* Specifically the new controller watches the API server for scheduled pods. It processes each pod and ensures that any volumes that implement the volume Attacher interface are attached to the node their pod is scheduled to.

  optional PhotonPersistentDiskVolumeSource photonPersistentDisk = 17;

  // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
  // +optional
  optional PortworxVolumeSource portworxVolume = 18;

  // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
  // +optional

message VolumeAttachmentStatus {
  // attached indicates the volume is successfully attached.
  // This field must only be set by the entity completing the attach
  // operation, i.e. the external-attacher.
  optional bool attached = 1;

  // attachmentMetadata is populated with any
  // information returned by the attach operation, upon successful attach, that must be passed

message VolumeAttachmentStatus {
  // attached indicates the volume is successfully attached.
  // This field must only be set by the entity completing the attach
  // operation, i.e. the external-attacher.
  optional bool attached = 1;

  // attachmentMetadata is populated with any
  // information returned by the attach operation, upon successful attach, that must be passed

message VolumeAttachmentStatus {
  // attached indicates the volume is successfully attached.
  // This field must only be set by the entity completing the attach
  // operation, i.e. the external-attacher.
  optional bool attached = 1;

  // attachmentMetadata is populated with any
  // information returned by the attach operation, upon successful attach, that must be passed

Y","shiftKey","view","char","charCode","keyCode","buttons","clientX","clientY","offsetX","offsetY","pointerId","pointerType","screenX","screenY","targetTouches","toElement","touches","which","blur","focusMappedHandler","documentMode","simulate","attaches","dataHolder","mouseenter","mouseleave","pointerenter","pointerleave","orig","related","rnoInnerhtml","rchecked","rcleanScript","manipulationTarget","disableScript","restoreScript","cloneCopyEvent","dest","udataOld","udataCur","domManip","collec...

* Add support for volume attach limits for CSI volumes ([#67731](https://github.com/kubernetes/kubernetes/pull/67731), [@gnufied](https://github.com/gnufied))
* CSI volume plugin does not need external attacher for non-attachable CSI volumes. ([#67955](https://github.com/kubernetes/kubernetes/pull/67955), [@jsafrane](https://github.com/jsafrane))

### Hardware attacks

Physical GPUs or TPUs can also be the target of attacks. [Published
research](https://scholar.google.com/scholar?q=gpu+side+channel) shows that it
might be possible to use side channel attacks on the GPU to leak data from other
running models or processes in the same system. GPUs can also have
implementation bugs that might allow attackers to leave malicious code running

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

- Azure: update disk lock logic per vm during attach/detach to allow concurrent updates for different nodes. ([#85115](https://github.com/kubernetes/kubernetes/pull/85115), [@aramase](https://github.com/aramase))
- Fix vmss dirty cache issue in disk attach/detach on vmss node ([#85158](https://github.com/kubernetes/kubernetes/pull/85158), [@andyzhangx](https://github.com/andyzhangx))