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v12410).
+
+### Changes since v1.24.10+k3s1:
+
+* Add jitter to scheduled snapshots and retry harder on conflicts [(#6783)](https://github.com/k3s-io/k3s/pull/6783)
+  * Scheduled etcd snapshots are now offset by a short random delay of up to several seconds. This should prevent multi-server clusters from executing pathological behavior when attempting to simultaneously update the snapshot list ConfigMap. The snapshot controller will also be more persistent in attempting to update the snapshot list.
+* Bump cri-dockerd [(#6799)](https://github.com/k3s-io/k3s/pull/6799)
+  * The embedded cri-dockerd has been updated to v0.3.1
+* Bugfix: do not break cert-manager when pprof is enabled [(#6838)](https://github.com/k3s-io/k3s/pull/6838)
+* Bump vagrant boxes to fedora37 [(#6859)](https://github.com/k3s-io/k3s/pull/6859)
+* Fix cronjob example [(#6865)](https://github.com/k3s-io/k3s/pull/6865)
+* Ensure flag type consistency [(#6868)](https://github.com/k3s-io/k3s/pull/6868)
+* Wait for cri-dockerd socket [(#6854)](https://github.com/k3s-io/k3s/pull/6854)
+* Consolidate E2E tests [(#6888)](https://github.com/k3s-io/k3s/pull/6888)
+* Ignore value conflicts when reencrypting secrets [(#6918)](https://github.com/k3s-io/k3s/pull/6918)
+* Allow ServiceLB to honor `ExternalTrafficPolicy=Local` [(#6908)](https://github.com/k3s-io/k3s/pull/6908)
+  * ServiceLB now honors the Service's ExternalTrafficPolicy. When set to Local, the LoadBalancer will only advertise addresses of Nodes with a Pod for the Service, and will not forward traffic to other cluster members.
+* Use default address family when adding kubernetes service address to SAN list [(#6905)](https://github.com/k3s-io/k3s/pull/6905)
+  * The apiserver advertised address and IP SAN entry are now set correctly on clusters that use IPv6 as the default IP family.
+* Fix issue with servicelb startup failure when validating webhooks block creation [(#6920)](https://github.com/k3s-io/k3s/pull/6920)
+  * The embedded cloud controller manager will no longer attempt to unconditionally re-create its namespace and serviceaccount on startup. This resolves an issue that could cause a deadlocked cluster when fail-closed webhooks are in use.
+* Backport user-provided CA cert and `kubeadm` bootstrap token support [(#6930)](https://github.com/k3s-io/k3s/pull/6930)
+  * K3s now functions properly when the cluster CA certificates are signed by an existing root or intermediate CA. You can find a sample script for generating such certificates before K3s starts in the github repo at [contrib/util/certs.sh](https://github.com/k3s-io/k3s/blob/master/contrib/util/certs.sh).
+  * K3s now supports `kubeadm` style join tokens. `k3s token create` now creates join token secrets, optionally with a limited TTL.
+  * K3s agents joined with an expired or deleted token stay in the cluster using existing client certificates via the NodeAuthorization admission plugin, unless their Node object is deleted from the cluster.
+* Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent [(#6937)](https://github.com/k3s-io/k3s/pull/6937)
+  * Fixed an issue that would cause the apiserver egress proxy to attempt to use the agent tunnel to connect to service endpoints even in agent or disabled mode.
+* Update flannel to v0.21.1 [(#6925)](https://github.com/k3s-io/k3s/pull/6925)
+* Allow for multiple sets of leader-elected controllers [(#6942)](https://github.com/k3s-io/k3s/pull/6942)
+  * Fixed an issue where leader-elected controllers for managed etcd did not run on etcd-only nodes
+* Fix etcd and ca-cert rotate issues [(#6955)](https://github.com/k3s-io/k3s/pull/6955)
+* Fix ServiceLB dual-stack ingress IP listing [(#6988)](https://github.com/k3s-io/k3s/pull/6988)
+  * Resolved an issue with ServiceLB that would cause it to advertise node IPv6 addresses, even if the cluster or service was not enabled for dual-stack operation.
+* Bump kine to v0.9.9 [(#6976)](https://github.com/k3s-io/k3s/pull/6976)
+  * The embedded kine version has been bumped to v0.9.9. Compaction log messages are now omitted at `info` level for increased visibility.
+* Update to v1.24.11-k3s1 [(#7009)](https://github.com/k3s-io/k3s/pull/7009)
+
+-----
+## Release v1.24.10+k3s1
+<!-- v1.24.10+k3s1 -->
+
+This release updates Kubernetes to v1.24.10+k3s1, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1249).
+
+### Changes since v1.24.9+k3s2:
+
+* Pass through default tls-cipher-suites [(#6731)](https://github.com/k3s-io/k3s/pull/6731)
+  * The K3s default cipher suites are now explicitly passed in to kube-apiserver, ensuring that all listeners use these values.
+* Bump containerd to v1.6.15-k3s1 [(#6736)](https://github.com/k3s-io/k3s/pull/6736)
+  * The embedded containerd version has been bumped to v1.6.15-k3s1
+* Bump action/download-artifact to v3 [(#6748)](https://github.com/k3s-io/k3s/pull/6748)
+
+-----
+## Release v1.24.9+k3s2
+<!-- v1.24.9+k3s2 -->
+
+This release updates containerd to v1.6.14 to resolve an issue where pods would lose their CNI information when containerd was restarted.
+
+### Changes since v1.24.9+k3s1:
+
+* Backport missing E2E test commits [(#6616)](https://github.com/k3s-io/k3s/pull/6616)
+* Bump containerd to v1.6.14-k3s1 [(#6695)](https://github.com/k3s-io/k3s/pull/6695)
+  * The embedded containerd version has been bumped to v1.6.14-k3s1. This includes a backported fix for [containerd/7843](https://github.com/containerd/containerd/issues/7843) which caused pods to lose their CNI info when containerd was restarted, which in turn caused the kubelet to recreate the pod.
+
+-----
+## Release v1.24.9+k3s1
+<!-- v1.24.9+k3s1 -->
+
+> ## ⚠️ WARNING
+> This release is affected by https://github.com/containerd/containerd/issues/7843, which causes the kubelet to restart all pods whenever K3s is restarted. For this reason, we have removed this K3s release from the channel server. Please use `v1.24.9+k3s2` instead.
+
+This release updates Kubernetes to v1.24.9, and fixes a number of issues.
+
+**Breaking Change:** K3s no longer includes `swanctl` and `charon` binaries. If you are using the ipsec flannel backend, please ensure that the strongswan `swanctl` and `charon` packages are installed on your node before upgrading K3s to this release.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1248).
+
+### Changes since v1.24.8+k3s1:
+
+* Remove stuff which belongs in the windows executor implementation [(#6502)](https://github.com/k3s-io/k3s/pull/6502)
+* Github CI Updates [(#6535)](https://github.com/k3s-io/k3s/pull/6535)
+* Fix log for flannelExternalIP use case [(#6540)](https://github.com/k3s-io/k3s/pull/6540)
+* Switch from Google Buckets to AWS S3 Buckets [(#6570)](https://github.com/k3s-io/k3s/pull/6570)
+* Change secrets-encryption flag to GA [(#6591)](https://github.com/k3s-io/k3s/pull/6591)
+* Update flannel to v0.20.2 [(#6589)](https://github.com/k3s-io/k3s/pull/6589)
+* Backports for 2022-12 [(#6599)](https://github.com/k3s-io/k3s/pull/6599)
+  * Added new prefer-bundled-bin flag which force K3s to use its bundle binaries over that of the host tools
+  * The embedded containerd version has been updated to v1.6.10-k3s1
+  * The rootless `port-driver`, `cidr`, `mtu`, `enable-ipv6`, and `disable-host-loopback` settings can now be configured via environment variables.
+  * The embedded Load-Balancer controller image has been bumped to klipper-lb:v0.4.0, which includes support for the [LoadBalancerSourceRanges](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#:~:text=loadBalancerSourceRanges) field.
+  * The embedded Helm controller image has been bumped to klipper-helm:v0.7.4-build20221121
+  * The embedded cloud-controller-manager's metrics listener on port 10258 is now disabled when the `--disable-cloud-controller` flag is set.
+  * Deployments for K3s packaged components now have consistent upgrade strategy and revisionHistoryLimit settings, and will not override scaling decisions by hardcoding the replica count.
+  * The packaged metrics-server has been bumped to v0.6.2
+  * The embedded k3s-root version has been bumped to v0.12.0, based on buildroot 2022.08.1.
+  * The embedded swanctl and charon binaries have been removed. If you are using the ipsec flannel backend, please ensure that the strongswan `swanctl` and `charon` packages are installed on your node before upgrading k3s.
+* Update node12->node16 based GH actions [(#6595)](https://github.com/k3s-io/k3s/pull/6595)
+* Update to v1.24.9-k3s1 [(#6623)](https://github.com/k3s-io/k3s/pull/6623)
+* Bump containerd to v1.6.12-k3s1 [(#6630)](https://github.com/k3s-io/k3s/pull/6630)
+  * The embedded containerd version has been bumped to v1.6.12
+* Preload iptable_filter/ip6table_filter [(#6647)](https://github.com/k3s-io/k3s/pull/6647)
+
+-----
+## Release v1.24.8+k3s1
+<!-- v1.24.8+k3s1 -->
+This release updates Kubernetes to v1.24.8, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1247).
+
+### Changes since v1.24.7+k3s1:
+
+* Add the gateway parameter in netplan [(#6341)](https://github.com/k3s-io/k3s/pull/6341)
+* Add a netpol test for podSelector & ingress type [(#6348)](https://github.com/k3s-io/k3s/pull/6348)
+* Upgrade kube-router to v1.5.1 [(#6356)](https://github.com/k3s-io/k3s/pull/6356)
+* Bump install tests OS images [(#6379)](https://github.com/k3s-io/k3s/pull/6379)
+* Add test for node-external-ip config parameter [(#6363)](https://github.com/k3s-io/k3s/pull/6363)
+* Update Flannel to v0.20.1 [(#6418)](https://github.com/k3s-io/k3s/pull/6418)
+* Backports for 2022-11
+ * The packaged traefik helm chart has been bumped to v19.0.0, enabling ingressclass support by default.
+ * The packaged local-path-provisioner has been bumped to v0.0.23 
+ * The packaged coredns has been bumped to v1.9.4
+ * Fix incorrect defer usage
+ * The bundled traefik has been updated to v2.9.4 /  helm chart v18.3.0
+ * Use debugger-friendly compile settings if debug is set
+ * Add test for node-external-ip config parameter
+ * Convert containerd config.toml.tmpl linux template to v2 syntax
+ * Replace fedora-coreos with fedora 36 for install tests
+ * Fixed an issue that would prevent the deploy controller from handling manifests that include resource types that are no longer supported by the apiserver.
+ * The embedded helm controller has been bumped to v0.13.0
+ * The bundled traefik helm chart has been updated to v18.0.0
+ * Add hardened cluster and upgrade tests
+ * Bump kine to v0.9.6 / sqlite3 v3.39.2 ([cve-2022-35737](https://nvd.nist.gov/vuln/detail/cve-2022-35737))
+ * Bumped dynamiclistener library to v0.3.5 [(#6411)](https://github.com/k3s-io/k3s/pull/6411)
+*  Add some helping logs to avoid wrong configs [(#6432)](https://github.com/k3s-io/k3s/pull/6432)
+*  Change the priority of address types depending on flannel-external-ip [(#6434)](https://github.com/k3s-io/k3s/pull/6434)
+*  log kube-router version when starting netpol controller [(#6439)](https://github.com/k3s-io/k3s/pull/6439)
+* K3s now indicates specifically which cluster-level configuration flags are out of sync when critical configuration differs between server nodes. [(#6446)](https://github.com/k3s-io/k3s/pull/6446)
+* Pull traefik helm chart directly from GH [(#6469)](https://github.com/k3s-io/k3s/pull/6469)
+* Update to v1.24.8 [(#6479)](https://github.com/k3s-io/k3s/pull/6479)
+* The packaged traefik helm chart has been bumped to 19.0.4 [(#6495)](https://github.com/k3s-io/k3s/pull/6495)
+* Move traefik chart repo again [(#6509)](https://github.com/k3s-io/k3s/pull/6509)
+
+-----
+## Release v1.24.7+k3s1
+<!-- v1.24.7+k3s1 -->
+This release updates Kubernetes to v1.24.7, and fixes a number of issues.
+
+The K3s [CIS Hardening Guide](https://docs.k3s.io/security/hardening-guide) has been updated to include configuration changes required to support embedding ServiceLB in the cloud controller manager. If you have followed the hardening guide, please update your policies and RBAC in accordingly.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1246).
+
+### Changes since v1.24.6+k3s1:
+
+* Add flannel-external-ip when there is a k3s node-external-ip [(#6189)](https://github.com/k3s-io/k3s/pull/6189)
+* Backports for 2022-10 [(#6227)](https://github.com/k3s-io/k3s/pull/6227)
+  * The embedded metrics-server version has been bumped to v0.6.1
+  * The ServiceLB (klipper-lb) service controller is now integrated into the K3s stub cloud controller manager.
+  * Events recorded to the cluster by embedded controllers are now properly formatted in the service logs.
+  * Fixed an issue with the apiserver network proxy that caused `kubectl exec` to occasionally fail with `error dialing backend: EOF`
+  * Fixed an issue with the apiserver network proxy that caused `kubectl exec` and `kubectl logs` to fail when a custom kubelet port was used, and the custom port was blocked by firewall or security group rules.
+  * The embedded Traefik version has been bumped to v2.9.1 / chart 12.0.0
+* Replace deprecated ioutil package [(#6235)](https://github.com/k3s-io/k3s/pull/6235)
+* Fix dualStack test [(#6250)](https://github.com/k3s-io/k3s/pull/6250)
+* Update to v1.24.7-k3s1 [(#6270)](https://github.com/k3s-io/k3s/pull/6270)
+* Add ServiceAccount for svclb pods [(#6276)](https://github.com/k3s-io/k3s/pull/6276)
+* Return ProviderID in URI format [(#6287)](https://github.com/k3s-io/k3s/pull/6287)
+* Corrected CCM RBAC to allow for removal of legacy service finalizer during upgrades. [(#6307)](https://github.com/k3s-io/k3s/pull/6307)
+* Added a new --flannel-external-ip flag. [(#6322)](https://github.com/k3s-io/k3s/pull/6322)
+  * When enabled, Flannel traffic will now use the nodes external IPs, instead of internal.
+  * This is meant for use with distributed clusters that are not all on the same local network.
+
+-----
+## Release v1.24.6+k3s1
+<!-- v1.24.6+k3s1 -->
+This release updates Kubernetes to v1.24.6, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1244).
