Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make annotation app.quarkus.io/vcs-uri optional in Kubernetes extension #38055

Closed
antoniomacri opened this issue Jan 5, 2024 · 34 comments · Fixed by #38748 or #39554
Closed

Make annotation app.quarkus.io/vcs-uri optional in Kubernetes extension #38055

antoniomacri opened this issue Jan 5, 2024 · 34 comments · Fixed by #38748 or #39554
Labels
Milestone

Comments

@antoniomacri
Copy link

Description

The Kubernetes extension adds the annotation app.quarkus.io/vcs-uri to the generated deployment.

However, in our case it is integrated in our GitLab CI pipelines, so when the repository is cloned the GL user and token are specified in the URL and as a consequence the token is written as part of the annotation:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    app.quarkus.io/vcs-uri: https://gitlab-ci-token:<token>@gitlab.onprem.com/project.git
...

It should be possible to opt-out for this annotation.

Implementation ideas

No response

@antoniomacri antoniomacri added the kind/enhancement New feature or request label Jan 5, 2024
@quarkus-bot
Copy link

quarkus-bot bot commented Jan 5, 2024

/cc @geoand (kubernetes), @iocanel (kubernetes)

@geoand
Copy link
Contributor

geoand commented Jan 8, 2024

Sounds reasonable to me @iocanel

@crumohr
Copy link
Contributor

crumohr commented Jan 15, 2024

Would it be possible to consider just omitting the token from the URL format in the configuration?

Like https://{omit_including_at@}gitlab.onprem.com/project.git.

This change would help in preventing the accidental exposure of sensitive credentials in our Argo CD repository.

@crumohr
Copy link
Contributor

crumohr commented Jan 26, 2024

As a workaround, you can use Kustomize to remove this annotation. Here's how we do it:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - kubernetes.yml

patches:
  - target:
      kind: .*
    patch: |-
      - op: add
        path: "/metadata/annotations/app.quarkus.io~1vcs-uri"
        value: "dummy"
      - op: remove
        path: "/metadata/annotations/app.quarkus.io~1vcs-uri"   

This approach first adds a dummy value to ensure the annotation exists on all resources, then removes it.

@jcechace
Copy link

Is there any progress on this?

The problem with this annotation is that it also seems to be hardcoded to take the origin from git metadata. Which is problematic in certain cases, when "origin" and the the public address wi wish to communicate differ. At least one of the following needs to happen:

  1. Have an opt-out
  2. Have a possibility to set override the value
  3. Use maven VCS configuration

@crumohr That is quite an invasive workaround. Especially since it needs deployment side patching for something produced during build time.

@geoand
Copy link
Contributor

geoand commented Feb 13, 2024

I'll take a look

@geoand
Copy link
Contributor

geoand commented Feb 13, 2024

#38748 turns the annotation into:

app.quarkus.io/vcs-uri: https://gitlab.onprem.com/project.git

geoand added a commit that referenced this issue Feb 13, 2024
Sanitize app.dekorate.io/vcs-url kubernetes annotation
@quarkus-bot quarkus-bot bot added this to the 3.9 - main milestone Feb 13, 2024
@gsmet gsmet modified the milestones: 3.9 - main, 3.7.3 Feb 13, 2024
gsmet pushed a commit to gsmet/quarkus that referenced this issue Feb 13, 2024
@crumohr
Copy link
Contributor

crumohr commented Feb 16, 2024

@crumohr That is quite an invasive workaround. Especially since it needs deployment side patching for something produced during build time.

I completely agree. I was just sharing this to help till the underlying issue was tackled.

@gsmet
Copy link
Member

gsmet commented Feb 16, 2024

FWIW, this is part of 3.7.3 released on Wednesday.

@jcechace
Copy link

#38748 turns the annotation into:

app.quarkus.io/vcs-uri: https://gitlab.onprem.com/project.git

This solves only the obvious security issue. In our case we often build from a fork (or have team member manually update certain generated descriptors), which leads to the annotation referencing the fork URL instead of upstream (from which the actual app sources are always build).

@gsmet gsmet reopened this Feb 19, 2024
@gsmet
Copy link
Member

gsmet commented Feb 19, 2024

Agreed, it could probably be made optional or configurable. Contributions welcome.

benkard pushed a commit to benkard/quarkus-googlecloud-jsonlogging that referenced this issue Feb 21, 2024
…s-googlecloud-jsonlogging!21)

This MR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [io.quarkus:quarkus-extension-processor](https://github.com/quarkusio/quarkus) |  | minor | `3.7.2` -> `3.8.0` |
| [io.quarkus:quarkus-extension-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.7.2` -> `3.8.0` |
| [io.quarkus:quarkus-bom](https://github.com/quarkusio/quarkus) | import | minor | `3.7.2` -> `3.8.0` |
| [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.7.2` -> `3.8.0` |

---

### Release Notes

<details>
<summary>quarkusio/quarkus</summary>

### [`v3.8.0`](quarkusio/quarkus@3.7.4...3.8.0)

[Compare Source](quarkusio/quarkus@3.7.4...3.8.0)

### [`v3.7.4`](quarkusio/quarkus@3.7.3...3.7.4)

[Compare Source](quarkusio/quarkus@3.7.3...3.7.4)

### [`v3.7.3`](https://github.com/quarkusio/quarkus/releases/tag/3.7.3)

[Compare Source](quarkusio/quarkus@3.7.2...3.7.3)

##### Complete changelog

-   [#&#8203;36341](quarkusio/quarkus#36341) - The API method KafkaStreams#cleanUp() is not applicable when use `@Produces` to build the topology
-   [#&#8203;37091](quarkusio/quarkus#37091) - Fix VertxGrpcExporter reponse status handling
-   [#&#8203;37911](quarkusio/quarkus#37911) - Store since JavaDoc tag in the configuration metadata, so that Quarkiverse projects can render it in their documentation if they like
-   [#&#8203;38055](quarkusio/quarkus#38055) - Make annotation app.quarkus.io/vcs-uri optional in Kubernetes extension
-   [#&#8203;38079](quarkusio/quarkus#38079) - Make OidcTestSecurityIdentityAugmentor faster by making privateKey's generation final and static
-   [#&#8203;38196](quarkusio/quarkus#38196) - Use Vert.x pool with Jackson
-   [#&#8203;38477](quarkusio/quarkus#38477) - Add disabled workflow to deploy snapshots in Quarkiverse extensions
-   [#&#8203;38489](quarkusio/quarkus#38489) - OIDC authentication.extra-params not added to dev-services auth request
-   [#&#8203;38602](quarkusio/quarkus#38602) - QuarkusComponentTest: `@TestConfigProperties` not applicable to method (override multiple config properties)
-   [#&#8203;38607](quarkusio/quarkus#38607) - Gradle: fix IllegalStateException when resolving project deps
-   [#&#8203;38613](quarkusio/quarkus#38613) - RabbitMQ Health Checks cannot be disabled from 3.7+
-   [#&#8203;38615](quarkusio/quarkus#38615) - Updates to Infinispan 14.0.24.Final
-   [#&#8203;38619](quarkusio/quarkus#38619) - Pass extra authentication params in the OIDC DevUI code flow redirect URL
-   [#&#8203;38626](quarkusio/quarkus#38626) - Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2
-   [#&#8203;38650](quarkusio/quarkus#38650) - UI doesn't work correct with umlauts
-   [#&#8203;38653](quarkusio/quarkus#38653) - Enforce Dev UI charset to UTF-8
-   [#&#8203;38655](quarkusio/quarkus#38655) - Allow for multiple TestConfigProperty annotations on methods
-   [#&#8203;38656](quarkusio/quarkus#38656) - Upgrade the Mutiny Vert.x bindings to 3.9.0
-   [#&#8203;38658](quarkusio/quarkus#38658) - Configure a REST Client ClientLogger vía CDI
-   [#&#8203;38662](quarkusio/quarkus#38662) - Bump io.smallrye.config:smallrye-config-source-yaml from 3.5.2 to 3.5.4 in /devtools/gradle
-   [#&#8203;38663](quarkusio/quarkus#38663) - ContainerRequestContext.getUriInfo().getMatchedURIs() IndexOutOfBoundsException
-   [#&#8203;38664](quarkusio/quarkus#38664) - Bump Smallrye RM from 4.16.0 to 4.16.1
-   [#&#8203;38670](quarkusio/quarkus#38670) - Make ClientLogger beans unremovable
-   [#&#8203;38671](quarkusio/quarkus#38671) - Redis Client: improve documentation for sentinel and cluster
-   [#&#8203;38672](quarkusio/quarkus#38672) - Remove WATCH Command in absence of Optimistic Locking
-   [#&#8203;38673](quarkusio/quarkus#38673) - Fix OidcRequestFiler typo in security docs
-   [#&#8203;38674](quarkusio/quarkus#38674) - Improve flaky test
-   [#&#8203;38675](quarkusio/quarkus#38675) - Correct example generated yaml in extension metadata docs
-   [#&#8203;38676](quarkusio/quarkus#38676) - OpenAPI does not fill roles in SecurityScheme in schema
-   [#&#8203;38680](quarkusio/quarkus#38680) - Log how Keycloak devservice maps resources
-   [#&#8203;38681](quarkusio/quarkus#38681) - Upgrade to Hibernate ORM 6.4.4.Final / bytebuddy 1.14.11
-   [#&#8203;38686](quarkusio/quarkus#38686) - Make GraphQL Metrics End when Exceptional
-   [#&#8203;38692](quarkusio/quarkus#38692) - Bump com.gradle:gradle-enterprise-maven-extension from 1.20 to 1.20.1
-   [#&#8203;38693](quarkusio/quarkus#38693) - Bump commons-codec:commons-codec from 1.16.0 to 1.16.1
-   [#&#8203;38694](quarkusio/quarkus#38694) - OpenAPI: remove check that avoids running auto-security at build
-   [#&#8203;38703](quarkusio/quarkus#38703) - RESTEasy Reactive Multipart struggles with non-file binary uploads
-   [#&#8203;38705](quarkusio/quarkus#38705) - Kafka Streams fire event after created and before scheduling the start
-   [#&#8203;38706](quarkusio/quarkus#38706) - Elasticsearch container reuse creates a new container on each run
-   [#&#8203;38709](quarkusio/quarkus#38709) - Don't provide empty paths when using a root prefix
-   [#&#8203;38710](quarkusio/quarkus#38710) - Avoid Vert.x GraphQL deprecation warning
-   [#&#8203;38712](quarkusio/quarkus#38712) - Bump Smallrye RM from 4.16.1 to 4.16.2
-   [#&#8203;38713](quarkusio/quarkus#38713) - Only configure shared network for Elasticsearch/OpenSearch containers where necessary
-   [#&#8203;38714](quarkusio/quarkus#38714) - Don't assume that multipart part without filename is always text
-   [#&#8203;38728](quarkusio/quarkus#38728) - Encode Kafka messages with UTF8
-   [#&#8203;38730](quarkusio/quarkus#38730) - Accept-Header in hibernate validator's ResteasyReactiveLocaleResolver is resolved case-sensitive
-   [#&#8203;38732](quarkusio/quarkus#38732) - Quarkus should still allow to create project with Java 11 (for older streams and other platforms)
-   [#&#8203;38733](quarkusio/quarkus#38733) - Allow Java 11 as LTS for older streams and other platforms
-   [#&#8203;38738](quarkusio/quarkus#38738) - Make accept header check in validation case insensitive
-   [#&#8203;38748](quarkusio/quarkus#38748) - Sanitize app.dekorate.io/vcs-url kubernetes annotation
-   [#&#8203;38755](quarkusio/quarkus#38755) - Log when a RestEasy Reactive client close method is called
-   [#&#8203;38756](quarkusio/quarkus#38756) - Bump Keycloak version to 23.0.6
-   [#&#8203;38760](quarkusio/quarkus#38760) - Set COMPILE_ONLY flag on relevant dependencies that appear on DEPLOYMENT_CP and RUNTIME_CP

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
@aloubyansky aloubyansky modified the milestones: 3.7.3, 3.2.11.Final Mar 12, 2024
aloubyansky pushed a commit to aloubyansky/quarkus that referenced this issue Mar 12, 2024
@jcechace
Copy link

We just discovered that our release pipeline leaked a security token into the public space due to this bug (prior to adding the VCS URL sanitisation). I think it might be worth somehow make sure that the users are aware of this potential security vulnerability introduced by quarkus. Is this something somebody already considered?

