### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

- Fixes regression in logging spurious stack traces when proxied connections are closed by the backend ([#82588](https://github.com/kubernetes/kubernetes/pull/82588), [@liggitt](https://github.com/liggitt))

## Notable Features

- Trace output in apiserver logs is more organized and comprehensive. Traces are nested, and for all non-long running request endpoints, the entire filter chain is instrumented (e.g. authentication check is included). ([#88936](https://github.com/kubernetes/kubernetes/pull/88936), [@jpbet...

### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

* 📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR [#9440](https://github.com/tiangolo/fastapi/pull/9440) by [@softwarebloat](https://github.com/softwarebloat).

pkg time, type ParseError struct, Message string
pkg time, type ParseError struct, Value string
pkg time, type ParseError struct, ValueElem string
pkg time, type Ticker struct
pkg time, type Ticker struct, C <-chan Time
pkg time, type Time struct
pkg time, type Timer struct
pkg time, type Timer struct, C <-chan Time
pkg time, type Weekday int
pkg time, var Local *Location

public key, pub. If the hash is longer // than the bit-length of the private key's curve order, the hash will be // truncated to that length. // // The inputs are not considered confidential, and may leak through timing side // channels, or if an attacker has control of part of the inputs. func Verify[P Point[P]](c *Curve[P], pub *PublicKey, hash []byte, sig *Signature) error { if pub.curve != c.curve { return errors.New("ecdsa: public key does not match curve") } fips140.RecordApproved() fipsSelfTest()...

public key, pub. If the hash is longer // than the bit-length of the private key's curve order, the hash will be // truncated to that length. // // The inputs are not considered confidential, and may leak through timing side // channels, or if an attacker has control of part of the inputs. func Verify[P Point[P]](c *Curve[P], pub *PublicKey, hash []byte, sig *Signature) error { if pub.curve != c.curve { return errors.New("ecdsa: public key does not match curve") } fips140.RecordApproved() fipsSelfTest()...