+
+### Changes since v1.24.4+k3s1:
+
+* Remove `--containerd` flag from windows kubelet args [(#6028)](https://github.com/k3s-io/k3s/pull/6028)
+* Mark v1.24.4+k3s1 as stable [(#6036)](https://github.com/k3s-io/k3s/pull/6036)
+* E2E: Add support for CentOS 7 and Rocky 8 [(#6015)](https://github.com/k3s-io/k3s/pull/6015)
+* Convert install tests to run PR build of k3s [(#6003)](https://github.com/k3s-io/k3s/pull/6003)
+* CI: update Fedora 34 -> 35 [(#5996)](https://github.com/k3s-io/k3s/pull/5996)
+* Fix dualStack test and change ipv6 network prefix [(#6023)](https://github.com/k3s-io/k3s/pull/6023)
+* Fix e2e tests [(#6018)](https://github.com/k3s-io/k3s/pull/6018)
+* Update Flannel version to fix older iptables version issue. [(#6088)](https://github.com/k3s-io/k3s/pull/6088)
+* The bundled version of runc has been bumped to v1.1.4 [(#6072)](https://github.com/k3s-io/k3s/pull/6072)
+* The embedded containerd version has been bumped to v1.6.8-k3s1 [(#6079)](https://github.com/k3s-io/k3s/pull/6079)
+* Bulk Backport of Testing Changes [(#6085)](https://github.com/k3s-io/k3s/pull/6085)
+* Add validation check to confirm correct golang version for Kubernetes [(#6113)](https://github.com/k3s-io/k3s/pull/6113)
+* Update to v1.24.5 [(#6143)](https://github.com/k3s-io/k3s/pull/6143)
+* Update to v1.24.6-k3s1 [(#6164)](https://github.com/k3s-io/k3s/pull/6164)
+
+-----
+## Release v1.24.4+k3s1
+<!-- v1.24.4+k3s1 -->
+This release updates Kubernetes to v1.24.4, and fixes a number of issues.
+
+This release restores use of the `--docker` flag to the v1.24 branch. See [docs/adrs/cri-dockerd.md](https://github.com/k3s-io/k3s/blob/master/docs/adrs/cri-dockerd.md) for more information.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1243).
+
+### Changes since v1.24.3+k3s1:
+
+* Put the terraform tests into their own packages and cleanup the test runs [(#5861)](https://github.com/k3s-io/k3s/pull/5861)
+* Bumped rootlesskit to v1.0.1 [(#5773)](https://github.com/k3s-io/k3s/pull/5773)
+* The initial health-check time for the etcd datastore has been raised from 10 to 30 seconds. [(#5882)](https://github.com/k3s-io/k3s/pull/5882)
+* Fixed a regression that caused systemd cgroup driver autoconfiguration to fail on server nodes. [(#5851)](https://github.com/k3s-io/k3s/pull/5851)
+* The embedded network policy controller has been updated to kube-router v1.5.0 [(#5789)](https://github.com/k3s-io/k3s/pull/5789)
+* The configured service CIDR is now passed to the Kubernetes controller-manager via the `--service-cluster-ip-range` flag. Previously this value was only passed to the apiserver. [(#5894)](https://github.com/k3s-io/k3s/pull/5894)
+* Updated dynamiclistener to fix a regression that prevented certificate renewal from working properly. [(#5896)](https://github.com/k3s-io/k3s/pull/5896)
+* Promote v1.24.3+k3s1 to stable [(#5889)](https://github.com/k3s-io/k3s/pull/5889)
+* ADR: Depreciating and Removing Old Flags [(#5890)](https://github.com/k3s-io/k3s/pull/5890)
+* K3s no longer sets containerd's `enable_unprivileged_icmp` and `enable_unprivileged_ports` options on kernels that do not support them. [(#5913)](https://github.com/k3s-io/k3s/pull/5913)
+* The etcd error on incorrect peer urls now correctly includes the expected https and 2380 port. [(#5909)](https://github.com/k3s-io/k3s/pull/5909)
+* When set, the agent-token value is now written to `$datadir/server/agent-token`, in the same manner as the default (server) token is written to `$datadir/server/token` [(#5906)](https://github.com/k3s-io/k3s/pull/5906)
+* Deprecated flags now warn of their v1.25 removal [(#5937)](https://github.com/k3s-io/k3s/pull/5937)
+* Fix secrets reencryption for clusters with 8K+ secrets [(#5936)](https://github.com/k3s-io/k3s/pull/5936)
+* Bumped minio-go to v7.0.33. This adds support for IMDSv2 credentials. [(#5928)](https://github.com/k3s-io/k3s/pull/5928)
+* Upgrade GH Actions macos-10.15 to macos-12 [(#5953)](https://github.com/k3s-io/k3s/pull/5953)
+* Added dualstack IP auto detection [(#5920)](https://github.com/k3s-io/k3s/pull/5920)
+* The `--docker` flag has been restored to k3s, as a shortcut to enabling embedded cri-dockerd [(#5916)](https://github.com/k3s-io/k3s/pull/5916)
+* Update MAINTAINERS with new folks and departures [(#5948)](https://github.com/k3s-io/k3s/pull/5948)
+* Removing checkbox indicating backports [(#5947)](https://github.com/k3s-io/k3s/pull/5947)
+* fix checkError in terraform/testutils [(#5893)](https://github.com/k3s-io/k3s/pull/5893)
+* Add scripts to run e2e test using ansible [(#5134)](https://github.com/k3s-io/k3s/pull/5134)
+* Updated flannel to v0.19.1 [(#5962)](https://github.com/k3s-io/k3s/pull/5962)
+* Update run scripts [(#5979)](https://github.com/k3s-io/k3s/pull/5979)
+* Convert install/cgroup tests to yaml based config [(#5992)](https://github.com/k3s-io/k3s/pull/5992)
+* E2E: Local cluster testing [(#5977)](https://github.com/k3s-io/k3s/pull/5977)
+* Add nightly install github action [(#5998)](https://github.com/k3s-io/k3s/pull/5998)
+* Convert codespell from Drone to GH actions [(#6004)](https://github.com/k3s-io/k3s/pull/6004)
+* Update to v1.24.4 [(#6014)](https://github.com/k3s-io/k3s/pull/6014)
+
+-----
+## Release v1.24.3+k3s1
+<!-- v1.24.3+k3s1 -->
+This release updates Kubernetes to v1.24.3, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1242).
+
+### Changes since v1.24.2+k3s2:
+* Updated rancher/remotedialer to address a potential memory leak. [(#5784)](https://github.com/k3s-io/k3s/pull/5784)
+* The embedded runc binary has been bumped to v1.1.3 [(#5783)](https://github.com/k3s-io/k3s/pull/5783)
+* Fixed a regression that caused some containerd labels to be empty in cadvisor pod metrics [(#5812)](https://github.com/k3s-io/k3s/pull/5812)
+* Replace dapper testing with regular docker [(#5805)](https://github.com/k3s-io/k3s/pull/5805)
+* Promote v1.23.8+k3s2 to stable [(#5814)](https://github.com/k3s-io/k3s/pull/5814)
+* Fixed an issue that would cause etcd restore to fail when restoring a snapshot made with secrets encryption enabled if the --secrets-encryption command was not included in the config file or restore command. [(#5817)](https://github.com/k3s-io/k3s/pull/5817)
+* Fix deletion of svclb DaemonSet when Service is deleted
+* Fixed a regression that caused ServiceLB DaemonSets to remain present after their corresponding Services were deleted.
+    Manual cleanup of orphaned `svclb-*` DaemonSets from the `kube-system` namespace may be necessary if any LoadBalancer Services were deleted while running an affected release. [(#5824)](https://github.com/k3s-io/k3s/pull/5824)
+* Address issues with etcd snapshots
+* Scheduled etcd snapshots are now compressed when snapshot compression is enabled.
+* The default etcd snapshot timeout has been raised to 5 minutes.
+    Only one scheduled etcd snapshot will run at a time. If another snapshot would occur while the previous snapshot is still in progress, an error will be logged and the second scheduled snapshot will be skipped.
+* S3 objects for etcd snapshots are now labeled with the correct content-type when compression is not enabled. [(#5833)](https://github.com/k3s-io/k3s/pull/5833)
+* Update to v1.24.3 [(#5870)](https://github.com/k3s-io/k3s/pull/5870)
+
+-----
+## Release v1.24.2+k3s2
+<!-- v1.24.2+k3s2 -->
+This fixes several issues in the v1.24.2+k3s1 and prior releases.
+
+### Changes since v1.24.2+k3s1:
+
+* Bumped kine to fix an issue where namespaced lists that included a field-selector on metadata.name would fail to return results when using a sql storage backend. ([#5795](https://github.com/k3s-io/k3s/pull/5795))
+* K3s will no longer log panics after upgrading directly from much older kubernetes releases, or when deploying services with `type: externalname`. ([#5771](https://github.com/k3s-io/k3s/pull/5771))
+* Fixed an issue that prevented `kubectl logs` and other functionality that requires a connection to the agent from working correctly when the server's `--bind-address` flag was used, or when k3s is used behind a http proxy. ([#5780](https://github.com/k3s-io/k3s/pull/5780))
+* Fixed an issue that prevented newer versions of k3s from joining clusters that do not have egress-selector-mode support. ([#5785](https://github.com/k3s-io/k3s/pull/5785))
+* Remove go-powershell dead dependency ([#5777](https://github.com/k3s-io/k3s/pull/5777))
+
+-----
+## Release v1.24.2+k3s1
+<!-- v1.24.2+k3s1 -->
+This release updates Kubernetes to v1.24.2, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1241).
+
+### Changes since v1.24.1+k3s1:
+
+* Remove kube-ipvs0 interface when cleaning up [(#5644)](https://github.com/k3s-io/k3s/pull/5644)
+* The `--flannel-wireguard-mode` switch was added to the k3s cli to configure the wireguard tunnel mode with the wireguard native backend [(#5552)](https://github.com/k3s-io/k3s/pull/5552)
+* Introduce the flannelcniconf flag to set the desired flannel cni configuration [(#5656)](https://github.com/k3s-io/k3s/pull/5656)
+* Integration Test: Startup [(#5630)](https://github.com/k3s-io/k3s/pull/5630)
+* E2E Improvements and groundwork for test-pad tool [(#5593)](https://github.com/k3s-io/k3s/pull/5593)
+* Update SECURITY.md [(#5607)](https://github.com/k3s-io/k3s/pull/5607)
+* Introduce --enable-pprof flag to optionally run pprof server [(#5527)](https://github.com/k3s-io/k3s/pull/5527)
+* E2E: Dualstack test [(#5617)](https://github.com/k3s-io/k3s/pull/5617)
+* Pods created by ServiceLB are now all placed in the `kube-system` namespace, instead of in the same namespace as the Service. This allows for [enforcing Pod Security Standards](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/) in user namespaces without breaking ServiceLB. [(#5657)](https://github.com/k3s-io/k3s/pull/5657)
+* E2E: testpad prep, add alternate scripts location [(#5692)](https://github.com/k3s-io/k3s/pull/5692)
+* Add arm tests and upgrade tests [(#5526)](https://github.com/k3s-io/k3s/pull/5526)
+* Delay service readiness until after startuphooks have finished [(#5649)](https://github.com/k3s-io/k3s/pull/5649)
+* Disable urfave markdown/man docs generation [(#5566)](https://github.com/k3s-io/k3s/pull/5566)
+* The embedded etcd snapshot controller will no longer fail to process snapshot files containing characters that are invalid for use in ConfigMap keys. [(#5702)](https://github.com/k3s-io/k3s/pull/5702)
+* Environment variables prefixed with `CONTAINERD_` now take priority over other existing variables, when passed through to containerd. [(#5706)](https://github.com/k3s-io/k3s/pull/5706)
+* The embedded etcd instance no longer accepts connections from other nodes while resetting or restoring. [(#5542)](https://github.com/k3s-io/k3s/pull/5542)
+* Enable compatibility tests for k3s s390x [(#5658)](https://github.com/k3s-io/k3s/pull/5658)
+* Containerd: Enable enable_unprivileged_ports and enable_unprivileged_… [(#5538)](https://github.com/k3s-io/k3s/pull/5538)
+* The embedded Helm controller now properly updates Chart deployments when HelmChartConfig resources are updated or deleted. [(#5731)](https://github.com/k3s-io/k3s/pull/5731)
+* Update to v1.24.2 [(#5749)](https://github.com/k3s-io/k3s/pull/5749)
+
+-----
+## Release v1.24.1+k3s1
+<!-- v1.24.1+k3s1 -->
+This release updates Kubernetes to v1.24.1, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#changelog-since-v1240).
+
+### Changes since v1.24.0+k3s1:
+
+* Objects will be removed from Kubernetes when they are removed from manifest files. [(#5560)](https://github.com/k3s-io/k3s/pull/5560)
+* Remove errant unversioned etcd go.mod entry [(#5548)](https://github.com/k3s-io/k3s/pull/5548)
+* Pass the node-ip values to kubelet [(#5579)](https://github.com/k3s-io/k3s/pull/5579)
+* The integrated apiserver network proxy's operational mode can now be set with `--egress-selector-mode`. [(#5577)](https://github.com/k3s-io/k3s/pull/5577)
+* remove dweomer from maintainers [(#5582)](https://github.com/k3s-io/k3s/pull/5582)
+* Bump dynamiclistener to v0.3.3 [(#5554)](https://github.com/k3s-io/k3s/pull/5554)
+* Update to v1.24.1-k3s1 [(#5616)](https://github.com/k3s-io/k3s/pull/5616)
+* Re-add `--cloud-provider=external` kubelet arg [(#5628)](https://github.com/k3s-io/k3s/pull/5628)
+* Revert "Give kubelet the node-ip value (#5579)" [(#5636)](https://github.com/k3s-io/k3s/pull/5636)
+
+-----
diff --git a/docs/release-notes/v1.25.X.md b/docs/release-notes/v1.25.X.md
new file mode 100644
index 000000000..264255fa9
--- /dev/null
+++ b/docs/release-notes/v1.25.X.md
@@ -0,0 +1,429 @@
+---
+hide_table_of_contents: true
+---
+
+# v1.25.X
+
+:::caution Upgrade Notice
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#urgent-upgrade-notes).
