}

  @Override
  protected Map<Class<? extends @NonNull B>, B> delegate() {
    return delegate;
  }

  /**
   * Wraps the {@code setValue} implementation of an {@code Entry} to enforce the class constraint.
   */
  private static <B extends @Nullable Object> Entry<Class<? extends @NonNull B>, B> checkedEntry(
      Entry<Class<? extends @NonNull B>, B> entry) {

 * **Binary compatibility** is the ability to compile a program against OkHttp 3.x, and then to run
   it against OkHttp 4.x. We’re using the excellent [japicmp][japicmp] library via its
   [Gradle plugin][japicmp_gradle] to enforce binary compatibility.

 * **Java source compatibility** is the ability to upgrade Java uses of OkHttp 3.x to 4.x without
   changing `.java` files.

  //    to the listener.
  //
  // 2. In done() where we may propagate cancellation to the input. In this case it is _not_ fine.
  //    There is currently nothing that enforces that the write to inputFuture in the constructor is
  //    visible to done(). This is because there is no happens before edge between the write and a

    // contract.
    // This is somewhat annoying, but turns out to be very fast in practice. Alternatively, we could
    // drop the contract on the method that enforces this queue like behavior since depending on it
    // is likely to be a bug anyway.

    // N.B. All writes to the list and the next pointers must have happened before the above

This release contains changes that address the following vulnerabilities:

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

        // Arrange - mock cause to verify no interactions are needed to construct
        Throwable cause = Mockito.mock(Throwable.class);
        String message = "forced downgrade detected";

        // Act
        SMBProtocolDowngradeException ex = new SMBProtocolDowngradeException(message, cause);

        // Assert - fields preserved
        assertSame(cause, ex.getCause());

### CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.

**Affected Versions**:
  - kube-apiserver v1.29.0 - v1.29.3

    // contract.
    // This is somewhat annoying, but turns out to be very fast in practice. Alternatively, we could
    // drop the contract on the method that enforces this queue like behavior since depending on it
    // is likely to be a bug anyway.

    // N.B. All writes to the list and the next pointers must have happened before the above

 *
 * @since 4.0.0
 */
@Experimental
public interface EncryptOptions extends Options {
    /**
     * Should the operation be forced (ie overwrite existing config, if any).
     *
     * @return an {@link Optional} containing the boolean value {@code true} if specified, or empty
     */
    Optional<Boolean> force();

    /**

   * return type is plain FilenameFilter. If we made such a change, then the annotation we choose
   * here would have no significance to end users, who would be forced to conform to the signature
   * used in FilenameFilter.)
   */
  @Override
  public boolean accept(File dir, String fileName) {
    return pattern.matcher(fileName).matches();
  }