@jcechace
Copy link

There is now a public CVE for this issue https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1979

@xstefank
Copy link
Member

@jcechace reached out to me to take a look so I'm working on a fix for this now.

@gsmet
Copy link
Member

gsmet commented Mar 19, 2024

There is a fix already for the security issue.
Making this thing optional has value too but it's not related to the security issue and is a feature request.

As for communicating better about CVEs, we are in agreement. We are discussing how we could improve that in the future.

@xstefank
Copy link
Member

I'm making it optional and overridable. OK with you @gsmet ?

@geoand
Copy link
Contributor

geoand commented Mar 19, 2024

Go ahead 👌

@jcechace
Copy link

BTW what is even the reasoning behind KubernetesCommonHelper getting VCS information directly for VCS config instead of project configuration in e.g. pom.xml? Digging into repository configuration is definitively something I would not expect application framework to do.

Additionally it seems that this functionality is being adopted by plugins already (e.g. see QOSDK PR here https://github.com/quarkiverse/quarkus-operator-sdk/pull/851/files#diff-7328825e75606a3487b41ede21e7adafdc7b7d11e20c1c1256855c904fe9edffR144) which I don't think is a good precedence.

@Naros
Copy link
Contributor

Naros commented Mar 19, 2024

I agree; this seems a bit strange, especially if there is no way to configure it via the build system. Is there not a way to drive this beyond just scavenging the repository?

@geoand
Copy link
Contributor

geoand commented Mar 19, 2024

Digging into repository configuration is definitively something I would not expect application framework to do

On the contrary, I think that it's perfectly reasonable for something that runs at build time (and is also exactly what a bunch of Maven plugins do)

@geoand
Copy link
Contributor

geoand commented Mar 19, 2024

Is there not a way to drive this beyond just scavenging the repository?

Not currently, but it could be made that way

@Naros
Copy link
Contributor

Naros commented Mar 19, 2024

Not currently, but it could be made that way

That would be awesome if possible, just gives more options and control where needed 👍

@geoand
Copy link
Contributor

geoand commented Mar 19, 2024

What do you have in mind as alternatives and how would a user enable them?

@Naros
Copy link
Contributor

Naros commented Mar 19, 2024

Hi @geoand, I'm going to need to defer to @jcechace here as he's the best to answer that question. Jakub, can you share some ideas or thoughts on this since you're in the trenches on the K8 and Operator side of things?

@jcechace
Copy link

I think that the override option created by @xstefank is a good solution. I just maight be a bit keen on calling it workaround since as I stated -- the default is still Quarkus digging into VCS configuration which personally I would not expect. However I respect that the team around Quarkus feels otherwise.

@gsmet
Copy link
Member

gsmet commented Mar 19, 2024

I must admit maybe having the default use the <scm> info would be a bit safer.

@gsmet
Copy link
Member

gsmet commented Mar 19, 2024

Now I have no idea how to deal with this when using Gradle.

@jcechace
Copy link

I must admit maybe having the default use the <scm> info would be a bit safer.

That would be perfect. The direct SCM info extraction seems reasonable as the last resort. However if I explicitly have that info in my project descriptor I would expect it to be honored.

Now I have no idea how to deal with this when using Gradle.

Unfortunately I also wasn't able to find a standardised SCM configuration for Gradle

@jcechace
Copy link

@gsmet When getting the default value, can you maybe detect whether the project environment is Maven or Gradle and if maven then check the SCM information from project?

@geoand
Copy link
Contributor

geoand commented Mar 19, 2024

That would be pretty surprising behavior

@jcechace
Copy link

@geoand well... Even here we have few people who find the situation where default is extracted directly from the SCM surprising. So maybe this needs some broader discussion about what the user base really thinks (I might be part of minority of course).

@geoand
Copy link
Contributor

geoand commented Mar 20, 2024

Feel free to open one

@jcechace
Copy link

Feel free to open one

This was a general evaluation of the situation and I personally think that such discussion should be driven by the Quarkus development core members -- which I'm certainly not part of.

@geoand
Copy link
Contributor

geoand commented Mar 26, 2024

Anyone can open a discussion on the quarkus-dev mailing list. And in this case, you have a lot more context about the issue than I have

benkard added a commit to benkard/mulkcms2 that referenced this issue Apr 6, 2024
This MR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [flow-bin](https://github.com/flowtype/flow-bin) ([changelog](https://github.com/facebook/flow/blob/master/Changelog.md)) | devDependencies | minor | [`^0.225.0` -> `^0.233.0`](https://renovatebot.com/diffs/npm/flow-bin/0.225.1/0.233.0) |
| [org.postgresql:postgresql](https://jdbc.postgresql.org) ([source](https://github.com/pgjdbc/pgjdbc)) | build | patch | `42.7.1` -> `42.7.3` |
| [org.liquibase.ext:liquibase-hibernate5](https://github.com/liquibase/liquibase-hibernate/wiki) ([source](https://github.com/liquibase/liquibase-hibernate)) | build | minor | `4.25.1` -> `4.27.0` |
| [org.liquibase:liquibase-maven-plugin](http://www.liquibase.org/liquibase-maven-plugin) ([source](https://github.com/liquibase/liquibase)) | build | minor | `4.25.1` -> `4.27.0` |
| [io.hypersistence:hypersistence-utils-hibernate-62](https://github.com/vladmihalcea/hypersistence-utils) | compile | patch | `3.7.0` -> `3.7.3` |
| [org.hibernate.orm:hibernate-envers](https://hibernate.org/orm) ([source](https://github.com/hibernate/hibernate-orm)) | build | patch | `6.4.1.Final` -> `6.4.4.Final` |
| [org.hibernate.orm:hibernate-core](https://hibernate.org/orm) ([source](https://github.com/hibernate/hibernate-orm)) | build | patch | `6.4.1.Final` -> `6.4.4.Final` |
| [com.blazebit:blaze-persistence-bom](https://persistence.blazebit.com) ([source](https://github.com/Blazebit/blaze-persistence)) | import | patch | `1.6.10` -> `1.6.11` |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | build | minor | `2.41.1` -> `2.43.0` |
| [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.6.4` -> `3.9.2` |
| [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | minor | `3.6.4` -> `3.9.2` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://maven.apache.org/plugins/) | build | minor | `3.12.1` -> `3.13.0` |

---

### Release Notes

<details>
<summary>flowtype/flow-bin</summary>

### [`v0.233.0`](https://github.com/flowtype/flow-bin/compare/6e34f048ec7f5146297e258a60250c8e5af37bcc...2ebcdf3a8f03993e8ccab9e9fb6742000b54f929)

[Compare Source](https://github.com/flowtype/flow-bin/compare/6e34f048ec7f5146297e258a60250c8e5af37bcc...2ebcdf3a8f03993e8ccab9e9fb6742000b54f929)

### [`v0.232.0`](https://github.com/flowtype/flow-bin/compare/69ee58d99676a48984158d2cafcdb3b3f5ad5f15...6e34f048ec7f5146297e258a60250c8e5af37bcc)

[Compare Source](https://github.com/flowtype/flow-bin/compare/69ee58d99676a48984158d2cafcdb3b3f5ad5f15...6e34f048ec7f5146297e258a60250c8e5af37bcc)

### [`v0.231.0`](https://github.com/flowtype/flow-bin/compare/5c84049e450b37833fca5b547c1c2cb678436ef1...69ee58d99676a48984158d2cafcdb3b3f5ad5f15)

[Compare Source](https://github.com/flowtype/flow-bin/compare/5c84049e450b37833fca5b547c1c2cb678436ef1...69ee58d99676a48984158d2cafcdb3b3f5ad5f15)

### [`v0.230.0`](https://github.com/flowtype/flow-bin/compare/2c3181fa7aa928bd3735a7fad09e1be271c96c95...5c84049e450b37833fca5b547c1c2cb678436ef1)

[Compare Source](https://github.com/flowtype/flow-bin/compare/2c3181fa7aa928bd3735a7fad09e1be271c96c95...5c84049e450b37833fca5b547c1c2cb678436ef1)

### [`v0.229.2`](https://github.com/flowtype/flow-bin/compare/82b999003b85e827cd4dd36a8d3593979f1a9599...2c3181fa7aa928bd3735a7fad09e1be271c96c95)

[Compare Source](https://github.com/flowtype/flow-bin/compare/82b999003b85e827cd4dd36a8d3593979f1a9599...2c3181fa7aa928bd3735a7fad09e1be271c96c95)

### [`v0.229.0`](https://github.com/flowtype/flow-bin/compare/3d62fc76bf9b0ff63ec56d049c669958ef41f6b8...82b999003b85e827cd4dd36a8d3593979f1a9599)

[Compare Source](https://github.com/flowtype/flow-bin/compare/3d62fc76bf9b0ff63ec56d049c669958ef41f6b8...82b999003b85e827cd4dd36a8d3593979f1a9599)

### [`v0.228.0`](https://github.com/flowtype/flow-bin/compare/15db2846c1c63d3f26905f51e8c96c801cbc017b...3d62fc76bf9b0ff63ec56d049c669958ef41f6b8)

[Compare Source](https://github.com/flowtype/flow-bin/compare/15db2846c1c63d3f26905f51e8c96c801cbc017b...3d62fc76bf9b0ff63ec56d049c669958ef41f6b8)

### [`v0.227.0`](https://github.com/flowtype/flow-bin/compare/6fbe6faecdcb24e9ee660a0616705d46b9bd3c40...15db2846c1c63d3f26905f51e8c96c801cbc017b)

[Compare Source](https://github.com/flowtype/flow-bin/compare/6fbe6faecdcb24e9ee660a0616705d46b9bd3c40...15db2846c1c63d3f26905f51e8c96c801cbc017b)