+:::
+
+| Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner  |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -----  |
+| [v1.25.12+k3s1](v1.25.X.md#release-v12512k3s1) | Jul 27 2023| [v1.25.12](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v12512) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.22.0](https://github.com/flannel-io/flannel/releases/tag/v0.22.0) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.2](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.2) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.25.11+k3s1](v1.25.X.md#release-v12511k3s1) | Jun 26 2023| [v1.25.11](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v12511) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.22.0](https://github.com/flannel-io/flannel/releases/tag/v0.22.0) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.25.10+k3s1](v1.25.X.md#release-v12510k3s1) | May 26 2023| [v1.25.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v12510) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.14.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.14.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.25.9+k3s1](v1.25.X.md#release-v1259k3s1) | Apr 20 2023| [v1.25.9](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1259) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.19-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1) | [v1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.13.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.3) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.25.8+k3s1](v1.25.X.md#release-v1258k3s1) | Mar 27 2023| [v1.25.8](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1258) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.19-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.25.7+k3s1](v1.25.X.md#release-v1257k3s1) | Mar 10 2023| [v1.25.7](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1257) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.15-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.21.1](https://github.com/flannel-io/flannel/releases/tag/v0.21.1) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.25.6+k3s1](v1.25.X.md#release-v1256k3s1) | Jan 26 2023| [v1.25.6](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1256) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.15-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2](https://github.com/flannel-io/flannel/releases/tag/v0.20.2) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.25.5+k3s2](v1.25.X.md#release-v1255k3s2) | Jan 11 2023| [v1.25.5](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1255) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.14-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.14-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2](https://github.com/flannel-io/flannel/releases/tag/v0.20.2) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.25.5+k3s1](v1.25.X.md#release-v1255k3s1) | Dec 20 2022| [v1.25.5](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1255) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.12-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.12-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2](https://github.com/flannel-io/flannel/releases/tag/v0.20.2) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.25.4+k3s1](v1.25.X.md#release-v1254k3s1) | Nov 18 2022| [v1.25.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1254) | [v0.9.6](https://github.com/k3s-io/kine/releases/tag/v0.9.6) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.8-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.8-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.1](https://github.com/flannel-io/flannel/releases/tag/v0.20.1) | [v0.6.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.1) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.0) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.25.3+k3s1](v1.25.X.md#release-v1253k3s1) | Oct 25 2022| [v1.25.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1253) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.8-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.8-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.19.2](https://github.com/flannel-io/flannel/releases/tag/v0.19.2) | [v0.6.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.1) | [v2.9.1](https://github.com/traefik/traefik/releases/tag/v2.9.1) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.25.2+k3s1](v1.25.X.md#release-v1252k3s1) | Sep 28 2022| [v1.25.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1252) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.6.8-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.8-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.19.2](https://github.com/flannel-io/flannel/releases/tag/v0.19.2) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+| [v1.25.0+k3s1](v1.25.X.md#release-v1250k3s1) | Sep 12 2022| [v1.25.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#v1250) | [v0.9.3](https://github.com/k3s-io/kine/releases/tag/v0.9.3) | [3.36.0](https://sqlite.org/releaselog/3_36_0.html) | [v3.5.3-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.3-k3s1) | [v1.5.13-k3s2](https://github.com/k3s-io/containerd/releases/tag/v1.5.13-k3s2) | [v1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3) | [v0.19.1](https://github.com/flannel-io/flannel/releases/tag/v0.19.1) | [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2) | [v2.6.2](https://github.com/traefik/traefik/releases/tag/v2.6.2) | [v1.9.1](https://github.com/coredns/coredns/releases/tag/v1.9.1) | [v0.12.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.12.3) | [v0.0.21](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.21)  |
+
+<br />
+
+## Release v1.25.12+k3s1
+<!-- v1.25.12+k3s1 -->
+This release updates Kubernetes to v1.25.12, and fixes a number of issues.    
+​
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v12511).
+​
+### Changes since v1.25.11+k3s1:
+​
+* Remove file_windows.go [(#7856)](https://github.com/k3s-io/k3s/pull/7856)
+* Fix code spell check [(#7860)](https://github.com/k3s-io/k3s/pull/7860)
+* Allow k3s to customize apiServerPort on helm-controller [(#7873)](https://github.com/k3s-io/k3s/pull/7873)
+* Check if we are on ipv4, ipv6 or dualStack when doing tailscale [(#7883)](https://github.com/k3s-io/k3s/pull/7883)
+* Support setting control server URL for Tailscale. [(#7894)](https://github.com/k3s-io/k3s/pull/7894)
+* S3 and Startup tests [(#7886)](https://github.com/k3s-io/k3s/pull/7886)
+* Fix rootless node password [(#7900)](https://github.com/k3s-io/k3s/pull/7900)
+* Backports for 2023-07 release [(#7909)](https://github.com/k3s-io/k3s/pull/7909)
+  * Resolved an issue that caused agents joined with kubeadm-style bootstrap tokens to fail to rejoin the cluster when their node object is deleted.
+  * The `k3s certificate rotate-ca` command now supports the data-dir flag.
+* Adding cli to custom klipper helm image [(#7915)](https://github.com/k3s-io/k3s/pull/7915)
+  * The default helm-controller job image can now be overridden with the --helm-job-image CLI flag
+* Generation of certs and keys for etcd gated if etcd is disabled [(#7945)](https://github.com/k3s-io/k3s/pull/7945)
+* Don't use zgrep in `check-config` if apparmor profile is enforced [(#7954)](https://github.com/k3s-io/k3s/pull/7954)
+* Fix image_scan.sh script and download trivy version (#7950) [(#7969)](https://github.com/k3s-io/k3s/pull/7969)
+* Adjust default kubeconfig file permissions [(#7984)](https://github.com/k3s-io/k3s/pull/7984)
+* Update to v1.25.12 [(#8021)](https://github.com/k3s-io/k3s/pull/8021)
+​
+-----
+## Release v1.25.11+k3s1
+<!-- v1.25.11+k3s1 -->
+This release updates Kubernetes to v1.25.11, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v12510).
+
+### Changes since v1.25.10+k3s1:
+
+* Update flannel version [(#7649)](https://github.com/k3s-io/k3s/pull/7649)
+* Bump vagrant libvirt with fix for plugin installs [(#7659)](https://github.com/k3s-io/k3s/pull/7659)
+* E2E Backports - June [(#7705)](https://github.com/k3s-io/k3s/pull/7705)
+  * Shortcircuit commands with version or help flags #7683
+  * Add Rotation certification Check, remove func to restart agents #7097
+  * E2E: Sudo for RunCmdOnNode #7686
+* Add private registry e2e test [(#7722)](https://github.com/k3s-io/k3s/pull/7722)
+* VPN integration [(#7728)](https://github.com/k3s-io/k3s/pull/7728)
+* Fix spelling test [(#7752)](https://github.com/k3s-io/k3s/pull/7752)
+* Remove unused libvirt config [(#7758)](https://github.com/k3s-io/k3s/pull/7758)
+* Backport version bumps and bugfixes [(#7718)](https://github.com/k3s-io/k3s/pull/7718)
+  * The bundled metrics-server has been bumped to v0.6.3, and now uses only secure TLS ciphers by default.
+  * The `coredns-custom` ConfigMap now allows for `*.override` sections to be included in the `.:53` default server block.
+  * The K3s core controllers (supervisor, deploy, and helm) no longer use the admin kubeconfig. This makes it easier to determine from access and audit logs which actions are performed by the system, and which are performed by an administrative user.
+  * Bumped klipper-lb image to v0.4.4 to resolve an issue that prevented access to ServiceLB ports from localhost when the Service ExternalTrafficPolicy was set to Local.
+  * Make LB image configurable when compiling k3s
+  * K3s now allows nodes to join the cluster even if the node password secret cannot be created at the time the node joins. The secret create will be retried in the background. This resolves a potential deadlock created by fail-closed validating webhooks that block secret creation, where the webhook is unavailable until new nodes join the cluster to run the webhook pod.
+  * The bundled containerd's aufs/devmapper/zfs snapshotter plugins have been restored. These were unintentionally omitted when moving containerd back into the k3s multicall binary in the previous release.
+  * The embedded helm controller has been bumped to v0.15.0, and now supports creating the chart's target namespace if it does not exist.
+* Add format command on Makefile [(#7763)](https://github.com/k3s-io/k3s/pull/7763)
+* Fix logging and cleanup in Tailscale [(#7784)](https://github.com/k3s-io/k3s/pull/7784)
+* Update Kubernetes to v1.25.11 [(#7788)](https://github.com/k3s-io/k3s/pull/7788)
+* Path normalization affecting kubectl proxy conformance test for /api endpoint [(#7818)](https://github.com/k3s-io/k3s/pull/7818)
+
+-----
+## Release v1.25.10+k3s1
+<!-- v1.25.10+k3s1 -->
+This release updates Kubernetes to v1.25.10, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1259).
+
+### Changes since v1.25.9+k3s1:
+
+* Ensure that klog verbosity is set to the same level as logrus [(#7361)](https://github.com/k3s-io/k3s/pull/7361)
+* Add E2E testing in Drone [(#7375)](https://github.com/k3s-io/k3s/pull/7375)
+* Add integration tests for etc-snapshot server flags #7377 [(#7378)](https://github.com/k3s-io/k3s/pull/7378)
+* CLI + Config Enhancement [(#7404)](https://github.com/k3s-io/k3s/pull/7404)
+  * `--Tls-sans` now accepts multiple arguments: `--tls-sans="foo,bar"`
+  * `Prefer-bundled-bin: true` now works properly when set in `config.yaml.d` files
+* Migrate netutil methods into /utils/net.go [(#7433)](https://github.com/k3s-io/k3s/pull/7433)
+* Bump Runc + Containerd + Docker for CVE fixes [(#7452)](https://github.com/k3s-io/k3s/pull/7452)
+* Bump kube-router version to fix a bug when a port name is used [(#7461)](https://github.com/k3s-io/k3s/pull/7461)
+* Kube flags and longhorn storage tests 1.25 [(#7466)](https://github.com/k3s-io/k3s/pull/7466)
+* Local-storage: Fix permission [(#7473)](https://github.com/k3s-io/k3s/pull/7473)
+* Backport version bumps and bugfixes [(#7515)](https://github.com/k3s-io/k3s/pull/7515)
+  * K3s now retries the cluster join operation when receiving a "too many learners" error from etcd. This most frequently occurred when attempting to add multiple servers at the same time.
+  * K3s once again supports aarch64 nodes with page size > 4k
+  * The packaged Traefik version has been bumped to v2.9.10 / chart 21.2.0
+  * K3s now prints a more meaningful error when attempting to run from a filesystem mounted `noexec`.
+  * K3s now exits with a proper error message when the server token uses a bootstrap token `id.secret` format.
+  * Fixed an issue where Addon, HelmChart, and HelmChartConfig CRDs were created without structural schema, allowing the creation of custom resources of these types with invalid content.
+  * Servers started with the (experimental) --disable-agent flag no longer attempt to run the tunnel authorizer agent component.
+  * Fixed an regression that prevented the pod and cluster egress-selector modes from working properly.
+  * K3s now correctly passes through etcd-args to the temporary etcd that is used to extract cluster bootstrap data when restarting managed etcd nodes.
+  * K3s now properly handles errors obtaining the current etcd cluster member list when a new server is joining the managed etcd cluster.
+  * The embedded kine version has been bumped to v0.10.1. This replaces the legacy `lib/pq` postgres driver with `pgx`.
+  * The bundled CNI plugins have been upgraded to v1.2.0-k3s1. The bandwidth and firewall plugins are now included in the bundle.
+  * The embedded Helm controller now supports authenticating to chart repositories via credentials stored in a Secret, as well as passing repo CAs via ConfigMap.
+* Bump containerd/runc to v1.7.1-k3s1/v1.1.7 [(#7535)](https://github.com/k3s-io/k3s/pull/7535)
+  * The bundled containerd and runc versions have been bumped to v1.7.1-k3s1/v1.1.7
+* Wrap error stating that it is coming from netpol [(#7548)](https://github.com/k3s-io/k3s/pull/7548)
+* Add '-all' flag to apply to inactive units [(#7574)](https://github.com/k3s-io/k3s/pull/7574)
+* Update to v1.25.10-k3s1 [(#7582)](https://github.com/k3s-io/k3s/pull/7582)
+
+-----
+## Release v1.25.9+k3s1
+<!-- v1.25.9+k3s1 -->
+This release updates Kubernetes to v1.25.9, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1258).
+
+### Changes since v1.25.8+k3s1:
+
+* Enhance `check-config` [(#7164)](https://github.com/k3s-io/k3s/pull/7164)
+* Remove deprecated nodeSelector label beta.kubernetes.io/os (#6970) [(#7121)](https://github.com/k3s-io/k3s/pull/7121)
+* Backport version bumps and bugfixes [(#7228)](https://github.com/k3s-io/k3s/pull/7228)
+  * The bundled local-path-provisioner version has been bumped to v0.0.24
+  * The bundled runc version has been bumped to v1.1.5
+  * The bundled coredns version has been bumped to v1.10.1
+  * When using an external datastore, K3s now locks the bootstrap key while creating initial cluster bootstrap data, preventing a race condition when multiple servers attempted to initialize the cluster simultaneously.
+  * The client load-balancer that maintains connections to active server nodes now closes connections to servers when they are removed from the cluster. This ensures that agent components immediately reconnect to a current cluster member.
+  * Fixed a race condition during cluster reset that could cause the operation to hang and time out.
+* Updated kube-router to move the default ACCEPT rule at the end of the chain [(#7221)](https://github.com/k3s-io/k3s/pull/7221)
+  * The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
+* Update klipper lb and helm-controller [(#7240)](https://github.com/k3s-io/k3s/pull/7240)
+* Update Kube-router ACCEPT rule insertion and install script to clean rules before start [(#7276)](https://github.com/k3s-io/k3s/pull/7276)
+  * The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
+* Update to v1.25.9-k3s1 [(#7283)](https://github.com/k3s-io/k3s/pull/7283)
+
+-----
+## Release v1.25.8+k3s1
+<!-- v1.25.8+k3s1 -->
+This release updates Kubernetes to v1.25.8, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1257).
+
+### Changes since v1.25.7+k3s1:
+
+* Update flannel and kube-router [(#7061)](https://github.com/k3s-io/k3s/pull/7061)
+* Bump various dependencies for CVEs [(#7043)](https://github.com/k3s-io/k3s/pull/7043)
+* Enable dependabot [(#7045)](https://github.com/k3s-io/k3s/pull/7045)
+* Wait for kubelet port to be ready before setting [(#7064)](https://github.com/k3s-io/k3s/pull/7064)
+  * The agent tunnel authorizer now waits for the kubelet to be ready before reading the kubelet port from the node object.
+* Adds a warning about editing to the containerd config.toml file [(#7075)](https://github.com/k3s-io/k3s/pull/7075)
+* Improve support for rotating the default self-signed certs [(#7079)](https://github.com/k3s-io/k3s/pull/7079)
+  * The `k3s certificate rotate-ca` checks now support rotating self-signed certificates without the `--force` option.
+* Update to v1.25.8-k3s1 [(#7106)](https://github.com/k3s-io/k3s/pull/7106)
+* Update flannel to fix NAT issue with old iptables version [(#7138)](https://github.com/k3s-io/k3s/pull/7138)
+
+-----
+## Release v1.25.7+k3s1
+<!-- v1.25.7+k3s1 -->
+This release updates Kubernetes to v1.25.7, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1256).
+
+### Changes since v1.25.6+k3s1:
+
+* Add jitter to scheduled snapshots and retry harder on conflicts [(#6782)](https://github.com/k3s-io/k3s/pull/6782)
+  * Scheduled etcd snapshots are now offset by a short random delay of up to several seconds. This should prevent multi-server clusters from executing pathological behavior when attempting to simultaneously update the snapshot list ConfigMap. The snapshot controller will also be more persistent in attempting to update the snapshot list.
