* @throws CIFSException
     */
    @Test
    void testService_BasicAuth_Success() throws Exception {
        ntlmServlet.init(servletConfig);
        setupMocksForAuth();

        // Base64 encoding of "TEST_DOMAIN\\user:password"
        when(request.getHeader("Authorization")).thenReturn("Basic VEVTVF9ET01BSU5cdXNlcjpwYXNzd29yZA==");
        lenient().when(request.isSecure()).thenReturn(true);

        byte[] type1Message = new byte[] { 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00 };
        String authHeader = "NTLM " + new String(org.bouncycastle.util.encoders.Base64.encode(type1Message));

        when(request.getHeader("Authorization")).thenReturn(authHeader);
        when(httpSession.getAttribute("NtlmHttpAuth")).thenReturn(null);

import java.io.IOException;
import java.nio.charset.Charset;
import java.sql.Timestamp;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
import java.util.function.Consumer;

import org.apache.logging.log4j.LogManager;

 * <ul>
 * <li>Thread-safe cipher pooling using {@link ConcurrentLinkedQueue}</li>
 * <li>Configurable encryption algorithms (default: Blowfish)</li>
 * <li>Proper charset handling for key generation (UTF-8 by default)</li>
 * <li>Base64 encoding for text operations</li>
 * </ul>
 * <p>
 * <strong>Security Considerations:</strong>
 * </p>
 * <ul>
 * <li>Default Blowfish algorithm is suitable for general-purpose encryption</li>

            }
            if (SpnegoHttpFilter.Constants.ALLOW_UNSEC_BASIC.equals(name)) {
                // SECURITY WARNING: Unsecure basic authentication is enabled by default.
                // This sends credentials in Base64 encoding over potentially unencrypted connections.
                // For production, it is STRONGLY RECOMMENDED to set spnego.allow.unsecure.basic to false
                // and use HTTPS or more secure authentication methods.

                            if (lowerEntryDn.indexOf(lowerGroupDn) != -1) {
                                groupList.add(Base64.getUrlEncoder().encodeToString(name.getBytes(Constants.CHARSET_UTF_8)));
                            } else if (lowerEntryDn.indexOf(lowerRoleDn) != -1) {
                                roleList.add(Base64.getUrlEncoder().encodeToString(name.getBytes(Constants.CHARSET_UTF_8)));
                            }

                if (!queryFieldConfig.isFacetField(f)) {
                    throw new SearchQueryException("Invalid facet field: " + f);
                }
                final String encodedField = BaseEncoding.base64().encode(f.getBytes(StandardCharsets.UTF_8));
                final TermsAggregationBuilder termsBuilder =
                        AggregationBuilders.terms(Constants.FACET_FIELD_PREFIX + encodedField).field(f);

St=["background","cite","href","itemtype","longdesc","poster","src","xlink:href"],Nt=/^(?:(?:https?|mailto|ftp|tel|file|sms):|[^#&/:?]*(?:[#/?]|$))/i,Dt=/^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i;function At(t,e,n){if(0===t.length)return t;if(n&&"function"==typeof n)return n(t);for(var i=(new window.DOMParser).parseFromString(t,"text/html"),o=Object.keys(e),a=[].slice.call(i.body.querySelectorAll("*")),s=function(t,n){var ...

- To enhance usability and developer experience, CRD validation rules now support...

([#64248](https://github.com/kubernetes/kubernetes/pull/64248), [@feiskyer](https://github.com/feiskyer))

### SIG CLI

* You can now use the `base64decode` function in kubectl go templates to decode base64-encoded data, such as `kubectl get secret SECRET -o go-template='{{ .data.KEY | base64decode }}'`. ([#60755](https://github.com/kubernetes/kubernetes/pull/60755), [@glb](https://github.com/glb))