Quarkus 3.2.11.Final released - Maintenance LTS release
Quarkus 3.2.11.Final, the eleventh maintenance release of the 3.2 LTS release train has been released.
This release includes the following security-related fixes:
-
CVE-2024-25710 Denial of service caused by an infinite loop for a corrupted DUMP file
-
CVE-2024-1597 PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
-
CVE-2024-1023 memory leak due to the use of Netty FastThreadLocal data structures in Vertx
-
CVE-2024-1300 memory leak when a TCP server is configured with TLS and SNI support
-
CVE-2024-1726 security checks for some inherited endpoints performed after serialization in RESTEasy Reactive may trigger a denial of service
And the following component upgrades:
-
Apache Commons Compress 1.25.0 → 1.26.0
-
PostgeSQL JDBC Driver 42.6.0 → 42.6.1
-
SmallRye JWT 4.3.0 → 4.4.0
-
Vert.X 4.4.6 → 4.4.8
If you are not already using a 3.2 release, please refer to our migration guide.
完全な変更履歴
You can get the full changelog of 3.2.11.Final on GitHub.
参加のお誘い
私達は皆様からのフィードバックに重きを置いています。バグ報告、改善要望を是非お願いします。一緒に素晴らしいものを作り上げていきましょう!
Quarkusユーザーの場合でも、単に興味を持っているだけの場合でも、恥ずかしがらずにコミュニティに参加して下さい!:
-
GitHub でフィードバック
-
コードを作成し、 プルリクエスト を送信
-
Stack Overflow で質問
