* loading, or expired. Unlike {@link Segment#getLiveValue} this method does not attempt to clean
   * up stale entries. As such it should only be called outside a segment context, such as during
   * iteration.
   */
  @CheckForNull
  V getLiveValue(ReferenceEntry<K, V> entry, long now) {
    if (entry.getKey() == null) {
      return null;
    }

### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

A security issue was discovered in Kubernetes where a user may be able to
create a container with subpath volume mounts to access files &
directories outside of the volume, including on the host filesystem.

**Affected Versions**:
  - kubelet v1.22.0 - v1.22.1
  - kubelet v1.21.0 - v1.21.4
  - kubelet v1.20.0 - v1.20.10
  - kubelet <= v1.19.14

### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

A security issue was discovered in Kubernetes where a user may be able to
create a container with subpath volume mounts to access files &
directories outside of the volume, including on the host filesystem.

**Affected Versions**:
  - kubelet v1.22.0 - v1.22.1
  - kubelet v1.21.0 - v1.21.4
  - kubelet v1.20.0 - v1.20.10
  - kubelet <= v1.19.14

                      type: object
                    tls:
                      description: Set of TLS related options that will enable TLS
                        termination on the sidecar for requests originating from outside
                        the mesh.
                      properties:
                        caCertificates:
                          description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.

- Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range ([#115462](https://github.com/kubernetes/kubernetes/pull/115462), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps]

- The bug which caused the status of Indexed Jobs to only update when new indexes were completed was fixed. Now, completed indexes are updated even if the `.status.completedIndexes` values are outside the `[0, .spec.completions> range`. ([#115349](https://github.com/kubernetes/kubernetes/pull/115349), [@danielvegamyhre](https://github.com/danielvegamyhre))

### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

A security issue was discovered in Kubernetes where a user may be able to
create a container with subpath volume mounts to access files &
directories outside of the volume, including on the host filesystem.

**Affected Versions**:
  - kubelet v1.22.0 - v1.22.1
  - kubelet v1.21.0 - v1.21.4
  - kubelet v1.20.0 - v1.20.10
  - kubelet <= v1.19.14

implements scala.Serializable { public void ConfigurationParser$$anonfun$6(ConfigurationParser); } xsbt/boot/ConfigurationParser$$anonfun$optfile$1.class package xsbt.boot; public final synchronized class ConfigurationParser$$anonfun$optfile$1 extends scala.runtime.AbstractFunction1 implements scala.Serializable { public void ConfigurationParser$$anonfun$optfile$1(ConfigurationParser); } xsbt/boot/Configuration$$anonfun$neNull$1.class package xsbt.boot; public final synchronized class Configurati...

  // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true".
  // This field should not be used to find auto-generated service account token secrets for use outside of pods.
  // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created.
  // More info: https://kubernetes.io/docs/concepts/configuration/secret

for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.

  Conveying under any other circumstances is permitted solely under
the conditions stated below.  Sublicensing is not allowed; section 10
makes it unnecessary.