3.8.0.CR1

Complete changelog

3.7.3

Complete changelog

• #36341 - The API method KafkaStreams#cleanUp() is not applicable when use @Produces to build the topology
• #37091 - Fix VertxGrpcExporter reponse status handling
• #37911 - Store since JavaDoc tag in the configuration metadata, so that Quarkiverse projects can render it in their documentation if they like
• #38055 - Make annotation app.quarkus.io/vcs-uri optional in Kubernetes extension
• #38079 - Make OidcTestSecurityIdentityAugmentor faster by making privateKey's generation final and static
• #38196 - Use Vert.x pool with Jackson
• #38477 - Add disabled workflow to deploy snapshots in Quarkiverse extensions
• #38489 - OIDC authentication.extra-params not added to dev-services auth request
• #38602 - QuarkusComponentTest: @TestConfigProperties not applicable to method (override multiple config properties)
• #38607 - Gradle: fix IllegalStateException when resolving project deps
• #38613 - RabbitMQ Health Checks cannot be disabled from 3.7+
• #38615 - Updates to Infinispan 14.0.24.Final
• #38619 - Pass extra authentication params in the OIDC DevUI code flow redirect URL
• #38626 - Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2
• #38650 - UI doesn't work correct with umlauts
• #38653 - Enforce Dev UI charset to UTF-8
• #38655 - Allow for multiple TestConfigProperty annotations on methods
• #38656 - Upgrade the Mutiny Vert.x bindings to 3.9.0
• #38658 - Configure a REST Client ClientLogger vía CDI
• #38662 - Bump io.smallrye.config:smallrye-config-source-yaml from 3.5.2 to 3.5.4 in /devtools/gradle
• #38663 - ContainerRequestContext.getUriInfo().getMatchedURIs() IndexOutOfBoundsException
• #38664 - Bump Smallrye RM from 4.16.0 to 4.16.1
• #38670 - Make ClientLogger beans unremovable
• #38671 - Redis Client: improve documentation for sentinel and cluster
• #38672 - Remove WATCH Command in absence of Optimistic Locking
• #38673 - Fix OidcRequestFiler typo in security docs
• #38674 - Improve flaky test
• #38675 - Correct example generated yaml in extension metadata docs
• #38676 - OpenAPI does not fill roles in SecurityScheme in schema
• #38680 - Log how Keycloak devservice maps resources
• #38681 - Upgrade to Hibernate ORM 6.4.4.Final / bytebuddy 1.14.11
• #38686 - Make GraphQL Metrics End when Exceptional
• #38692 - Bump com.gradle:gradle-enterprise-maven-extension from 1.20 to 1.20.1
• #38693 - Bump commons-codec:commons-codec from 1.16.0 to 1.16.1
• #38694 - OpenAPI: remove check that avoids running auto-security at build
• #38703 - RESTEasy Reactive Multipart struggles with non-file binary uploads
• #38705 - Kafka Streams fire event after created and before scheduling the start
• #38706 - Elasticsearch container reuse creates a new container on each run
• #38709 - Don't provide empty paths when using a root prefix
• #38710 - Avoid Vert.x GraphQL deprecation warning
• #38712 - Bump Smallrye RM from 4.16.1 to 4.16.2
• #38713 - Only configure shared network for Elasticsearch/OpenSearch containers where necessary
• #38714 - Don't assume that multipart part without filename is always text
• #38728 - Encode Kafka messages with UTF8
• #38730 - Accept-Header in hibernate validator's ResteasyReactiveLocaleResolver is resolved case-sensitive
• #38732 - Quarkus should still allow to create project with Java 11 (for older streams and other platforms)
• #38733 - Allow Java 11 as LTS for older streams and other platforms
• #38738 - Make accept header check in validation case insensitive
• #38748 - Sanitize app.dekorate.io/vcs-url kubernetes annotation
• #38755 - Log when a RestEasy Reactive client close method is called
• #38756 - Bump Keycloak version to 23.0.6
• #38760 - Set COMPILE_ONLY flag on relevant dependencies that appear on DEPLOYMENT_CP and RUNTIME_CP

