.collect(Collectors.toList())
                    .forEach(s -> {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Removing old state: {}", s);
                        }
                        states.remove(s);
                    });
            final StateData stateData = states.get(state);
            if (stateData != null) {

      </match>
    </magic>
  </mime-type>

  <mime-type type="application/x-tika-old-excel">
    <_comment>Pre-OLE2 (Old) Microsoft Excel Worksheets</_comment>
  </mime-type>

  <!-- =================================================================== -->

  * You can remove the "old" taints (stored internally as annotations) at any time after the upgrade by doing `kubectl annotate nodes <node name> scheduler.alpha.kubernetes.io/taints-` (note the minus at the end, which means "delete the taint with this key")

            }
            if (log.isTraceEnabled()) {
                log.trace("Existing session " + ssn + " does not match " + tf.getCredentials());
            }
        }

        /* logoff old sessions */
        if (tf.getConfig().getSessionTimeout() > 0 && this.sessionExpiration < (now = System.currentTimeMillis())) {
            this.sessionExpiration = now + tf.getConfig().getSessionTimeout();

/**
 * Manages LDAP connections and operations.
 */
public class LdapManager {
    private static final Logger logger = LogManager.getLogger(LdapManager.class);

    /** A thread-local variable to hold the directory context. */
    protected ThreadLocal<DirContextHolder> contextLocal = new ThreadLocal<>();

    /** A flag to indicate if the LDAP connection is bound. */
    protected volatile boolean isBind = false;

- Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource ([#120655](https://github.com/kubernetes/kubernetes/pull/120655), [@aojea](https://github.com/aojea)) [SIG Network...

      @Override
      public boolean hasNext() {
        /*
         * Don't store a new Iterator until we know the user can't remove() the last returned
         * element anymore. Otherwise, when we remove from the old iterator, we may be invalidating
         * the new one. The result is a ConcurrentModificationException or other bad behavior.
         *

by this vulnerability if you run a Validating Admission Webhook for Nodes
that denies admission based at least partially on the old state of the
Node object.

**Note**: This only impacts validating admission plugins that rely on old
values in certain fields, and does not impact calls from kubelets that go
through the built-in NodeRestriction admission plugin.

**Affected Versions**:

this feature is enabled kubeadm will start using a new naming format for the ConfigMap where it stores the KubeletConfiguration structure. The old format included the Kubernetes version - "kube-system/kubelet-config-1.22", while the new format does not - "kube-system/kubelet-config". A similar formatting change is done for the related RBAC rules. The old format is now DEPRECATED and will be removed after the feature graduates to GA. When writing the ConfigMap kubeadm (init, upgrade apply) will respect...

- Kube-proxy in iptables mode now only logs the full iptables input at `-v=9` rather than `-v=5`. ([#108224](https://github.com/kubernetes/kubernetes/pull/108224), [@danwinship](https://github.com/danwinship))
- Kube-proxy will no longer hold service node ports open on the node. Users are still advised not to run any listener on node ports range used by kube-proxy. ([#108496](https://github.com/kubernetes/kubernetes/pull/108496), [@khenidak](https://github.com/khenidak))