bytesEncrypted.addAndGet(message.length);

            return result;
        } catch (final Exception e) {
            // Clear sensitive data on error
            if (e instanceof CIFSException) {
                throw (CIFSException) e;
            }
            throw new CIFSException("Failed to encrypt message", e);
        }
    }

## Version 4.9.3

_2021-11-21_

 *  Fix: Don't fail HTTP/2 responses if they complete before a `RST_STREAM` is sent.


## Version 4.9.2

_2021-09-30_

 *  Fix: Don't include potentially-sensitive header values in `Headers.toString()` or exceptions.
    This applies to `Authorization`, `Cookie`, `Proxy-Authorization`, and `Set-Cookie` headers.

			amzDate, errCode := parseAmzDateHeader(r)
			if errCode != ErrNone {
				if ok {
					tc.FuncName = "handler.Auth"
					tc.ResponseRecorder.LogErrBody = true
				}

				// All our internal APIs are sensitive towards Date
				// header, for all requests where Date header is not
				// present we will reject such clients.
				defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))

      <description>
        This is the property specification used to activate a profile. If the value field is empty,
        then the existence of the named property will activate the profile, otherwise it does a case-sensitive
        match against the property value as well.
      </description>
      <fields>
        <field>
          <name>name</name>
          <version>1.0.0+</version>
          <type>String</type>

 * is satisfied. The limit is not strict: the cache may temporarily exceed it while waiting for
 * files to be deleted. The limit does not include filesystem overhead or the cache journal so
 * space-sensitive applications should set a conservative limit.
 *
 * Clients call [edit] to create or update the values of an entry. An entry may have only one editor

        // </mirrors>

        for (Mirror mirror : settings.getMirrors()) {
            request.addMirror(new org.apache.maven.settings.Mirror(mirror));
        }

        // Collect repositories; are sensitive to ordering
        LinkedHashMap<String, Repository> remoteRepositories = new LinkedHashMap<>();
        LinkedHashMap<String, Repository> remotePluginRepositories = new LinkedHashMap<>();

        // settings/repositories

     * equals if their server IP addresses are equal and the canonicalized
     * representation of their URLs, minus authentication parameters, are
     * case insensitivly and lexographically equal.
     *
     * For example, assuming the server <code>angus</code> resolves to the
     * <code>192.168.1.15</code> IP address, the below URLs would result in

     * <p>
     * Shortcut for {@code DependencyScope.forId(...)} with a verification that the given identifier exists.
     *
     * @param id the identifier of the scope (case-sensitive)
     * @return the scope for the given identifier (never null)
     * @throws IllegalArgumentException if the given identifier is not a known scope
     *
     * @see org.apache.maven.api.DependencyScope#forId(String)

and Go 1.26.1.

Go 1.27 changes the default for `tracebacklabels` (added in [Go 1.26](#go-126))
to `1`. This opt-out is expected to be kept indefinitely in case goroutine
labels acquire sensitive information that shouldn't be made available in
tracebacks.

### Go 1.26

Go 1.26 added a new `httpcookiemaxnum` setting that controls the maximum number

	// We need to preserve the encryption headers set in EncryptRequest,
	// so we do not want to override them, copy them instead.
	maps.Copy(srcInfo.UserDefined, encMetadata)

	// Ensure that metadata does not contain sensitive information
	crypto.RemoveSensitiveEntries(srcInfo.UserDefined)

	// If we see legacy source, metadataOnly we have to overwrite the content.
	if srcInfo.Legacy {
		srcInfo.metadataOnly = false
	}