// contract.
    // This is somewhat annoying, but turns out to be very fast in practice. Alternatively, we could
    // drop the contract on the method that enforces this queue like behavior since depending on it
    // is likely to be a bug anyway.

    // N.B. All writes to the list and the next pointers must have happened before the above

 *
 * @since 4.0.0
 */
@Experimental
public interface EncryptOptions extends Options {
    /**
     * Should the operation be forced (ie overwrite existing config, if any).
     *
     * @return an {@link Optional} containing the boolean value {@code true} if specified, or empty
     */
    Optional<Boolean> force();

    /**

### CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.

**Affected Versions**:
  - kube-apiserver v1.29.0 - v1.29.3

 * **Binary compatibility** is the ability to compile a program against OkHttp 3.x, and then to run
   it against OkHttp 4.x. We’re using the excellent [japicmp][japicmp] library via its
   [Gradle plugin][japicmp_gradle] to enforce binary compatibility.

 * **Java source compatibility** is the ability to upgrade Java uses of OkHttp 3.x to 4.x without
   changing `.java` files.

            assertEquals(transport, result);
            verify(transportPool).getSmbTransport(context, TEST_HOST, DEFAULT_PORT, true, false);
        }

        @Test
        @DisplayName("Should get transport by name with forced signing")
        void testGetSmbTransportByNameForceSigning() throws UnknownHostException, IOException {
            // Given

- Enforced kubelet to request serving certificates only once it has at least one IP address in the `.status.addresses` of its associated Node object. This avoids requesting DNS-only serving certificates before externally set addresses are in place. Until 1.33,...

     * @return {@code true} if remote repositories should be re-checked for updated artifacts/metadata, {@code false}
     *         otherwise.
     */
    boolean isForceUpdate();

    /**
     * Enables/disabled forced checks for updated artifacts/metadata on remote repositories.
     *
     * @param forceUpdate {@code true} to forcibly check the remote repositories for updated artifacts/metadata, {@code

    @Mock
    Configuration config;

    @Mock
    SSPContext mechContext;

    private ASN1ObjectIdentifier[] mechs;

    @BeforeEach
    void setup() {
        // Default: do not enforce or disable SPNEGO integrity
        when(this.config.isEnforceSpnegoIntegrity()).thenReturn(false);
        when(this.config.isDisableSpnegoIntegrity()).thenReturn(false);

   * return type is plain FilenameFilter. If we made such a change, then the annotation we choose
   * here would have no significance to end users, who would be forced to conform to the signature
   * used in FilenameFilter.)
   */
  @Override
  public boolean accept(File dir, String fileName) {
    return pattern.matcher(fileName).matches();
  }

 * When {@code --plugins} option is enabled (or by default), upgrades plugins known to fail with Maven 4:
 * <ul>
 *   <li><strong>maven-exec-plugin</strong>: Upgrades to version 3.2.0 or higher</li>
 *   <li><strong>maven-enforcer-plugin</strong>: Upgrades to version 3.0.0 or higher</li>
 *   <li><strong>flatten-maven-plugin</strong>: Upgrades to version 1.2.7 or higher</li>
 *   <li><strong>maven-shade-plugin</strong>: Upgrades to version 3.5.0 or higher</li>