1. The id_token is an identifier that is hard to guess. For example, a randomly generated string of sufficient length, that the server handling the protected resource can use to lookup the associated authorization information.

          <artifactId>maven-assembly-plugin</artifactId>
          <version>2.2-beta-2</version>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-resources-plugin</artifactId>
          <version>2.4-SNAPSHOT</version>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
  <modules>
    <module>maven-core</module>

This release contains changes that address the following vulnerabilities:

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

この場合、ミドルウェアはリクエストを横取りし、適切なCORSヘッダーと共に情報提供のために `200` または `400` のレスポンスを返します。

### シンプルなリクエスト

`Origin` ヘッダーのあるリクエスト。この場合、ミドルウェアは通常どおりリクエストに何もしないですが、レスポンスに適切なCORSヘッダーを加えます。

## より詳しい情報

<abbr title="Cross-Origin Resource Sharing (オリジン間リソース共有)">CORS</abbr>についてより詳しい情報は、<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" class="external-link" target="_blank">Mozilla CORS documentation</a> を参照して下さい。

/// note | 技術詳細

        // Test with extra SIDs flag
        when(logonInfo.getUserFlags()).thenReturn(PacConstants.LOGON_EXTRA_SIDS);
        assertEquals(PacConstants.LOGON_EXTRA_SIDS, logonInfo.getUserFlags());

        // Test with resource groups flag
        when(logonInfo.getUserFlags()).thenReturn(PacConstants.LOGON_RESOURCE_GROUPS);
        assertEquals(PacConstants.LOGON_RESOURCE_GROUPS, logonInfo.getUserFlags());

        // Test with combined flags

	policyBytes := []byte(`{
 "Version": "2012-10-17",
 "Statement": [
  {
   "Effect": "Allow",
   "Action": [
    "s3:PutObject",
    "s3:GetObject",
    "s3:ListBucket"
   ],
   "Resource": [
    "arn:aws:s3:::BUCKET/*"
   ]
  }
 ]
}`)

	err := s.adm.AddCannedPolicy(ctx, policy, policyBytes)
	if err != nil {
		c.Fatalf("policy add error: %v", err)
	}

	{

 * your HTTP calls. This is because each client holds its own connection pool and thread pools.
 * Reusing connections and threads reduces latency and saves memory. Conversely, creating a client
 * for each request wastes resources on idle pools.
 *
 * Use `new OkHttpClient()` to create a shared instance with the default settings:
 *
 * ```java
 * // The singleton HTTP client.
 * public final OkHttpClient client = new OkHttpClient();
 * ```

     */
    String getProviderName();
    
    /**
     * Get maximum message size supported
     */
    int getMaxMessageSize();
    
    /**
     * Clean up provider resources
     */
    void shutdown();
}

public enum RdmaAccess {
    LOCAL_READ,
    LOCAL_WRITE,
    REMOTE_READ,
    REMOTE_WRITE,
    MEMORY_BIND
}
```

## 4. Data Structures

This release contains changes that address the following vulnerabilities:

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

					return c, config.Errorf("unable to parse a domain from the OpenID config")
				}
			}
			if p.ClientID == "" {
				return c, config.Errorf("client ID must not be empty")
			}

			// We set the resource ID of the role arn as a hash of client
			// ID, so we can get a short roleARN that stays the same on
			// restart.
			var resourceID string
			{
				h := sha1.New()
				h.Write([]byte(p.ClientID))