Major changes
- #36504 - Allow authentication mechanism selection for a REST endpoint with annotation
- #37816 - Optional support for the OIDC session cookie dir encryption
- #39295 - Move package config to an interface
- #39415 - Extension for the Hibernate Search Standalone Pojo Mapper with Elasticsearch
- #39793 - Support for verifying OIDC JWT claims with custom Jose4j
Validator
- #39812 - Support resolving of static OIDC tenants based on token issuers
- #40056 - Add OIDC TokenCertificateValidator
Complete changelog
- #10267 - LDAP Security - Don't re-authenticate on every request
- #14851 - Quarkus keycloak authorization usability improvements.
- #26182 - Hibernate Search Standalone Pojo Mapper: Hibernate Search without Hibernate ORM / datasource
- #34664 - Provide a way to specify HttpAuthenticationMechanism per JAX-RS resource
- #35952 - Get management interface resolved port when quarkus.management.test-port set to 0
- #36504 - Allow authentication mechanism selection for a REST endpoint with annotation
- #37676 - Bump com.microsoft.azure.functions:azure-functions-java-library from 2.2.0 to 3.1.0
- #37700 - Bump com.amazonaws:aws-lambda-java-events from 3.11.3 to 3.11.4
- #37785 - Consider using direct JWE encryption of the OIDC session cookie
- #37816 - Optional support for the OIDC session cookie dir encryption
- #37875 - Restart and other hotkey in devui
- #38026 - Missing security requirement on operation level, declared
@RolesAllowed
in implementing class derived from a generated openapi java interface - #38373 - Webauthn improvements : docs, customisable cookies, virtual thread support
- #38535 - OIDC Tenant Resolution for
web-app
applications does not explain that the session cookie has a tenant id recorded - #38696 - OIDC Multitinancy by actual answer from teenant
- #38940 - Offer a way to block inside custom
SecurityContext.isUserInRole
with resteasy-reactive - #39011 - quarkus-redis-client tracing
- #39015 - Bump org.wiremock:wiremock-standalone from 3.4.1 to 3.4.2
- #39061 - RunOnVirtualThread should avoid using Netty FastThreadLocals
- #39104 - Use followOutput for lra-coordinator container
- #39156 - Add the ability to ask for devservices to use the shared network
- #39170 - Bump actions/upload-artifact and download-artifact to v4
- #39182 - WebSockets Next: detect incorrect path parameter usage
- #39269 - Simplify configuration based mapping of token roles to deployment-specific SecurityIdentity
- #39295 - Move package config to an interface
- #39322 - [Mandrel 23.0] hibernate-orm-panache-kotlin native integration tests fail with 23.0 build and 23.1.2 sdk.
- #39339 - Simplify configuration based mapping of token roles to deployment-specific SecurityIdentity
- #39348 - Remove message to avoid using
testNative
until proven it works - #39391 - AuthenticationSuccessEvent event is not created on successful authorization using FormAuthenticationMechanism
- #39395 - Invalid warnings about SQL Server version "0.0.0" on startup
- #39406 - Improve documentation for AMQP client options about setting a heartbeat
- #39407 - Fix update-version.sh script
- #39414 - Deploy relocations for snapshots
- #39415 - Extension for the Hibernate Search Standalone Pojo Mapper with Elasticsearch
- #39417 - OIDC
TenantConfigResolver
andTenantResolver
are called even if the tenant id is already resolved - #39424 - Bump org.asciidoctor:asciidoctorj from 2.5.11 to 2.5.12
- #39425 - Support for verifying OIDC JWT claims with custom Jose4j
Validator
- #39446 - WebSockets Next: add endpoints to the DevUI's 404 page
- #39456 - Bump com.google.errorprone:error_prone_annotations from 2.25.0 to 2.26.1
- #39457 - Quarkus OpenTelemetry Rest Client Span Name with Route (URL Path Template)
- #39459 - Add key listeners to the log in Dev UI
- #39462 - WebSockets Next: detect incorrect path parameter usage
- #39464 - WebSockets Next: add basic Dev UI