+* Bump cri-dockerd [(#6798)](https://github.com/k3s-io/k3s/pull/6798)
+  * The embedded cri-dockerd has been updated to v0.3.1
+* Bugfix: do not break cert-manager when pprof is enabled [(#6837)](https://github.com/k3s-io/k3s/pull/6837)
+* Wait for cri-dockerd socket [(#6853)](https://github.com/k3s-io/k3s/pull/6853)
+* Bump vagrant boxes to fedora37 [(#6858)](https://github.com/k3s-io/k3s/pull/6858)
+* Fix cronjob example [(#6864)](https://github.com/k3s-io/k3s/pull/6864)
+* Ensure flag type consistency [(#6867)](https://github.com/k3s-io/k3s/pull/6867)
+* Consolidate E2E tests [(#6887)](https://github.com/k3s-io/k3s/pull/6887)
+* Ignore value conflicts when reencrypting secrets [(#6919)](https://github.com/k3s-io/k3s/pull/6919)
+* Use default address family when adding kubernetes service address to SAN list [(#6904)](https://github.com/k3s-io/k3s/pull/6904)
+  * The apiserver advertised address and IP SAN entry are now set correctly on clusters that use IPv6 as the default IP family.
+* Allow ServiceLB to honor `ExternalTrafficPolicy=Local` [(#6907)](https://github.com/k3s-io/k3s/pull/6907)
+  * ServiceLB now honors the Service's ExternalTrafficPolicy. When set to Local, the LoadBalancer will only advertise addresses of Nodes with a Pod for the Service, and will not forward traffic to other cluster members.
+* Fix issue with servicelb startup failure when validating webhooks block creation [(#6916)](https://github.com/k3s-io/k3s/pull/6916)
+  * The embedded cloud controller manager will no longer attempt to unconditionally re-create its namespace and serviceaccount on startup. This resolves an issue that could cause a deadlocked cluster when fail-closed webhooks are in use.
+* Backport user-provided CA cert and `kubeadm` bootstrap token support [(#6929)](https://github.com/k3s-io/k3s/pull/6929)
+  * K3s now functions properly when the cluster CA certificates are signed by an existing root or intermediate CA. You can find a sample script for generating such certificates before K3s starts in the github repo at [contrib/util/certs.sh](https://github.com/k3s-io/k3s/blob/master/contrib/util/certs.sh).
+  * K3s now supports `kubeadm` style join tokens. `k3s token create` now creates join token secrets, optionally with a limited TTL.
+  * K3s agents joined with an expired or deleted token stay in the cluster using existing client certificates via the NodeAuthorization admission plugin, unless their Node object is deleted from the cluster.
+* Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent [(#6936)](https://github.com/k3s-io/k3s/pull/6936)
+  * Fixed an issue that would cause the apiserver egress proxy to attempt to use the agent tunnel to connect to service endpoints even in agent or disabled mode.
+* Updated flannel version to v0.21.1 [(#6915)](https://github.com/k3s-io/k3s/pull/6915)
+* Allow for multiple sets of leader-elected controllers [(#6941)](https://github.com/k3s-io/k3s/pull/6941)
+  * Fixed an issue where leader-elected controllers for managed etcd did not run on etcd-only nodes
+* Fix etcd and ca-cert rotate issues [(#6954)](https://github.com/k3s-io/k3s/pull/6954)
+* Fix ServiceLB dual-stack ingress IP listing [(#6987)](https://github.com/k3s-io/k3s/pull/6987)
+  * Resolved an issue with ServiceLB that would cause it to advertise node IPv6 addresses, even if the cluster or service was not enabled for dual-stack operation.
+* Bump kine to v0.9.9 [(#6975)](https://github.com/k3s-io/k3s/pull/6975)
+  * The embedded kine version has been bumped to v0.9.9. Compaction log messages are now omitted at `info` level for increased visibility.
+* Update to v1.25.7-k3s1 [(#7010)](https://github.com/k3s-io/k3s/pull/7010)
+
+-----
+## Release v1.25.6+k3s1
+<!-- v1.25.6+k3s1 -->
+This release updates Kubernetes to v1.25.6, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1255).
+
+### Changes since v1.25.5+k3s2:
+
+* Pass through default tls-cipher-suites [(#6730)](https://github.com/k3s-io/k3s/pull/6730)
+  * The K3s default cipher suites are now explicitly passed in to kube-apiserver, ensuring that all listeners use these values.
+* Bump containerd to v1.6.15-k3s1 [(#6735)](https://github.com/k3s-io/k3s/pull/6735)
+  * The embedded containerd version has been bumped to v1.6.15-k3s1
+* Bump action/download-artifact to v3 [(#6747)](https://github.com/k3s-io/k3s/pull/6747)
+* Backport dependabot/updatecli updates [(#6761)](https://github.com/k3s-io/k3s/pull/6761)
+* Fix Drone plugins/docker tag for 32 bit arm [(#6768)](https://github.com/k3s-io/k3s/pull/6768)
+* Update to v1.25.6+k3s1 [(#6775)](https://github.com/k3s-io/k3s/pull/6775)
+
+-----
+## Release v1.25.5+k3s2
+<!-- v1.25.5+k3s2 -->
+
+This release updates containerd to v1.6.14 to resolve an issue where pods would lose their CNI information when containerd was restarted.
+
+### Changes since v1.25.5+k3s1:
+
+* Bump containerd to v1.6.14-k3s1 [(#6694)](https://github.com/k3s-io/k3s/pull/6694)
+  * The embedded containerd version has been bumped to v1.6.14-k3s1. This includes a backported fix for [containerd/7843](https://github.com/containerd/containerd/issues/7843) which caused pods to lose their CNI info when containerd was restarted, which in turn caused the kubelet to recreate the pod.
+
+-----
+## Release v1.25.5+k3s1
+<!-- v1.25.5+k3s1 -->
+
+> ## ⚠️ WARNING
+> This release is affected by https://github.com/containerd/containerd/issues/7843, which causes the kubelet to restart all pods whenever K3s is restarted. For this reason, we have removed this K3s release from the channel server. Please use `v1.25.5+k3s2` instead.
+
+This release updates Kubernetes to v1.25.5, and fixes a number of issues.
+
+**Breaking Change:** K3s no longer includes `swanctl` and `charon` binaries. If you are using the ipsec flannel backend, please ensure that the strongswan `swanctl` and `charon` packages are installed on your node before upgrading K3s to this release.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1254).
+
+### Changes since v1.25.4+k3s1:
+
+* Fix log for flannelExternalIP use case [(#6531)](https://github.com/k3s-io/k3s/pull/6531)
+* Fix Carolines github id [(#6464)](https://github.com/k3s-io/k3s/pull/6464)
+* Github CI Updates [(#6522)](https://github.com/k3s-io/k3s/pull/6522)
+* Add new `prefer-bundled-bin` experimental flag [(#6420)](https://github.com/k3s-io/k3s/pull/6420)
+  * Added new prefer-bundled-bin flag which force K3s to use its bundle binaries over that of the host tools
+* Bump containerd to v1.6.10 [(#6512)](https://github.com/k3s-io/k3s/pull/6512)
+  * The embedded containerd version has been updated to v1.6.10-k3s1
+* Stage the Traefik charts through k3s-charts [(#6519)](https://github.com/k3s-io/k3s/pull/6519)
+* Make rootless settings configurable [(#6498)](https://github.com/k3s-io/k3s/pull/6498)
+  * The rootless `port-driver`, `cidr`, `mtu`, `enable-ipv6`, and `disable-host-loopback` settings can now be configured via environment variables.
+* Remove stuff which belongs in the windows executor implementation [(#6517)](https://github.com/k3s-io/k3s/pull/6517)
+* Mark v1.25.4+k3s1 as stable [(#6534)](https://github.com/k3s-io/k3s/pull/6534)
+* Add `prefer-bundled-bin` as an agent flag [(#6545)](https://github.com/k3s-io/k3s/pull/6545)
+* Bump klipper-helm and klipper-lb versions [(#6549)](https://github.com/k3s-io/k3s/pull/6549)
+  * The embedded Load-Balancer controller image has been bumped to klipper-lb:v0.4.0, which includes support for the [LoadBalancerSourceRanges](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#:~:text=loadBalancerSourceRanges) field.
+  * The embedded Helm controller image has been bumped to klipper-helm:v0.7.4-build20221121
+* Switch from Google Buckets to AWS S3 Buckets [(#6497)](https://github.com/k3s-io/k3s/pull/6497)
+* Fix passing AWS creds through Dapper [(#6567)](https://github.com/k3s-io/k3s/pull/6567)
+* Fix artifact upload with `aws s3 cp` [(#6568)](https://github.com/k3s-io/k3s/pull/6568)
+* Disable CCM metrics port when legacy CCM functionality is disabled [(#6572)](https://github.com/k3s-io/k3s/pull/6572)
+  * The embedded cloud-controller-manager's metrics listener on port 10258 is now disabled when the `--disable-cloud-controller` flag is set.
+* Sync packaged component Deployment config [(#6552)](https://github.com/k3s-io/k3s/pull/6552)
+  * Deployments for K3s packaged components now have consistent upgrade strategy and revisionHistoryLimit settings, and will not override scaling decisions by hardcoding the replica count.
+  * The packaged metrics-server has been bumped to v0.6.2
+* Mark secrets-encryption flag as GA [(#6582)](https://github.com/k3s-io/k3s/pull/6582)
+* Bump k3s root to v0.12.0 and remove strongswan binaries [(#6400)](https://github.com/k3s-io/k3s/pull/6400)
+  * The embedded k3s-root version has been bumped to v0.12.0, based on buildroot 2022.08.1.
+  * The embedded swanctl and charon binaries have been removed. If you are using the ipsec flannel backend, please ensure that the strongswan `swanctl` and `charon` packages are installed on your node before upgrading k3s.
+* Update flannel to v0.20.2 [(#6588)](https://github.com/k3s-io/k3s/pull/6588)
+* Add ADR for security bumps automation [(#6559)](https://github.com/k3s-io/k3s/pull/6559)
+* Update node12->node16 based GH actions [(#6593)](https://github.com/k3s-io/k3s/pull/6593)
+* Updating rel docs [(#6237)](https://github.com/k3s-io/k3s/pull/6237)
+* Update install.sh to recommend current version of k3s-selinux [(#6453)](https://github.com/k3s-io/k3s/pull/6453)
+* Update to v1.25.5-k3s1 [(#6622)](https://github.com/k3s-io/k3s/pull/6622)
+* Bump containerd to v1.6.12-k3s1 [(#6631)](https://github.com/k3s-io/k3s/pull/6631)
+  * The embedded containerd version has been bumped to v1.6.12
+* Preload iptable_filter/ip6table_filter [(#6646)](https://github.com/k3s-io/k3s/pull/6646)
+
+-----
+## Release v1.25.4+k3s1
+<!-- v1.25.4+k3s1 -->
+This release updates Kubernetes to v1.25.4, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1253).
+
+### Changes since v1.25.3+k3s1:
+
+* Add the gateway parameter in netplan [(#6292)](https://github.com/k3s-io/k3s/pull/6292)
+* Bumped dynamiclistener library to v0.3.5 [(#6300)](https://github.com/k3s-io/k3s/pull/6300)
+* Update kube-router to v1.5.1 with extra logging [(#6345)](https://github.com/k3s-io/k3s/pull/6345)
+* Update maintainers [(#6298)](https://github.com/k3s-io/k3s/pull/6298)
+* Bump testing to opensuse Leap 15.4 [(#6337)](https://github.com/k3s-io/k3s/pull/6337)
+* Update E2E docs with more info on ubuntu 22.04 [(#6316)](https://github.com/k3s-io/k3s/pull/6316)
+* Netpol test for podSelector & ingress [(#6247)](https://github.com/k3s-io/k3s/pull/6247)
+* Bump all alpine images to 3.16 [(#6334)](https://github.com/k3s-io/k3s/pull/6334)
+* Bump kine to v0.9.6 / sqlite3 v3.39.2 ([CVE-2022-35737](https://nvd.nist.gov/vuln/detail/CVE-2022-35737)) [(#6317)](https://github.com/k3s-io/k3s/pull/6317)
+* Add hardened cluster and upgrade tests [(#6320)](https://github.com/k3s-io/k3s/pull/6320)
+* The bundled Traefik helm chart has been updated to v18.0.0 [(#6353)](https://github.com/k3s-io/k3s/pull/6353)
+* Mark v1.25.3+k3s1 as stable [(#6338)](https://github.com/k3s-io/k3s/pull/6338)
+* The embedded helm controller has been bumped to v0.13.0 [(#6294)](https://github.com/k3s-io/k3s/pull/6294)
+* Fixed an issue that would prevent the deploy controller from handling manifests that include resource types that are no longer supported by the apiserver. [(#6295)](https://github.com/k3s-io/k3s/pull/6295)
+* Replace fedora-coreos with fedora 36 for install tests [(#6315)](https://github.com/k3s-io/k3s/pull/6315)
+* Convert containerd config.toml.tmpl Linux template to v2 syntax [(#6267)](https://github.com/k3s-io/k3s/pull/6267)
+* Add test for node-external-ip config parameter [(#6359)](https://github.com/k3s-io/k3s/pull/6359)
+* Use debugger-friendly compile settings if DEBUG is set [(#6147)](https://github.com/k3s-io/k3s/pull/6147)
+* update e2e tests [(#6354)](https://github.com/k3s-io/k3s/pull/6354)
+* Remove unused vagrant development scripts [(#6395)](https://github.com/k3s-io/k3s/pull/6395)
+* The bundled Traefik has been updated to v2.9.4 /  helm chart v18.3.0 [(#6397)](https://github.com/k3s-io/k3s/pull/6397)
+* None [(#6371)](https://github.com/k3s-io/k3s/pull/6371)
+* Fix incorrect defer usage [(#6296)](https://github.com/k3s-io/k3s/pull/6296)
+* Add snapshot restore e2e test [(#6396)](https://github.com/k3s-io/k3s/pull/6396)
+* Fix sonobouy tests on v1.25 [(#6399)](https://github.com/k3s-io/k3s/pull/6399)
+* Bump packaged component versions
+ * The packaged traefik helm chart has been bumped to v19.0.0, enabling ingressClass support by default.
+ * The packaged local-path-provisioner has been bumped to v0.0.23
+ * The packaged coredns has been bumped to v1.9.4 [(#6408)](https://github.com/k3s-io/k3s/pull/6408)
+* log kube-router version when starting netpol controller [(#6405)](https://github.com/k3s-io/k3s/pull/6405)
+* Add Kairos to ADOPTERS [(#6417)](https://github.com/k3s-io/k3s/pull/6417)
+* Update Flannel to 0.20.1 [(#6388)](https://github.com/k3s-io/k3s/pull/6388)
+* Avoid wrong config for `flannel-external-ip` and add warning if unencrypted backend [(#6403)](https://github.com/k3s-io/k3s/pull/6403)
+* Fix test-mods to allow for pinning version from k8s.io [(#6413)](https://github.com/k3s-io/k3s/pull/6413)
+* Fix for metrics-server in the multi-cloud cluster env [(#6386)](https://github.com/k3s-io/k3s/pull/6386)
+* K3s now indicates specifically which cluster-level configuration flags are out of sync when critical configuration differs between server nodes. [(#6409)](https://github.com/k3s-io/k3s/pull/6409)
+* Convert test output  to JSON format [(#6410)](https://github.com/k3s-io/k3s/pull/6410)
+* Pull traefik helm chart directly from GH [(#6468)](https://github.com/k3s-io/k3s/pull/6468)
+* Nightly test fix [(#6475)](https://github.com/k3s-io/k3s/pull/6475)
+* Update to v1.25.4 [(#6477)](https://github.com/k3s-io/k3s/pull/6477)
+* Remove stuff which belongs in the windows executor implementation [(#6492)](https://github.com/k3s-io/k3s/pull/6492)
+* The packaged traefik helm chart has been bumped to 19.0.4 [(#6494)](https://github.com/k3s-io/k3s/pull/6494)
+* Move traefik chart repo again [(#6508)](https://github.com/k3s-io/k3s/pull/6508)
+
+-----
+## Release v1.25.3+k3s1
+<!-- v1.25.3+k3s1 -->
+This release updates Kubernetes to v1.25.3, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1252).