3.7.2

Complete changelog

• #37807 - SSL requests hang when returning a CompletableFuture
• #38101 - smallrye-openapi property oidc-open-id-connect-url might not be fixed at build time
• #38231 - OpenAPI: Always run OpenIDConnectSecurityFilter at runtime
• #38310 - Add note about the two quarkus-extension files
• #38394 - quarkus-cache: "keyGenerator" destroyed, even if it is annotated with "Singleton"
• #38397 - Use actions/setup-java GPG key feature
• #38411 - Cache: only dependent CacheKeyGenerator beans are destroyed after use
• #38422 - nested configurations in extension: sub-property is seen as nested entity.
• #38431 - quarkus.oidc-token-propagation-reactive.enabled-during-authentication does not work correctly in the code flow
• #38442 - Make sure the code flow access token is propagated during the authentication
• #38444 - Fix request hanging condition
• #38451 - Remove workaround for HHH-17683 in Panache
• #38479 - Stricter and false positive env variables validation after upgrade to 3.7.0
• #38483 - Add a tool to check cross references
• #38488 - Update to Vert.x 4.5.2
• #38495 - Add org.graalvm.regex:regex to runnerParentFirstArtifacts
• #38499 - Alpn property not work in rest client reactive
• #38500 - Make quarkus.rest-client.alpn work in programmatically created client
• #38506 - lombok warning when building with 3.7.1
• #38514 - Alpn property not work for single rest client reactive
• #38516 - Add missing alpn config key handling from named config
• #38521 - Panache sorting no longer works for embedded fields in Quarkus 3.7.1
• #38525 - Fix typo in RedisClientConfig JavaDoc
• #38527 - Revert "Escape column names with backticks in order by clause of hql query"
• #38543 - LinksProcessor ID field error for native class HalCollectionWrapper
• #38545 - Enhance Adding extension section in cli-tooling documentation page
• #38546 - Add globbing pattern to cli-tooling.adoc
• #38548 - Bump smallrye-open-api from 3.8.0 to 3.9.0
• #38549 - Upgrade actions/setup-java to v4
• #38550 - Upgrade checkout and java-setup actions to version v4
• #38558 - Upgrade to Hibernate ORM 6.4.3.Final
• #38580 - Make the Forwarded Parser syntax parsing case-insensitive
• #38582 - Config property expects to have hyphen before digit
• #38596 - Add missing entry in BOM for Hibernate Search outbox-polling relocation
• #38597 - LinksProcessor ID field error for native class HalCollectionWrapper
• #38605 - ArC: RequestContext - implement the activity check consistently
• #38606 - Activating DEBUG for io.quarkus.oidc results in FORMAT_FAILURE
• #38610 - Update SmallRye Config to 3.5.4
• #38611 - Redis Client: add support for new configuration options
• #38612 - Fix the OIDC debug message format bug
• #38616 - AppCDS containerized generation runs with UID 1000 which can clash with an existing user with UID 1000 on the host
• #38620 - Set quarkus-oidc-token-propagation-reactive status to stable
• #38633 - Move Dev UI locking back to Quarkus BOM
• #38636 - Update Vert.x to version 4.5.3
• #38638 - Update activemq-artemis-broker container to 1.0.25
• #38644 - Fix AppCDS generation when using podman
• #38648 - More documentation adjustments for new downstream tooling
• #38649 - Use [[anchor]] format consistently

