var b bytes.Buffer
	gzWriter := gzip.NewWriter(&b)

	header := struct {
		Version string `json:"version"`
	}{Version: healthInfo.Version}

	enc := json.NewEncoder(gzWriter)
	if e := enc.Encode(header); e != nil {
		internalLogIf(ctx, fmt.Errorf("Could not encode health info header: %w", e))
		return nil
	}

	if e := enc.Encode(healthInfo); e != nil {

		return
	}

	writeSuccessResponseJSON(w, b)
	// Notify peers to load rebalance.bin and start rebalance routine if they happen to be
	// participating pool's leader node
	globalNotificationSys.LoadRebalanceMeta(ctx, true)
}

func (a adminAPIHandlers) RebalanceStatus(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	// Allocated DNS config wrapper over etcd client.
	globalDNSConfig dns.Store

	// GlobalKMS initialized KMS configuration
	GlobalKMS *kms.KMS

	// Common lock for various subsystems performing the leader tasks
	globalLeaderLock *sharedLock

	// Auto-Encryption, if enabled, turns any non-SSE-C request
	// into an SSE-S3 request. If enabled a valid, non-empty KMS
	// configuration must be present.

	}
	z.rebalMu.RUnlock()

	for poolIdx, doRebalance := range participants {
		if !doRebalance {
			continue
		}
		// nothing to do if this node is not pool's first node (i.e pool's rebalance 'leader').
		if !globalEndpoints[poolIdx].Endpoints[0].IsLocal {
			continue
		}

		go func(idx int) {
			stopfn := globalRebalanceMetrics.log(rebalanceMetricRebalanceBuckets, idx)

- Removed "endpoint-controller" and "workload-leader-election" FlowSchemas from the default APF configuration.
  

	hdr := r.opts.HeaderSize // remaining header bytes
	var tokens int           // number of tokens to request

	if hdr > 0 { // available tokens go towards header first
		if hdr < b { // all of header can be accommodated
			r.opts.HeaderSize = 0
			need = int(math.Min(float64(b-hdr), float64(need))) // use remaining tokens towards payload
			tokens = need + hdr
		} else { // part of header can be accommodated
			r.opts.HeaderSize -= b - 1

func (r *Reader) AddChecksumNoTrailer(headers http.Header, ignoreValue bool) error {
	cs, err := GetContentChecksum(headers)
	if err != nil {
		return ErrInvalidChecksum
	}
	if cs == nil {
		return nil
	}
	r.contentHash = *cs
	return r.AddNonTrailingChecksum(cs, ignoreValue)
}

// AddNonTrailingChecksum will add a checksum to the reader.
// The checksum cannot be trailing.

* Fixes CVE-2019-11250: client-go header logging (at verbosity levels >= 7) now masks `Authorization` header contents ([#81330](https://github.com/kubernetes/kubernetes/pull/81330), [@tedyu](https://github.com/tedyu))

	csv "github.com/minio/csvparser"
	"github.com/minio/minio/internal/bpool"
	"github.com/minio/minio/internal/s3select/sql"
)

// Reader - CSV record reader for S3Select.
type Reader struct {
	args         *ReaderArgs
	readCloser   io.ReadCloser          // raw input
	buf          *bufio.Reader          // input to the splitter
	columnNames  []string               // names of columns

- Added a path `/header?key=` to `agnhost netexec` allowing one to view what the header value is of the incoming request.

  Ex:
  ```
  $ curl -H "X-Forwarded-For: something" 172.17.0.2:8080/header?key=X-Forwarded-For
  something
  ```