AmzObjectLockMode             = "X-Amz-Object-Lock-Mode"
	AmzObjectLockRetainUntilDate  = "X-Amz-Object-Lock-Retain-Until-Date"
	AmzObjectLockLegalHold        = "X-Amz-Object-Lock-Legal-Hold"
	AmzObjectLockBypassGovernance = "X-Amz-Bypass-Governance-Retention"
	AmzBucketReplicationStatus    = "X-Amz-Replication-Status"

	// AmzSnowballExtract will trigger unpacking of an archive content
	AmzSnowballExtract = "X-Amz-Meta-Snowball-Auto-Extract"

	globalNetPerfRX              netPerfRX
	globalSiteNetPerfRX          netPerfRX
	globalObjectPerfBucket       = "minio-perf-test-tmp-bucket"
	globalObjectPerfUserMetadata = "X-Amz-Meta-Minio-Object-Perf" // Clients can set this to bypass S3 API service freeze. Used by object pref tests.

	// MinIO version unix timestamp
	globalVersionUnix uint64

	// MinIO client
	globalMinioClient *minio.Client

    /**
     * Reserve an opportunistic lock filter on the open
     */
    public static final int FILE_RESERVE_OPFILTER = 0x100000;
    /**
     * Open a reparse point and bypass normal reparse point processing
     */
    public static final int FILE_OPEN_REPARSE_POINT = 0x200000;
    /**
     * Open does not cause an opportunistic lock break for the file
     */

	os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID())
	if globalMinioEndpoint != "" {
		os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint)
	} else {
		// Explicitly set 127.0.0.1 so Console will automatically bypass TLS verification to the local S3 API.
		// This will save users from providing a certificate with IP or FQDN SAN that points to the local host.

	// uncompressed expected content.
	// If content is very large, an alternative to setting Content or File
	// is to set Size, which will then be checked against the header-reported size
	// but will bypass the decompressing of the actual data.
	// This last option is used for testing very large (multi-GB) compressed files.
	ContentErr error
	Content    []byte
	File       string
	Size       uint64
}

  - [Changelog since v1.33.1](#changelog-since-v1331)
  - [Important Security Information](#important-security-information-1)
    - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks)
  - [Changes by Kind](#changes-by-kind-5)
    - [Feature](#feature-4)
    - [Bug or Regression](#bug-or-regression-5)

    - [CVE-2021-25749: <code>runAsNonRoot</code> logic bypass for Windows containers](#cve-2021-25749-runasnonroot-logic-bypass-for-windows-containers)
  - [Changes by Kind](#changes-by-kind-6)
    - [Bug or Regression](#bug-or-regression-6)
  - [Dependencies](#dependencies-6)
    - [Added](#added-6)

- `(*"k8s.io/client-go/rest".Request).{Do,DoRaw,Stream,Watch}` now require callers to pass a `context.Context` as an argument. The context is used for timeout and cancellation signaling and to pass supplementary information to round trippers in the wrapped transport chain. If you don't need any of this functionality, it is sufficient to pass a context created with `context.Background()` to these functions. The `(*"k8s.io/client-go/rest".Request).Context` method...

    - [CVE-2021-25749: <code>runAsNonRoot</code> logic bypass for Windows containers](#cve-2021-25749-runasnonroot-logic-bypass-for-windows-containers)
    - [Am I vulnerable?](#am-i-vulnerable)
      - [Affected Versions](#affected-versions)

    - [CVE-2021-25749: <code>runAsNonRoot</code> logic bypass for Windows containers](#cve-2021-25749-runasnonroot-logic-bypass-for-windows-containers)
    - [Am I vulnerable?](#am-i-vulnerable)
      - [Affected Versions](#affected-versions)
    - [How do I mitigate this vulnerability?](#how-do-i-mitigate-this-vulnerability)