CONTAINER_IP_ADDR=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' tf)
    netsh advfirewall firewall add rule name="Allow Metadata Proxy" dir=in action=allow protocol=TCP localport=80 remoteip="$CONTAINER_IP_ADDR"

    # Stop non-essential indexing and link tracking services that
    # may lock new files or symlinks.
    # They may be causing sporadic "Permission denied" errors during Bazel builds.

## Changelog since v1.25.9

## Changes by Kind

### API Change

- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([#117020](https://github.com/kubernetes/kubernetes/pull/117020), [@cji](https://github.com/cji)) [SIG API Machinery and Node]

        this.address = address;
        this.port = port;
        this.localAddr = localAddr;
        this.localPort = localPort;

        // Initialize circuit breaker with connection-specific name
        String circuitBreakerName = String.format("SMB-%s:%d", address.getHostAddress(), port);
        this.circuitBreaker = new SimpleCircuitBreaker(circuitBreakerName, 3, 2, 30000L);

  @Throws(SocketException::class)
  override fun getKeepAlive(): Boolean = delegate!!.keepAlive

  override fun getLocalAddress(): InetAddress = delegate!!.localAddress

  override fun getLocalPort(): Int = delegate!!.localPort

  @Throws(IOException::class)
  override fun getOutputStream(): OutputStream = delegate!!.outputStream

  override fun getPort(): Int = delegate!!.port

  @Throws(SocketException::class)

- Added a warning that TLS 1.3 ciphers are not configurable. ([#115399](https://github.com/kubernetes/kubernetes/pull/115399), [@3u13r](https://github.com/3u13r)) [SIG API Machinery and Node]
- Added error handling for seccomp localhost configurations that do not properly set a `localhostProfile`. ([#117020](https://github.com/kubernetes/kubernetes/pull/117020), [@cji](https://github.com/cji))

## Changelog since v1.24.13

## Changes by Kind

### API Change

- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([#117020](https://github.com/kubernetes/kubernetes/pull/117020), [@cji](https://github.com/cji)) [SIG API Machinery and Node]

            // Use default SMB port
            int port = 445;

            // Use default local port (0 means system assigns)
            int localPort = 0;

            // Get CIFSContext from configuration - this is a simplified approach
            // In a real implementation, this should be passed from the session context

## Changelog since v1.27.1

## Changes by Kind

### API Change

- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([#117020](https://github.com/kubernetes/kubernetes/pull/117020), [@cji](https://github.com/cji)) [SIG API Machinery and Node]

The merged fix enforces validation against the proxying address for a Node. In some cases, the fix can break clients that depend on the `nodes/proxy` subresource, specifically if a kubelet advertises a localhost or link-local address to the Kubernetes control plane. Configuring an egress proxy for egress to the cluster network can also mitigate this vulnerability.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

The merged fix enforces validation against the proxying address for a Node. In some cases, the fix can break clients that depend on the `nodes/proxy` subresource, specifically if a kubelet advertises a localhost or link-local address to the Kubernetes control plane. Configuring an egress proxy for egress to the cluster network can also mitigate this vulnerability.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3