+
+### Changes since v1.25.2+k3s1:
+
+* E2E: Groundwork for PR runs [(#6131)](https://github.com/k3s-io/k3s/pull/6131)
+* Fix flannel for deployments of nodes which do not belong to the same network and connect using their public IP [(#6180)](https://github.com/k3s-io/k3s/pull/6180)
+* Mark v1.24.6+k3s1 as stable [(#6193)](https://github.com/k3s-io/k3s/pull/6193)
+* Add cluster reset test [(#6161)](https://github.com/k3s-io/k3s/pull/6161)
+* The embedded metrics-server version has been bumped to v0.6.1 [(#6151)](https://github.com/k3s-io/k3s/pull/6151)
+* The ServiceLB (klipper-lb) service controller is now integrated into the K3s stub cloud controller manager. [(#6181)](https://github.com/k3s-io/k3s/pull/6181)
+* Events recorded to the cluster by embedded controllers are now properly formatted in the service logs. [(#6203)](https://github.com/k3s-io/k3s/pull/6203)
+* Fix `error dialing backend` errors in apiserver network proxy [(#6216)](https://github.com/k3s-io/k3s/pull/6216)
+  * Fixed an issue with the apiserver network proxy that caused `kubectl exec` to occasionally fail with `error dialing backend: EOF`
+  * Fixed an issue with the apiserver network proxy that caused `kubectl exec` and `kubectl logs` to fail when a custom kubelet port was used, and the custom port was blocked by firewall or security group rules.
+* Fix the typo in the test [(#6183)](https://github.com/k3s-io/k3s/pull/6183)
+* Use setup-go action to cache dependencies [(#6220)](https://github.com/k3s-io/k3s/pull/6220)
+* Add journalctl logs to E2E tests [(#6224)](https://github.com/k3s-io/k3s/pull/6224)
+* The embedded Traefik version has been bumped to v2.9.1 / chart 12.0.0 [(#6223)](https://github.com/k3s-io/k3s/pull/6223)
+* Fix flakey etcd test [(#6232)](https://github.com/k3s-io/k3s/pull/6232)
+* Replace deprecated ioutil package [(#6230)](https://github.com/k3s-io/k3s/pull/6230)
+* Fix dualStack test [(#6245)](https://github.com/k3s-io/k3s/pull/6245)
+* Add ServiceAccount for svclb pods [(#6253)](https://github.com/k3s-io/k3s/pull/6253)
+* Update to v1.25.3-k3s1 [(#6269)](https://github.com/k3s-io/k3s/pull/6269)
+* Return ProviderID in URI format [(#6284)](https://github.com/k3s-io/k3s/pull/6284)
+* Corrected CCM RBAC to allow for removal of legacy service finalizer during upgrades. [(#6306)](https://github.com/k3s-io/k3s/pull/6306)
+* Added a new --flannel-external-ip flag. [(#6321)](https://github.com/k3s-io/k3s/pull/6321)
+  * When enabled, Flannel traffic will now use the nodes external IPs, instead of internal.
+  * This is meant for use with distributed clusters that are not all on the same local network.
+
+-----
+## Release v1.25.2+k3s1
+<!-- v1.25.2+k3s1 -->
+This release updates Kubernetes to v1.25.2, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#changelog-since-v1250).
+
+### Changes since v1.25.0+k3s1:
+
+* Add k3s v1.25 to the release channel [(#6129)](https://github.com/k3s-io/k3s/pull/6129)
+* Restore original INSTALL_K3S_SKIP_DOWNLOAD behavior [(#6130)](https://github.com/k3s-io/k3s/pull/6130)
+* Add K3S Release Documentation [(#6135)](https://github.com/k3s-io/k3s/pull/6135)
+* Update to v1.25.1 [(#6140)](https://github.com/k3s-io/k3s/pull/6140)
+* Update to v1.25.2-k3s1 [(#6168)](https://github.com/k3s-io/k3s/pull/6168)
+
+-----
+## Release v1.25.0+k3s1
+<!-- v1.25.0+k3s1 -->
+This release is K3S's first in the v1.25 line. This release updates Kubernetes to v1.25.0.
+
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#urgent-upgrade-notes).
+
+**Important Note:** Kubernetes v1.25 removes the beta `PodSecurityPolicy` admission plugin. Please follow the [upstream documentation](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/) to migrate from PSP if using the built-in PodSecurity Admission Plugin, prior to upgrading to v1.25.0+k3s1.
+
+### Changes since v1.24.4+k3s1:
+
+* Update Kubernetes to v1.25.0 [(#6040)](https://github.com/k3s-io/k3s/pull/6040)
+* Remove `--containerd` flag from windows kubelet args [(#6028)](https://github.com/k3s-io/k3s/pull/6028)
+* E2E: Add support for CentOS 7 and Rocky 8 [(#6015)](https://github.com/k3s-io/k3s/pull/6015)
+* Convert install tests to run PR build of k3s [(#6003)](https://github.com/k3s-io/k3s/pull/6003)
+* CI: update Fedora 34 -> 35 [(#5996)](https://github.com/k3s-io/k3s/pull/5996)
+* Fix dualStack test and change ipv6 network prefix [(#6023)](https://github.com/k3s-io/k3s/pull/6023)
+* Fix e2e tests [(#6018)](https://github.com/k3s-io/k3s/pull/6018)
+* Update README.md [(#6048)](https://github.com/k3s-io/k3s/pull/6048)
+* Remove wireguard interfaces when deleting the cluster [(#6055)](https://github.com/k3s-io/k3s/pull/6055)
+* Add validation check to confirm correct golang version for Kubernetes [(#6050)](https://github.com/k3s-io/k3s/pull/6050)
+* Expand startup integration test [(#6030)](https://github.com/k3s-io/k3s/pull/6030)
+* Update go.mod version to 1.19 [(#6049)](https://github.com/k3s-io/k3s/pull/6049)
+* Usage of `--cluster-secret`, `--no-deploy`, and `--no-flannel` is no longer supported. Attempts to use these flags will cause fatal errors. See [the docs](https://k3s-io.github.io/docs/reference/server-config#deprecated-options) for their replacement. [(#6069)](https://github.com/k3s-io/k3s/pull/6069)
+* Update Flannel version to fix older iptables version issue. [(#6090)](https://github.com/k3s-io/k3s/pull/6090)
+* The bundled version of runc has been bumped to v1.1.4 [(#6071)](https://github.com/k3s-io/k3s/pull/6071)
+* The embedded containerd version has been bumped to v1.6.8-k3s1 [(#6078)](https://github.com/k3s-io/k3s/pull/6078)
+* Fix deprecation message [(#6112)](https://github.com/k3s-io/k3s/pull/6112)
+* Added warning message for flannel backend additional options deprecation [(#6111)](https://github.com/k3s-io/k3s/pull/6111)
+
+-----
diff --git a/docs/release-notes/v1.26.X.md b/docs/release-notes/v1.26.X.md
new file mode 100644
index 000000000..3963a4259
--- /dev/null
+++ b/docs/release-notes/v1.26.X.md
@@ -0,0 +1,336 @@
+---
+hide_table_of_contents: true
+---
+
+# v1.26.X
+
+:::caution Upgrade Notice
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#urgent-upgrade-notes).
+:::
+
+| Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner  |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -----  |
+| [v1.26.7+k3s1](v1.26.X.md#release-v1267k3s1) | Jul 27 2023| [v1.26.7](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1267) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.22.0](https://github.com/flannel-io/flannel/releases/tag/v0.22.0) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.2](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.2) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.26.6+k3s1](v1.26.X.md#release-v1266k3s1) | Jun 26 2023| [v1.26.6](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1266) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.22.0](https://github.com/flannel-io/flannel/releases/tag/v0.22.0) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.26.5+k3s1](v1.26.X.md#release-v1265k3s1) | May 26 2023| [v1.26.5](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1265) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.14.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.14.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.26.4+k3s1](v1.26.X.md#release-v1264k3s1) | Apr 20 2023| [v1.26.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1264) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.6.19-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1) | [v1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.13.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.3) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.26.3+k3s1](v1.26.X.md#release-v1263k3s1) | Mar 27 2023| [v1.26.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1263) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.5-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1) | [v1.6.19-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.26.2+k3s1](v1.26.X.md#release-v1262k3s1) | Mar 10 2023| [v1.26.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1262) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.5-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1) | [v1.6.15-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.21.1](https://github.com/flannel-io/flannel/releases/tag/v0.21.1) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.26.1+k3s1](v1.26.X.md#release-v1261k3s1) | Jan 26 2023| [v1.26.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1261) | [v0.9.8](https://github.com/k3s-io/kine/releases/tag/v0.9.8) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.5-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1) | [v1.6.15-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2](https://github.com/flannel-io/flannel/releases/tag/v0.20.2) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.26.0+k3s2](v1.26.X.md#release-v1260k3s2) | Jan 11 2023| [v1.26.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1260) | [v0.9.8](https://github.com/k3s-io/kine/releases/tag/v0.9.8) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.5-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1) | [v1.6.14-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.14-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2](https://github.com/flannel-io/flannel/releases/tag/v0.20.2) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+| [v1.26.0+k3s1](v1.26.X.md#release-v1260k3s1) | Dec 21 2022| [v1.26.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1260) | [v0.9.8](https://github.com/k3s-io/kine/releases/tag/v0.9.8) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.5-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1) | [v1.6.12-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.12-k3s1) | [v1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) | [v0.20.2](https://github.com/flannel-io/flannel/releases/tag/v0.20.2) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.9.4](https://github.com/coredns/coredns/releases/tag/v1.9.4) | [v0.13.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1) | [v0.0.23](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23)  |
+
+<br />
+
+## Release v1.26.7+k3s1
+<!-- v1.26.7+k3s1 -->
+
+This release updates Kubernetes to v1.26.7, and fixes a number of issues.
+​
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1266).
+​
+### Changes since v1.26.6+k3s1:
+​
+* Remove file_windows.go [(#7855)](https://github.com/k3s-io/k3s/pull/7855)
+* Fix code spell check [(#7859)](https://github.com/k3s-io/k3s/pull/7859)
+* Allow k3s to customize apiServerPort on helm-controller [(#7874)](https://github.com/k3s-io/k3s/pull/7874)
+* Check if we are on ipv4, ipv6 or dualStack when doing tailscale [(#7882)](https://github.com/k3s-io/k3s/pull/7882)
+* Support setting control server URL for Tailscale. [(#7893)](https://github.com/k3s-io/k3s/pull/7893)
+* S3 and Startup tests [(#7885)](https://github.com/k3s-io/k3s/pull/7885)
+* Fix rootless node password [(#7901)](https://github.com/k3s-io/k3s/pull/7901)
+* Backports for 2023-07 release [(#7908)](https://github.com/k3s-io/k3s/pull/7908)
+  * Resolved an issue that caused agents joined with kubeadm-style bootstrap tokens to fail to rejoin the cluster when their node object is deleted.
+  * The `k3s certificate rotate-ca` command now supports the data-dir flag.
+* Adding cli to custom klipper helm image [(#7914)](https://github.com/k3s-io/k3s/pull/7914)
+  * The default helm-controller job image can now be overridden with the --helm-job-image CLI flag
+* Generation of certs and keys for etcd gated if etcd is disabled [(#7944)](https://github.com/k3s-io/k3s/pull/7944)
+* Don't use zgrep in `check-config` if apparmor profile is enforced [(#7956)](https://github.com/k3s-io/k3s/pull/7956)
+* Fix image_scan.sh script and download trivy version (#7950) [(#7968)](https://github.com/k3s-io/k3s/pull/7968)
+* Adjust default kubeconfig file permissions [(#7983)](https://github.com/k3s-io/k3s/pull/7983)
+* Update to v1.26.7 [(#8022)](https://github.com/k3s-io/k3s/pull/8022)
+​
+-----
+## Release v1.26.6+k3s1
+<!-- v1.26.6+k3s1 -->
+This release updates Kubernetes to v1.26.6, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1265).
+
+### Changes since v1.26.5+k3s1:
+
+* Update flannel version [(#7648)](https://github.com/k3s-io/k3s/pull/7648)
+* Bump vagrant libvirt with fix for plugin installs [(#7658)](https://github.com/k3s-io/k3s/pull/7658)
+* E2E and Dep Backports - June [(#7693)](https://github.com/k3s-io/k3s/pull/7693)
+  * Bump docker go.mod #7681
+  * Shortcircuit commands with version or help flags #7683
+  * Add Rotation certification Check, remove func to restart agents #7097
+  * E2E: Sudo for RunCmdOnNode #7686
+* VPN integration [(#7727)](https://github.com/k3s-io/k3s/pull/7727)
+* E2e: Private registry test [(#7721)](https://github.com/k3s-io/k3s/pull/7721)
+* Fix spelling check [(#7751)](https://github.com/k3s-io/k3s/pull/7751)
+* Remove unused libvirt config [(#7757)](https://github.com/k3s-io/k3s/pull/7757)
+* Backport version bumps and bugfixes [(#7717)](https://github.com/k3s-io/k3s/pull/7717)
+  * The bundled metrics-server has been bumped to v0.6.3, and now uses only secure TLS ciphers by default.
+  * The `coredns-custom` ConfigMap now allows for `*.override` sections to be included in the `.:53` default server block.
+  * The K3s core controllers (supervisor, deploy, and helm) no longer use the admin kubeconfig. This makes it easier to determine from access and audit logs which actions are performed by the system, and which are performed by an administrative user.
+  * Bumped klipper-lb image to v0.4.4 to resolve an issue that prevented access to ServiceLB ports from localhost when the Service ExternalTrafficPolicy was set to Local.
+  * Make LB image configurable when compiling k3s
+  * K3s now allows nodes to join the cluster even if the node password secret cannot be created at the time the node joins. The secret create will be retried in the background. This resolves a potential deadlock created by fail-closed validating webhooks that block secret creation, where the webhook is unavailable until new nodes join the cluster to run the webhook pod.
+  * The bundled containerd's aufs/devmapper/zfs snapshotter plugins have been restored. These were unintentionally omitted when moving containerd back into the k3s multicall binary in the previous release.
+  * The embedded helm controller has been bumped to v0.15.0, and now supports creating the chart's target namespace if it does not exist.
+* Add format command on makefile [(#7762)](https://github.com/k3s-io/k3s/pull/7762)
+* Fix logging and cleanup in Tailscale [(#7782)](https://github.com/k3s-io/k3s/pull/7782)
+* Update Kubernetes to v1.26.6 [(#7789)](https://github.com/k3s-io/k3s/pull/7789)
+
+-----
+## Release v1.26.5+k3s1
+<!-- v1.26.5+k3s1 -->
+This release updates Kubernetes to v1.26.5, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1264).
