This release contains changes that address the following vulnerabilities:

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8

* Add Simplified Chinese translation for kubectl ([#45573](https://github.com/kubernetes/kubernetes/pull/45573), [@shiywang](https://github.com/shiywang))

### **kubectl (CLI)**
* Features

  * `kubectl logs` supports specifying a container name when using label selectors ([#44282](https://github.com/kubernetes/kubernetes/pull/44282), [@derekwaynecarr](https://github.com/derekwaynecarr))

        assertEquals("logs", logFile.getName());
        assertEquals("target", logFile.getParentFile().getName());
        try {
            System.setProperty("fess.log.path", "logpath");
            assertEquals("logpath", systemHelper.getLogFilePath());
        } finally {
            System.clearProperty("fess.log.path");
        }
    }

    @Test

		select {
		case logCh <- *b:
		default:
			consoleLogRPC.PutResponse(b)
			// Do not block on slow receivers.
		}
		return nil
	})
}

// ConsoleLog - sends request to peer nodes to get console logs
func (client *peerRESTClient) ConsoleLog(ctx context.Context, kind madmin.LogMask, logCh chan<- []byte) {
	go func() {
		for {
			client.doConsoleLog(ctx, kind, logCh)
			select {
			case <-ctx.Done():

     *
     * <p>If this returns false, then no query can take more than O(log n).
     *
     * <p>Note that for a RegularImmutableSet with elements with truly random hash codes, contains
     * operations take expected O(1) time but with high probability take O(log n) for at least some
     * element. (https://en.wikipedia.org/wiki/Linear_probing#Analysis)
     *

    * Appropriately set log severity for k8s_container.
    * Fix detect exceptions plugin to analyze message field instead of log field.
    * Fix detect exceptions plugin to analyze streams based on local resource id.
    * Disable the metadata agent for monitored resource construction in logging.
    * Disable timestamp adjustment in logs to optimize performance.

    @Test
    public void test_buildFilePath_withBrackets() {
        final Path result =
                indexExportJob.buildFilePath(tempDir.toString(), "file:///data/[logs]/access.log", new HtmlIndexExportFormatter());
        assertNotNull(result);
        // Brackets are invalid in URI syntax, so this should fall back to _invalid/hash path

	Event     string
	APIName   string
	Status    string
	Bucket    string
	Object    string
	VersionID string
	Error     string
	Tags      map[string]string
}

// sends audit logs for internal subsystem activity
func auditLogInternal(ctx context.Context, opts AuditLogOptions) {
	if len(logger.AuditTargets()) == 0 {
		return
	}

	entry := audit.NewEntry(globalDeploymentID())

* Advanced audit policy now supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources. ([#48836](https://github.com/kubernetes/kubernetes/pull/48836), [@ericchiang](https://github.com/ericchiang))

		go func() {
			defer wg.Done()
			// Sync start.
			<-start
			if err := obj.MakeBucket(GlobalContext, bucketName1, MakeBucketOptions{}); err != nil {
				if _, ok := err.(BucketExists); !ok {
					t.Logf("unexpected error: %T: %v", err, err)
					return
				}
				mu.Lock()
				errs++
				mu.Unlock()
				return
			}
			mu.Lock()
			ok++
			mu.Unlock()
		}()
	}
	close(start)