3.7.4

Complete changelog

• #37608 - gRPC starter app is using legacy approach, single HTTP server should be used instead
• #38236 - Adding a decorator causes bytecode error
• #38504 - NPE on oidc-client when quarkus.oidc-client.grant-options.password.password not provided
• #38533 - 'Unable to find a JDBC driver' for Hibernate Reactive after updating to 3.7.1
• #38683 - Build time performance regression and bigger native binaries when migrating from 3.5 to 3.6 or 3.7
• #38688 - Making sure deployment modules excluded in POM files aren't pulled in by the Gradle plugin
• #38721 - Java 21: @VirtualThreadUnit produces very slow tests
• #38763 - Enable an injection of the OIDC code flow access token verificaton material
• #38767 - Fail early if OIDC client password grant is misconfigured
• #38771 - Adds an implementation note about @VirtualThreadUnit limitations
• #38775 - Use the right MongoDB ClientSession interface
• #38776 - OidcRequestFilter with OidcEndpoint applied to all endpoints
• #38777 - OIDC Code flow access token verification goes ahead even if the ID token verification has failed
• #38779 - Fix OidcEndpoint annotation processing
• #38784 - Fix guide URL in RESTEasy Client extension
• #38785 - ArC: fix interception when some methods return void
• #38798 - Using custom header in REST client together with @NotBody annotated argument results in warning from EndpointIndexer
• #38800 - Don't warn about @NotBody use in @GET methods in REST Client
• #38802 - Multipart form data is interpreted as a file although it's not a file
• #38803 - OIDC server is erroneously shown as not available
• #38810 - Expand types which are considered text in multipart handling
• #38815 - Support security identity propagation in VT
• #38816 - Propagate Vert.x context on all ExecutorService methods for VirtualThreadExecutor
• #38817 - Mocking Singleton does not work even when using @MockitoConfig(convertScopes = true) - Bean produced from factory method
• #38818 - Allow RunAndCheckMojoTestBase subclasses to override how much memory extension tests are allowed
• #38819 - Add response text to the OIDC bootstrap log errors
• #38821 - Configure SISU bean filtering for the bootstrap Maven resolver
• #38824 - Memory leak when using FT Fallback with dependent beans
• #38833 - Keycloak Admin Client Reactive error id: 9009f9b4-1d58-4011-9ff2-49b87bb59ddd-1: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "authHeader" is null
• #38836 - Fix Keycloak Admin Client Reactive Jackson reader provider priority so that the client can work when the JSONB REST client extension is present
• #38837 - Quarkus create new project fails when -DnoCode is used and artifactId is not set properly
• #38843 - Check the code flow access token after ID token
• #38844 - Fix copy/paste typo
• #38849 - Ensure that generated project GAV is always set
• #38851 - Kafka integration tests fail with latest Mandrel/GraalVM 24.1-dev builds
• #38853 - [3.7] Perform security checks on inherited endpoints before payload deserialization in the RESTEasy Reactive
• #38855 - Make registration of OAuthBearerValidatorCallbackHandler conditional
• #38858 - Testing: fix @MockitoConfig(convertScopes=true) with auto-producers
• #38859 - Fix warning when launching dev mode specifying quarkus-maven-plugin GAV on the command line
• #38865 - Update commons-compress version to mitigate CVE-2024-25710
• #38866 - Sporadic error in custom readiness check using keycloak-admin-client: IllegalStateException: Client is closed
• #38868 - Add config flag to disable jacoco
• #38882 - Quartz - prevent memory leak when Job instance is a @Dependent bean
• #38886 - Ignore ValidationSchema that results in registering all models
• #38888 - SmallRye Health: terminate request context properly
• #38889 - Kafka reactive messaging extension incompatible with Micrometer Prometheus extension for Quarkus 3.7.*
• #38890 - Log resolved OIDC tenant id and how the bearer token is found
• #38894 - Disable messaging observation by default for backwards compatibility
• #38897 - Attempt to fix flaky DependentBeanJobTest

