A security issue was discovered in kube-apiserver that could allow node
updates to bypass a Validating Admission Webhook. You are only affected
by this vulnerability if you run a Validating Admission Webhook for Nodes
that denies admission based at least partially on the old state of the
Node object.

**Note**: This only impacts validating admission plugins that rely on old
values in certain fields, and does not impact calls from kubelets that go

  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!--
  Description: This xml file defines the valid mime types used by Tika.
  The mime type data within this file is based on information from various
  sources like Apache Nutch, Apache HTTP Server, the file(1) command, etc.

  Notes:

- Ubuntu 18.04 (Bionic) series has been added to Juju charms ([#65644](https://github.com/kubernetes/kubernetes/pull/65644), [@tvansteenburgh](https://github.com/tvansteenburgh))

  the garbage collector starts to manage it.


#### Monitoring/Prometheus
* [action required] The WATCHLIST calls are now reported as WATCH verbs in prometheus for the apiserver_request_* series.  A new "scope" label is added to all apiserver_request_* values that is either 'cluster', 'resource', or 'namespace' depending on which level the query is performed at.([#52237](https://github.com/kubernetes/kubernetes/pull/52237))

- Fix concurrent map access causing panics when logging timed-out API calls. (#106113, @marseel) [SIG API Machinery]
- Fixed very rare volume corruption when a pod is deleted while kubelet is offline.
  Retry FibreChannel devices cleanup after error to ensure FC device is detached before it can be used on another node. (#102656, @jsafrane) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]

A security issue was discovered in kube-apiserver that could allow node
updates to bypass a Validating Admission Webhook. You are only affected
by this vulnerability if you run a Validating Admission Webhook for Nodes
that denies admission based at least partially on the old state of the
Node object.

**Note**: This only impacts validating admission plugins that rely on old
values in certain fields, and does not impact calls from kubelet that go

A security issue was discovered in kube-apiserver that could allow node
updates to bypass a Validating Admission Webhook. You are only affected
by this vulnerability if you run a Validating Admission Webhook for Nodes
that denies admission based at least partially on the old state of the
Node object.

**Note**: This only impacts validating admission plugins that rely on old
values in certain fields, and does not impact calls from kubelets that go

================================================================

github.com/decred/dcrd/dcrec/secp256k1/v4
https://github.com/decred/dcrd/dcrec/secp256k1/v4
----------------------------------------------------------------
ISC License

Copyright (c) 2013-2017 The btcsuite developers
Copyright (c) 2015-2024 The Decred developers
Copyright (c) 2017 The Lightning Network Developers

xpectedTag[:g.tagSize], tag) != 1 { return errOpen } counterCrypt(g, out, ciphertext, &counter) return nil } // flags for the KMA instruction const ( kmaHS = 1 << 10 // hash subkey supplied kmaLAAD = 1 << 9 // last series of additional authenticated data kmaLPC = 1 << 8 // last series of plaintext or ciphertext blocks kmaDecrypt = 1 << 7 // decrypt ) // kmaGCM executes the encryption or decryption operation given by fn. The tag // will be calculated and written to tag. cnt should contain the current...