3.7.1

Complete changelog

• #37532 - Warning that annotation processing is enabled when using JDK 21 in DEV mode and Java files change
• #38018 - Openshift extension fails to pull images, it creates, when quarkus.container-image.group property is used
• #38263 - Hibernate Reactive with Oracle after bump to 2.2.1 throws casting exception - cannot cast DeleteOrUpsertOperation to OptionalTableUpdate
• #38326 - Cross-Site Request Forgery (CSRF) prevents JSON-Bodies to be deserialized
• #38356 - Quartz extension issue with parameters batchTriggerAcquisitionMaxCount and batchTriggerAcquisitionFireAheadTimeWindow
• #38364 - extension-maven-plugin does not support reproducible builds
• #38365 - Make sure extension metadata properties are not including timestamps
• #38367 - Bump Hibernate Reactive from 2.2.1.Final to 2.2.2.Final
• #38372 - Use UpdateDependencyVersionOperation first to update Quarkus version
• #38375 - Make it easier to get the default OIDC metadata
• #38378 - JPA meta model generation fails in 3.7.0.CR1
• #38396 - Update Gradle Maven extensions
• #38406 - Don't assume module that has child modules is the parent of those modules
• #38407 - Bump io.smallrye.reactive:mutiny from 2.5.1 to 2.5.5
• #38409 - Use simpler collection creation idioms in code example
• #38410 - Make sure that @WithFormRead doesn't break body handling
• #38417 - Bump com.gradle.enterprise from 3.16.1 to 3.16.2 in /devtools/gradle
• #38418 - Bump testcontainers.version from 1.19.3 to 1.19.4
• #38420 - Timestamps in jdp files prevent reproducible extension builds
• #38421 - Store ConfigItem Javadocs in jdp files without timestamps
• #38427 - Fix static JPA metamodel generated for Panache classes
• #38428 - Add resolve names annotation to OpenShift Deploymnets
• #38429 - Replace {project-name} attribute in document title for downstream
• #38430 - Avoid dots in config doc ids as it's causing issues for downstream
• #38432 - Bump org.jboss.resteasy.spring:resteasy-spring-web from 3.1.0.Final to 3.1.1.Final
• #38441 - Upgrade to Mutiny 2.5.6
• #38445 - Wrong logging of SpringCloudConfig server URL when using labels
• #38446 - Append label instead of replacing whole Spring Cloud config URI
• #38459 - Fix quarkus.hibernate-search-orm.elasticsearch.version-check.enabled not appearing in docs
• #38465 - RestEasy Reactive sends SameSite cookie param with wrong case
• #38466 - Use proper case for SameSite cookie
• #38467 - MySQL Connector 8.3
• #38468 - Ignore annotation process warning when restarting dev mode
• #38470 - Scheduler: fix usage of some Quartz int config properties
• #38480 - Allow custom OIDC client filters to force a new token acquisition

3.6.9

Complete changelog

• #38460 - [3.6] Exception introduced by recent CVE fixes

3.6.8

Complete changelog

• #38370 - Include RowSet properties file in native image
• #38369 - Ensure that response body of unsuccessful SSE request can be read
• #38362 - Register JDBC RowSet required bundle
• #38347 - Bump to Netty 4.1.106.Final
• #38325 - SSE RESTEasy Reactive if an error occurs, cannot retrieve the body

3.2.10.Final

Complete changelog

• #38262 - [3.2] Remove config overriding the parent config
• #38092 - Always set ssl and alpn for non-plain-text with Vert.x gRPC channel
• #38035 - Verify duplicated context handling when caching a Uni
• #37987 - Do not expand config properties for Gradle Workers
• #37975 - Fix Create the Maven project section in security-oidc-bearer-token-authentication-tutorial.adoc
• #37973 - create-app-extensions macro does not work in security-oidc-bearer-token-authentication-tutorial
• #37757 - Fixes stork path param resolution in REST Client
• #37713 - PathParam containing "/" character are not well encoded as "%2F" when using reactive rest client with Stork
• #37686 - Use standard URL when updating the website
• #37581 - Support using commas to add extensions with CLI
• #37564 - Invalid documentation for 'quarkus extension add'
• #37557 - Make docs/sync-web-site.sh recoverable
• #37536 - Fix != expression in @PreAuthorize check
• #37526 - Spring security annotatiton PreAuthorize process equals and not equals in the same way
• #37513 - Save pathParamValues encoded and perform decoding when requested
• #37453 - Fix Panache bytecode enhancement for @Embeddable records
• #37428 - Fix various minor issues in quarkus update
• #37318 - Use batch mode for update-version.sh
• #37317 - Avoid asking for GPG passphrase on CI
• #37300 - Prepare docs/sync-web-site.sh for automated releases
• #37273 - Environment variable is not read
• #37268 - Reactive REST Client: check for ClientRequestFilter when skipping @Provider auto-discovery
• #37248 - Add a test for the Duplicated Context handling in the CacheResultInterceptor
• #37244 - Always execute a JPA password action
• #37218 - Fix OpenTelemetry trace exclusion of endpoints served from the management interface
• #37206 - recognize quarkus.tls.trust-all property by keycloak-admin-client extension
• #37104 - Make analytics tests a bit more resilient
• #37068 - Updates infinispan client intelligence section
• #37036 - Use empty string in Sse event when there is no data
• #37035 - Register methods of RESTeasy reactive parameter containers for reflection
• #37033 - Sse difference in empty event between non-reactive and reactive output
• #37010 - Fix vale errors and some warnings in the OIDC Configuration Properties reference guide
• #37006 - Never register server specific providers in REST Client (fixed)
• #36986 - Native not index method with SSE and throw NoSuchMethodException
• #36885 - Handle generic types for ParamConverter in REST Client
• #36747 - NoSuchMethodException when reading @Embeddable record
• #36639 - RESTEasy Reactive does not call method ParamConverter#toString for collection elements
• #36166 - Fix tracing protocol configuration to only allow grpc
• #35960 - PathParam URL encoded in quarkus-resteasy-reactive since quarkus 3.2.x
• #31024 - Resteasy Reactive client tries to use ContainerResponseFilter