### [`v0.226.0`](https://github.com/flowtype/flow-bin/compare/23ec6163cf6921d4ef74da53e1aaf4a35f798384...6fbe6faecdcb24e9ee660a0616705d46b9bd3c40)

[Compare Source](https://github.com/flowtype/flow-bin/compare/23ec6163cf6921d4ef74da53e1aaf4a35f798384...6fbe6faecdcb24e9ee660a0616705d46b9bd3c40)

</details>

<details>
<summary>pgjdbc/pgjdbc</summary>

### [`v42.7.3`](https://github.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#&#8203;4273-2024-04-14-145100--0400)

##### Changed

-   chore: gradle config enforces 17+ [MR #&#8203;3147](https://github.com/pgjdbc/pgjdbc/pull/3147)

##### Fixed

-   fix: boolean types not handled in SimpleQuery mode [MR #&#8203;3146](https://github.com/pgjdbc/pgjdbc/pull/3146)
    -   make sure we handle boolean types in simple query mode
    -   support uuid as well
    -   handle all well known types in text mode and change `else if` to `switch`
-   fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with `NoSuchMethodError on ByteBuffer#position` when running on Java 8

### [`v42.7.2`](https://github.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#&#8203;4272-2024-02-21-082300--0500)

##### Security

-   security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
    such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
    This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

##### Changed

-   fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [MR #&#8203;3101](https://github.com/pgjdbc/pgjdbc/pull/3101)
-   perf: Avoid autoboxing bind indexes by [@&#8203;bokken](https://github.com/bokken) in [MR #&#8203;1244](https://github.com/pgjdbc/pgjdbc/pull/1244)
-   refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by [@&#8203;vlsi](https://github.com/vlsi) in [MR #&#8203;3084](https://github.com/pgjdbc/pgjdbc/pull/3084)

##### Added

-   feat: Add PasswordUtil for encrypting passwords client side [MR #&#8203;3082](https://github.com/pgjdbc/pgjdbc/pull/3082)

</details>

<details>
<summary>liquibase/liquibase</summary>

### [`v4.27.0`](https://github.com/liquibase/liquibase/blob/HEAD/changelog.txt#Liquibase-4270-is-a-major-release)

[Compare Source](https://github.com/liquibase/liquibase/compare/v4.26.0...v4.27.0)

> Liquibase 4.27.0 contains several New Capabilities and Notable Enhancements for Liquibase Pro users: DATABASECHANGELOGHISTORY table, Quality Checks Chains, Rollback Reports
> See the [Liquibase 4.27.0 Release Notes](https://docs.liquibase.com/start/release-notes/liquibase-release-notes/liquibase-4.27.0.html) for the complete set of release information.

### [`v4.26.0`](https://github.com/liquibase/liquibase/blob/HEAD/changelog.txt#Liquibase-4260-is-a-major-release)

[Compare Source](https://github.com/liquibase/liquibase/compare/v4.25.1...v4.26.0)

> \[!IMPORTANT]
> Liquibase 4.26.0 contains several Notable Changes for Liquibase Pro users: Advanced IF conditionals, Simpler Regex-based pattern checks, and Checks Run Reports.

> \[!NOTE]
> See the [Liquibase 4.26.0 Release Notes](https://docs.liquibase.com/start/release-notes/liquibase-4.26.0.html) for the complete set of release information.

</details>

<details>
<summary>vladmihalcea/hypersistence-utils</summary>

### [`v3.7.3`](https://github.com/vladmihalcea/hypersistence-utils/blob/HEAD/changelog.txt#Version-373---February-16-2024)

\================================================================================

"java.lang.ClassCastException: class \[Ljava.lang.String; cannot be cast to class \[B" thrown when using multiLoad with Hibernate 6.4 [#&#8203;700](https://github.com/vladmihalcea/hypersistence-utils/issues/700)

### [`v3.7.2`](https://github.com/vladmihalcea/hypersistence-utils/blob/HEAD/changelog.txt#Version-372---February-08-2024)

\================================================================================

Expecting BasicPluralJavaType for array class \[Ljava.util.UUID;,
but got \`com.vladmihalcea.hibernate.type.array.internal.UUIDArrayTypeDescriptor error with Hibernate 6.4 [#&#8203;698](https://github.com/vladmihalcea/hypersistence-utils/issues/698)

### [`v3.7.1`](https://github.com/vladmihalcea/hypersistence-utils/blob/HEAD/changelog.txt#Version-371---January-30-2024)

\================================================================================

Add support for Hibernate 6.4 [#&#8203;685](https://github.com/vladmihalcea/hypersistence-utils/issues/685)

Remove hypersistence-utils-hibernate-5 module [#&#8203;693](https://github.com/vladmihalcea/hypersistence-utils/issues/693)

</details>

<details>
<summary>hibernate/hibernate-orm</summary>

### [`v6.4.4.Final`](https://github.com/hibernate/hibernate-orm/compare/6.4.3...6.4.4)

[Compare Source](https://github.com/hibernate/hibernate-orm/compare/6.4.3...6.4.4)

### [`v6.4.3.Final`](https://github.com/hibernate/hibernate-orm/compare/6.4.2...6.4.3)

[Compare Source](https://github.com/hibernate/hibernate-orm/compare/6.4.2...6.4.3)

### [`v6.4.2.Final`](https://github.com/hibernate/hibernate-orm/compare/6.4.1...6.4.2)

[Compare Source](https://github.com/hibernate/hibernate-orm/compare/6.4.1...6.4.2)

</details>

<details>
<summary>Blazebit/blaze-persistence</summary>

### [`v1.6.11`](https://github.com/Blazebit/blaze-persistence/blob/HEAD/CHANGELOG.md#&#8203;1611)

[Compare Source](https://github.com/Blazebit/blaze-persistence/compare/1.6.10...1.6.11)

10/01/2024 - [Release tag](https://github.com/Blazebit/blaze-persistence/releases/tag/1.6.11) [Resolved issues](https://github.com/Blazebit/blaze-persistence/issues?q=is%3Aissue+milestone%3A1.6.11+is%3Aclosed+sort%3Aupdated-desc)

##### New features

-   Special case mappings with limit of 1 to use `=` instead of `IN` predicate
-   Added support for extended GraphlQL types, for example support DateTime (please read `Backwards-incompatible changes` below )

##### Bug fixes

-   Fix over-fetching of entity view data with dynamic fetches
-   Fix Spring 6.1 compatibility
-   Fix Hibernate 6.4.0.Final compatibility
-   Disallow repository sorting by anything other than entity or entity view attribute paths

##### Backwards-incompatible changes

-   If you use the GraphQL integration and you are loading the [graphql-java-extended-scalars](https://github.com/graphql-java/graphql-java-extended-scalars), you might need to migrate your `LocalDataTime` EntityViews to `OffsetDateTime`. Dates will no longer be represented as String in the GraphQl-Schema, but as [DateTime](https://the-guild.dev/graphql/scalars/docs/scalars/date-time).

</details>

<details>
<summary>diffplug/spotless</summary>

### [`v2.43.0`](https://github.com/diffplug/spotless/blob/HEAD/CHANGES.md#&#8203;2430---2023-11-27)

##### Added

-   Support custom rule sets for Ktlint. ([#&#8203;1896](https://github.com/diffplug/spotless/pull/1896))

##### Fixed

-   Fix Eclipse JDT on some settings files. ([#&#8203;1864](https://github.com/diffplug/spotless/pull/1864) fixes [#&#8203;1638](https://github.com/diffplug/spotless/issues/1638))

##### Changes

-   Bump default `ktlint` version to latest `1.0.0` -> `1.0.1`. ([#&#8203;1855](https://github.com/diffplug/spotless/pull/1855))
-   Add a Step to remove semicolons from Groovy files. ([#&#8203;1881](https://github.com/diffplug/spotless/pull/1881))

### [`v2.42.0`](https://github.com/diffplug/spotless/blob/HEAD/CHANGES.md#&#8203;2420---2023-09-28)

##### Added

-   Support for biome. The Rome project [was renamed to Biome](https://biomejs.dev/blog/annoucing-biome/).
    The configuration is still the same, but you should switch to the new `biome` tag / function and adjust
    the version accordingly. ([#&#8203;1804](https://github.com/diffplug/spotless/issues/1804)).
-   Support for `google-java-format`'s `skip-javadoc-formatting` option. ([#&#8203;1793](https://github.com/diffplug/spotless/pull/1793))
-   Support configuration of mirrors for P2 repositories in Maven DSL ([#&#8203;1697](https://github.com/diffplug/spotless/issues/1697)).
-   New line endings mode `GIT_ATTRIBUTES_FAST_ALLSAME`. ([#&#8203;1838](https://github.com/diffplug/spotless/pull/1838))

##### Fixed

-   Fix support for plugins when using Prettier version `3.0.0` and newer. ([#&#8203;1802](https://github.com/diffplug/spotless/pull/1802))
-   Fix configuration cache issue around `external process started '/usr/bin/git --version'`. ([#&#8203;1806](https://github.com/diffplug/spotless/issues/1806))

##### Changes

-   Bump default `flexmark` version to latest `0.64.0` -> `0.64.8`. ([#&#8203;1801](https://github.com/diffplug/spotless/pull/1801))
-   Bump default `ktlint` version to latest `0.50.0` -> `1.0.0`. ([#&#8203;1808](https://github.com/diffplug/spotless/pull/1808))

</details>

<details>
<summary>quarkusio/quarkus</summary>

### [`v3.9.2`](https://github.com/quarkusio/quarkus/releases/tag/3.9.2)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.9.1...3.9.2)