- #39465 - WebSockets Next: add convenient way to handle the subprotocol header
- #39469 - Easy way to add deployment methods in Dev UI
- #39473 - Upgrade to Jandex 3.1.7
- #39481 - Push project version to RESTEasy Reactive TCK
- #39483 - Add ApplicationArchive.getResolvedDependency()
- #39484 - WebSockets Next: add basic Dev UI
- #39486 - Improve OIDC named tenant-specific configuration exceptions and make sure userinfo/token verification is enforced for named tenants
- #39489 - Opentelemetry Redis Instrumentation
- #39490 - Updates to Schema programmatic API in Infinispan
- #39492 - Optimize OIDC tenant id resolution
- #39493 - Fire SecurityEvent on Form authentication login success
- #39499 - Bump com.unboundid:unboundid-ldapsdk from 6.0.11 to 7.0.0
- #39500 - Bump io.quarkus:quarkus-platform-bom-maven-plugin from 0.0.102 to 0.0.103
- #39507 - RestEasy Jackson test fails in certain time zones
- #39509 - Update Flyway to 10.10.0
- #39512 - Move Keycloak Authorization Enforcer Tenant config to runtime and improve usability with aggregated policy enforcer paths
- #39518 - Migrate Elytron Security extensions from config classes to
@ConfigMapping
- #39524 - Handle trailing/leading spaces in all relevant datasource configuration properties
- #39534 - Use URL path template when tracing REST clients where possible
- #39535 - Bump smallrye-config.version from 3.7.0 to 3.7.1
- #39537 - Bump org.apache.groovy:groovy from 4.0.19 to 4.0.20
- #39538 - Bump com.amazonaws:aws-xray-recorder-sdk-aws-sdk-v2 from 2.15.1 to 2.15.2
- #39539 - Bump com.google.guava:guava from 33.0.0-jre to 33.1.0-jre
- #39540 - Bump org.commonmark:commonmark from 0.21.0 to 0.22.0
- #39542 - WebSockets Next: attempt to diagnose BroadcastOnOpenTest
- #39551 - RestEasy Jackson test fails in certain time zones
- #39552 - Fix formatter-maven-plugin build cache misses
- #39553 - Consider enabling UserInfo cache by default for OAuth2 providers
- #39554 - Make VCS URI annotation configurable
- #39555 - Management HTTP and "main" HTTP servers can reuse the same server/port
- #39556 - Consider setting an internal ID token lifespan to the access token lifespan for OAuth2 providers
- #39567 - Bump org.mockito:mockito-core from 5.10.0 to 5.11.0
- #39573 - Small Dev UI documentation update
- #39585 - WebSockets Next: Dev UI - display endpoints on the 404 page
- #39588 - Enable usage of random port for the Management Interface
- #39596 - Flyway Sql server doesn't work in native after bump to 10.10
- #39597 - Fix Flyway SQL server in native after bump to 10.10
- #39601 - Guide on Reactive SQL incomplete
- #39602 - Clients do not receive error response in case of an exception when using default gRPC API with
@Blocking
or@RunOnVirtualThread
- #39603 - Migrate Keycloak Authorization config classes to the
@ConfigMapping
- #39607 - Bump com.gradle:quarkus-build-caching-extension from 0.10 to 0.12
- #39609 - Bump apicurio-registry.version from 2.5.9.Final to 2.5.10.Final
- #39611 - Update Dev UI Endpoints page to use new NotFoundHandler
- #39620 - Improvements to the Reactive SQL Clients guide
- #39624 - WebSockets Next: enable configuration of supported subprotocols
- #39629 - Bump org.awaitility:awaitility from 4.2.0 to 4.2.1
- #39646 - Enable Develocity Predictive Test Selection for Gradle plugin IT
- #39647 - Avoid running useless goals in subsequent CI builds
- #39648 - Revert EndUserSpanProcessor integration
- #39649 - Migrate the Security extension config classes to
@ConfigMapping
- #39650 - Migrate the Quarkus SmallRye JWT config classes to
@ConfigMapping
- #39665 - Add Elytron ldap cache
- #39669 - quarkus.native.enabled=false is not reflected when maven profile has native
- #39673 - Bump kubernetes-client-bom from 6.10.0 to 6.11.0
- #39676 - Ping Ladislav for Redis issues
- #39680 - Change to receive files outside the classpath in mongodb liquibase