3.7.0

Complete changelog

• #28326 - Add RoutingContext to SecurityIdentity for mTLS authentication
• #35099 - Use a non-blocking handler for SmallRye Health Status
• #35390 - Keycloak Devservice should also provide configuration for admin client
• #36438 - Should security-web-authn guide and quickstart use Hibernate Reactive by default?
• #36441 - Unable to use dynamic named queries on hibernate-orm
• #36633 - JPA refresh with PESSIMISTIC_WRITE ignored for lazy loaded entity
• #36958 - Licensing mismatch
• #37265 - Support for de-activating a datasource at runtime (application startup)
• #37352 - Unblock SmallRye Health exposed routes
• #37457 - currentVertxRequest.getCurrent in a SecurityIdentityAugmentor became null since 3.2.9 with GraphQL
• #37753 - Javadoc edits for quarkus-oidc.adoc
• #37921 - quarkus dev broken for command mode arguments
• #37961 - Fix quarkus dev broken for command mode arguments
• #38058 - Fix command line arguments being squashed
• #38103 - Make sure we can do a GET with a CSRF token cookie and still obtain the token
• #38108 - Add runtime configuration property quarkus.datasource.active
• #38176 - Keycloak admin client combined with devservices
• #38238 - Improve locales IT
• #38240 - Make the route build item truly final
• #38247 - Incorrect web links Quarkus Hibernate Reactive Rest Data Panache
• #38249 - Fixed deprecation warnings caused by QuarkusPlugin
• #38251 - Using Qute asHtmlAttributes is escaping the quotes in the output
• #38254 - Document how Keycloak Admin Client and Dev Service can use the same port for testing
• #38255 - Qute: fix UserTagSectionHelper.Arguments.asHtmlAttributes()
• #38264 - transitive @Transactional binding not supported by io.quarkus.narayana.jta.runtime.interceptor.TransactionalInterceptorBase
• #38265 - Fixes incorrect rel=self web link
• #38266 - Make RoutingContext available during SecurityIdentity augmentation
• #38267 - Bump resteasy-microprofile.version from 2.1.4.Final to 2.1.5.Final
• #38270 - Bump org.mockito:mockito-core from 5.8.0 to 5.9.0
• #38277 - ArC: consolidate handling of transitive interceptor bindings
• #38278 - Skip test truststores creation with -Dquickly*
• #38280 - Qute asHtmlAttributes is including it as key="key" but should not
• #38282 - Apply more fixes the Locales IT
• #38283 - Upgrade to Hibernate ORM 6.4.2.Final
• #38286 - Bump Keycloak version to 23.0.4
• #38295 - Qute: improvements and fixes of UserTagSectionHelper.Arguments
• #38299 - Migrate Security WebAuth guide to Hibernate ORM
• #38304 - DevUI: Show source editor when config file is empty
• #38305 - Remove wrong LGPL headers within some classes of the Hibernate ORM extension
• #38307 - Upgrade to Mutiny 2.5.4
• #38311 - Bump io.smallrye.reactive:mutiny-bom from 2.5.3 to 2.5.4
• #38320 - Support image from local docker daemon for jib build base image
• #38324 - Support using tars and docker daemon as base image for Jib
• #38332 - Upgrade sshd from 2.10.0 to 2.12.0
• #38342 - Improve datasource tracing
• #38346 - Update dockerfiles and set api server url in kuberneters and docker integration tests
• #38350 - Empty duplicated context in OutgoingInterceptor with Quarkus 3.7.0.CR1
• #38353 - Upgrade to Mutiny 2.5.5
• #38355 - Bump Smallrye Reactive Messaging version from 4.15.0 to 4.16.0
• #38357 - Hibernate DDL is created twice
• #38358 - Hibernate DDL created twice