##### Complete changelog

-   [#&#8203;38964](https://github.com/quarkusio/quarkus/pull/38964) - Add smallrye metrics capability
-   [#&#8203;39668](https://github.com/quarkusio/quarkus/pull/39668) - Recompute cache when the redis connection pool is exhausted
-   [#&#8203;39705](https://github.com/quarkusio/quarkus/pull/39705) - WebSockets Next: error handlers part 1
-   [#&#8203;39717](https://github.com/quarkusio/quarkus/issues/39717) - OIDC code flow access token verification is enforced even if the application code does not use it as JWT
-   [#&#8203;39718](https://github.com/quarkusio/quarkus/pull/39718) - Enforce OIDC code flow access token verification only if JWT is in the application code
-   [#&#8203;39725](https://github.com/quarkusio/quarkus/pull/39725) - Setting the correct CodeFlowVerifyAccessTokenDisabledTest test class name
-   [#&#8203;39742](https://github.com/quarkusio/quarkus/pull/39742) - Fix a remaining reference to quarkus.resteasy-reactive. prefix
-   [#&#8203;39746](https://github.com/quarkusio/quarkus/issues/39746) - ScheduledExecutorService: cannot remove future task from the scheduler
-   [#&#8203;39763](https://github.com/quarkusio/quarkus/pull/39763) - WebSockets Next: error handlers part 2
-   [#&#8203;39766](https://github.com/quarkusio/quarkus/pull/39766) - Properly handle array class types to be looked up
-   [#&#8203;39770](https://github.com/quarkusio/quarkus/pull/39770) - Improve the multipart encoded mode handling in the rest client
-   [#&#8203;39776](https://github.com/quarkusio/quarkus/issues/39776) - Cannot build native image after 3.9.1 upgrade - missing configuration properties but they exist
-   [#&#8203;39777](https://github.com/quarkusio/quarkus/issues/39777) - Bean Param init issue -  java.lang.NoClassDefFoundError: io/quarkus/generated/int$quarkusrestparamConverter$
-   [#&#8203;39790](https://github.com/quarkusio/quarkus/pull/39790) - Add quarkus-credentials-deployment where it's missing
-   [#&#8203;39794](https://github.com/quarkusio/quarkus/pull/39794) - Bump org.jboss.threads:jboss-threads from 3.6.0.Final to 3.6.1.Final
-   [#&#8203;39797](https://github.com/quarkusio/quarkus/pull/39797) - Docs: fix typo in OIDC tenant resolution by configuration
-   [#&#8203;39798](https://github.com/quarkusio/quarkus/issues/39798) - Update documentation for QUARKUS AND GRADLE - Development mode: quarkusDev#workingDir has been deprecated
-   [#&#8203;39804](https://github.com/quarkusio/quarkus/pull/39804) - Always record profiles
-   [#&#8203;39823](https://github.com/quarkusio/quarkus/pull/39823) - Ensure ParameterConverter is loaded from the TCCL
-   [#&#8203;39829](https://github.com/quarkusio/quarkus/pull/39829) - Use quarkusDev#workingDirectory
-   [#&#8203;39835](https://github.com/quarkusio/quarkus/pull/39835) - Bump maven-model-helper to 36

### [`v3.9.1`](https://github.com/quarkusio/quarkus/releases/tag/3.9.1)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.9.0...3.9.1)

##### Complete changelog

-   [#&#8203;25682](https://github.com/quarkusio/quarkus/issues/25682) - Dev Services for Postgresql not working with Rancher
-   [#&#8203;36736](https://github.com/quarkusio/quarkus/pull/36736) - Manage Jose4j dependency in the bom
-   [#&#8203;36737](https://github.com/quarkusio/quarkus/issues/36737) - Add OpenAPI Filter usage to documentation
-   [#&#8203;39088](https://github.com/quarkusio/quarkus/issues/39088) - Solve POM formatting issues when creating project/adding extension/removing extension
-   [#&#8203;39224](https://github.com/quarkusio/quarkus/issues/39224) - WebSockets Next: support method parameter injection
-   [#&#8203;39313](https://github.com/quarkusio/quarkus/issues/39313) - prod-profile configuration pollutes test profile in integration tests
-   [#&#8203;39371](https://github.com/quarkusio/quarkus/pull/39371) - Avoid resolving plugin command after the first option
-   [#&#8203;39382](https://github.com/quarkusio/quarkus/pull/39382) - Preserve POM format when extensions are added/removed
-   [#&#8203;39385](https://github.com/quarkusio/quarkus/issues/39385) - smallrye-health should hande the case when Vert.x current context is null
-   [#&#8203;39388](https://github.com/quarkusio/quarkus/issues/39388) - Hibernate runtime property persisting after build
-   [#&#8203;39394](https://github.com/quarkusio/quarkus/pull/39394) - Handle null Vert.x context in smallrye-health
-   [#&#8203;39426](https://github.com/quarkusio/quarkus/pull/39426) - Do not record active profile configuration name if a profile one exists
-   [#&#8203;39443](https://github.com/quarkusio/quarkus/pull/39443) - Use Quarkus wide version of jna-platform in azure-functions
-   [#&#8203;39496](https://github.com/quarkusio/quarkus/issues/39496) - Gradle build cache prevents source packages to be installed to local Maven repository
-   [#&#8203;39513](https://github.com/quarkusio/quarkus/issues/39513) - `@SecureField` in members of the response class isn't applied
-   [#&#8203;39528](https://github.com/quarkusio/quarkus/issues/39528) - (Doc issue)  Getting token using blocking or non blocking calls
-   [#&#8203;39544](https://github.com/quarkusio/quarkus/issues/39544) - OidcClient: Getting exception when trying to use tokenHelper
-   [#&#8203;39546](https://github.com/quarkusio/quarkus/issues/39546) - Make maxParameters of MultiPartUploadHandler configurable
-   [#&#8203;39549](https://github.com/quarkusio/quarkus/pull/39549) - Make max parameters of multipart handling configurable
-   [#&#8203;39564](https://github.com/quarkusio/quarkus/pull/39564) - Fix Quarkus REST Jackson `@SecureField` detection on subclasses, interface implementors, fileds of the fields, parametrized types and arrays
-   [#&#8203;39572](https://github.com/quarkusio/quarkus/pull/39572) - Remove mvnpm and webjars from the 404 page
-   [#&#8203;39574](https://github.com/quarkusio/quarkus/pull/39574) - Add a section about openapi filters in the doc
-   [#&#8203;39576](https://github.com/quarkusio/quarkus/pull/39576) - Fix semconv-stability.opt-in property name
-   [#&#8203;39578](https://github.com/quarkusio/quarkus/pull/39578) - Update quarkus-project-develocity-extension to 1.0.7
-   [#&#8203;39579](https://github.com/quarkusio/quarkus/pull/39579) - Don't run CDI interceptors on class-level exception mappers
-   [#&#8203;39580](https://github.com/quarkusio/quarkus/pull/39580) - Fix directory name in vertx.adoc
-   [#&#8203;39581](https://github.com/quarkusio/quarkus/issues/39581) - The http metrics provide a path instead of REDIRECTION and NOT_FOUND when possible
-   [#&#8203;39583](https://github.com/quarkusio/quarkus/pull/39583) - Keep the URIs in the metrics tag if they match a client or server pattern
-   [#&#8203;39586](https://github.com/quarkusio/quarkus/issues/39586) - RestMulti is not sending headers if there is no content
-   [#&#8203;39587](https://github.com/quarkusio/quarkus/pull/39587) - Properly use headers from RestMulti when the multi is empty
-   [#&#8203;39589](https://github.com/quarkusio/quarkus/pull/39589) - Only Add OTel Security Events when span is recording
-   [#&#8203;39594](https://github.com/quarkusio/quarkus/pull/39594) - Redis: add documentation for replicas usage
-   [#&#8203;39595](https://github.com/quarkusio/quarkus/pull/39595) - Update one of OIDC certificate chain tests to use TenantConfigResolver
-   [#&#8203;39598](https://github.com/quarkusio/quarkus/issues/39598) - ClassNotFoundException for beanparam class with generics in external artifact
-   [#&#8203;39599](https://github.com/quarkusio/quarkus/issues/39599) - JsonObject is empty when used with resteasy-reactive
-   [#&#8203;39604](https://github.com/quarkusio/quarkus/pull/39604) - Do not record local sources in runtime config defaults.
-   [#&#8203;39615](https://github.com/quarkusio/quarkus/pull/39615) - Allow JsonObject and JsonArray to be used in any POJO for JSON handling
-   [#&#8203;39623](https://github.com/quarkusio/quarkus/issues/39623) - Type not consistent in sample code
-   [#&#8203;39626](https://github.com/quarkusio/quarkus/pull/39626) - Update parameter type to be consistent across the doc
-   [#&#8203;39628](https://github.com/quarkusio/quarkus/pull/39628) - Bump smallrye-jwt.version from 4.4.0 to 4.5.0
-   [#&#8203;39630](https://github.com/quarkusio/quarkus/pull/39630) - Bump smallrye-reactive-messaging.version from 4.18.0 to 4.19.0
-   [#&#8203;39638](https://github.com/quarkusio/quarkus/pull/39638) - Avoid all caching in DevModeClient
-   [#&#8203;39642](https://github.com/quarkusio/quarkus/pull/39642) - WebSocket Next: endpoint callback arguments injection
-   [#&#8203;39645](https://github.com/quarkusio/quarkus/pull/39645) - Improve the OIDC Client Quickstart document
-   [#&#8203;39651](https://github.com/quarkusio/quarkus/pull/39651) - Bump io.quarkus.bot:build-reporter-maven-extension from 3.5.0 to 3.6.0
-   [#&#8203;39656](https://github.com/quarkusio/quarkus/pull/39656) - Bump maven-model-helper to 35
-   [#&#8203;39661](https://github.com/quarkusio/quarkus/pull/39661) - Fix property name in OIDC docs
-   [#&#8203;39679](https://github.com/quarkusio/quarkus/pull/39679) - Bump mime4j version to 0.8.11
-   [#&#8203;39682](https://github.com/quarkusio/quarkus/pull/39682) - Fix postgres datasource devservice not working with rancher-desktop on mac arm
-   [#&#8203;39691](https://github.com/quarkusio/quarkus/pull/39691) - Fix dev-mode issue with generated classes for Quarkus REST converters
-   [#&#8203;39699](https://github.com/quarkusio/quarkus/issues/39699) - UpxCompressionBuildStep Not Executed Since Quarkus 3.8.2
-   [#&#8203;39702](https://github.com/quarkusio/quarkus/pull/39702) - Bring back erroneously removed `@BuildStep`
-   [#&#8203;39706](https://github.com/quarkusio/quarkus/pull/39706) - Use --no-daemon when calling gradle update

### [`v3.9.0`](https://github.com/quarkusio/quarkus/releases/tag/3.9.0)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.8.3...3.9.0)

