- Enforced kubelet to request serving certificates only once it has at least one IP address in the `.status.addresses` of its associated Node object. This avoids requesting DNS-only serving certificates before externally set addresses are in place. Until 1.33,...

### CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.

**Affected Versions**:
  - kube-apiserver v1.29.0 - v1.29.3

This release contains changes that address the following vulnerabilities:

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

        </excludes>
      </testResource>
    </testResources>
    <plugins>
      <plugin>
        <artifactId>maven-enforcer-plugin</artifactId>
        <executions>
          <execution>
            <id>enforce-versions</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <requireMavenVersion>

*   Added assignments for "Deep Learning with TensorFlow" udacity course

## Bug Fixes and Other Changes

*   Added a versioning framework for `GraphDef`s to ensure compatibility
*   Enforced Python 3 compatibility
*   Internal changes now show up as sensibly separated commits
*   Open-sourced the doc generator
*   Un-fork Eigen
*   Simplified the `BUILD` files and cleaned up C++ headers

     * @param tf the CIFS context to use
     * @param name the server name or address
     * @param port the port number
     * @param exclusive whether to acquire an unshared connection
     * @param forceSigning whether to enforce SMB signing
     * @return a connected transport
     * @throws UnknownHostException if the host cannot be resolved
     * @throws IOException if an I/O error occurs
     */

import org.junit.jupiter.params.provider.ArgumentsProvider
import org.junit.jupiter.params.provider.ArgumentsSource
import org.junit.jupiter.params.support.ParameterDeclarations

/**
 * This enforces us having the params classes on the classpath to workaround
 * https://github.com/graalvm/native-build-tools/issues/745
 */
class WithArgumentSourceTest {
  @ParameterizedTest
  @ArgumentsSource(FakeArgumentsProvider::class)

///

## `HTTPSRedirectMiddleware` { #httpsredirectmiddleware }

Enforces that all incoming requests must either be `https` or `wss`.

Any incoming request to `http` or `ws` will be redirected to the secure scheme instead.

{* ../../docs_src/advanced_middleware/tutorial001_py310.py hl[2,6] *}

## `TrustedHostMiddleware` { #trustedhostmiddleware }

		if err != nil {
			internalLogIf(ctx, err, logger.WarningKind)
			return true
		}
		if ret.RetainUntilDate.After(t) {
			return true
		}
	}
	return false
}

// enforceRetentionBypassForDelete enforces whether an existing object under governance can be deleted
// with governance bypass headers set in the request.
// Objects under site wide WORM can never be overwritten.

import com.google.common.cache.AbstractCache.StatsCounter;
import com.google.common.cache.LocalCache.Timestamped;
import java.util.LinkedHashMap;
import org.jspecify.annotations.Nullable;

/**
 * LinkedHashMap that enforces its maximum size and logs events in a StatsCounter object and an
 * optional RemovalListener.
 *
 * @param <K> the base key type
 * @param <V> the base value type
 */