3.8.0.CR1

Complete changelog

3.7.3

Complete changelog

• #36341 - The API method KafkaStreams#cleanUp() is not applicable when use @Produces to build the topology
• #37091 - Fix VertxGrpcExporter reponse status handling
• #37911 - Store since JavaDoc tag in the configuration metadata, so that Quarkiverse projects can render it in their documentation if they like
• #38055 - Make annotation app.quarkus.io/vcs-uri optional in Kubernetes extension
• #38079 - Make OidcTestSecurityIdentityAugmentor faster by making privateKey's generation final and static
• #38196 - Use Vert.x pool with Jackson
• #38477 - Add disabled workflow to deploy snapshots in Quarkiverse extensions
• #38489 - OIDC authentication.extra-params not added to dev-services auth request
• #38602 - QuarkusComponentTest: @TestConfigProperties not applicable to method (override multiple config properties)
• #38607 - Gradle: fix IllegalStateException when resolving project deps
• #38613 - RabbitMQ Health Checks cannot be disabled from 3.7+
• #38615 - Updates to Infinispan 14.0.24.Final
• #38619 - Pass extra authentication params in the OIDC DevUI code flow redirect URL
• #38626 - Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2
• #38650 - UI doesn't work correct with umlauts
• #38653 - Enforce Dev UI charset to UTF-8
• #38655 - Allow for multiple TestConfigProperty annotations on methods
• #38656 - Upgrade the Mutiny Vert.x bindings to 3.9.0
• #38658 - Configure a REST Client ClientLogger vía CDI
• #38662 - Bump io.smallrye.config:smallrye-config-source-yaml from 3.5.2 to 3.5.4 in /devtools/gradle
• #38663 - ContainerRequestContext.getUriInfo().getMatchedURIs() IndexOutOfBoundsException
• #38664 - Bump Smallrye RM from 4.16.0 to 4.16.1
• #38670 - Make ClientLogger beans unremovable
• #38671 - Redis Client: improve documentation for sentinel and cluster
• #38672 - Remove WATCH Command in absence of Optimistic Locking
• #38673 - Fix OidcRequestFiler typo in security docs
• #38674 - Improve flaky test
• #38675 - Correct example generated yaml in extension metadata docs
• #38676 - OpenAPI does not fill roles in SecurityScheme in schema
• #38680 - Log how Keycloak devservice maps resources
• #38681 - Upgrade to Hibernate ORM 6.4.4.Final / bytebuddy 1.14.11
• #38686 - Make GraphQL Metrics End when Exceptional
• #38692 - Bump com.gradle:gradle-enterprise-maven-extension from 1.20 to 1.20.1
• #38693 - Bump commons-codec:commons-codec from 1.16.0 to 1.16.1
• #38694 - OpenAPI: remove check that avoids running auto-security at build
• #38703 - RESTEasy Reactive Multipart struggles with non-file binary uploads
• #38705 - Kafka Streams fire event after created and before scheduling the start
• #38706 - Elasticsearch container reuse creates a new container on each run
• #38709 - Don't provide empty paths when using a root prefix
• #38710 - Avoid Vert.x GraphQL deprecation warning
• #38712 - Bump Smallrye RM from 4.16.1 to 4.16.2
• #38713 - Only configure shared network for Elasticsearch/OpenSearch containers where necessary
• #38714 - Don't assume that multipart part without filename is always text
• #38728 - Encode Kafka messages with UTF8
• #38730 - Accept-Header in hibernate validator's ResteasyReactiveLocaleResolver is resolved case-sensitive
• #38732 - Quarkus should still allow to create project with Java 11 (for older streams and other platforms)
• #38733 - Allow Java 11 as LTS for older streams and other platforms
• #38738 - Make accept header check in validation case insensitive
• #38748 - Sanitize app.dekorate.io/vcs-url kubernetes annotation
• #38755 - Log when a RestEasy Reactive client close method is called
• #38756 - Bump Keycloak version to 23.0.6
• #38760 - Set COMPILE_ONLY flag on relevant dependencies that appear on DEPLOYMENT_CP and RUNTIME_CP