##### Complete changelog

-   [#&#8203;25101](https://github.com/quarkusio/quarkus/issues/25101) - \[CI] - quarkus-devtools-compat + Quarkus main
-   [#&#8203;27374](https://github.com/quarkusio/quarkus/issues/27374) - Update Quarkus CLI doc for installing specific version of the CLI to avoid printing warnings
-   [#&#8203;39144](https://github.com/quarkusio/quarkus/issues/39144) - WebSockets Next: documentation
-   [#&#8203;39315](https://github.com/quarkusio/quarkus/issues/39315) - `@ConfigMapping` handling of Maps is not compatible with old config classes
-   [#&#8203;39344](https://github.com/quarkusio/quarkus/issues/39344) - Avro schemas aren't generated in isolation
-   [#&#8203;39345](https://github.com/quarkusio/quarkus/pull/39345) - Isolate Avro schema code generation when using multiple schema files
-   [#&#8203;39363](https://github.com/quarkusio/quarkus/pull/39363) - Initial version of the WebSocket Next documentation
-   [#&#8203;39413](https://github.com/quarkusio/quarkus/pull/39413) - Refresh documentation (and some tests) of the Hibernate Search + ORM extension
-   [#&#8203;39427](https://github.com/quarkusio/quarkus/issues/39427) - Enforce authorization code flow access token verification if `JsonWebToken` is injected
-   [#&#8203;39428](https://github.com/quarkusio/quarkus/issues/39428) - Enforce OIDC UserInfo acquisition if `UserInfo` is injected
-   [#&#8203;39441](https://github.com/quarkusio/quarkus/issues/39441) - RESTEasy Reactive dependency added to deployment classpath of nearly all Quarkus apps
-   [#&#8203;39445](https://github.com/quarkusio/quarkus/pull/39445) - Remove Quarkus REST deployment dependency from Vertx HTTP deployment
-   [#&#8203;39447](https://github.com/quarkusio/quarkus/pull/39447) - Save concat indy allocations on JarResource::getResourceURL
-   [#&#8203;39454](https://github.com/quarkusio/quarkus/pull/39454) - Bump org.jboss.threads:jboss-threads from 3.5.1.Final to 3.6.0.Final
-   [#&#8203;39458](https://github.com/quarkusio/quarkus/pull/39458) - Enforce OIDC UserInfo acquisition and authorization code flow access token verification if UserInfo and JsonWebToken beans are injected
-   [#&#8203;39467](https://github.com/quarkusio/quarkus/pull/39467) - Fix codestarts compatibility with older CLI
-   [#&#8203;39468](https://github.com/quarkusio/quarkus/issues/39468) - ChainBuildException - Cycle detected after [#&#8203;39352](https://github.com/quarkusio/quarkus/issues/39352) MR
-   [#&#8203;39470](https://github.com/quarkusio/quarkus/pull/39470) - Remove the old MetricBuildItem SPI
-   [#&#8203;39471](https://github.com/quarkusio/quarkus/pull/39471) - Update to Vert.x 4.5.5
-   [#&#8203;39472](https://github.com/quarkusio/quarkus/pull/39472) - Update SmallRye Config to 3.7.0
-   [#&#8203;39474](https://github.com/quarkusio/quarkus/pull/39474) - Use explicit jar reference instead of GAV to avoid duplicate log warning
-   [#&#8203;39476](https://github.com/quarkusio/quarkus/pull/39476) - Fix the broken link to the OIDC client reference doc
-   [#&#8203;39477](https://github.com/quarkusio/quarkus/pull/39477) - Adjust toggle names in OTel InstrumentBuildTimeConfig
-   [#&#8203;39479](https://github.com/quarkusio/quarkus/issues/39479) - 3.9.0.CR2: NoClassDefFoundError: io/quarkus/security/spi/runtime/SecurityEvent
-   [#&#8203;39480](https://github.com/quarkusio/quarkus/pull/39480) - Fix security spi dependency on OTel
-   [#&#8203;39487](https://github.com/quarkusio/quarkus/pull/39487) - Allow occasional pin events in ShouldNotPin
-   [#&#8203;39491](https://github.com/quarkusio/quarkus/pull/39491) - Ignore the split access and refresh token cookies for resolving the tenant
-   [#&#8203;39519](https://github.com/quarkusio/quarkus/issues/39519) - OpenTelemetry - respect proxy settings in VertxGrpcExporter and VertxHttpExporter
-   [#&#8203;39522](https://github.com/quarkusio/quarkus/pull/39522) - Fix typos in rest doc
-   [#&#8203;39530](https://github.com/quarkusio/quarkus/pull/39530) - Update profile section in building-native-image.adoc
-   [#&#8203;39531](https://github.com/quarkusio/quarkus/pull/39531) - Use SmallRye Commons Inet
-   [#&#8203;39533](https://github.com/quarkusio/quarkus/issues/39533) - Class loader leak in configuration
-   [#&#8203;39536](https://github.com/quarkusio/quarkus/pull/39536) - Bump org.postgresql:postgresql from 42.7.2 to 42.7.3
-   [#&#8203;39541](https://github.com/quarkusio/quarkus/pull/39541) - Update SmallRye Config to 3.7.1
-   [#&#8203;39543](https://github.com/quarkusio/quarkus/pull/39543) - Enable proxy configuration for OpenTelemetry exporters
-   [#&#8203;39562](https://github.com/quarkusio/quarkus/pull/39562) - Bump io.smallrye.config:smallrye-config-source-yaml from 3.7.0 to 3.7.1 in /devtools/gradle

### [`v3.8.3`](https://github.com/quarkusio/quarkus/releases/tag/3.8.3)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.8.2...3.8.3)

##### Complete changelog

-   [#&#8203;25453](https://github.com/quarkusio/quarkus/issues/25453) - Mutiny is not compatible with quarkus opentelemetry
-   [#&#8203;31497](https://github.com/quarkusio/quarkus/issues/31497) - Enabled micrometer.binder.http-server should also capture parameterized sub-resources
-   [#&#8203;39047](https://github.com/quarkusio/quarkus/issues/39047) - Reactive pg datasource with enabled health check opens more connections than configured
-   [#&#8203;39145](https://github.com/quarkusio/quarkus/issues/39145) - Hibernate schema validation is flaky and fails due missing tables (while the tables are present)
-   [#&#8203;39162](https://github.com/quarkusio/quarkus/pull/39162) - Add mapping to a Map\<String, ConfigObject> in the documentation
-   [#&#8203;39178](https://github.com/quarkusio/quarkus/pull/39178) - Update grpc-service-implementation.adoc
-   [#&#8203;39192](https://github.com/quarkusio/quarkus/pull/39192) - Make HTTP templates for observability work with subresources
-   [#&#8203;39197](https://github.com/quarkusio/quarkus/issues/39197) - Qute is not adding the right NativeImageResourceBuildItem when using a custom template root
-   [#&#8203;39204](https://github.com/quarkusio/quarkus/issues/39204) - Update partial extension names to include full extension names
-   [#&#8203;39216](https://github.com/quarkusio/quarkus/pull/39216) - Unwrap processing exception from REST Client when returning a Uni
-   [#&#8203;39223](https://github.com/quarkusio/quarkus/pull/39223) - Fix WithSpan uni and multi
-   [#&#8203;39225](https://github.com/quarkusio/quarkus/pull/39225) - Upgrade to Mutiny 2.5.8
-   [#&#8203;39242](https://github.com/quarkusio/quarkus/issues/39242) - e quarkus-azure-functions-http  generationg function.json with missing method.
-   [#&#8203;39245](https://github.com/quarkusio/quarkus/issues/39245) - dev-ui shows wrong property for rest-client
-   [#&#8203;39251](https://github.com/quarkusio/quarkus/pull/39251) - Make mutiny version of pool use the already configured vertx pool
-   [#&#8203;39252](https://github.com/quarkusio/quarkus/pull/39252) - Explicitly set all HTTP methods for Azure Functions
-   [#&#8203;39255](https://github.com/quarkusio/quarkus/pull/39255) - Fix config key for dev-ui
-   [#&#8203;39257](https://github.com/quarkusio/quarkus/issues/39257) - Quarkus 3.8.1: Use GraalVM sdk 23.1.2 over 23.0.1
-   [#&#8203;39260](https://github.com/quarkusio/quarkus/pull/39260) - Bump GraalVM SDK version to 23.1.2
-   [#&#8203;39265](https://github.com/quarkusio/quarkus/pull/39265) - Properly support sending InputStream in REST Client
-   [#&#8203;39266](https://github.com/quarkusio/quarkus/issues/39266) - ./mvnw --file $(pwd)/./pom.xml broken since quarkus 3.7.1
-   [#&#8203;39270](https://github.com/quarkusio/quarkus/issues/39270) - Update the title of dev-ui.adoc
-   [#&#8203;39271](https://github.com/quarkusio/quarkus/pull/39271) - Update the title of dev-ui.adoc and fix minor typos
-   [#&#8203;39294](https://github.com/quarkusio/quarkus/pull/39294) - Qute: add correct NativeImageResourceBuildItem for custom template root
-   [#&#8203;39309](https://github.com/quarkusio/quarkus/pull/39309) - Normalize POM path
-   [#&#8203;39310](https://github.com/quarkusio/quarkus/issues/39310) - Wrong reference on list of injected beans
-   [#&#8203;39311](https://github.com/quarkusio/quarkus/pull/39311) - Be more consistent with extension names in datasource.adoc
-   [#&#8203;39316](https://github.com/quarkusio/quarkus/issues/39316) - Empty container-group not allowed in Quarkus 3.8.2
-   [#&#8203;39319](https://github.com/quarkusio/quarkus/pull/39319) - org.graalvm.js:js was renamed to org.graalvm.polyglot:js-community
-   [#&#8203;39337](https://github.com/quarkusio/quarkus/pull/39337) - Fix rest-client-mutiny mention in the docs
-   [#&#8203;39350](https://github.com/quarkusio/quarkus/issues/39350) - Exception when building application with a lot of dependencies, String too large to record error
-   [#&#8203;39352](https://github.com/quarkusio/quarkus/pull/39352) - Make Hibernate / Micrometer integration run after schema creation
-   [#&#8203;39353](https://github.com/quarkusio/quarkus/pull/39353) - Allow config empty values in the Gradle worker
-   [#&#8203;39354](https://github.com/quarkusio/quarkus/pull/39354) - Add note about pre-matching filters execution model
-   [#&#8203;39368](https://github.com/quarkusio/quarkus/issues/39368) - Submodule on second level fails to find itself in dev mode
-   [#&#8203;39372](https://github.com/quarkusio/quarkus/pull/39372) - Replace `org.graalvm.sdk:graal-sdk` dependency with `org.graalvm.sdk:nativeimage`
-   [#&#8203;39379](https://github.com/quarkusio/quarkus/pull/39379) - Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.1
-   [#&#8203;39383](https://github.com/quarkusio/quarkus/pull/39383) - Typo at OIDC Client Mutual TLS config properties
-   [#&#8203;39386](https://github.com/quarkusio/quarkus/pull/39386) - Update to Brotli4J 1.16.0
-   [#&#8203;39402](https://github.com/quarkusio/quarkus/pull/39402) - ArC: fix creation of synthetic beans
-   [#&#8203;39411](https://github.com/quarkusio/quarkus/pull/39411) - Fix typo in Building my first extension
-   [#&#8203;39418](https://github.com/quarkusio/quarkus/pull/39418) - Use the value of project/default-codestart from the platform descriptor as the default codestart instead of a hardcoded value
-   [#&#8203;39430](https://github.com/quarkusio/quarkus/pull/39430) - Fix misleading error message when REST Client interface has been indexed
-   [#&#8203;39434](https://github.com/quarkusio/quarkus/pull/39434) - Qute: fix the NoRestartTemplatesDevModeTest on Windows
-   [#&#8203;39437](https://github.com/quarkusio/quarkus/pull/39437) - Make sure the current project location isn't overridden by other modules with the same groupId and artifactId
-   [#&#8203;39440](https://github.com/quarkusio/quarkus/issues/39440) - graal-sdk in 23.1.x brings in `org.graalvm.polyglot` which causes a couple of issues (wrap up)
-   [#&#8203;39442](https://github.com/quarkusio/quarkus/pull/39442) - Exclude org.graalvm.polyglot:polyglot from graal-sdk

### [`v3.8.2`](https://github.com/quarkusio/quarkus/releases/tag/3.8.2)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.8.1...3.8.2)

