rank.fusion.window_size=200
# Rank constant for rank fusion.
rank.fusion.rank_constant=20
# Number of threads for rank fusion.
rank.fusion.threads=-1
# Score field for rank fusion.
rank.fusion.score_field=rf_score

# acl

# Whether to get SMB roles from a file.
smb.role.from.file=true
# Available SID types for SMB.
smb.available.sid.types=1,2,4:2,5:1
# Whether to get file roles from a file.
file.role.from.file=true

  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

## Changes by Kind

### API Change

  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

boomla.net

// Boutir : https://www.boutir.com
// Submitted by Eric Ng Ka Ka <******@****.***>
boutir.com

// Boxfuse : https://boxfuse.com
// Submitted by Axel Fontaine <axel@boxfuse.com>
boxfuse.io

// bplaced : https://www.bplaced.net/
// Submitted by Miroslav Bozic <******@****.***>
square7.ch
bplaced.com
bplaced.de
square7.de
bplaced.net

  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Bug or Regression

- Fix: skip case sensitivity when checking Azure NSG rules

1F0B1..1F0BE  ; valid                  ;      ; NV8    # 6.0  PLAYING CARD ACE OF HEARTS..PLAYING CARD KING OF HEARTS
1F0BF         ; valid                  ;      ; NV8    # 7.0  PLAYING CARD RED JOKER
1F0C0         ; disallowed                             # NA   <reserved-1F0C0>
1F0C1..1F0CF  ; valid                  ;      ; NV8    # 6.0  PLAYING CARD ACE OF DIAMONDS..PLAYING CARD BLACK JOKER

  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Bug or Regression

  - kubelet v1.20.11
  - kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Feature

AmHzC,SAAS3hB,GAAOoE,GACZ,IAAIwd,EAEJ,YAAY3f,IAARmC,EACOzG,KAAK4F,QAAQ0R,OAGC,OADrB2M,EAAgBrM,GAAUnR,MAEtBzG,KAAK4F,QAAUqe,GAEZjkB,MA1HfG,EAAM+jB,cAAgB,uBACtB/jB,EAAMgkB,iBAAmB,yBA6HzB,IAAIC,GAAO/d,EACP,kJACA,SAAUI,GACN,YAAYnC,IAARmC,EACOzG,KAAK+I,aAEL/I,KAAKqC,OAAOoE,KAK/B,SAASsC,KACL,OAAO/I,KAAK4F,QAGhB,IAGIye,GAAmB,YAGvB,SAASC,GAAMC,EAAUC,GACrB,OAASD,EAAWC,EAAWA,GAAWA,EAG9C,SAASC,GAAiBnU,EAAG5N,EAAG+P,GAE5B,OAAInC,EAAI,KAAY,GAALA,EAEJ,IAAI5O,KAAK4O,EAAI,IAAK5N,EAAG+P,GAAK4R,GAE1B,IAAI3iB,KAAK...

```
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: hdd
provisioner: kubernetes.io/azure-disk
mountOptions:
  - barrier=1
  - acl
parameters:
  skuname: Standard_LRS
  kind: Managed
  fstype: ext3
```

([#56147](https://github.com/kubernetes/kubernetes/pull/56147), [@andyzhangx](https://github.com/andyzhangx))