3.7.2

Complete changelog

• #37807 - SSL requests hang when returning a CompletableFuture
• #38101 - smallrye-openapi property oidc-open-id-connect-url might not be fixed at build time
• #38231 - OpenAPI: Always run OpenIDConnectSecurityFilter at runtime
• #38310 - Add note about the two quarkus-extension files
• #38394 - quarkus-cache: "keyGenerator" destroyed, even if it is annotated with "Singleton"
• #38397 - Use actions/setup-java GPG key feature
• #38411 - Cache: only dependent CacheKeyGenerator beans are destroyed after use
• #38422 - nested configurations in extension: sub-property is seen as nested entity.
• #38431 - quarkus.oidc-token-propagation-reactive.enabled-during-authentication does not work correctly in the code flow
• #38442 - Make sure the code flow access token is propagated during the authentication
• #38444 - Fix request hanging condition
• #38451 - Remove workaround for HHH-17683 in Panache
• #38479 - Stricter and false positive env variables validation after upgrade to 3.7.0
• #38483 - Add a tool to check cross references
• #38488 - Update to Vert.x 4.5.2
• #38495 - Add org.graalvm.regex:regex to runnerParentFirstArtifacts
• #38499 - Alpn property not work in rest client reactive
• #38500 - Make quarkus.rest-client.alpn work in programmatically created client
• #38506 - lombok warning when building with 3.7.1
• #38514 - Alpn property not work for single rest client reactive
• #38516 - Add missing alpn config key handling from named config
• #38521 - Panache sorting no longer works for embedded fields in Quarkus 3.7.1
• #38525 - Fix typo in RedisClientConfig JavaDoc
• #38527 - Revert "Escape column names with backticks in order by clause of hql query"
• #38543 - LinksProcessor ID field error for native class HalCollectionWrapper
• #38545 - Enhance Adding extension section in cli-tooling documentation page
• #38546 - Add globbing pattern to cli-tooling.adoc
• #38548 - Bump smallrye-open-api from 3.8.0 to 3.9.0
• #38549 - Upgrade actions/setup-java to v4
• #38550 - Upgrade checkout and java-setup actions to version v4
• #38558 - Upgrade to Hibernate ORM 6.4.3.Final
• #38580 - Make the Forwarded Parser syntax parsing case-insensitive
• #38582 - Config property expects to have hyphen before digit
• #38596 - Add missing entry in BOM for Hibernate Search outbox-polling relocation
• #38597 - LinksProcessor ID field error for native class HalCollectionWrapper
• #38605 - ArC: RequestContext - implement the activity check consistently
• #38606 - Activating DEBUG for io.quarkus.oidc results in FORMAT_FAILURE
• #38610 - Update SmallRye Config to 3.5.4
• #38611 - Redis Client: add support for new configuration options
• #38612 - Fix the OIDC debug message format bug
• #38616 - AppCDS containerized generation runs with UID 1000 which can clash with an existing user with UID 1000 on the host
• #38620 - Set quarkus-oidc-token-propagation-reactive status to stable
• #38633 - Move Dev UI locking back to Quarkus BOM
• #38636 - Update Vert.x to version 4.5.3
• #38638 - Update activemq-artemis-broker container to 1.0.25
• #38644 - Fix AppCDS generation when using podman
• #38648 - More documentation adjustments for new downstream tooling
• #38649 - Use [[anchor]] format consistently

3.7.1

Complete changelog

• #37532 - Warning that annotation processing is enabled when using JDK 21 in DEV mode and Java files change
• #38018 - Openshift extension fails to pull images, it creates, when quarkus.container-image.group property is used
• #38263 - Hibernate Reactive with Oracle after bump to 2.2.1 throws casting exception - cannot cast DeleteOrUpsertOperation to OptionalTableUpdate
• #38326 - Cross-Site Request Forgery (CSRF) prevents JSON-Bodies to be deserialized
• #38356 - Quartz extension issue with parameters batchTriggerAcquisitionMaxCount and batchTriggerAcquisitionFireAheadTimeWindow
• #38364 - extension-maven-plugin does not support reproducible builds
• #38365 - Make sure extension metadata properties are not including timestamps
• #38367 - Bump Hibernate Reactive from 2.2.1.Final to 2.2.2.Final
• #38372 - Use UpdateDependencyVersionOperation first to update Quarkus version
• #38375 - Make it easier to get the default OIDC metadata
• #38378 - JPA meta model generation fails in 3.7.0.CR1
• #38396 - Update Gradle Maven extensions
• #38406 - Don't assume module that has child modules is the parent of those modules
• #38407 - Bump io.smallrye.reactive:mutiny from 2.5.1 to 2.5.5
• #38409 - Use simpler collection creation idioms in code example
• #38410 - Make sure that @WithFormRead doesn't break body handling
• #38417 - Bump com.gradle.enterprise from 3.16.1 to 3.16.2 in /devtools/gradle
• #38418 - Bump testcontainers.version from 1.19.3 to 1.19.4
• #38420 - Timestamps in jdp files prevent reproducible extension builds
• #38421 - Store ConfigItem Javadocs in jdp files without timestamps
• #38427 - Fix static JPA metamodel generated for Panache classes
• #38428 - Add resolve names annotation to OpenShift Deploymnets
• #38429 - Replace {project-name} attribute in document title for downstream
• #38430 - Avoid dots in config doc ids as it's causing issues for downstream
• #38432 - Bump org.jboss.resteasy.spring:resteasy-spring-web from 3.1.0.Final to 3.1.1.Final
• #38441 - Upgrade to Mutiny 2.5.6
• #38445 - Wrong logging of SpringCloudConfig server URL when using labels
• #38446 - Append label instead of replacing whole Spring Cloud config URI
• #38459 - Fix quarkus.hibernate-search-orm.elasticsearch.version-check.enabled not appearing in docs
• #38465 - RestEasy Reactive sends SameSite cookie param with wrong case
• #38466 - Use proper case for SameSite cookie
• #38467 - MySQL Connector 8.3
• #38468 - Ignore annotation process warning when restarting dev mode
• #38470 - Scheduler: fix usage of some Quartz int config properties
• #38480 - Allow custom OIDC client filters to force a new token acquisition