##### Complete changelog

-   [#&#8203;19849](https://github.com/quarkusio/quarkus/issues/19849) - Reactive rest client invoke MessageBodyReader.isReadable with null value of annotations parameter
-   [#&#8203;27999](https://github.com/quarkusio/quarkus/issues/27999) - quarkus.datasource."datasource-name".jdbc.min-size not honored if max-lifetime is set
-   [#&#8203;35993](https://github.com/quarkusio/quarkus/issues/35993) - Event-loop thread blocked when connecting to an unavailable OIDC server
-   [#&#8203;37984](https://github.com/quarkusio/quarkus/issues/37984) - Custom SecretsKeyHandler not found after update to 3.6.4
-   [#&#8203;38007](https://github.com/quarkusio/quarkus/issues/38007) - Failure to resolve encrypted configuration properties with the Gradle plugin
-   [#&#8203;38392](https://github.com/quarkusio/quarkus/issues/38392) - Application.properties string substitution does not work when using gradle variables
-   [#&#8203;38424](https://github.com/quarkusio/quarkus/issues/38424) - application-test.yml is not utilized during tests executed during gradle build
-   [#&#8203;38435](https://github.com/quarkusio/quarkus/pull/38435) - Fix CLI not recognizing installed plugins
-   [#&#8203;38900](https://github.com/quarkusio/quarkus/pull/38900) - Bump Smallrye Reactive Messaging from 4.16.2 to 4.17.0
-   [#&#8203;38971](https://github.com/quarkusio/quarkus/pull/38971) - Clarify that `quarkus.profile` cannot be set from a profile aware file
-   [#&#8203;38988](https://github.com/quarkusio/quarkus/pull/38988) - Do not expand configuration for Gradle cache
-   [#&#8203;38989](https://github.com/quarkusio/quarkus/issues/38989) - cert chain public key resolver thumbprints
-   [#&#8203;39001](https://github.com/quarkusio/quarkus/pull/39001) - Update to Vert.x 4.5.4 and Netty 4.1.107
-   [#&#8203;39021](https://github.com/quarkusio/quarkus/pull/39021) - Upgrade to testcontainers 1.19.6
-   [#&#8203;39023](https://github.com/quarkusio/quarkus/pull/39023) - Remove selector field from generated Job manifest in docs
-   [#&#8203;39041](https://github.com/quarkusio/quarkus/issues/39041) - JAX-RS seeOther does not work with IPv6
-   [#&#8203;39046](https://github.com/quarkusio/quarkus/pull/39046) - Make sure Response and RestResponse work properly with IPv6 addresses
-   [#&#8203;39057](https://github.com/quarkusio/quarkus/pull/39057) - Skip analysis of plugin executions with phases post quarkus:dev preparing for dev mode launch
-   [#&#8203;39059](https://github.com/quarkusio/quarkus/issues/39059) - Exception in blocking graphql query is wrapped
-   [#&#8203;39063](https://github.com/quarkusio/quarkus/pull/39063) - Fix the OIDC token verification failure with the inlined cert chain
-   [#&#8203;39067](https://github.com/quarkusio/quarkus/pull/39067) - Updates to Infinispan 14.0.25.Final
-   [#&#8203;39068](https://github.com/quarkusio/quarkus/pull/39068) - Optionally run DNS lookup for OIDC server requests on worker thread
-   [#&#8203;39069](https://github.com/quarkusio/quarkus/pull/39069) - Do not fail UPX if compression level is not given
-   [#&#8203;39070](https://github.com/quarkusio/quarkus/pull/39070) - Doc: add Pulsar in Dev Services Overview
-   [#&#8203;39072](https://github.com/quarkusio/quarkus/pull/39072) - Update to Agroal 2.3
-   [#&#8203;39078](https://github.com/quarkusio/quarkus/pull/39078) - Unwrap actual GraphQL data fetching exception if it is wrapped
-   [#&#8203;39093](https://github.com/quarkusio/quarkus/pull/39093) - Fix cross-references in the Vert.x Reference Guide
-   [#&#8203;39094](https://github.com/quarkusio/quarkus/pull/39094) - Emphasize the need to add quarkus-junit5-mockito as a dependency to use mock injection
-   [#&#8203;39102](https://github.com/quarkusio/quarkus/pull/39102) - Properly pass annotations to MessageBodyReader in REST Client
-   [#&#8203;39120](https://github.com/quarkusio/quarkus/issues/39120) - Startup fails with Kafka Stream if topics for topics check not defined when check is disabled
-   [#&#8203;39121](https://github.com/quarkusio/quarkus/pull/39121) - Do not fail on resolve kafka streams topics when topics check disabled
-   [#&#8203;39122](https://github.com/quarkusio/quarkus/pull/39122) - Use bcrypt password mapper in elytron-security-jdbc docs
-   [#&#8203;39123](https://github.com/quarkusio/quarkus/issues/39123) - Quarkus Dev Services passes wrong volume path to Docker on Windows
-   [#&#8203;39130](https://github.com/quarkusio/quarkus/issues/39130) - When building images with jib the fast-jar-lib layer is always changed
-   [#&#8203;39136](https://github.com/quarkusio/quarkus/pull/39136) - Fix wrong volume host path being used on Windows
-   [#&#8203;39147](https://github.com/quarkusio/quarkus/pull/39147) - Keep the timestamps when copying jars and building JIB layers
-   [#&#8203;39160](https://github.com/quarkusio/quarkus/pull/39160) - Fail on conflicting deployment kinds
-   [#&#8203;39168](https://github.com/quarkusio/quarkus/pull/39168) - Remove misleading note from jacoco.enabled
-   [#&#8203;39169](https://github.com/quarkusio/quarkus/issues/39169) - Unable to produce multiple synthetic beans of same type having different identifiers
-   [#&#8203;39179](https://github.com/quarkusio/quarkus/pull/39179) - Allow setting the SettingsDecrypter when initializing a Maven artifact resolver
-   [#&#8203;39181](https://github.com/quarkusio/quarkus/pull/39181) - ArC: fix BeanConfiguratorBase#read()
-   [#&#8203;39201](https://github.com/quarkusio/quarkus/pull/39201) - Bump quarkus-http.version from 5.2.0.Final to 5.2.1.Final
-   [#&#8203;39203](https://github.com/quarkusio/quarkus/pull/39203) - Fix typo in testing Getting Started guide example

### [`v3.8.1`](https://github.com/quarkusio/quarkus/releases/tag/3.8.1)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.8.0...3.8.1)

##### Complete changelog

-   [#&#8203;5314](https://github.com/quarkusio/quarkus/issues/5314) - Subresouce init resource failed when using `ResourceContext.getResource`
-   [#&#8203;36427](https://github.com/quarkusio/quarkus/issues/36427) - Keycloak admin client fail with "authHeader" is null when using classic extensions
-   [#&#8203;37065](https://github.com/quarkusio/quarkus/issues/37065) - Azure Functions Http: missing HTTP method definitions for delete and patch
-   [#&#8203;37779](https://github.com/quarkusio/quarkus/issues/37779) - No healthcheck for default Agroal datasource if `quarkus.datasource.db-kind` is not set
-   [#&#8203;37962](https://github.com/quarkusio/quarkus/issues/37962) - Can't specify custom quarkus.profile when running tests
-   [#&#8203;38557](https://github.com/quarkusio/quarkus/issues/38557) - Overwriting application configuration does not work with .env File
-   [#&#8203;38798](https://github.com/quarkusio/quarkus/issues/38798) - Using custom header in REST client together with `@NotBody` annotated argument results in warning from EndpointIndexer
-   [#&#8203;38880](https://github.com/quarkusio/quarkus/issues/38880) - CronJob deployment doesn't work due to `selector` field
-   [#&#8203;38881](https://github.com/quarkusio/quarkus/pull/38881) - Remove selector field if it's empty from manifest
-   [#&#8203;38891](https://github.com/quarkusio/quarkus/pull/38891) - Reduce message log level
-   [#&#8203;38895](https://github.com/quarkusio/quarkus/pull/38895) - Make VertxGrpcExporter more robust
-   [#&#8203;38899](https://github.com/quarkusio/quarkus/pull/38899) - Fix Keycloak Admin Client Classic when used with the RESTEasy JSON-B and REST Client JSON-B extensions
-   [#&#8203;38901](https://github.com/quarkusio/quarkus/issues/38901) - OidcProvider throws NPE when certificate chain is configured with OIDC server which has no JWK keys at the startup
-   [#&#8203;38909](https://github.com/quarkusio/quarkus/pull/38909) - Bump org.postgresql:postgresql from 42.7.1 to 42.7.2
-   [#&#8203;38923](https://github.com/quarkusio/quarkus/pull/38923) - Allow all HTTP methods in Azure functions
-   [#&#8203;38925](https://github.com/quarkusio/quarkus/pull/38925) - Improve shutdown of VertxHttpExporter and VertxGrpcExporter
-   [#&#8203;38927](https://github.com/quarkusio/quarkus/pull/38927) - Use supplier in order to properly have mutiny retry
-   [#&#8203;38928](https://github.com/quarkusio/quarkus/issues/38928) - quarkus-quartz: CDIAwareJob destroys instance of Quartz Job too early when Job is a `@Dependent` bean
-   [#&#8203;38932](https://github.com/quarkusio/quarkus/pull/38932) - Fix NPE when OIDC token must be verified with the chain with OIDC server returning no JWKs
-   [#&#8203;38934](https://github.com/quarkusio/quarkus/issues/38934) - Agroal Data Source Health check failing for reactive data source
-   [#&#8203;38935](https://github.com/quarkusio/quarkus/pull/38935) - Upgrade to Mutiny 2.5.7
-   [#&#8203;38938](https://github.com/quarkusio/quarkus/pull/38938) - Propagate user.dir to Gradle worker
-   [#&#8203;38944](https://github.com/quarkusio/quarkus/pull/38944) - Bump smallrye-open-api.version from 3.9.0 to 3.10.0
-   [#&#8203;38949](https://github.com/quarkusio/quarkus/issues/38949) - Postgresql bump causing detection of instance Random/SplittableRandom
-   [#&#8203;38952](https://github.com/quarkusio/quarkus/issues/38952) - Properly pass errors from JsonRPC backends to Dev UI
-   [#&#8203;38953](https://github.com/quarkusio/quarkus/pull/38953) - Unwrap the actual failure from JsonRPC if it's wrapped
-   [#&#8203;38955](https://github.com/quarkusio/quarkus/pull/38955) - Try to get more disk space
-   [#&#8203;38957](https://github.com/quarkusio/quarkus/pull/38957) - Quartz - fix `@Dependent` job creation/destruction when there is a re-fire
-   [#&#8203;38958](https://github.com/quarkusio/quarkus/pull/38958) - Runtime reinitialize org.postgresql.util.PasswordUtil$SecureRandomHolder
-   [#&#8203;38959](https://github.com/quarkusio/quarkus/pull/38959) - Agroal - Only generate health checks for JDBC datasources
-   [#&#8203;38978](https://github.com/quarkusio/quarkus/pull/38978) - Bump org.mariadb.jdbc:mariadb-java-client from 3.3.2 to 3.3.3
-   [#&#8203;38979](https://github.com/quarkusio/quarkus/pull/38979) - Propagate quarkus.test.profile to Gradle worker
-   [#&#8203;38986](https://github.com/quarkusio/quarkus/pull/38986) - Add missing brace in property expression
-   [#&#8203;38990](https://github.com/quarkusio/quarkus/issues/38990) - Quarkus 3.7.4 java.lang.ClassNotFoundException when running devsevices with gradle
-   [#&#8203;38995](https://github.com/quarkusio/quarkus/pull/38995) - Take client methods into account in server endpoint indexer
-   [#&#8203;38997](https://github.com/quarkusio/quarkus/pull/38997) - Add hint about exporter collector protocol on generic gRPC error
-   [#&#8203;38999](https://github.com/quarkusio/quarkus/pull/38999) - Remove JetBrains `@Nullable` from RESTEasy Reactive code
-   [#&#8203;39006](https://github.com/quarkusio/quarkus/pull/39006) - Bump Keycloak version to 23.0.7
-   [#&#8203;39020](https://github.com/quarkusio/quarkus/pull/39020) - Make VertxHttpExporter more robust
-   [#&#8203;39022](https://github.com/quarkusio/quarkus/issues/39022) - `JAVA_APP_DIR` should be set for container images
-   [#&#8203;39024](https://github.com/quarkusio/quarkus/pull/39024) - Set JAVA_APP_DIR env var when necessary
-   [#&#8203;39028](https://github.com/quarkusio/quarkus/pull/39028) - Make Sub Resources unremovable beans
-   [#&#8203;39029](https://github.com/quarkusio/quarkus/pull/39029) - Update to Brotli 1.14.0
-   [#&#8203;39031](https://github.com/quarkusio/quarkus/pull/39031) - Add commons-codec to Dev Services dependencies