3.6.7

Complete changelog

• #38323 - Fix entity-manager retrieval in spring-data-jpa
• #38319 - spring-data-jpa repository save exception with multiple persistence units
• #38257 - Update qute-reference.adoc
• #38245 - Recommend quarkus.jib.jvm-additional-arguments rather than quarkus.jib.jvm-arguments in docs
• #38233 - Bump resteasy.version from 6.2.6.Final to 6.2.7.Final
• #38229 - Ensure the refreshed CSRF cookie retains the original value
• #38227 - Add dependency management for org.hibernate:hibernate-jpamodelgen
• #38225 - CSRF Token is refreshed on every request
• #38224 - Revert "Fixing Jaxb unmarshalling error with native compilation"
• #38220 - Bug fix: Correct broken links in 3.6 Bearer token authentication tutorial
• #37477 - Make hibernate-jpamodelgen easier to apply to Quarkus 3.7+ projects

3.7.0.CR1

Major changes

• #38066 - Drop Okhttp/Okio from BOM
• #38029 - Allow applications using quakus-info to contribute data to the /info using CDI
• #37891 - Split OIDC session cookie if its size is more than 4KB
• #37794 - Update SmallRye Config to 3.5.1
• #37730 - Introduce LinkedIn OIDC provider
• #37472 - Provide a way to observe security events
• #37269 - Support certificate role mappings
• #37152 - Support token verification with the inlined certificate chain
• #36978 - Upgrade to Hibernate ORM 6.4, Hibernate Search 7.0, Hibernate Reactive 2.2
• #36945 - Support Micrometer @MeterTag
• #35065 - Add Hibernate Search management endpoint

