body = "This body is not allowed!",
      ),
    )
    assertFailsWith<IOException> {
      getResponse(newRequest("/"))
    }.also { expected ->
      assertThat(expected.message).isEqualTo("HTTP 204 had non-zero Content-Length: 25")
    }
  }

  @Test
  fun singleByteReadIsSigned() {
    server.enqueue(
      MockResponse
        .Builder()
        .body(
          Buffer()

  </mime-type>
  <mime-type type="application/vnd.ms-word2006ml">
    <root-XML localName="package" namespaceURI="http://schemas.microsoft.com/office/2006/xmlPackage"/>
    <sub-class-of type="application/xml"/>
    <_comment>Word 2006 xml format, pre-ooxml</_comment>
    <_comment>glob pattern typically *.xml</_comment>
  </mime-type>

  <mime-type type="application/rdf+xml">
    <root-XML localName="RDF"/>

**Affected Versions**:
  - kube-apiserver v1.20.0 - v1.20.5
  - kube-apiserver v1.19.0 - v1.19.9
  - kube-apiserver <= v1.18.17

**Fixed Versions**:
  - kube-apiserver v1.21.0
  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat

// 2LDs
airline.aero
airport.aero
// 2LDs (currently not accepting registration, seemingly never have)
// As of 2024-07, these are marked as reserved for potential 3LD
// registrations (clause 11 "allocated subdomains" in the 2006 TLD
// policy), but the relevant industry partners have not opened them up
// for registration. Current status can be determined from the TLD's
// policy document: 2LDs that are open for registration must list

**Affected Versions**:
  - kube-apiserver v1.20.0 - v1.20.5
  - kube-apiserver v1.19.0 - v1.19.9
  - kube-apiserver <= v1.18.17

**Fixed Versions**:
  - kube-apiserver v1.21.0
  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat