1.4. "Covered Software"
    means Source Code Form to which the initial Contributor has attached
    the notice in Exhibit A, the Executable Form of such Source Code
    Form, and Modifications of such Source Code Form, in each case
    including portions thereof.

1.5. "Incompatible With Secondary Licenses"
    means

    (a) that the initial Contributor has attached the notice described
        in Exhibit B to the Covered Software; or

  * If a node or kubelet crashes with a volume attached, the volume will remain
attached to that node. If that volume can only be attached to one node at a
time (GCE PDs attached in RW mode, for example), then the volume must be
manually detached before Kubernetes can attach it to other nodes.
  * If a volume is already attached to a node any subsequent attempts to attach it

### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

    * Specifically the new controller watches the API server for scheduled pods. It processes each pod and ensures that any volumes that implement the volume Attacher interface are attached to the node their pod is scheduled to.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the

   documentation may negatively impact others.

 * **Be respectful**: We expect people to work together to resolve conflict, assume good intentions,
   and act with empathy. Do not turn disagreements into personal attacks.

 * **Be collaborative**: Collaboration reduces redundancy and improves the quality of our work. We
   strive for transparency within our open source community, and we work closely with upstream

import java.util.concurrent.atomic.AtomicLong;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.smb.SmbException;

/**
 * Rate limiter for authentication attempts to prevent brute force attacks.
 *
 * Features:
 * - Per-account rate limiting
 * - Per-IP rate limiting
 * - Global rate limiting
 * - Exponential backoff for repeated failures
 * - Account lockout after threshold

        constantTimeCopy(output, message.length, authTag, 0, tagLength);

        return new EncryptionResult(ciphertext, authTag);
    }

    /**
     * Perform constant-time encryption to prevent timing attacks
     */
    private byte[] performConstantTimeEncryption(Cipher cipher, byte[] message) throws Exception {
        // Pad to fixed block size to prevent timing leaks
        int blockSize = cipher.getBlockSize();

            "A notify change request is being completed.", "The data was too large to fit into the specified buffer.",
            "A device attached to the system is not functioning.", "Incorrect function.", "The parameter is incorrect.",
            "Invalid access to memory location.", "The handle is invalid.", "The parameter is incorrect.",

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the