Kubernetes v1.35.3 release notes: security and stability patch
Patch release. Security backports. Bug fixes. No new features.
What changed
- Security backports: Fixes landed after v1.35.2. This article does not list CVEs. The upstream changelog should.
- Stability fixes: Targets core controllers and the API server. Exact commits live in the official CHANGELOG.
- Cumulative patch: Rolls up 1.35 fixes through 2026-03-18.
The rest is dependency bumps. Moving on.
Who should upgrade
- Running any 1.35.x: You want the latest patch in-branch.
- Production clusters: Apply in your normal maintenance window.
- Managed Kubernetes users: Check your provider’s channel and rollout status.
Fast upgrade checklist
- Read first: Open the official v1.35.3 CHANGELOG. Do not trust summaries, including this one.
- Back up: Save cluster state you cannot recreate fast.
- Control plane first: Upgrade kube-apiserver, kube-controller-manager, kube-scheduler.
- Then nodes: Upgrade kubelet and kube-proxy. Follow Kubernetes version skew policy.
- Verify: Check node Ready, critical pods Running, and API errors quiet.
- Managed example: Run your provider’s upgrade command. Example: gcloud container clusters upgrade or eksctl upgrade cluster.
- Self-managed check: Run kubectl version after the roll.
Known issues
Unknown. The draft claimed “none,” but it provided no source.
If you cannot test your CNI in staging, you should not run Kubernetes.
Anyway. Verify the changelog, then decide.
🛠️ Try These Free Tools
⚠️ K8s Manifest Deprecation Checker
Paste your Kubernetes YAML to detect deprecated APIs before upgrading.
📦 Dependency EOL Scanner
Paste your dependency file to check for end-of-life packages.
🗺️ Upgrade Path Planner
Plan your upgrade path with breaking change warnings and step-by-step guidance.