+
+### Changes since v1.26.4+k3s1:
+
+* Ensure that klog verbosity is set to the same level as logrus [(#7360)](https://github.com/k3s-io/k3s/pull/7360)
+* Prepend release branch to dependabot [(#7374)](https://github.com/k3s-io/k3s/pull/7374)
+* Add integration tests for etc-snapshot server flags [(#7377)](https://github.com/k3s-io/k3s/pull/7377)
+* Bump Runc and Containerd [(#7399)](https://github.com/k3s-io/k3s/pull/7399)
+* CLI + Config Enhancement [(#7403)](https://github.com/k3s-io/k3s/pull/7403)
+  * `--Tls-sans` now accepts multiple arguments: `--tls-sans="foo,bar"`
+  * `Prefer-bundled-bin: true` now works properly when set in `config.yaml.d` files
+* Migrate netutil methods into /utils/net.go [(#7432)](https://github.com/k3s-io/k3s/pull/7432)
+* Bump kube-router version to fix a bug when a port name is used [(#7460)](https://github.com/k3s-io/k3s/pull/7460)
+* Kube flags and longhorn storage tests [(#7465)](https://github.com/k3s-io/k3s/pull/7465)
+* Local-storage: Fix permission [(#7474)](https://github.com/k3s-io/k3s/pull/7474)
+* Bump containerd to v1.7.0 and move back into multicall binary [(#7444)](https://github.com/k3s-io/k3s/pull/7444)
+  * The embedded containerd version has been bumped to `v1.7.0-k3s1`, and has been reintegrated into the main k3s binary for a significant savings in release artifact size.
+* Backport version bumps and bugfixes [(#7514)](https://github.com/k3s-io/k3s/pull/7514)
+  * K3s now retries the cluster join operation when receiving a "too many learners" error from etcd. This most frequently occurred when attempting to add multiple servers at the same time.
+  * K3s once again supports aarch64 nodes with page size > 4k
+  * The packaged Traefik version has been bumped to v2.9.10 / chart 21.2.0
+  * K3s now prints a more meaningful error when attempting to run from a filesystem mounted `noexec`.
+  * K3s now exits with a proper error message when the server token uses a bootstrap token `id.secret` format.
+  * Fixed an issue where Addon, HelmChart, and HelmChartConfig CRDs were created without structural schema, allowing the creation of custom resources of these types with invalid content.
+  * Servers started with the (experimental) --disable-agent flag no longer attempt to run the tunnel authorizer agent component.
+  * Fixed an regression that prevented the pod and cluster egress-selector modes from working properly.
+  * K3s now correctly passes through etcd-args to the temporary etcd that is used to extract cluster bootstrap data when restarting managed etcd nodes.
+  * K3s now properly handles errors obtaining the current etcd cluster member list when a new server is joining the managed etcd cluster.
+  * The embedded kine version has been bumped to v0.10.1. This replaces the legacy `lib/pq` postgres driver with `pgx`.
+  * The bundled CNI plugins have been upgraded to v1.2.0-k3s1. The bandwidth and firewall plugins are now included in the bundle.
+  * The embedded Helm controller now supports authenticating to chart repositories via credentials stored in a Secret, as well as passing repo CAs via ConfigMap.
+* Bump containerd/runc to v1.7.1-k3s1/v1.1.7 [(#7534)](https://github.com/k3s-io/k3s/pull/7534)
+  * The bundled containerd and runc versions have been bumped to v1.7.1-k3s1/v1.1.7
+* Wrap error stating that it is coming from netpol [(#7547)](https://github.com/k3s-io/k3s/pull/7547)
+* Add '-all' flag to apply to inactive units [(#7573)](https://github.com/k3s-io/k3s/pull/7573)
+* Update to v1.26.5-k3s1 [(#7576)](https://github.com/k3s-io/k3s/pull/7576)
+* Pin emicklei/go-restful to v3.9.0 [(#7598)](https://github.com/k3s-io/k3s/pull/7598)
+
+-----
+## Release v1.26.4+k3s1
+<!-- v1.26.4+k3s1 -->
+This release updates Kubernetes to v1.26.4, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1263).
+
+### Changes since v1.26.3+k3s1:
+
+* Enhance `k3s check-config` [(#7091)](https://github.com/k3s-io/k3s/pull/7091)
+* Update stable channel to v1.25.8+k3s1 [(#7161)](https://github.com/k3s-io/k3s/pull/7161)
+* Drone Pipelines enhancement [(#7169)](https://github.com/k3s-io/k3s/pull/7169)
+* Fix_get_sha_url [(#7187)](https://github.com/k3s-io/k3s/pull/7187)
+* Improve Updatecli local-path-provisioner pipeline [(#7181)](https://github.com/k3s-io/k3s/pull/7181)
+* Improve workflow [(#7142)](https://github.com/k3s-io/k3s/pull/7142)
+* Improve Trivy configuration [(#7154)](https://github.com/k3s-io/k3s/pull/7154)
+* Bump Local Path Provisioner version [(#7167)](https://github.com/k3s-io/k3s/pull/7167)
+  * The bundled local-path-provisioner version has been bumped to v0.0.24
+* Bump etcd to v3.5.7 [(#7170)](https://github.com/k3s-io/k3s/pull/7170)
+  * The embedded etcd version has been bumped to v3.5.7
+* Bump runc to v1.1.5 [(#7171)](https://github.com/k3s-io/k3s/pull/7171)
+  * The bundled runc version has been bumped to v1.1.5
+* Fix race condition caused by etcd advertising addresses that it does not listen on [(#7147)](https://github.com/k3s-io/k3s/pull/7147)
+  * Fixed a race condition during cluster reset that could cause the operation to hang and time out.
+* Bump coredns to v1.10.1 [(#7168)](https://github.com/k3s-io/k3s/pull/7168)
+  * The bundled coredns version has been bumped to v1.10.1
+* Don't apply hardened args to agent [(#7089)](https://github.com/k3s-io/k3s/pull/7089)
+* Upgrade helm-controller to v0.13.3 [(#7209)](https://github.com/k3s-io/k3s/pull/7209)
+* Improve Klipper Helm and Helm controller bumps [(#7146)](https://github.com/k3s-io/k3s/pull/7146)
+* Fix issue with stale connections to removed LB server [(#7194)](https://github.com/k3s-io/k3s/pull/7194)
+  * The client load-balancer that maintains connections to active server nodes now closes connections to servers when they are removed from the cluster. This ensures that agent components immediately reconnect to a current cluster member.
+* Bump actions/setup-go from 3 to 4 [(#7111)](https://github.com/k3s-io/k3s/pull/7111)
+* Lock bootstrap data with empty key to prevent conflicts [(#7215)](https://github.com/k3s-io/k3s/pull/7215)
+  * When using an external datastore, K3s now locks the bootstrap key while creating initial cluster bootstrap data, preventing a race condition when multiple servers attempted to initialize the cluster simultaneously.
+* Updated kube-router to move the default ACCEPT rule at the end of the chain [(#7218)](https://github.com/k3s-io/k3s/pull/7218)
+  * The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
+* Add make commands to terraform automation and fix external dbs related issue [(#7159)](https://github.com/k3s-io/k3s/pull/7159)
+* Update klipper lb to v0.4.2 [(#7210)](https://github.com/k3s-io/k3s/pull/7210)
+* Add coreos and sle micro to selinux support [(#6945)](https://github.com/k3s-io/k3s/pull/6945)
+* Fix call for k3s-selinux versions in airgapped environments [(#7264)](https://github.com/k3s-io/k3s/pull/7264)
+* Update Kube-router ACCEPT rule insertion and install script to clean rules before start [(#7274)](https://github.com/k3s-io/k3s/pull/7274)
+  * The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
+* Update to v1.26.4-k3s1 [(#7282)](https://github.com/k3s-io/k3s/pull/7282)
+* Bump golang:alpine image version [(#7292)](https://github.com/k3s-io/k3s/pull/7292)
+* Bump Sonobuoy version [(#7256)](https://github.com/k3s-io/k3s/pull/7256)
+* Bump Trivy version [(#7257)](https://github.com/k3s-io/k3s/pull/7257)
+
+-----
+## Release v1.26.3+k3s1
+<!-- v1.26.3+k3s1 -->
+This release updates Kubernetes to v1.26.3, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1262).
+
+### Changes since v1.26.2+k3s1:
+
+* Add E2E to Drone [(#6890)](https://github.com/k3s-io/k3s/pull/6890)
+* Add flannel adr [(#6973)](https://github.com/k3s-io/k3s/pull/6973)
+* Update flannel and kube-router [(#7039)](https://github.com/k3s-io/k3s/pull/7039)
+* Bump various dependencies for CVEs [(#7044)](https://github.com/k3s-io/k3s/pull/7044)
+* Adds a warning about editing to the containerd config.toml file [(#7057)](https://github.com/k3s-io/k3s/pull/7057)
+* Update stable version in channel server [(#7066)](https://github.com/k3s-io/k3s/pull/7066)
+* Wait for kubelet port to be ready before setting [(#7041)](https://github.com/k3s-io/k3s/pull/7041)
+  * The agent tunnel authorizer now waits for the kubelet to be ready before reading the kubelet port from the node object.
+* Improve support for rotating the default self-signed certs [(#7032)](https://github.com/k3s-io/k3s/pull/7032)
+  * The `k3s certificate rotate-ca` checks now support rotating self-signed certificates without the `--force` option.
+* Skip all pipelines based on what is in the PR [(#6996)](https://github.com/k3s-io/k3s/pull/6996)
+* Add missing kernel config checks [(#6946)](https://github.com/k3s-io/k3s/pull/6946)
+* Remove deprecated nodeSelector label beta.kubernetes.io/os [(#6970)](https://github.com/k3s-io/k3s/pull/6970)
+* MultiClusterCIDR for v1.26 [(#6885)](https://github.com/k3s-io/k3s/pull/6885)
+  * MultiClusterCIDR feature
+* Remove Nikolai from MAINTAINERS list [(#7088)](https://github.com/k3s-io/k3s/pull/7088)
+* Add automation for Restart command for K3s [(#7002)](https://github.com/k3s-io/k3s/pull/7002)
+* Fix to Rotate CA e2e test [(#7101)](https://github.com/k3s-io/k3s/pull/7101)
+* Drone: Cleanup E2E VMs on test panic [(#7104)](https://github.com/k3s-io/k3s/pull/7104)
+* Update to v1.26.3-k3s1 [(#7108)](https://github.com/k3s-io/k3s/pull/7108)
+* Pin golangci-lint version to v1.51.2 [(#7113)](https://github.com/k3s-io/k3s/pull/7113)
+* Clean E2E VMs before testing [(#7109)](https://github.com/k3s-io/k3s/pull/7109)
+* Update flannel to fix NAT issue with old iptables version [(#7136)](https://github.com/k3s-io/k3s/pull/7136)
+
+-----
+## Release v1.26.2+k3s1
+<!-- v1.26.2+k3s1 -->
+This release updates Kubernetes to v1.26.2, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1261).
+
+### Changes since v1.26.1+k3s1:
+
+* Add build tag to disable cri-dockerd [(#6760)](https://github.com/k3s-io/k3s/pull/6760)
+* Bump cri-dockerd [(#6797)](https://github.com/k3s-io/k3s/pull/6797)
+  * The embedded cri-dockerd has been updated to v0.3.1
+* Update stable channel to v1.25.6+k3s1 [(#6828)](https://github.com/k3s-io/k3s/pull/6828)
+* E2E Rancher and Hardened script improvements [(#6778)](https://github.com/k3s-io/k3s/pull/6778)
+* Add Ayedo to Adopters [(#6801)](https://github.com/k3s-io/k3s/pull/6801)
+* Consolidate E2E tests and GH Actions [(#6772)](https://github.com/k3s-io/k3s/pull/6772)
+* Allow ServiceLB to honor `ExternalTrafficPolicy=Local` [(#6726)](https://github.com/k3s-io/k3s/pull/6726)
+  * ServiceLB now honors the Service's ExternalTrafficPolicy. When set to Local, the LoadBalancer will only advertise addresses of Nodes with a Pod for the Service, and will not forward traffic to other cluster members.
+* Fix cronjob example [(#6707)](https://github.com/k3s-io/k3s/pull/6707)
+* Bump vagrant boxes to fedora37 [(#6832)](https://github.com/k3s-io/k3s/pull/6832)
+* Ensure flag type consistency [(#6852)](https://github.com/k3s-io/k3s/pull/6852)
+* E2E: Consoldiate docker and prefer bundled tests into new startup test [(#6851)](https://github.com/k3s-io/k3s/pull/6851)
+* Fix reference to documentation [(#6860)](https://github.com/k3s-io/k3s/pull/6860)
+* Bump deps: trivy, sonobuoy, dapper, golangci-lint, gopls [(#6807)](https://github.com/k3s-io/k3s/pull/6807)
+* Fix check for (open)SUSE version [(#6791)](https://github.com/k3s-io/k3s/pull/6791)
+* Add support for user-provided CA certificates [(#6615)](https://github.com/k3s-io/k3s/pull/6615)
+  * K3s now functions properly when the cluster CA certificates are signed by an existing root or intermediate CA. You can find a sample script for generating such certificates before K3s starts in the github repo at [contrib/util/certs.sh](https://github.com/k3s-io/k3s/blob/master/contrib/util/certs.sh).
+* Ignore value conflicts when reencrypting secrets [(#6850)](https://github.com/k3s-io/k3s/pull/6850)
+* Add `kubeadm` style bootstrap token secret support [(#6663)](https://github.com/k3s-io/k3s/pull/6663)
+  * K3s now supports `kubeadm` style join tokens. `k3s token create` now creates join token secrets, optionally with a limited TTL.
+  * K3s agents joined with an expired or deleted token stay in the cluster using existing client certificates via the NodeAuthorization admission plugin, unless their Node object is deleted from the cluster.
+* Add NATS to the list of supported data stores [(#6876)](https://github.com/k3s-io/k3s/pull/6876)
+* Use default address family when adding kubernetes service address to SAN list [(#6857)](https://github.com/k3s-io/k3s/pull/6857)
+  * The apiserver advertised address and IP SAN entry are now set correctly on clusters that use IPv6 as the default IP family.
+* Fix issue with servicelb startup failure when validating webhooks block creation [(#6911)](https://github.com/k3s-io/k3s/pull/6911)
+  * The embedded cloud controller manager will no longer attempt to unconditionally re-create its namespace and serviceaccount on startup. This resolves an issue that could cause a deadlocked cluster when fail-closed webhooks are in use.
+* Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent [(#6829)](https://github.com/k3s-io/k3s/pull/6829)
+  * Fixed an issue that would cause the apiserver egress proxy to attempt to use the agent tunnel to connect to service endpoints even in agent or disabled mode.
