import javax.annotation.CheckForNull;

/**
 * Exception indicating that a recursive delete can't be performed because the file system does not
 * have the support necessary to guarantee that it is not vulnerable to race conditions that would
 * allow it to delete files and directories outside of the directory being deleted (i.e., {@link
 * SecureDirectoryStream} is not supported).
 *

        }
        api("org.apache.pdfbox:pdfbox:2.0.24") {
            because("Flexmark 0.34.60 brings in a vulnerable version of pdfbox")
        }
        api("com.google.code.findbugs:jsr305:3.0.2")
        api("commons-io:commons-io:2.14.0")
        api("commons-lang:commons-lang:2.6")
        api("javax.activation:activation:1.1.1")

        Collections.addAll(trustedCertificates, *platformTrustManager.acceptedIssuers)
      }

    /**
     * Configures this to not authenticate the HTTPS server on to [hostname]. This makes the user
     * vulnerable to man-in-the-middle attacks and should only be used only in private development
     * environments and only to carry test data.
     *
     * The server’s TLS certificate **does not need to be signed** by a trusted certificate

        if (getMojos() == null) {
            return null; // no mojo in this POM
        }

        // TODO could we use a map? Maybe if the parent did that for components too, as this is too vulnerable to
        // changes above not being propagated to the map
        for (MojoDescriptor desc : getMojos()) {
            if (goal.equals(desc.getGoal())) {
                return desc;
            }
        }

  // component responsible for a finalizer later in the list, resulting in a deadlock.
  // Without enforced ordering finalizers are free to order amongst themselves and
  // are not vulnerable to ordering changes in the list.
  // +optional
  // +patchStrategy=merge
  repeated string finalizers = 14;

  // ManagedFields maps workflow-id and version to the set of fields

    - [CVE-2021-25749: <code>runAsNonRoot</code> logic bypass for Windows containers](#cve-2021-25749-runasnonroot-logic-bypass-for-windows-containers)
    - [Am I vulnerable?](#am-i-vulnerable)
      - [Affected Versions](#affected-versions)
    - [How do I mitigate this vulnerability?](#how-do-i-mitigate-this-vulnerability)
      - [Fixed Versions](#fixed-versions)
    - [Detection](#detection)

    - [CVE-2021-25749: <code>runAsNonRoot</code> logic bypass for Windows containers](#cve-2021-25749-runasnonroot-logic-bypass-for-windows-containers)
    - [Am I vulnerable?](#am-i-vulnerable)
      - [Affected Versions](#affected-versions)
    - [How do I mitigate this vulnerability?](#how-do-i-mitigate-this-vulnerability)
      - [Fixed Versions](#fixed-versions)
    - [Detection](#detection)

  // kubelet.  If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the
  // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept
  // the actual log data coming from the real kubelet).
  // +optional
  optional bool insecureSkipTLSVerifyBackend = 9;
}

This issue has been rated low and assigned CVE-2021-25749

**Am I vulnerable?**

All Kubernetes clusters with following versions, running Windows workloads with `runAsNonRoot` are impacted

**Affected Versions**:

- kubelet v1.20 - v1.21
- kubelet v1.22.0 - v1.22.13