3.6.9

Complete changelog

• #38460 - [3.6] Exception introduced by recent CVE fixes

3.6.8

Complete changelog

• #38370 - Include RowSet properties file in native image
• #38369 - Ensure that response body of unsuccessful SSE request can be read
• #38362 - Register JDBC RowSet required bundle
• #38347 - Bump to Netty 4.1.106.Final
• #38325 - SSE RESTEasy Reactive if an error occurs, cannot retrieve the body

3.2.10.Final

Complete changelog

• #38262 - [3.2] Remove config overriding the parent config
• #38092 - Always set ssl and alpn for non-plain-text with Vert.x gRPC channel
• #38035 - Verify duplicated context handling when caching a Uni
• #37987 - Do not expand config properties for Gradle Workers
• #37975 - Fix Create the Maven project section in security-oidc-bearer-token-authentication-tutorial.adoc
• #37973 - create-app-extensions macro does not work in security-oidc-bearer-token-authentication-tutorial
• #37757 - Fixes stork path param resolution in REST Client
• #37713 - PathParam containing "/" character are not well encoded as "%2F" when using reactive rest client with Stork
• #37686 - Use standard URL when updating the website
• #37581 - Support using commas to add extensions with CLI
• #37564 - Invalid documentation for 'quarkus extension add'
• #37557 - Make docs/sync-web-site.sh recoverable
• #37536 - Fix != expression in @PreAuthorize check
• #37526 - Spring security annotatiton PreAuthorize process equals and not equals in the same way
• #37513 - Save pathParamValues encoded and perform decoding when requested
• #37453 - Fix Panache bytecode enhancement for @Embeddable records
• #37428 - Fix various minor issues in quarkus update
• #37318 - Use batch mode for update-version.sh
• #37317 - Avoid asking for GPG passphrase on CI
• #37300 - Prepare docs/sync-web-site.sh for automated releases
• #37273 - Environment variable is not read
• #37268 - Reactive REST Client: check for ClientRequestFilter when skipping @Provider auto-discovery
• #37248 - Add a test for the Duplicated Context handling in the CacheResultInterceptor
• #37244 - Always execute a JPA password action
• #37218 - Fix OpenTelemetry trace exclusion of endpoints served from the management interface
• #37206 - recognize quarkus.tls.trust-all property by keycloak-admin-client extension
• #37104 - Make analytics tests a bit more resilient
• #37068 - Updates infinispan client intelligence section
• #37036 - Use empty string in Sse event when there is no data
• #37035 - Register methods of RESTeasy reactive parameter containers for reflection
• #37033 - Sse difference in empty event between non-reactive and reactive output
• #37010 - Fix vale errors and some warnings in the OIDC Configuration Properties reference guide
• #37006 - Never register server specific providers in REST Client (fixed)
• #36986 - Native not index method with SSE and throw NoSuchMethodException
• #36885 - Handle generic types for ParamConverter in REST Client
• #36747 - NoSuchMethodException when reading @Embeddable record
• #36639 - RESTEasy Reactive does not call method ParamConverter#toString for collection elements
• #36166 - Fix tracing protocol configuration to only allow grpc
• #35960 - PathParam URL encoded in quarkus-resteasy-reactive since quarkus 3.2.x
• #31024 - Resteasy Reactive client tries to use ContainerResponseFilter