### [`v3.8.0`](https://github.com/quarkusio/quarkus/releases/tag/3.8.0)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.7.4...3.8.0)

##### Complete changelog

-   [#&#8203;35686](https://github.com/quarkusio/quarkus/issues/35686) - Sporadic "Failed to export spans. The request could not be executed. Full error message: Stream was closed"

### [`v3.7.4`](https://github.com/quarkusio/quarkus/releases/tag/3.7.4)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.7.3...3.7.4)

##### Complete changelog

-   [#&#8203;37608](https://github.com/quarkusio/quarkus/issues/37608) - gRPC starter app is using legacy approach, single HTTP server should be used instead
-   [#&#8203;38236](https://github.com/quarkusio/quarkus/issues/38236) - Adding a decorator causes bytecode error
-   [#&#8203;38504](https://github.com/quarkusio/quarkus/issues/38504) - NPE on oidc-client when quarkus.oidc-client.grant-options.password.password not provided
-   [#&#8203;38533](https://github.com/quarkusio/quarkus/issues/38533) - 'Unable to find a JDBC driver' for Hibernate Reactive after updating to 3.7.1
-   [#&#8203;38683](https://github.com/quarkusio/quarkus/issues/38683) - Build time performance regression and bigger native binaries when migrating from 3.5 to 3.6 or 3.7
-   [#&#8203;38688](https://github.com/quarkusio/quarkus/pull/38688) - Making sure deployment modules excluded in POM files aren't pulled in by the Gradle plugin
-   [#&#8203;38721](https://github.com/quarkusio/quarkus/issues/38721) - Java 21: `@VirtualThreadUnit` produces very slow tests
-   [#&#8203;38763](https://github.com/quarkusio/quarkus/issues/38763) - Enable an injection of the OIDC code flow access token verificaton material
-   [#&#8203;38767](https://github.com/quarkusio/quarkus/pull/38767) - Fail early if OIDC client password grant is misconfigured
-   [#&#8203;38771](https://github.com/quarkusio/quarkus/pull/38771) - Adds an implementation note about `@VirtualThreadUnit` limitations
-   [#&#8203;38775](https://github.com/quarkusio/quarkus/pull/38775) - Use the right MongoDB ClientSession interface
-   [#&#8203;38776](https://github.com/quarkusio/quarkus/issues/38776) - OidcRequestFilter with OidcEndpoint applied to all endpoints
-   [#&#8203;38777](https://github.com/quarkusio/quarkus/issues/38777) - OIDC Code flow access token verification goes ahead even if the ID token verification has failed
-   [#&#8203;38779](https://github.com/quarkusio/quarkus/pull/38779) - Fix OidcEndpoint annotation processing
-   [#&#8203;38784](https://github.com/quarkusio/quarkus/pull/38784) - Fix guide URL in RESTEasy Client extension
-   [#&#8203;38785](https://github.com/quarkusio/quarkus/pull/38785) - ArC: fix interception when some methods return void
-   [#&#8203;38798](https://github.com/quarkusio/quarkus/issues/38798) - Using custom header in REST client together with `@NotBody` annotated argument results in warning from EndpointIndexer
-   [#&#8203;38800](https://github.com/quarkusio/quarkus/pull/38800) - Don't warn about `@NotBody` use in `@GET` methods in REST Client
-   [#&#8203;38802](https://github.com/quarkusio/quarkus/issues/38802) - Multipart form data is interpreted as a file although it's not a file
-   [#&#8203;38803](https://github.com/quarkusio/quarkus/issues/38803) - OIDC server is erroneously shown as not available
-   [#&#8203;38810](https://github.com/quarkusio/quarkus/pull/38810) - Expand types which are considered text in multipart handling
-   [#&#8203;38815](https://github.com/quarkusio/quarkus/issues/38815) - Support security identity propagation in VT
-   [#&#8203;38816](https://github.com/quarkusio/quarkus/pull/38816) - Propagate Vert.x context on all ExecutorService methods for VirtualThreadExecutor
-   [#&#8203;38817](https://github.com/quarkusio/quarkus/issues/38817) - Mocking Singleton does not work even when using `@MockitoConfig`(convertScopes = true) - Bean produced from factory method
-   [#&#8203;38818](https://github.com/quarkusio/quarkus/pull/38818) - Allow `RunAndCheckMojoTestBase` subclasses to override how much memory extension tests are allowed
-   [#&#8203;38819](https://github.com/quarkusio/quarkus/pull/38819) - Add response text to the OIDC bootstrap log errors
-   [#&#8203;38821](https://github.com/quarkusio/quarkus/pull/38821) - Configure SISU bean filtering for the bootstrap Maven resolver
-   [#&#8203;38824](https://github.com/quarkusio/quarkus/issues/38824) - Memory leak when using FT Fallback with dependent beans
-   [#&#8203;38833](https://github.com/quarkusio/quarkus/issues/38833) - Keycloak Admin Client Reactive error id: [`9009f9b`](https://github.com/quarkusio/quarkus/commit/9009f9b4)-1d58-4011-9ff2-49b87bb59ddd-1: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "authHeader" is null
-   [#&#8203;38836](https://github.com/quarkusio/quarkus/pull/38836) - Fix Keycloak Admin Client Reactive Jackson reader provider priority so that the client can work when the JSONB REST client extension is present
-   [#&#8203;38837](https://github.com/quarkusio/quarkus/issues/38837) - Quarkus create new project fails when -DnoCode is used and artifactId is not set properly
-   [#&#8203;38843](https://github.com/quarkusio/quarkus/pull/38843) - Check the code flow access token after ID token
-   [#&#8203;38844](https://github.com/quarkusio/quarkus/pull/38844) - Fix copy/paste typo
-   [#&#8203;38849](https://github.com/quarkusio/quarkus/pull/38849) - Ensure that generated project GAV is always set
-   [#&#8203;38851](https://github.com/quarkusio/quarkus/issues/38851) - Kafka integration tests fail with latest Mandrel/GraalVM 24.1-dev builds
-   [#&#8203;38853](https://github.com/quarkusio/quarkus/pull/38853) - \[3.7] Perform security checks on inherited endpoints before payload deserialization in the RESTEasy Reactive
-   [#&#8203;38855](https://github.com/quarkusio/quarkus/pull/38855) - Make registration of OAuthBearerValidatorCallbackHandler conditional
-   [#&#8203;38858](https://github.com/quarkusio/quarkus/pull/38858) - Testing: fix `@MockitoConfig`(convertScopes=true) with auto-producers
-   [#&#8203;38859](https://github.com/quarkusio/quarkus/pull/38859) - Fix warning when launching dev mode specifying quarkus-maven-plugin GAV on the command line
-   [#&#8203;38865](https://github.com/quarkusio/quarkus/pull/38865) - Update commons-compress version to mitigate CVE-2024-25710
-   [#&#8203;38866](https://github.com/quarkusio/quarkus/issues/38866) - Sporadic error in custom readiness check using `keycloak-admin-client`: `IllegalStateException: Client is closed`
-   [#&#8203;38868](https://github.com/quarkusio/quarkus/pull/38868) - Add config flag to disable jacoco
-   [#&#8203;38882](https://github.com/quarkusio/quarkus/pull/38882) - Quartz - prevent memory leak when Job instance is a `@Dependent` bean
-   [#&#8203;38886](https://github.com/quarkusio/quarkus/pull/38886) - Ignore `ValidationSchema` that results in registering all models
-   [#&#8203;38888](https://github.com/quarkusio/quarkus/pull/38888) - SmallRye Health: terminate request context properly
-   [#&#8203;38889](https://github.com/quarkusio/quarkus/issues/38889) - Kafka reactive messaging extension incompatible with Micrometer Prometheus extension for Quarkus 3.7.\*
-   [#&#8203;38890](https://github.com/quarkusio/quarkus/pull/38890) - Log resolved OIDC tenant id and how the bearer token is found
-   [#&#8203;38894](https://github.com/quarkusio/quarkus/pull/38894) - Disable messaging observation by default for backwards compatibility
-   [#&#8203;38897](https://github.com/quarkusio/quarkus/pull/38897) - Attempt to fix flaky DependentBeanJobTest

### [`v3.7.3`](https://github.com/quarkusio/quarkus/releases/tag/3.7.3)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.7.2...3.7.3)

