If you're in a tricky situation and prepared to deal with the consequences, rewriting response headers is a powerful way to work around problems. For example, you can fix a server's misconfigured `Cache-Control` response header to enable better response caching:

```java
/** Dangerous interceptor that rewrites the server's cache-control header. */
private static final Interceptor REWRITE_CACHE_CONTROL_INTERCEPTOR = new Interceptor() {

pkg syscall (freebsd-arm64), const EV_DISPATCH ideal-int
pkg syscall (freebsd-arm64), const EV_DROP = 4096
pkg syscall (freebsd-arm64), const EV_DROP ideal-int
pkg syscall (freebsd-arm64), const EV_ENABLE = 4
pkg syscall (freebsd-arm64), const EV_ENABLE ideal-int
pkg syscall (freebsd-arm64), const EV_EOF = 32768
pkg syscall (freebsd-arm64), const EV_EOF ideal-int
pkg syscall (freebsd-arm64), const EV_ERROR = 16384

than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form.  A

**Who is affected?**

Only Kubernetes 1.5.0-1.5.4 installations that do all of the following:
* Enable the PodSecurityPolicy API (which is not enabled by default):
  * `--runtime-config=extensions/v1beta1/podsecuritypolicy=true`
* Enable the PodSecurityPolicy admission plugin (which is not enabled by default):
  * `--admission-control=...,PodSecurityPolicy,...`

        }

        this.sslSocketFactoryOrNull = sslSocketFactory
        this.x509TrustManagerOrNull =
          Platform.get().trustManager(sslSocketFactory) ?: throw IllegalStateException(
            "Unable to extract the trust manager on ${Platform.get()}, " +
              "sslSocketFactory is ${sslSocketFactory.javaClass}",
          )
        this.certificateChainCleaner =

- hyperkube:...

### Ingress graduates to General Availability

### Deploy a more secure control plane with kubeadm

A new alpha feature allows running the kubeadm control plane components as non-root users. This is a long requested security measure in kubeadm. To try it you must enable the kubeadm-specific `RootlessControlPlane` feature gate. When you deploy a cluster using this alpha feature, your control plane runs with lower privileges.

    Indication) attribute from the TLS handshake.

 *  Upgrade: [Kotlin 1.9.21][kotlin_1_9_21].

 *  Upgrade: [Okio 3.7.0][okio_3_7_0].


## Version 5.0.0-alpha.11

_2022-12-24_

 *  New: Enable fast fallback by default. It's our implementation of Happy Eyeballs,
    [RFC 8305][rfc_8305]. Disable with `OkHttpClient.Builder.fastFallback(false)`.
 *  Fix: Don't log response bodies for server-sent events.

- Command to start network proxy changes from 'KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE ./cluster/kube-up.sh' to 'KUBE_ENABLE_KONNECTIVITY_SERVICE=true ./hack/kube-up.sh' ([#92669](https://github.com/kubernetes/kubernetes/pull/92669), [@Jefftree](https://github.com/Jefftree)) [SIG Cloud Provider]