### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

 * example, the Unicode trademark sign (™) could be confused for the letters "TM" in
 * `http://ho™ail.com`. To mitigate this, the single character (™) maps to the string (tm). There
 * is similar policy for all of the 1.1 million Unicode code points. Note that some code points such
 * as "\ud83c\udf69" are not mapped and cannot be used in a hostname.
 *

  - PodSecurityPolicy resources will no longer be served from `extensions/v1beta1` in v1.16. Migrate to the `policy/v1beta1` API, available since v1.10. Existing persisted data can be retrieved via the `policy/v1beta1` API.

- Use omitempty for optional Job Pod Failure Policy fields ([#126046](https://github.com/kubernetes/kubernetes/pull/126046), [@mimowo](https://github.com/mimowo)) [SIG Apps]

### Bug or Regression

* Disable proxy to loopback and linklocal ([#71980](https://github.com/kubernetes/kubernetes/pull/71980), [@micahhausler](https://github.com/micahhausler))
* fix issue: vm sku restriction policy does not work in azure disk attach/detach ([#71941](https://github.com/kubernetes/kubernetes/pull/71941), [@andyzhangx](https://github.com/andyzhangx))

	}

	var lc *lifecycle.Lifecycle
	var rcfg lock.Retention
	var replcfg *replication.Config
	if opts.Expiration.Expire {
		// Check if the current bucket has a configured lifecycle policy
		lc, err = globalLifecycleSys.Get(bucket)
		if err != nil && !errors.Is(err, BucketLifecycleNotFound{Bucket: bucket}) {
			return objInfo, err
		}
		rcfg, err = globalBucketObjectLockSys.Get(bucket)

# Inline MIME types for the response.
response.inline.mimetypes=application/pdf,text/plain
# HTTP headers for the response.
response.headers=\
text/html=X-XSS-Protection: 1; mode=block\n\
text/html=Content-Security-Policy: reflected-xss block\n\
text/html=X-Frame-Options: SAMEORIGIN\n\


# document index

# Index name for search documents.
index.document.search.index=fess.search
# Index name for update documents.

    String RESPONSE_INLINE_MIMETYPES = "response.inline.mimetypes";

    /** The key of the configuration. e.g. text/html=X-XSS-Protection: 1; mode=block<br>
     * text/html=Content-Security-Policy: reflected-xss block<br>
     * text/html=X-Frame-Options: SAMEORIGIN<br>
     *  */
    String RESPONSE_HEADERS = "response.headers";

    /** The key of the configuration. e.g. fess.search */

		}
		stopFn(res)
	}()

	// Updates must be closed before we return.
	defer xioutil.SafeClose(updates)
	var lc *lifecycle.Lifecycle

	// Check if the current bucket has a configured lifecycle policy
	if globalLifecycleSys != nil {
		lc, err = globalLifecycleSys.Get(cache.Info.Name)
		if err == nil && lc.HasActiveRules("") {
			cache.Info.lifeCycle = lc
		}
	}

      .timeout(100, TimeUnit.MILLISECONDS)
    assertContent("This connection won't pool properly", response1)
    assertThat(server.takeRequest().exchangeIndex).isEqualTo(0)

    // Give the server time to enact the socket policy if it's one that could happen after the
    // client has received the response.
    Thread.sleep(500)
    val response2 = getResponse(newRequest("/b"))
    response1.body
      .source()
      .timeout()