}
      }
    ```

### Posting a multipart request ([.kt][PostMultipartKotlin], [.java][PostMultipartJava])

- For volumes that allow attaches across multiple nodes, attach and detach operations across different nodes are now executed in parallel. ([#89239](https://github.com/kubernetes/kubernetes/pull/89239), [@verult](...

        builder.addHeader("WWW-Authenticate: Basic realm=\"protected area\"")
      }

      HttpURLConnection.HTTP_NO_CONTENT, HttpURLConnection.HTTP_RESET -> {
        builder.body("") // We forbid bodies for 204 and 205.
      }
    }
    server.enqueue(builder.build())
    if (responseCode == HttpURLConnection.HTTP_CLIENT_TIMEOUT) {

  - [Changelog since v1.32.0](#changelog-since-v1320)
  - [Important Security Information](#important-security-information-3)
    - [CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API](#cve-2024-9042-command-injection-affecting-windows-nodes-via-nodeslogsquery-api)
  - [Changes by Kind](#changes-by-kind-7)
    - [API Change](#api-change-1)
    - [Feature](#feature-4)
    - [Bug or Regression](#bug-or-regression-7)

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-11)

 
## Changes by Kind

### Deprecation

more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to be redirected to the API Server through its private network.

The merged fix enforces validation against the proxying address for a Node. In some cases, the fix can break clients that depend on the `nodes/proxy` subresource, specifically if a kubelet advertises a localhost...

- Bind metadata-agent containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ([#83363](https://github.com/kubernetes/kubernetes/pull/83363), [@wawa0210](https://github.com/wawa0210)) [SIG Cluster Lifecycle, Instrumentation and Windows]

  }

  @Test
  fun secureChunkedStreaming() {
    testSecureStreamingPost(TransferKind.CHUNKED)
  }

  /**
   * Users have reported problems using HTTPS with streaming request bodies.
   * http://code.google.com/p/android/issues/detail?id=12860
   */
  private fun testSecureStreamingPost(streamingMode: TransferKind) {
    server.useHttps(handshakeCertificates.sslSocketFactory())

    * `kubectl delete node/<nodeName>`
    * or grant self-deletion permission explicitly:
        * `kubectl create clusterrole self-deleting-nodes --verb=delete --resource=nodes`
        * `kubectl create clusterrolebinding self-deleting-nodes --clusterrole=self-deleting-nodes --group=system:nodes`