Quarkus 3.2.12.Final released - Maintenance LTS release
Quarkus 3.2.12.Final, the eleventh maintenance release of the 3.2 LTS release train has been released.
This release includes the following security-related fixes:
-
CVE-2024-2700 io.quarkus/quarkus-core: Leak of local configuration properties into Quarkus applications
-
CVE-2024-29025 io.netty/netty-codec-http: Allocation of Resources Without Limits or Throttling
-
CVE-2023-51775 org.bitbucket.b_c/jose4j: Dos Attack Via specifically crafted JWE
And the following component upgrades:
-
Apache Mime4J 0.8.9 → 0.8.11
-
Jose4J 0.9.3 → 0.9.6
-
Netty 4.1.100.Final → 4.1.108.Final
-
Netty tcnative 2.0.61.Final → 2.0.65.Final
-
Vert.x 4.4.8 → 4.4.9
-
com.dajudge.kindcontainer:kindcontainer 1.3.0 → 1.4.5
If you are not already using a 3.2 release, please refer to our migration guide.
Known issues include:
It should be a safe upgrade for anyone already using a 3.2.11.Final release. However, the fix for CVE-2024-2700 introduces a change in how configuration options are recoded at build time and should be taken into account. More specifically, properties from configuration sources that are considered local (those that are available at build time but not runtime, such as environment variables, system properties, Maven and Gradle project properties) will not override the default values of runtime configuration properties. This is done to avoid leaking local environment values into production builds.
完全な変更履歴
You can get the full changelog of 3.2.12.Final on GitHub.
参加のお誘い
私達は皆様からのフィードバックに重きを置いています。バグ報告、改善要望を是非お願いします。一緒に素晴らしいものを作り上げていきましょう!
Quarkusユーザーの場合でも、単に興味を持っているだけの場合でも、恥ずかしがらずにコミュニティに参加して下さい!:
-
GitHub でフィードバック
-
コードを作成し、 プルリクエスト を送信
-
Stack Overflow で質問