- **API Machinery**
  - [alpha] Generate audit logs for every request user performs against secured API server endpoint. ([docs](http://kubernetes.io/docs/admin/audit/)) ([kubernetes/features#22](https://github.com/kubernetes/enhancements/issues/22))

* Disabling swagger ui by default on apiserver. Adding a flag that can enable it ([#23025](https://github.com/kubernetes/kubernetes/pull/23025), [@nikhiljindal](https://github.com/nikhiljindal))
* restore ability to run against secured etcd ([#21535](https://github.com/kubernetes/kubernetes/pull/21535), [@AdoHe](https://github.com/AdoHe))

### Other notable changes

* The kubelet API is now secured, only cluster admins are allowed to access it.
* Insecure access to the API Server over `localhost:8080` is now disabled.

* kubeadm: kubelets in kubeadm clusters now disable the readonly port (10255). If you're relying on unauthenticated access to the readonly port, please switch to using the secure port (10250). Instead, you can now use ServiceAccount tokens when talking to the secure port, which will make it easier to get access to, for example, the `/metrics` endpoint of the kubelet, securely. ([#64187](https://github.com/kubernetes/kubernetes/pull/64187), [@luxas](https://github.com/luxas))...

	github.com/prometheus/procfs v0.16.1
	github.com/puzpuzpuz/xsync/v3 v3.5.1
	github.com/rabbitmq/amqp091-go v1.10.0
	github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9
	github.com/rs/cors v1.11.1
	github.com/secure-io/sio-go v0.3.1
	github.com/shirou/gopsutil/v3 v3.24.5
	github.com/tinylib/msgp v1.4.0
	github.com/valyala/bytebufferpool v1.0.0
	github.com/xdg/scram v1.0.5
	github.com/zeebo/xxh3 v1.0.2
	go.etcd.io/etcd/api/v3 v3.5.21

    }

    /**
     * Checks if the cookie is secure.
     *
     * @return true if secure
     */
    public boolean isSecure() {
        return secure;
    }

    /**
     * Sets whether the cookie is secure.
     *
     * @param secure true for secure cookies
     */
    public void setSecure(final boolean secure) {
        this.secure = secure;
    }

    /**

			}
			if testCase.success {
				if !reflect.DeepEqual(endpoints, testCase.endpoints) {
					t.Errorf("expected %s, got %s", testCase.endpoints, endpoints)
				}
				if secure != testCase.secure {
					t.Errorf("expected %t, got %t", testCase.secure, secure)
				}
			}
		})
	}

    if (!pathMatch(url, path)) return false

    return !secure || url.isHttps
  }

  override fun equals(other: Any?): Boolean =
    other is Cookie &&
      other.name == name &&
      other.value == value &&
      other.expiresAt == expiresAt &&
      other.domain == domain &&
      other.path == path &&
      other.secure == secure &&
      other.httpOnly == httpOnly &&

        // We can't directly test if password is wiped since auth is out of scope,
        // but the close() method should have been called
    }

    /**
     * Test secure memory clearing in close()
     */
    @Test
    @DisplayName("Test secure memory clearing on close")
    public void testCloseSecurelyClearsMemory() {
        char[] testPassword = "CloseTestPass123!".toCharArray();

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations