val b1 = source.readByte() and 0xff

    val isMasked = b1 and B1_FLAG_MASK != 0
    if (isMasked == isClient) {
      // Masked payloads must be read on the server. Unmasked payloads must be read on the client.
      throw ProtocolException(
        if (isClient) {
          "Server-sent frames must not be masked."
        } else {
          "Client-sent frames must be masked."
        },
      )
    }

        return sensitivePattern;
    }

    /**
     * Masks sensitive values for logging purposes.
     * Keys matching the pattern defined in 'app.log.sensitive.property.pattern' system property
     * will have their values replaced with "********".
     *
     * @param key The key name to check
     * @param value The value to potentially mask
     * @return The masked value if the key matches a sensitive pattern, otherwise the original value

        .isEqualTo("Client-sent frames must be masked.")
    }
  }

  @Test fun serverSentFramesMustNotBeMasked() {
    data.write("8180".decodeHex())
    assertFailsWith<ProtocolException> {
      clientReader.processNextFrame()
    }.also { expected ->
      assertThat(expected.message)
        .isEqualTo("Server-sent frames must not be masked.")
    }
  }

  @Test fun controlFramePayloadMax() {

        }

        // Log command template with masked password for security
        if (logger.isDebugEnabled()) {
            final String commandStr = stream(commands).get(stream -> stream.map(s -> {
                if ("$PASSWORD".equals(s)) {
                    return "***MASKED***";
                }
                if ("$USERNAME".equals(s)) {
                    return username;

        assertEquals("********", SystemUtil.maskSensitiveValue("private_config", "internal"));
    }

    @Test
    public void test_maskSensitiveValue_safeValues() {
        // These should NOT be masked
        assertEquals("localhost:9200", SystemUtil.maskSensitiveValue("HOST", "localhost:9200"));
        assertEquals("8080", SystemUtil.maskSensitiveValue("PORT", "8080"));

                .orElse(false);
    }

    /**
     * Masks email addresses in the input string for privacy protection.
     *
     * @param value the string that may contain email addresses
     * @return string with email addresses replaced by masked pattern
     */
    public static String maskEmail(final String value) {
        if (value == null) {

- Added `/sys/devices/virtual/powercap` to default masked paths. It avoids the potential security risk that the ability to read these files may offer a power-based sidechannel attack against any workloads running on the same kernel. ([#125970](https://github.com/kubernetes/kubernetes/pull/125970), [@carlory](https://github.com/carlory))

- Extended resources backed by DRA feature allowed cluster operator to specify `extendedResourceName` in `DeviceClass`, and application operator to continue using extended resources in pod's requests to request for DRA devices matching the DeviceClass.
  

/**
 * marked v17.0.4 - a markdown parser
 * Copyright (c) 2018-2026, MarkedJS. (MIT License)
 * Copyright (c) 2011-2018, Christopher Jeffrey. (MIT License)
 * https://github.com/markedjs/marked
 */

/**
 * DO NOT EDIT THIS FILE
 * The code in this file is generated from files in ./src/
 */

### Documentation