reported vulnerability and how it might be exploited. Alternatively,
   a well-established vulnerability identifier, e.g. CVE number, can be
   used instead.

Based on the description mentioned above, a MinIO engineer or security team
member investigates:

- Whether the reported vulnerability exists.
- The conditions that are required such that the vulnerability can be exploited.

If your CL addresses an accepted proposal, mention the proposal issue number in
your release note in the form `/issue/NUMBER`. A link to the issue in the text
will have this form (see below). If you don't want to mention the issue in the
text, add it as a comment:
```
<!-- go.dev/issue/12345 -->
```
If an accepted proposal is mentioned in a CL but not in the release notes, it will be

 *   <dd>A new type, which is similar to {@link java.util.Map}, but may contain multiple entries
 *       with the same key. Some behaviors of {@link Multimap} are left unspecified and are provided
 *       only by the subtypes mentioned below.
 *   <dt>{@link ListMultimap}
 *   <dd>An extension of {@link Multimap} which permits duplicate entries, supports random access of

| *Required* | *Yes*    |

### AUTHPARAMS

Indicates STS API Authorization information. If you are familiar with AWS Signature V4 Authorization header, this STS API supports signature V4 authorization as mentioned [here](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)

### DurationSeconds

    }
    return dummy;
  }

  /**
   * Similar to the above, but keeps a boolean flag rather than checking for the string accumulated
   * so far being empty. As a result, it does not have the above-mentioned bug.
   */
  @Benchmark
  int booleanIfFirst(int reps) {
    int dummy = 0;
    for (int i = 0; i < reps; i++) {
      StringBuilder sb = new StringBuilder();
      boolean append = false;

start by opening a new issue describing the bug or feature you're intending to
fix. Even if you think it's relatively minor, it's helpful to know what people
are working on. And as mentioned above, API changes should be discussed
thoroughly before moving to code.

Some examples of types of pull requests that are immediately helpful:

  - Fixing a bug without changing a public API.

            assertFalse("Exception message should not be empty", message.trim().isEmpty());
            assertTrue("Exception message should mention 'inputstream'", message.toLowerCase().contains("inputstream"));
            assertTrue("Exception message should mention 'null'", message.toLowerCase().contains("null"));
        }
    }

    /**
     * Test that validateInputStream does not modify or consume the stream.

```json
{
    "result": true
}
```

The following structure is also accepted:

```json
{
    "result": {
        "allow": true
    }
}
```

4. **Before Submitting**:
   - Run `make verify` to check formatting, linting, and tests.
   - Reference related issues (e.g., “Closes #1234”).
   - Notify team members via GitHub `@mentions` if urgent or complex.

## Reviewing PRs

Reviewers ensure MinIO’s commit history remains a clear, reliable record. Responsibilities include:

1. **Commit Quality**:

4. Fixes are prepared for the latest release.
5. On the date that the fixes are applied a security advisory will be published on <https://blog.min.io>.
   Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing
   the security issue. By default MinIO will **not** publish this information to protect your privacy.