- #39683 - Receive files outside the classpath in quarkus-liquibase-mongodb
- #39686 - Bump artemis.version from 2.32.0 to 2.33.0
- #39687 - Bump asm.version from 9.6 to 9.7
- #39704 - Fix usage of Netty pooled allocator with Virtual Threads
- #39714 - Allow native profile to be overridden
- #39720 - Receive files outside the classpath in quarkus-liquibase
- #39721 - Bump io.quarkus.develocity:quarkus-project-develocity-extension from 1.0.7 to 1.0.8
- #39722 - Bump elasticsearch-opensource-components.version from 8.12.2 to 8.13.0
- #39724 - Bump org.mvnpm.at.mvnpm:vaadin-webcomponents from 24.3.8 to 24.3.10
- #39726 - Fix Quarkus main integration/virtual-threads module compilation
- #39728 - Minimal maven version misalligned with quarkus/independent-projects
- #39732 - Use maven.min.version property in supported-maven-versions
- #39743 - Resolve quickstarts branch depending on target
- #39747 - Drop usage of
wrapForJDK8232879
- #39768 - Update to Mutiny 2.6.0 and Reactive Messaging 4.20.0
- #39771 - WebSockets Next: error handlers part 3
- #39779 - Using quarkus-smallrye-openapi, OpenApiHandler.getOpenApiDocumentService is null when quarkus.arc.strict-compatibility=true
- #39780 - Bump commons-io:commons-io from 2.15.1 to 2.16.0
- #39785 - Point to quickstart branch when deploying new versioned doc
- #39791 - Only enable PTS for pull requests targeting main
- #39793 - Support for verifying OIDC JWT claims with custom Jose4j
Validator
- #39795 - Bump org.wiremock:wiremock-standalone from 3.4.2 to 3.5.1
- #39802 - Make sure pathFilter is applied to workspace module content tree
- #39806 - Prefer single char String intrinsics over String one
- #39812 - Support resolving of static OIDC tenants based on token issuers
- #39813 - Improvement in search-path handling of quarkus-liquibase and quarkus-liquibase-mongodb
- #39816 - Improvement in liquibase and liquibase-mongodb search-path handling in ResourceAccessor
- #39817 - Bump org.wiremock:wiremock-standalone from 3.5.1 to 3.5.2
- #39818 - Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3.6.1
- #39824 - Replace wrong Vertx direct allocator with Netty one
- #39827 - SmallRye OpenAPI: add missing
@Inject
annotation - #39832 - Qute global values should probably be lazy
- #39837 - ArC: replace thread locals with fields in CreationalContextImpl
- #39842 - Bump com.gradle.enterprise from 3.16.2 to 3.17 in /devtools/gradle
- #39843 - Bump elasticsearch-opensource-components.version from 8.13.0 to 8.13.1
- #39844 - Bump jacoco.version from 0.8.11 to 0.8.12
- #39846 - Compilation error in WebSocketSessionContext with GraalVM SDK 22
- #39849 - OIDC automatic session cookie splitting is broken
- #39850 - Fix OIDC cookie related tenant id and chunk calculation issues
- #39852 - WebSockets Next: error handlers part 4
- #39855 - Make SessionContextState a static nested class
- #39858 - WebSockets Next: introduce OpenConnections
- #39860 - Upgrade sshd to 2.12.1
- #39863 - Make sure the scripts listing dependencies are locale independent
- #39865 - Include LICENSE in source jar
- #39867 - Small documentation enhancement/formating
- #39869 - Add LICENSE file to released jars
- #39870 - Bump com.google.cloud.tools:jib-core from 0.26.0 to 0.27.0
- #39874 - Update Liquibase to 4.27.0
- #39881 - Allow to customize OIDC token
x5c
certificate chain verification - #39882 - Quarkus Messaging Blocking Signatures execution mode fix for inner channels
- #39885 - Fix the recent OIDC tenancy doc refactoring error
- #39890 - Add (3.8 LTS) to SECURITY.md
- #39899 - Allow finer tuning of shared network usage by DevServices
- #39900 - Upgrade to Develocity API 1.21
- #39904 - Reorder Grpc server interceptors to apply exception handler correctly
- #39906 - Disable default RemoteCacheManager configuration with Dev Services in Infinispan
