* Fix CVE-2019-11249: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal ([#80436](https://github.com/kubernetes/kubernetes/pull/80436))
* Fix CVE-2019-11247: API server allows access to custom resources via wrong scope ([#80750](https://github.com/kubernetes/kubernetes/pull/80750))

        lenient().when(mockNdrBuffer.getIndex()).thenReturn(0);
        lenient().when(mockDeferredNdrBuffer.getIndex()).thenReturn(0);
        // Mock the index field access
        mockDeferredNdrBuffer.index = 0;
    }

    @Test
    void testGetSyntax() {
        // Test the static getSyntax method
        assertEquals("12345778-1234-abcd-ef00-0123456789ab:0.0", lsarpc.getSyntax());

- Fix a concurrent map access in TopologyCache's `HasPopulatedHints` method. ([#120372](https://github.com/kubernetes/kubernetes/pull/120372), [@Miciah](https://github.com/Miciah)) [SIG Network]

    /** The key of the message: Failed to download {0}. */
    public static final String ERRORS_storage_file_download_failure = "{errors.storage_file_download_failure}";

    /** The key of the message: Storage Access Error: {0} */
    public static final String ERRORS_storage_access_error = "{errors.storage_access_error}";

    /** The key of the message: Please specify a file to upload. */

- Fixed bug in CPUManager with race on container map access ([#97427](https://github.com/kubernetes/kubernetes/pull/97427), [@klueska](https://github.com/klueska)) [SIG Node]

from-va.com
from-vt.com
from-wa.com
from-wi.com
from-wv.com
from-wy.com
from.hr
from.tv
frontier
frosinone.it
frosta.no
froya.no
fræna.no
frøya.no
fst.br
ftpaccess.cc
ftr
fuchu.hiroshima.jp
fuchu.tokyo.jp
fuchu.toyama.jp
fudai.iwate.jp
fuefuki.yamanashi.jp
fuel.aero
fuettertdasnetz.de
fuji.shizuoka.jp
fujieda.shizuoka.jp
fujiidera.osaka.jp

	defer func() {
		if r := recover(); r != nil {
			t.Fatalf("NewReader panicked: %s", r)
		}
	}()
	// Previously, this would trigger a panic as we attempt to read from
	// an io.SectionReader which would access a slice at a negative offset
	// as the section reader offset & size were < 0.
	NewReader(bytes.NewReader(data), int64(len(data))+1875)

  - [Changelog since v1.20.10](#changelog-since-v12010)
  - [Important Security Information](#important-security-information)
    - [CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access](#cve-2021-25741-symlink-exchange-can-allow-host-filesystem-access)
  - [Changes by Kind](#changes-by-kind-4)
    - [Bug or Regression](#bug-or-regression-4)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1)
  - [Dependencies](#dependencies-4)

		if !rd || !wr {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, AdminError{
				Code: "XMinioSpeedtestInsufficientPermissions",
				Message: fmt.Sprintf("%s does not have read and write access to '%s' bucket", creds.AccessKey,
					globalObjectPerfBucket),
				StatusCode: http.StatusForbidden,
			}), r.URL)
			return
		}
	}

	sizeStr := r.Form.Get(peerRESTSize)

A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them.