##### Complete changelog

-   [#&#8203;36341](https://github.com/quarkusio/quarkus/issues/36341) - The API method KafkaStreams#cleanUp() is not applicable when use `@Produces` to build the topology
-   [#&#8203;37091](https://github.com/quarkusio/quarkus/pull/37091) - Fix VertxGrpcExporter reponse status handling
-   [#&#8203;37911](https://github.com/quarkusio/quarkus/pull/37911) - Store since JavaDoc tag in the configuration metadata, so that Quarkiverse projects can render it in their documentation if they like
-   [#&#8203;38055](https://github.com/quarkusio/quarkus/issues/38055) - Make annotation app.quarkus.io/vcs-uri optional in Kubernetes extension
-   [#&#8203;38079](https://github.com/quarkusio/quarkus/pull/38079) - Make OidcTestSecurityIdentityAugmentor faster by making privateKey's generation final and static
-   [#&#8203;38196](https://github.com/quarkusio/quarkus/pull/38196) - Use Vert.x pool with Jackson
-   [#&#8203;38477](https://github.com/quarkusio/quarkus/pull/38477) - Add disabled workflow to deploy snapshots in Quarkiverse extensions
-   [#&#8203;38489](https://github.com/quarkusio/quarkus/issues/38489) - OIDC authentication.extra-params not added to dev-services auth request
-   [#&#8203;38602](https://github.com/quarkusio/quarkus/issues/38602) - QuarkusComponentTest: `@TestConfigProperties` not applicable to method (override multiple config properties)
-   [#&#8203;38607](https://github.com/quarkusio/quarkus/pull/38607) - Gradle: fix IllegalStateException when resolving project deps
-   [#&#8203;38613](https://github.com/quarkusio/quarkus/issues/38613) - RabbitMQ Health Checks cannot be disabled from 3.7+
-   [#&#8203;38615](https://github.com/quarkusio/quarkus/pull/38615) - Updates to Infinispan 14.0.24.Final
-   [#&#8203;38619](https://github.com/quarkusio/quarkus/pull/38619) - Pass extra authentication params in the OIDC DevUI code flow redirect URL
-   [#&#8203;38626](https://github.com/quarkusio/quarkus/pull/38626) - Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2
-   [#&#8203;38650](https://github.com/quarkusio/quarkus/issues/38650) - UI doesn't work correct with umlauts
-   [#&#8203;38653](https://github.com/quarkusio/quarkus/pull/38653) - Enforce Dev UI charset to UTF-8
-   [#&#8203;38655](https://github.com/quarkusio/quarkus/pull/38655) - Allow for multiple TestConfigProperty annotations on methods
-   [#&#8203;38656](https://github.com/quarkusio/quarkus/pull/38656) - Upgrade the Mutiny Vert.x bindings to 3.9.0
-   [#&#8203;38658](https://github.com/quarkusio/quarkus/issues/38658) - Configure a REST Client ClientLogger vía CDI
-   [#&#8203;38662](https://github.com/quarkusio/quarkus/pull/38662) - Bump io.smallrye.config:smallrye-config-source-yaml from 3.5.2 to 3.5.4 in /devtools/gradle
-   [#&#8203;38663](https://github.com/quarkusio/quarkus/issues/38663) - ContainerRequestContext.getUriInfo().getMatchedURIs() IndexOutOfBoundsException
-   [#&#8203;38664](https://github.com/quarkusio/quarkus/pull/38664) - Bump Smallrye RM from 4.16.0 to 4.16.1
-   [#&#8203;38670](https://github.com/quarkusio/quarkus/pull/38670) - Make ClientLogger beans unremovable
-   [#&#8203;38671](https://github.com/quarkusio/quarkus/pull/38671) - Redis Client: improve documentation for sentinel and cluster
-   [#&#8203;38672](https://github.com/quarkusio/quarkus/pull/38672) - Remove WATCH Command in absence of Optimistic Locking
-   [#&#8203;38673](https://github.com/quarkusio/quarkus/pull/38673) - Fix OidcRequestFiler typo in security docs
-   [#&#8203;38674](https://github.com/quarkusio/quarkus/pull/38674) - Improve flaky test
-   [#&#8203;38675](https://github.com/quarkusio/quarkus/pull/38675) - Correct example generated yaml in extension metadata docs
-   [#&#8203;38676](https://github.com/quarkusio/quarkus/issues/38676) - OpenAPI does not fill roles in SecurityScheme in schema
-   [#&#8203;38680](https://github.com/quarkusio/quarkus/pull/38680) - Log how Keycloak devservice maps resources
-   [#&#8203;38681](https://github.com/quarkusio/quarkus/pull/38681) - Upgrade to Hibernate ORM 6.4.4.Final / bytebuddy 1.14.11
-   [#&#8203;38686](https://github.com/quarkusio/quarkus/pull/38686) - Make GraphQL Metrics End when Exceptional
-   [#&#8203;38692](https://github.com/quarkusio/quarkus/pull/38692) - Bump com.gradle:gradle-enterprise-maven-extension from 1.20 to 1.20.1
-   [#&#8203;38693](https://github.com/quarkusio/quarkus/pull/38693) - Bump commons-codec:commons-codec from 1.16.0 to 1.16.1
-   [#&#8203;38694](https://github.com/quarkusio/quarkus/pull/38694) - OpenAPI: remove check that avoids running auto-security at build
-   [#&#8203;38703](https://github.com/quarkusio/quarkus/issues/38703) - RESTEasy Reactive Multipart struggles with non-file binary uploads
-   [#&#8203;38705](https://github.com/quarkusio/quarkus/pull/38705) - Kafka Streams fire event after created and before scheduling the start
-   [#&#8203;38706](https://github.com/quarkusio/quarkus/issues/38706) - Elasticsearch container reuse creates a new container on each run
-   [#&#8203;38709](https://github.com/quarkusio/quarkus/pull/38709) - Don't provide empty paths when using a root prefix
-   [#&#8203;38710](https://github.com/quarkusio/quarkus/pull/38710) - Avoid Vert.x GraphQL deprecation warning
-   [#&#8203;38712](https://github.com/quarkusio/quarkus/pull/38712) - Bump Smallrye RM from 4.16.1 to 4.16.2
-   [#&#8203;38713](https://github.com/quarkusio/quarkus/pull/38713) - Only configure shared network for Elasticsearch/OpenSearch containers where necessary
-   [#&#8203;38714](https://github.com/quarkusio/quarkus/pull/38714) - Don't assume that multipart part without filename is always text
-   [#&#8203;38728](https://github.com/quarkusio/quarkus/pull/38728) - Encode Kafka messages with UTF8
-   [#&#8203;38730](https://github.com/quarkusio/quarkus/issues/38730) - Accept-Header in hibernate validator's ResteasyReactiveLocaleResolver is resolved case-sensitive
-   [#&#8203;38732](https://github.com/quarkusio/quarkus/issues/38732) - Quarkus should still allow to create project with Java 11 (for older streams and other platforms)
-   [#&#8203;38733](https://github.com/quarkusio/quarkus/pull/38733) - Allow Java 11 as LTS for older streams and other platforms
-   [#&#8203;38738](https://github.com/quarkusio/quarkus/pull/38738) - Make accept header check in validation case insensitive
-   [#&#8203;38748](https://github.com/quarkusio/quarkus/pull/38748) - Sanitize app.dekorate.io/vcs-url kubernetes annotation
-   [#&#8203;38755](https://github.com/quarkusio/quarkus/pull/38755) - Log when a RestEasy Reactive client close method is called
-   [#&#8203;38756](https://github.com/quarkusio/quarkus/pull/38756) - Bump Keycloak version to 23.0.6
-   [#&#8203;38760](https://github.com/quarkusio/quarkus/pull/38760) - Set COMPILE_ONLY flag on relevant dependencies that appear on DEPLOYMENT_CP and RUNTIME_CP

### [`v3.7.2`](https://github.com/quarkusio/quarkus/releases/tag/3.7.2)

[Compare Source](https://github.com/quarkusio/quarkus/compare/3.7.1...3.7.2)

##### Complete changelog

-   [#&#8203;37807](https://github.com/quarkusio/quarkus/issues/37807) - SSL requests hang when returning a CompletableFuture
-   [#&#8203;38101](https://github.com/quarkusio/quarkus/issues/38101) - smallrye-openapi property `oidc-open-id-connect-url` might not be fixed at build time
-   [#&#8203;38231](https://github.com/quarkusio/quarkus/pull/38231) - OpenAPI: Always run OpenIDConnectSecurityFilter at runtime
-   [#&#8203;38310](https://github.com/quarkusio/quarkus/pull/38310) - Add note about the two quarkus-extension files
-   [#&#8203;38394](https://github.com/quarkusio/quarkus/issues/38394) - quarkus-cache: "keyGenerator" destroyed, even if it is annotated with "Singleton"
-   [#&#8203;38397](https://github.com/quarkusio/quarkus/pull/38397) - Use actions/setup-java GPG key feature
-   [#&#8203;38411](https://github.com/quarkusio/quarkus/pull/38411) - Cache: only dependent CacheKeyGenerator beans are destroyed after use
-   [#&#8203;38422](https://github.com/quarkusio/quarkus/issues/38422) - nested configurations in extension: sub-property is seen as nested entity.
-   [#&#8203;38431](https://github.com/quarkusio/quarkus/issues/38431) - `quarkus.oidc-token-propagation-reactive.enabled-during-authentication` does not work correctly in the code flow
-   [#&#8203;38442](https://github.com/quarkusio/quarkus/pull/38442) - Make sure the code flow access token is propagated during the authentication
-   [#&#8203;38444](https://github.com/quarkusio/quarkus/pull/38444) - Fix request hanging condition
-   [#&#8203;38451](https://github.com/quarkusio/quarkus/issues/38451) - Remove workaround for HHH-17683 in Panache
-   [#&#8203;38479](https://github.com/quarkusio/quarkus/issues/38479) - Stricter and false positive env variables validation after upgrade to 3.7.0
-   [#&#8203;38483](https://github.com/quarkusio/quarkus/pull/38483) - Add a tool to check cross references
-   [#&#8203;38488](https://github.com/quarkusio/quarkus/pull/38488) - Update to Vert.x 4.5.2
-   [#&#8203;38495](https://github.com/quarkusio/quarkus/pull/38495) - Add org.graalvm.regex:regex to runnerParentFirstArtifacts
-   [#&#8203;38499](https://github.com/quarkusio/quarkus/issues/38499) - Alpn property not work in rest client reactive
-   [#&#8203;38500](https://github.com/quarkusio/quarkus/pull/38500) - Make quarkus.rest-client.alpn work in programmatically created client
-   [#&#8203;38506](https://github.com/quarkusio/quarkus/issues/38506) - lombok warning when building with 3.7.1
-   [#&#8203;38514](https://github.com/quarkusio/quarkus/issues/38514) - Alpn property not work for single rest client reactive
-   [#&#8203;38516](https://github.com/quarkusio/quarkus/pull/38516) - Add missing alpn config key handling from named config
-   [#&#8203;38521](https://github.com/quarkusio/quarkus/issues/38521) - Panache sorting no longer works for embedded fields in Quarkus 3.7.1
-   [#&#8203;38525](https://github.com/quarkusio/quarkus/pull/38525) - Fix typo in RedisClientConfig JavaDoc
-   [#&#8203;38527](https://github.com/quarkusio/quarkus/pull/38527) - Revert "Escape column names with backticks in order by clause of hql query"
-   [#&#8203;38543](https://github.com/quarkusio/quarkus/issues/38543) - LinksProcessor ID field error for native class HalCollectionWrapper
-   [#&#8203;38545](https://github.com/quarkusio/quarkus/issues/38545) - Enhance Adding extension section in cli-tooling documentation page
-   [#&#8203;38546](https://github.com/quarkusio/quarkus/pull/38546) - Add globbing pattern to cli-tooling.adoc
-   [#&#8203;38548](https://github.com/quarkusio/quarkus/pull/38548…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
8 participants