3.7.0

Complete changelog

• #28326 - Add RoutingContext to SecurityIdentity for mTLS authentication
• #35099 - Use a non-blocking handler for SmallRye Health Status
• #35390 - Keycloak Devservice should also provide configuration for admin client
• #36438 - Should security-web-authn guide and quickstart use Hibernate Reactive by default?
• #36441 - Unable to use dynamic named queries on hibernate-orm
• #36633 - JPA refresh with PESSIMISTIC_WRITE ignored for lazy loaded entity
• #36958 - Licensing mismatch
• #37265 - Support for de-activating a datasource at runtime (application startup)
• #37352 - Unblock SmallRye Health exposed routes
• #37457 - currentVertxRequest.getCurrent in a SecurityIdentityAugmentor became null since 3.2.9 with GraphQL
• #37753 - Javadoc edits for quarkus-oidc.adoc
• #37921 - quarkus dev broken for command mode arguments
• #37961 - Fix quarkus dev broken for command mode arguments
• #38058 - Fix command line arguments being squashed
• #38103 - Make sure we can do a GET with a CSRF token cookie and still obtain the token
• #38108 - Add runtime configuration property quarkus.datasource.active
• #38176 - Keycloak admin client combined with devservices
• #38238 - Improve locales IT
• #38240 - Make the route build item truly final
• #38247 - Incorrect web links Quarkus Hibernate Reactive Rest Data Panache
• #38249 - Fixed deprecation warnings caused by QuarkusPlugin
• #38251 - Using Qute asHtmlAttributes is escaping the quotes in the output
• #38254 - Document how Keycloak Admin Client and Dev Service can use the same port for testing
• #38255 - Qute: fix UserTagSectionHelper.Arguments.asHtmlAttributes()
• #38264 - transitive @Transactional binding not supported by io.quarkus.narayana.jta.runtime.interceptor.TransactionalInterceptorBase
• #38265 - Fixes incorrect rel=self web link
• #38266 - Make RoutingContext available during SecurityIdentity augmentation
• #38267 - Bump resteasy-microprofile.version from 2.1.4.Final to 2.1.5.Final
• #38270 - Bump org.mockito:mockito-core from 5.8.0 to 5.9.0
• #38277 - ArC: consolidate handling of transitive interceptor bindings
• #38278 - Skip test truststores creation with -Dquickly*
• #38280 - Qute asHtmlAttributes is including it as key="key" but should not
• #38282 - Apply more fixes the Locales IT
• #38283 - Upgrade to Hibernate ORM 6.4.2.Final
• #38286 - Bump Keycloak version to 23.0.4
• #38295 - Qute: improvements and fixes of UserTagSectionHelper.Arguments
• #38299 - Migrate Security WebAuth guide to Hibernate ORM
• #38304 - DevUI: Show source editor when config file is empty
• #38305 - Remove wrong LGPL headers within some classes of the Hibernate ORM extension
• #38307 - Upgrade to Mutiny 2.5.4
• #38311 - Bump io.smallrye.reactive:mutiny-bom from 2.5.3 to 2.5.4
• #38320 - Support image from local docker daemon for jib build base image
• #38324 - Support using tars and docker daemon as base image for Jib
• #38332 - Upgrade sshd from 2.10.0 to 2.12.0
• #38342 - Improve datasource tracing
• #38346 - Update dockerfiles and set api server url in kuberneters and docker integration tests
• #38350 - Empty duplicated context in OutgoingInterceptor with Quarkus 3.7.0.CR1
• #38353 - Upgrade to Mutiny 2.5.5
• #38355 - Bump Smallrye Reactive Messaging version from 4.15.0 to 4.16.0
• #38357 - Hibernate DDL is created twice
• #38358 - Hibernate DDL created twice

3.6.7

Complete changelog

• #38323 - Fix entity-manager retrieval in spring-data-jpa
• #38319 - spring-data-jpa repository save exception with multiple persistence units
• #38257 - Update qute-reference.adoc
• #38245 - Recommend quarkus.jib.jvm-additional-arguments rather than quarkus.jib.jvm-arguments in docs
• #38233 - Bump resteasy.version from 6.2.6.Final to 6.2.7.Final
• #38229 - Ensure the refreshed CSRF cookie retains the original value
• #38227 - Add dependency management for org.hibernate:hibernate-jpamodelgen
• #38225 - CSRF Token is refreshed on every request
• #38224 - Revert "Fixing Jaxb unmarshalling error with native compilation"
• #38220 - Bug fix: Correct broken links in 3.6 Bearer token authentication tutorial
• #37477 - Make hibernate-jpamodelgen easier to apply to Quarkus 3.7+ projects