- #39912 - When multiple authentication mechanisms are available, http path permission is not working properly
- #39918 - Property to enable/disable default client in Infinispan Dev Services
- #39920 - Allow to inject JAX-RS ResourceInfo into custom HTTP Security Policy
- #39921 - Link doc validation error to doc guides
- #39932 - Add .mvn/.gradle-enterprise/ back to .gitignore
- #39933 - Use Maven batch mode when executing codestart tests
- #39937 - Handle 'area/netty' in Quarkus GitHub Bot
- #39943 - Kafka client: set default log level to warning for package org.apache.kafka.common.telemetry
- #39944 - Support configuring SyslogHandler max message length
- #39945 - Detect basic authentication is implicitly required when it can be safely determined and enable the basic auth by default for such scenarios
- #39948 - Avoid identity hashcode on the production runtime classloader
- #39949 - Fixing the tenant annotation check order in the OIDC renant resolver
- #39953 - Introduce Quarkus for the Web documentation
- #39958 - Add maxLength configuration option to SysLog
- #39959 - Qute: add global variables as computed data
- #39960 - MessageBundle naming issue
- #39963 - Add mvnpm support in webjar-locator
- #39967 - Keep OAuth2 user info in the encrypted session cookie by default
- #39973 - Allow dependabot to update SmallRye BeanBag
- #39975 - Bump com.gradle.develocity from 3.17 to 3.17.1 in /devtools/gradle
- #39978 - Hot Reloading conflicts with Maven Flatten Plugin
- #39980 - Auto security for OpenAPI when using Interface
- #39982 - Parameter to skip Maven goal executions before quarkus:dev, skipping flatten plugin by default
- #39985 - Remove unused import
- #39987 - Update OpenTelemetry exporter link
- #39988 - Context Propagation performance issue and init issue
- #39990 - Fix MessageBundle key/file name resolver algorithm
- #39992 - () breaks title in devui
- #39995 - Go back to raw Maven read/write for bootstrap
- #39996 - REST Client
@RestForm
does not convert forList<T>
- #39997 - Make REST Assured version available in the build
- #40002 - Fix url encoding issue for Dev UI Page with unusual chars
- #40011 - Support using List for sending multiple form values in REST Client
- #40012 - Upgrade to SmallRye Fault Tolerance 6.3.0
- #40014 - Introduce encoding config option for static resources
- #40017 - Introduce
TemplateInstance#setLocale
andTemplateInstance#setVariant
- #40018 - Fix various IT modules and add them to the CI matrices
- #40019 - Changing Accept Header in PreMatching filter isn't considered by MessageBodyWriter
- #40022 - Take MediaType set in pre-match filter into account during serialization
- #40025 - Use OAuth2 access token expiry time to set an internal ID token age
- #40026 - Fix LICENSE reference in ci-actions-incremental.yml
- #40028 - Collect only runtime static resources for native builds
- #40037 - Import DB data from data.sql when using quarkus-spring-data-jpa extension
- #40038 - Updates to Infinispan 15.0.1.Final
- #40039 - Support data.sql in Spring Data JPA module
- #40040 - Qute: do not register TemplateInstance as non-blocking type by default
- #40046 - Mention data.sql in Spring Data JPA docs
- #40049 - Fix the preview.yml workflow
- #40050 - Add topics to validation.adoc to test the preview
- #40051 - Clarify REST Client multipart support
- #40052 - Support FileUpload in REST Client for MultiPart requests
- #40053 - Fix collapsing in config reference
- #40056 - Add OIDC TokenCertificateValidator
- #40063 - Fix typo in cassandra.adoc
- #40067 - Qute: fix NativeImageResourceBuildItem registration on Windows
- #40068 - Introduce markers for static and runtime init recorder methods
- #40073 - Explain how logging can be configured in the smallrye-graphql-client guide
- #40088 - Correct asciidoc syntax error
- #40093 - Remove useless section in REST Client doc
- #40094 - Support
FileUpload
as multipart type in REST Client