}
        server.securityMode = buffer[bufferIndex] & 0xFF;
        bufferIndex++;
        server.security = server.securityMode & 0x01;
        server.encryptedPasswords = (server.securityMode & 0x02) == 0x02;
        server.signaturesEnabled = (server.securityMode & 0x04) == 0x04;
        server.signaturesRequired = (server.securityMode & 0x08) == 0x08;
        server.maxMpxCount = readInt2(buffer, bufferIndex);

    assertConnectionNotReused(requestA, requestB)
  }

  @Test
  fun connectionsAreNotReusedWithResponseConnectionClose() {
    server.enqueue(
      MockResponse(
        headers = headersOf("Connection", "close"),
        body = "a",
      ),
    )
    server.enqueue(MockResponse(body = "b"))
    val requestA = Request(server.url("/"))
    val requestB = Request(server.url("/"))

    assert any(s.get("url") == "/evil-api" for s in data1.get("servers", []))

    # Subsequent legitimate request with no root_path
    clean_client = TestClient(app)
    response2 = clean_client.get("/openapi.json")
    data2 = response2.json()
    servers = [s.get("url") for s in data2.get("servers", [])]
    assert "/evil-api" not in servers


def test_multiple_different_root_paths_do_not_accumulate():

        }

        /**
         * Storage state flags
         */
        public int state;
        /**
         * Server name hosting the storage
         */
        public String server_name;
        /**
         * Share name on the server
         */
        public String share_name;

        @Override
        public void encode(NdrBuffer _dst) throws NdrException {

			"X-Amz-Server-Side-Encryption":                []string{""},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
			"X-Amz-Server-Side-Encryption-Context":        []string{""},
		},
		Expected: true,
	}, // 4
	{
		Header: http.Header{
			"X-Amz-Server-Side-Encryption":                []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
		},
		Expected: true,
	}, // 5

install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio ``` ### Installing certificates from third party CAs MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true`...

        .signedBy(rootCa)
        .serialNumber(2L)
        .commonName(server.hostName)
        .addSubjectAlternativeName(server.hostName)
        .addSubjectAlternativeName("san.com")
        .addSubjectAlternativeName("*.wildcard.com")
        .addSubjectAlternativeName("differentdns.com")
        .build()
    serverIps = Dns.SYSTEM.lookup(server.hostName)
    dns[server.hostName] = serverIps
    dns["san.com"] = serverIps

    - [Server Binaries](#server-binaries-3)
    - [Node Binaries](#node-binaries-3)
    - [Container Images](#container-images-3)
  - [Changelog since v1.22.13](#changelog-since-v12213)
  - [Important Security Information](#important-security-information-1)
    - [CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)](#cve-2022-3172-aggregated-api-server-can-cause-clients-to-be-redirected-ssrf)

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.30.14/kubernetes-server-linux-amd64.tar.gz) | 0e1f3f1fa36e2da299fe52ba78fb5ba7198a918a969516a8bd40636580264897d148cedddf2d6d7788bc7dac40979df53f9bfcfb1091de02d103a9ef13c71db0

install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio ``` ### Installing certificates from third party CAs MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true`...