A security issue was discovered in Kubernetes where a user may be able to
create a container with subpath volume mounts to access files &
directories outside of the volume, including on the host filesystem.

**Affected Versions**:
  - kubelet v1.22.0 - v1.22.1
  - kubelet v1.21.0 - v1.21.4
  - kubelet v1.20.0 - v1.20.10
  - kubelet <= v1.19.14

**Fixed Versions**:

- A new kubelet metric `image_pull_duration_seconds` was added. The metric tracks the duration (in seconds) it takes for an image to be pulled, including the time spent in the waiting queue of image puller. The metric is broken down by bucketed image size. ([#121719](https://github.com/kubernetes/kubernetes/pull/121719), [@ruiwen-zhao](https://github.com/ruiwen-zhao))

     * <p>
     * If the specified Jar file has the extension <code>.war</code>, only entries whose path starts with the prefix <code>WEB-INF/classes</code> are traversed.
     * The handler receives the entry name excluding the prefix. For example, if the Jar file contains <code>/WEB-INF/classes/ccc/ddd/Eee.class</code>,
     * the handler receives the package name <code>ccc.ddd</code> and the class name <code>Eee</code>.
     * </p>
     *

#              , InScope, NotInScope, PrefixSearch, LikeSearch, NotLikeSearch
#              , EmptyString, FromTo, DateFromTo, RangeOf, ...
#              , (and prefix '!' means excluding, '%' means reviving)
# table: table name (hint) or $$ALL$$
# column: column name (hint) or $$CommonColumn$$ or $$VersionNo$$
#
# Example:
# map:{

    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....
  </description>
  <build>
    <plugins>
      <plugin>
        <artifactId>maven-source-plugin</artifactId>

Java serialization tends to produce larger serialized objects because it includes class metadata and other overhead.

- **Flexibility and Control:**
Java serialization offers limited control over the serialization process, such as excluding certain fields, customizing naming conventions, and handling complex data structures more gracefully.

- **Security:**
Java serialization poses security risks, especially related to deserialization vulnerabilities.

  },
  {
    "input": "x01234567890123456789012345678901234567890123456789012345678901x.ß",
    "output": "x01234567890123456789012345678901234567890123456789012345678901x.xn--zca"
  },
  {
    "comment": "Domain excluding TLD longer than 253 code points",

domain. // // THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS // OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE // LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR // CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF // SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR // BUSINESS...

            }
            builder.append(param.getSignature());
        }
        builder.append(')');
        return builder.toString();
    }

    /**
     * Returns the signature of this method, excluding the return type, and converting generic types to their raw types.
     */
    public String getOverrideSignature() {
        StringBuilder builder = new StringBuilder();
        builder.append(name);

A security issue was discovered in Kubernetes where a user may be able to
create a container with subpath volume mounts to access files &
directories outside of the volume, including on the host filesystem.

**Affected Versions**:
  - kubelet v1.22.0 - v1.22.1
  - kubelet v1.21.0 - v1.21.4
  - kubelet v1.20.0 - v1.20.10
  - kubelet <= v1.19.14

**Fixed Versions**: