}
		if creds.IsTemp() && !creds.IsExpired() {
			var parentPolicy string
			u, err := globalIAMSys.GetUserInfo(ctx, creds.ParentUser)
			if err != nil {
				// Parent may be "virtual" (for ldap, oidc, client tls auth,
				// custom auth plugin), so in such cases we apply no parent
				// policy. The session token will contain info about policy to
				// be applied.
				if !errors.Is(err, errNoSuchUser) {

- kubeadm now deletes the bootstrap-kubelet.conf file after TLS bootstrap
  User relying on bootstrap-kubelet.conf should switch to kubelet.conf that contains node credentials ([#80676](https://github.com/kubernetes/kubernetes/pull/80676), [@fabriziopandini](https://github.com/fabriziopandini))

- `client-go`, using log level 9, traces the following events of a HTTP request:
      - DNS lookup
      - TCP dialing
      - TLS handshake
      - Time to get a connection from the pool
      - Time to process a request ([#105156](https://github.com/kubernetes/kubernetes/pull/105156), [@aojea](https://github.com/aojea))

### Documentation

- Kubeadm: Removed support for mounting /etc/pki as an additional Linux system CA location
  in kube-apisever and kube-controller-manager pods. Instead, it shifted to supporting the
  mounting of /etc/pki/ca-trust and /etc/pki/tls/certs. The locations /etc/ca-certificate,
  /usr/share/ca-certificates, /usr/local/share/ca-certificates, and /etc/ssl/certs continued

- Added a warning that TLS 1.3 ciphers are not configurable. ([#115399](https://github.com/kubernetes/kubernetes/pull/115399), [@3u13r](https://github.com/3u13r)) [SIG API Machinery and Node]

* Clean up old eclass code ([#71399](https://github.com/kubernetes/kubernetes/pull/71399), [@resouer](https://github.com/resouer))
* Fix a race condition in which kubeadm only waits for the kubelets kubeconfig file when it has performed the TLS bootstrap, but wasn't waiting for certificates to be present in the filesystem ([#72030](https://github.com/kubernetes/kubernetes/pull/72030), [@ereslibre](https://github.com/ereslibre))

	quarkus/extensions/panache/mongodb-panache-common/runtime/pom.xml
	quarkus/extensions/jsonb/runtime/pom.xml
	quarkus/extensions/jackson/runtime/pom.xml
quarkus/integration-tests/grpc-tls/pom.xml
	quarkus/extensions/resteasy-classic/resteasy/runtime/pom.xml
	quarkus/extensions/resteasy-classic/resteasy-mutiny/runtime/pom.xml
	quarkus/extensions/grpc/runtime/pom.xml
	quarkus/test-framework/junit5/pom.xml

pkg crypto/ed25519, method (PrivateKey) Sign(io.Reader, []uint8, crypto.SignerOpts) ([]uint8, error)
pkg crypto/ed25519, type PrivateKey []uint8
pkg crypto/ed25519, type PublicKey []uint8
pkg crypto/tls, const Ed25519 = 2055
pkg crypto/tls, const Ed25519 SignatureScheme
pkg crypto/x509, const Ed25519 = 4
pkg crypto/x509, const Ed25519 PublicKeyAlgorithm
pkg crypto/x509, const PureEd25519 = 16
pkg crypto/x509, const PureEd25519 SignatureAlgorithm

h.Write(a) a = h.Sum(nil) } } const masterSecretLength = 48 const extendedMasterSecret = "extended master secret" // MasterSecret implements the TLS 1.2 extended master secret derivation, as // defined in RFC 7627 and allowed by SP 800-135, Revision 1, Section 4.2.2. func MasterSecret[H hash.Hash](hash func() H, preMasterSecret, transcript []byte) []byte { // "The TLS 1.2 KDF is an approved KDF when the following conditions are // satisfied: [...] (3) P_HASH uses either SHA-256, SHA-384 or SHA-512." h :=...

h.Write(a) a = h.Sum(nil) } } const masterSecretLength = 48 const extendedMasterSecret = "extended master secret" // MasterSecret implements the TLS 1.2 extended master secret derivation, as // defined in RFC 7627 and allowed by SP 800-135, Revision 1, Section 4.2.2. func MasterSecret[H fips140.Hash](hash func() H, preMasterSecret, transcript []byte) []byte { // "The TLS 1.2 KDF is an approved KDF when the following conditions are // satisfied: [...] (3) P_HASH uses either SHA-256, SHA-384 or SHA-512." h...