+* Wait for server to become ready before creating token [(#6932)](https://github.com/k3s-io/k3s/pull/6932)
+* Allow for multiple sets of leader-elected controllers [(#6922)](https://github.com/k3s-io/k3s/pull/6922)
+  * Fixed an issue where leader-elected controllers for managed etcd did not run on etcd-only nodes
+* Update Flannel to v0.21.1 [(#6944)](https://github.com/k3s-io/k3s/pull/6944)
+* Fix Nightly E2E tests [(#6950)](https://github.com/k3s-io/k3s/pull/6950)
+* Fix etcd and ca-cert rotate issues [(#6952)](https://github.com/k3s-io/k3s/pull/6952)
+* Fix ServiceLB dual-stack ingress IP listing [(#6979)](https://github.com/k3s-io/k3s/pull/6979)
+  * Resolved an issue with ServiceLB that would cause it to advertise node IPv6 addresses, even if the cluster or service was not enabled for dual-stack operation.
+* Bump kine to v0.9.9 [(#6974)](https://github.com/k3s-io/k3s/pull/6974)
+  * The embedded kine version has been bumped to v0.9.9. Compaction log messages are now omitted at `info` level for increased visibility.
+* Update to v1.26.2-k3s1 [(#7011)](https://github.com/k3s-io/k3s/pull/7011)
+
+-----
+## Release v1.26.1+k3s1
+<!-- v1.26.1+k3s1 -->
+This release updates Kubernetes to v1.26.1, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1260).
+
+### Changes since v1.26.0+k3s2:
+
+* Add jitter to scheduled snapshots and retry harder on conflicts [(#6715)](https://github.com/k3s-io/k3s/pull/6715)
+  * Scheduled etcd snapshots are now offset by a short random delay of up to several seconds. This should prevent multi-server clusters from executing pathological behavior when attempting to simultaneously update the snapshot list ConfigMap. The snapshot controller will also be more persistent in attempting to update the snapshot list.
+* Adjust e2e test run script and fixes [(#6718)](https://github.com/k3s-io/k3s/pull/6718)
+* RIP Codespell [(#6701)](https://github.com/k3s-io/k3s/pull/6701)
+* Bump alpine from 3.16 to 3.17 in /package [(#6688)](https://github.com/k3s-io/k3s/pull/6688)
+* Bump alpine from 3.16 to 3.17 in /conformance [(#6687)](https://github.com/k3s-io/k3s/pull/6687)
+* Bump containerd to v1.6.15-k3s1 [(#6722)](https://github.com/k3s-io/k3s/pull/6722)
+  * The embedded containerd version has been bumped to v1.6.15-k3s1
+* Containerd restart testlet [(#6696)](https://github.com/k3s-io/k3s/pull/6696)
+* Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts [(#6686)](https://github.com/k3s-io/k3s/pull/6686)
+* Add explicit read permissions to workflows [(#6700)](https://github.com/k3s-io/k3s/pull/6700)
+* Pass through default tls-cipher-suites [(#6725)](https://github.com/k3s-io/k3s/pull/6725)
+  * The K3s default cipher suites are now explicitly passed in to kube-apiserver, ensuring that all listeners use these values.
+* Bump golang:alpine image version [(#6683)](https://github.com/k3s-io/k3s/pull/6683)
+* Bugfix: do not break cert-manager when pprof is enabled [(#6635)](https://github.com/k3s-io/k3s/pull/6635)
+* Fix CI tests on Alpine 3.17 [(#6744)](https://github.com/k3s-io/k3s/pull/6744)
+* Update Stable to 1.25.5+k3s2 [(#6753)](https://github.com/k3s-io/k3s/pull/6753)
+* Bump action/download-artifact to v3 [(#6746)](https://github.com/k3s-io/k3s/pull/6746)
+* Generate report and upload test results [(#6737)](https://github.com/k3s-io/k3s/pull/6737)
+* Slow dependency CI to weekly [(#6764)](https://github.com/k3s-io/k3s/pull/6764)
+* Fix Drone plugins/docker tag for 32 bit arm [(#6769)](https://github.com/k3s-io/k3s/pull/6769)
+* Update to v1.26.1-k3s1 [(#6774)](https://github.com/k3s-io/k3s/pull/6774)
+
+-----
+## Release v1.26.0+k3s2
+<!-- v1.26.0+k3s2 -->
+
+This release updates containerd to v1.6.14 to resolve an issue where pods would lose their CNI information when containerd was restarted, as well as a number of other stability and administrative changes.
+
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#urgent-upgrade-notes).
+
+### Changes since v1.26.0+k3s1:
+
+* Current status badges [(#6653)](https://github.com/k3s-io/k3s/pull/6653)
+* Add initial Updatecli ADR automation [(#6583)](https://github.com/k3s-io/k3s/pull/6583)
+* December 2022 channels update [(#6618)](https://github.com/k3s-io/k3s/pull/6618)
+* Change Updatecli GH action reference branch [(#6682)](https://github.com/k3s-io/k3s/pull/6682)
+* Fix OpenRC init script error 'openrc-run.sh: source: not found' [(#6614)](https://github.com/k3s-io/k3s/pull/6614)
+* Add Dependabot config for security ADR [(#6560)](https://github.com/k3s-io/k3s/pull/6560)
+* Bump containerd to v1.6.14-k3s1 [(#6693)](https://github.com/k3s-io/k3s/pull/6693)
+  * The embedded containerd version has been bumped to v1.6.14-k3s1. This includes a backported fix for [containerd/7843](https://github.com/containerd/containerd/issues/7843) which caused pods to lose their CNI info when containerd was restarted, which in turn caused the kubelet to recreate the pod.
+* Exclude December r1 releases from channel server [(#6706)](https://github.com/k3s-io/k3s/pull/6706)
+
+-----
+## Release v1.26.0+k3s1
+<!-- v1.26.0+k3s1 -->
+
+> ## ⚠️ WARNING
+> This release is affected by https://github.com/containerd/containerd/issues/7843, which causes the kubelet to restart all pods whenever K3s is restarted. For this reason, we have removed this K3s release from the channel server. Please use `v1.26.0+k3s2` instead.
+
+This release is K3S's first in the v1.26 line. This release updates Kubernetes to v1.26.0.
+
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#urgent-upgrade-notes).
+
+### Changes since v1.25.5+k3s1:
+
+* Remove deprecated flags in v1.26 [(#6574)](https://github.com/k3s-io/k3s/pull/6574)
+* Using "etcd-snapshot" for saving snapshots is now deprecated, use "etcd-snapshot save" instead. [(#6575)](https://github.com/k3s-io/k3s/pull/6575)
+* Update to v1.26.0-k3s1
+ * * Update kubernetes to v1.26.0-k3s1
+ * * Update cri-tools to  v1.26.0-rc.0-k3s1
+ * * Update helm controller to v0.13.1
+ * * Update etcd to v3.5.5-k3s1
+ * * Update cri-dockerd to the latest 1.26.0
+ * * Update cadvisor
+ * * Update containerd to v1.6.12-k3s1 [(#6370)](https://github.com/k3s-io/k3s/pull/6370)
+* Preload iptable_filter/ip6table_filter [(#6645)](https://github.com/k3s-io/k3s/pull/6645)
+* Bump k3s-root version to v0.12.1 [(#6651)](https://github.com/k3s-io/k3s/pull/6651)
+
+-----
diff --git a/docs/release-notes/v1.27.X.md b/docs/release-notes/v1.27.X.md
new file mode 100644
index 000000000..9316e7fc9
--- /dev/null
+++ b/docs/release-notes/v1.27.X.md
@@ -0,0 +1,194 @@
+---
+hide_table_of_contents: true
+---
+
+# v1.27.X
+
+:::caution Upgrade Notice
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#urgent-upgrade-notes).
+:::
+
+| Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner  |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -----  |
+| [v1.27.4+k3s1](v1.27.X.md#release-v1274k3s1) | Jul 27 2023| [v1.27.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#v1274) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.22.0](https://github.com/flannel-io/flannel/releases/tag/v0.22.0) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.2](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.2) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.27.3+k3s1](v1.27.X.md#release-v1273k3s1) | Jun 26 2023| [v1.27.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#v1273) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.22.0](https://github.com/flannel-io/flannel/releases/tag/v0.22.0) | [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.15.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.15.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.27.2+k3s1](v1.27.X.md#release-v1272k3s1) | May 26 2023| [v1.27.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#v1272) | [v0.10.1](https://github.com/k3s-io/kine/releases/tag/v0.10.1) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.7.1-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1) | [v1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.10](https://github.com/traefik/traefik/releases/tag/v2.9.10) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.14.0](https://github.com/k3s-io/helm-controller/releases/tag/v0.14.0) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+| [v1.27.1+k3s1](v1.27.X.md#release-v1271k3s1) | Apr 27 2023| [v1.27.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#v1271) | [v0.9.9](https://github.com/k3s-io/kine/releases/tag/v0.9.9) | [3.39.2](https://sqlite.org/releaselog/3_39_2.html) | [v3.5.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1) | [v1.6.19-k3s1](https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1) | [v1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5) | [v0.21.4](https://github.com/flannel-io/flannel/releases/tag/v0.21.4) | [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2) | [v2.9.4](https://github.com/traefik/traefik/releases/tag/v2.9.4) | [v1.10.1](https://github.com/coredns/coredns/releases/tag/v1.10.1) | [v0.13.3](https://github.com/k3s-io/helm-controller/releases/tag/v0.13.3) | [v0.0.24](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24)  |
+
+<br />
+
+## Release v1.27.4+k3s1
+<!-- v1.27.4+k3s1 -->
+This release updates Kubernetes to v1.27.4, and fixes a number of issues.    
+​
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#changelog-since-v1273).
+​
+### Changes since v1.27.3+k3s1:
+​
+* Pkg imported more than once [(#7803)](https://github.com/k3s-io/k3s/pull/7803)
+* Faster K3s Binary Build Option [(#7805)](https://github.com/k3s-io/k3s/pull/7805)
+* Update stable channel to v1.27.3+k3s1 [(#7827)](https://github.com/k3s-io/k3s/pull/7827)
+* Adding cli to custom klipper helm image [(#7682)](https://github.com/k3s-io/k3s/pull/7682)
+  * The default helm-controller job image can now be overridden with the --helm-job-image CLI flag
+* Check if we are on ipv4, ipv6 or dualStack when doing tailscale [(#7838)](https://github.com/k3s-io/k3s/pull/7838)
+* Remove file_windows.go [(#7845)](https://github.com/k3s-io/k3s/pull/7845)
+* Add a k3s data directory location specified by the cli [(#7791)](https://github.com/k3s-io/k3s/pull/7791)
+* Fix e2e startup flaky test [(#7839)](https://github.com/k3s-io/k3s/pull/7839)
+* Allow k3s to customize apiServerPort on helm-controller [(#7834)](https://github.com/k3s-io/k3s/pull/7834)
+* Fall back to basic/bearer auth when node identity auth is rejected [(#7836)](https://github.com/k3s-io/k3s/pull/7836)
+  * Resolved an issue that caused agents joined with kubeadm-style bootstrap tokens to fail to rejoin the cluster when their node object is deleted.
+* Fix code spell check [(#7858)](https://github.com/k3s-io/k3s/pull/7858)
+* Add e2e s3 test [(#7833)](https://github.com/k3s-io/k3s/pull/7833)
+* Warn that v1.28 will deprecate reencrypt/prepare [(#7848)](https://github.com/k3s-io/k3s/pull/7848)
+* Support setting control server URL for Tailscale [(#7807)](https://github.com/k3s-io/k3s/pull/7807)
+  * Support connecting tailscale to a separate server (e.g. headscale)
+* Improve for K3s release Docs [(#7864)](https://github.com/k3s-io/k3s/pull/7864)
+* Fix rootless node password location [(#7887)](https://github.com/k3s-io/k3s/pull/7887)
+* Bump google.golang.org/grpc from 1.51.0 to 1.53.0 in /tests/terraform [(#7879)](https://github.com/k3s-io/k3s/pull/7879)
+* Add retry for clone step [(#7862)](https://github.com/k3s-io/k3s/pull/7862)
+* Generation of certificates and keys for etcd gated if etcd is disabled. [(#6998)](https://github.com/k3s-io/k3s/pull/6998)
+* Don't use zgrep in `check-config` if apparmor porfile is enforced [(#7939)](https://github.com/k3s-io/k3s/pull/7939)
+* Fix image_scan.sh script and download trivy version [(#7950)](https://github.com/k3s-io/k3s/pull/7950)
+* Revert "Warn that v1.28 will deprecate reencrypt/prepare" [(#7977)](https://github.com/k3s-io/k3s/pull/7977)
+* Adjust default kubeconfig file permissions [(#7978)](https://github.com/k3s-io/k3s/pull/7978)
+* Fix update go version command on release documentation [(#8028)](https://github.com/k3s-io/k3s/pull/8028)
+* Update to v1.27.4 [(#8014)](https://github.com/k3s-io/k3s/pull/8014)
+​
+-----
+## Release v1.27.3+k3s1
+<!-- v1.27.3+k3s1 -->
+This release updates Kubernetes to v1.27.3, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#changelog-since-v1272).
+
+### Changes since v1.27.2+k3s1:
+
+* Update flannel version [(#7628)](https://github.com/k3s-io/k3s/pull/7628)
+  * Update flannel to v0.22.0
+* Add el9 selinux rpm [(#7635)](https://github.com/k3s-io/k3s/pull/7635)
+* Update channels [(#7634)](https://github.com/k3s-io/k3s/pull/7634)
+* Allow coredns override extensions [(#7583)](https://github.com/k3s-io/k3s/pull/7583)
+  * The `coredns-custom` ConfigMap now allows for `*.override` sections to be included in the `.:53` default server block.
+* Bump klipper-lb to v0.4.4 [(#7617)](https://github.com/k3s-io/k3s/pull/7617)
+  * Bumped klipper-lb image to v0.4.4 to resolve an issue that prevented access to ServiceLB ports from localhost when the Service ExternalTrafficPolicy was set to Local.
+* Bump metrics-server to v0.6.3 and update tls-cipher-suites [(#7564)](https://github.com/k3s-io/k3s/pull/7564)
+  * The bundled metrics-server has been bumped to v0.6.3, and now uses only secure TLS ciphers by default.
+* Do not use the admin kubeconfig for the supervisor and core controllers [(#7616)](https://github.com/k3s-io/k3s/pull/7616)
+  * The K3s core controllers (supervisor, deploy, and helm) no longer use the admin kubeconfig. This makes it easier to determine from access and audit logs which actions are performed by the system, and which are performed by an administrative user.
+* Bump golang:alpine image version [(#7619)](https://github.com/k3s-io/k3s/pull/7619)
+* Make LB image configurable when compiling k3s [(#7626)](https://github.com/k3s-io/k3s/pull/7626)
+* Bump vagrant libvirt with fix for plugin installs [(#7605)](https://github.com/k3s-io/k3s/pull/7605)
+* Add format command on Makefile [(#7437)](https://github.com/k3s-io/k3s/pull/7437)
+* Use el8 rpm for fedora 38 and 39 [(#7664)](https://github.com/k3s-io/k3s/pull/7664)
+* Check variant before version to decide rpm target and packager closes #7666 [(#7667)](https://github.com/k3s-io/k3s/pull/7667)
+* Test Coverage Reports for E2E tests [(#7526)](https://github.com/k3s-io/k3s/pull/7526)
+* Soft-fail on node password verification if the secret cannot be created [(#7655)](https://github.com/k3s-io/k3s/pull/7655)
+  * K3s now allows nodes to join the cluster even if the node password secret cannot be created at the time the node joins. The secret create will be retried in the background. This resolves a potential deadlock created by fail-closed validating webhooks that block secret creation, where the webhook is unavailable until new nodes join the cluster to run the webhook pod.