Complete changelog

• #38233 - Bump resteasy.version from 6.2.6.Final to 6.2.7.Final
• #38232 - Bump wildfly-elytron.version from 2.2.2.Final to 2.2.3.Final
• #38229 - Ensure the refreshed CSRF cookie retains the original value
• #38227 - Add dependency management for org.hibernate:hibernate-jpamodelgen
• #38225 - CSRF Token is refreshed on every request
• #38224 - Revert "Fixing Jaxb unmarshalling error with native compilation"
• #38218 - Make subject configurable in OidcWiremockTestResource
• #38214 - Introduce a way to ignore mixing REST stacks errors
• #38213 - AWS Lambda Rest: split the amazon-lambda-rest integration module
• #38211 - Add trustAll to QuarkusRestClientBuilder
• #38209 - Bump com.github.javaparser:javaparser-core from 3.25.6 to 3.25.8
• #38208 - Bump io.smallrye.reactive:smallrye-mutiny-vertx-core from 3.7.2 to 3.8.0
• #38207 - Bump elasticsearch-opensource-components.version from 8.11.3 to 8.11.4
• #38206 - Add configurations for base image layer and application layer cache in Jib build
• #38201 - Update Maven Surefire plugin to 3.2.5
• #38195 - Fix Arc request context state restoration on Vert.x duplicated context which allows to support security events in gRPC
• #38193 - Infinispan Client, tests skip if test-containers is not set
• #38192 - Remove leading and trailing space from k8s labels
• #38190 - Rename RESTEasy Classic client extensions to resteasy-client
• #38188 - ADR for removal of reactive when reactive is not a requirement
• #38185 - Make sure quarkus.http.filter headers don't remove existing headers
• #38175 - Resouce name with whitespaces
• #38168 - Bump io.micrometer:micrometer-bom from 1.12.1 to 1.12.2
• #38167 - Bump org.jetbrains.kotlin:kotlin-scripting-compiler-embeddable from 1.6.0 to 1.9.22
• #38165 - Use smallrye-reactive-messaging-bom
• #38162 - Bump Hibernate ORM to 6.4.1.Final and Hibernate Reactive to 2.2.1.Final
• #38161 - Add metrics when the connections limit is set
• #38159 - Investigate request context activation/deactivation in grpc interceptor
• #38155 - Using http filter config is disabling CORS options
• #38153 - SmallRye GraphQL 2.7.0
• #38149 - Bump io.smallrye.config:smallrye-config-source-yaml from 3.4.4 to 3.5.2 in /devtools/gradle
• #38148 - Support Liberica NIK GraalVM version parsing
• #38145 - Use RestEasy Reactive instead of classic in the extension's IT
• #38143 - New Route SPI not requiring Vert.x HTTP
• #38136 - Introduce option to create uncompressed jars
• #38134 - Bump version.cdi-tck from 4.0.12 to 4.0.13
• #38131 - Use headers set in PreMatching filter during media type negotiation
• #38130 - Changing Accept Header in PreMatching filter doesn't affect routing
• #38128 - Allow for creation of non-compressed jars
• #38126 - Bump kubernetes-client-bom from 6.9.2 to 6.10.0
• #38121 - ArC: introduce quarkus.arc.optimize-contexts=auto
• #38117 - Keep static instance field and delete unused field in substitution
• #38116 - Support ManyToOne queries in Panache REST resource
• #38113 - Bump org.assertj:assertj-core from 3.24.2 to 3.25.1
• #38110 - Bump org.apache.logging.log4j:log4j-api from 2.22.0 to 2.22.1
• #38107 - Arc - Decide whether req. context is active based on validity of its ContextState
• #38106 - Fix swallowed failures in Reactive SQL Client tests
• #38104 - Bump smallrye-reactive-messaging.version from 4.14.0 to 4.15.0
• #38100 - JDK-8316304 in JDK 21 introduced a new field accessed through JNI
• #38091 - Support Java Records in bytecode recorders
• #38089 - OpenTelemetry: fine-grained instrumentation enablement
• #38087 - Fix NPE and otel quickstart test
• #38084 - NPE when disabling OpenTelemetry
• #38081 - Add quarkus version annotation to kubernetes resources
• #38075 - Docs: Add documentation for ClientMultipartForm class introduced in for creating custom Multipart for Rest-Client-Reactive.
• #38072 - Bump apicurio-registry.version from 2.5.7.Final to 2.5.8.Final
• #38068 - Bump dekorate to 4.1.2
• #38067 - gRPC client over TLS not working
• #38066 - Drop Okhttp/Okio from BOM
• #38065 - ArC: deprecate ArcInitConfig.Builder.setOptimizeContexts()
• #38064 - Add custom Kotlin serializers for ValidationReport and Violation
• #38063 - Do not wait for daemon threads when building docs
• #38059 - Fix Reactive Messaging Extension multiple different Emitter injections check
• #38056 - Bump OTel to 1.32.0
• #38054 - Kafka fails with mutiple emitters on same channel
• #38048 - Docs: Final edits, Style enhancements, Vale checks
• #38034 - Update to Vertx 4.5.1
• #38031 - Expose an API for programmatically creating multipart requests in reactive REST Client
• #38029 - Allow applications using quakus-info to contribute data to the /info using CDI
• #38027 - Update SmallRye Config to 3.5.2
• #38025 - Add priority to OpenApiFilter to specify order of execution for multiple OASFilters
• #38024 - Docs: Final edits, Style enhancements, Vale checks
• [#38023](http...