+* Enable containerd aufs/devmapper/zfs snapshotter plugins [(#7661)](https://github.com/k3s-io/k3s/pull/7661)
+  * The bundled containerd's aufs/devmapper/zfs snapshotter plugins have been restored. These were unintentionally omitted when moving containerd back into the k3s multicall binary in the previous release.
+* Bump docker go.mod [(#7681)](https://github.com/k3s-io/k3s/pull/7681)
+* Shortcircuit commands with version or help flags [(#7683)](https://github.com/k3s-io/k3s/pull/7683)
+  * Non root users can now call `k3s --help` and `k3s --version` commands without running into permission errors over the default config file.
+* Bump Trivy version [(#7672)](https://github.com/k3s-io/k3s/pull/7672)
+* E2E: Capture coverage of K3s subcommands [(#7686)](https://github.com/k3s-io/k3s/pull/7686)
+* Integrate tailscale into k3s [(#7352)](https://github.com/k3s-io/k3s/pull/7352)
+  * Integration of tailscale VPN into k3s
+* Add private registry e2e test [(#7653)](https://github.com/k3s-io/k3s/pull/7653)
+* E2E: Remove unnecessary daemonset addition/deletion [(#7696)](https://github.com/k3s-io/k3s/pull/7696)
+* Add issue template for OS validation [(#7695)](https://github.com/k3s-io/k3s/pull/7695)
+* Fix spelling check [(#7740)](https://github.com/k3s-io/k3s/pull/7740)
+* Remove useless libvirt config [(#7745)](https://github.com/k3s-io/k3s/pull/7745)
+* Bump helm-controller to v0.15.0 for create-namespace support [(#7716)](https://github.com/k3s-io/k3s/pull/7716)
+  * The embedded helm controller has been bumped to v0.15.0, and now supports creating the chart's target namespace if it does not exist.
+* Fix error logging in tailscale [(#7776)](https://github.com/k3s-io/k3s/pull/7776)
+* Add commands to remove advertised routes of tailscale in k3s-killall.sh [(#7777)](https://github.com/k3s-io/k3s/pull/7777)
+* Update Kubernetes to v1.27.3 [(#7790)](https://github.com/k3s-io/k3s/pull/7790)
+
+-----
+## Release v1.27.2+k3s1
+<!-- v1.27.2+k3s1 -->
+This release updates Kubernetes to v1.27.2, and fixes a number of issues.
+
+For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#changelog-since-v1271).
+
+### Changes since v1.27.1+k3s1:
+
+* Ensure that klog verbosity is set to the same level as logrus [(#7303)](https://github.com/k3s-io/k3s/pull/7303)
+* Create CRDs with schema [(#7308)](https://github.com/k3s-io/k3s/pull/7308)
+  * Fixed an issue where Addon, HelmChart, and HelmChartConfig CRDs were created without structural schema, allowing the creation of custom resources of these types with invalid content.
+* Bump k3s-root for aarch64 page size fix [(#7364)](https://github.com/k3s-io/k3s/pull/7364)
+  * K3s once again supports aarch64 nodes with page size > 4k
+* Bump Runc and Containerd [(#7339)](https://github.com/k3s-io/k3s/pull/7339)
+* Add integration tests for etc-snapshot server flags and refactor /tests/integration/integration.go/K3sStartServer [(#7300)](https://github.com/k3s-io/k3s/pull/7300)
+* Bump traefik to v2.9.10 / chart 21.2.0 [(#7324)](https://github.com/k3s-io/k3s/pull/7324)
+  * The packaged Traefik version has been bumped to v2.9.10 / chart 21.2.0
+* Add longhorn storage test [(#6445)](https://github.com/k3s-io/k3s/pull/6445)
+* Improve error message when CLI wrapper Exec fails [(#7373)](https://github.com/k3s-io/k3s/pull/7373)
+  * K3s now prints a more meaningful error when attempting to run from a filesystem mounted `noexec`.
+* Fix issues with `--disable-agent` and `--egress-selector-mode=pod|cluster` [(#7331)](https://github.com/k3s-io/k3s/pull/7331)
+  * Servers started with the (experimental) --disable-agent flag no longer attempt to run the tunnel authorizer agent component.
+  * Fixed an regression that prevented the pod and cluster egress-selector modes from working properly.
+* Retry cluster join on "too many learners" error [(#7351)](https://github.com/k3s-io/k3s/pull/7351)
+  * K3s now retries the cluster join operation when receiving a "too many learners" error from etcd. This most frequently occurred when attempting to add multiple servers at the same time.
+* Fix MemberList error handling and incorrect etcd-arg passthrough [(#7371)](https://github.com/k3s-io/k3s/pull/7371)
+  * K3s now correctly passes through etcd-args to the temporary etcd that is used to extract cluster bootstrap data when restarting managed etcd nodes.
+  * K3s now properly handles errors obtaining the current etcd cluster member list when a new server is joining the managed etcd cluster.
+* Bump Trivy version [(#7383)](https://github.com/k3s-io/k3s/pull/7383)
+* Handle multiple arguments with StringSlice flags [(#7380)](https://github.com/k3s-io/k3s/pull/7380)
+* Add v1.27 channel [(#7387)](https://github.com/k3s-io/k3s/pull/7387)
+* Enable FindString to search dotD config files [(#7323)](https://github.com/k3s-io/k3s/pull/7323)
+* Migrate netutil methods into /util/net.go [(#7422)](https://github.com/k3s-io/k3s/pull/7422)
+* Local-storage: Fix permission [(#7217)](https://github.com/k3s-io/k3s/pull/7217)
+* Bump cni plugins to v1.2.0-k3s1 [(#7425)](https://github.com/k3s-io/k3s/pull/7425)
+  * The bundled CNI plugins have been upgraded to v1.2.0-k3s1. The bandwidth and firewall plugins are now included in the bundle.
+* Add dependabot label and reviewer [(#7423)](https://github.com/k3s-io/k3s/pull/7423)
+* E2E: Startup test cleanup + RunCommand Enhancement [(#7388)](https://github.com/k3s-io/k3s/pull/7388)
+* Fail to validate server tokens that use bootstrap id/secret format [(#7389)](https://github.com/k3s-io/k3s/pull/7389)
+  * K3s now exits with a proper error message when the server token uses a bootstrap token `id.secret` format.
+* Fix token startup test [(#7442)](https://github.com/k3s-io/k3s/pull/7442)
+* Bump kine to v0.10.1 [(#7414)](https://github.com/k3s-io/k3s/pull/7414)
+  * The embedded kine version has been bumped to v0.10.1. This replaces the legacy `lib/pq` postgres driver with `pgx`.
+* Add kube-* server flags integration tests [(#7416)](https://github.com/k3s-io/k3s/pull/7416)
+* Add support for `-cover` + integration test code coverage [(#7415)](https://github.com/k3s-io/k3s/pull/7415)
+* Bump kube-router version to fix a bug when a port name is used [(#7454)](https://github.com/k3s-io/k3s/pull/7454)
+* Consistently use constant-time comparison of password hashes instead of bare password strings [(#7455)](https://github.com/k3s-io/k3s/pull/7455)
+* Bump containerd to v1.7.0 and move back into multicall binary [(#7418)](https://github.com/k3s-io/k3s/pull/7418)
+  * The embedded containerd version has been bumped to `v1.7.0-k3s1`, and has been reintegrated into the main k3s binary for a significant savings in release artifact size.
+* Adding PITS and Getdeck Beiboot as adopters thanks to Schille and Miw… [(#7524)](https://github.com/k3s-io/k3s/pull/7524)
+* Bump helm-controller version for repo auth/ca support [(#7525)](https://github.com/k3s-io/k3s/pull/7525)
+  * The embedded Helm controller now supports authenticating to chart repositories via credentials stored in a Secret, as well as passing repo CAs via ConfigMap.
+* Bump containerd/runc to v1.7.1-k3s1/v1.1.7 [(#7533)](https://github.com/k3s-io/k3s/pull/7533)
+  * The bundled containerd and runc versions have been bumped to v1.7.1-k3s1/v1.1.7
+* Wrap error stating that it is coming from netpol [(#7539)](https://github.com/k3s-io/k3s/pull/7539)
+* Add Rotation certification Check, remove func to restart agents [(#7097)](https://github.com/k3s-io/k3s/pull/7097)
+* Bump alpine from 3.17 to 3.18 in /package [(#7550)](https://github.com/k3s-io/k3s/pull/7550)
+* Bump alpine from 3.17 to 3.18 in /conformance [(#7551)](https://github.com/k3s-io/k3s/pull/7551)
+* Add '-all' flag to apply to inactive systemd units [(#7567)](https://github.com/k3s-io/k3s/pull/7567)
+* Update to v1.27.2-k3s1 [(#7575)](https://github.com/k3s-io/k3s/pull/7575)
+* Fix iptables rules clean during upgrade [(#7591)](https://github.com/k3s-io/k3s/pull/7591)
+* Pin emicklei/go-restful to v3.9.0 [(#7597)](https://github.com/k3s-io/k3s/pull/7597)
+* Add el9 selinux rpm [(#7443)](https://github.com/k3s-io/k3s/pull/7443)
+* Revert "Add el9 selinux rpm (#7443)" [(#7608)](https://github.com/k3s-io/k3s/pull/7608)
+
+-----
+## Release v1.27.1+k3s1
+<!-- v1.27.1+k3s1 -->
+This release is K3S's first in the v1.27 line. This release updates Kubernetes to v1.27.1.
+
+Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#urgent-upgrade-notes).
+
+### Changes since v1.26.4+k3s1:
+
+* Kubernetes 1.27.1 [(#7271)](https://github.com/k3s-io/k3s/pull/7271)
+* V1.27.1 CLI Deprecation [(#7311)](https://github.com/k3s-io/k3s/pull/7311)
+  * `--flannel-backed=wireguard` has been completely replaced with `--flannel-backend=wireguard-native`
+  * The `k3s etcd-snapshot` command will now print a help message, to save a snapshot use: `k3s etcd-snapshot save`
+  * The following flags will now cause fatal errors (with full removal coming in v1.28.0):
+    * `--flannel-backed=ipsec`: replaced with `--flannel-backend=wireguard-native` [see docs for more info.](https://docs.k3s.io/installation/network-options#migrating-from-wireguard-or-ipsec-to-wireguard-native)
+    * Supplying multiple `--flannel-backend` values is no longer valid. Use `--flannel-conf` instead.
+* Changed command -v redirection for iptables bin check [(#7315)](https://github.com/k3s-io/k3s/pull/7315)
+* Update channel server for april 2023 [(#7327)](https://github.com/k3s-io/k3s/pull/7327)
+* Bump cri-dockerd [(#7347)](https://github.com/k3s-io/k3s/pull/7347)
+* Cleanup help messages [(#7369)](https://github.com/k3s-io/k3s/pull/7369)
+
+-----
diff --git a/scripts/collect-all-release-notes.sh b/scripts/collect-all-release-notes.sh
new file mode 100755
index 000000000..e6f0e5704
--- /dev/null
+++ b/scripts/collect-all-release-notes.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+function gen_md_link()
+{
+    release_link=$(echo $1 | tr '[:upper:]' '[:lower:]' | sed -e 's/ /-/g' -e 's/\.//g' -e 's/+//g')
+    echo "${release_link}"
+}
+
+MINORS="v1.24 v1.25 v1.26 v1.27"
+
+for minor in $MINORS; do
+    product=k3s
+    k3s_table=$(mktemp)
+    previous=""
+    file=docs/release-notes/${minor}.X.md
+    for patch in $(gh release list -R "k3s-io/${product}" --exclude-drafts --exclude-pre-releases --limit=1000 | awk -F '\t' '{ print $3 }' | grep ^"${minor}"); do
+        publish_date=$(gh release view "${patch}" -R "k3s-io/${product}" --json publishedAt -q '.publishedAt' | awk -F'T' '{ print $1 }')
+        echo "# Release ${patch}" >> "${file}"
+        gh release view "${patch}" -R "k3s-io/${product}" --json body -q '.body' >> "${file}"
+        echo "-----" >> "${file}"
+        body=$(gh release view "${patch}" -R "k3s-io/${product}" --json body -q '.body')
+        # Extract from each release notes the component table, building a single table with all the components
+        if [ -z "${previous}" ]; then
+            title="---\nhide_table_of_contents: true\n---\n\n# ${minor}.X\n"
+            echo -e "${title}" >> $k3s_table
+            upgrade_link="[Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-${minor:1}.md#urgent-upgrade-notes)"
+            upgrade_warning=":::caution Upgrade Notice\nBefore upgrading from earlier releases, be sure to read the Kubernetes ${upgrade_link}.\n:::\n"
+            echo -e "${upgrade_warning}" >> $k3s_table
+            echo -n "| Version | Release date " >> $k3s_table
+            echo "$body"  | grep "^|" | tail -n+3 | awk -F'|' '{ print $2 }' | while read column; do echo -n "| $column " >> $k3s_table; done
+            echo " |" >> $k3s_table
+            echo -n "| ----- | ----- " >> $k3s_table
+            echo "$body"  | grep "^|" | tail -n+3 | awk -F'|' '{ print $2 }' | while read column; do echo -n "| ----- " >> $k3s_table; done
+            echo " |" >> $k3s_table
+        fi
+        echo -n "| [${patch}](${minor}.X.md#release-$(gen_md_link $patch)) | $(date +"%b %d %Y" -d "${publish_date}")" >> $k3s_table
+        echo "$body"  | grep "^|" | tail -n+3 | awk -F'|' '{ print $3 }' | while read column; do echo -n "| $column " >> $k3s_table; done
+        echo " |" >> $k3s_table
+        previous=$patch
+        # Remove the component table from each individual release notes
+        perl -i -p0e 's/^## Embedded Component Versions.*?^-----/-----/gms' "${file}"
+        # Add extra levels for Docusaurus Sidebar
+        sed -i 's/^# Release/## Release/' "${file}"
+        sed -i 's/^## Changes since/### Changes since/' "${file}"
+    done
+    echo -e "\n<br />\n" >> $k3s_table
+    # Append the global component and version table
+    k3stmp=$(mktemp)
+    cat $k3s_table "${file}" > $k3stmp && mv $k3stmp "${file}"
+    echo "Collected release notes for ${product} ${minor}"
+done
diff --git a/sidebars.js b/sidebars.js
index 827550629..cc913ed95 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -91,6 +91,16 @@ module.exports = {
         'reference/resource-profiling',
       ],
     },
+    {
+      type: 'category',
+      label: 'Release Notes',
+      items: [
+        {
+          type: 'autogenerated',
+          dirName: 'release-notes',
+        },
+      ],
+    },
     {
       type: 'autogenerated',
       dirName: 'known-issues',