chore(deps): update quarkus.platform.version to v3 (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
io.quarkus:quarkus-maven-plugin	2.16.12.Final -> 3.14.4
io.quarkus:quarkus-bom	2.16.12.Final -> 3.14.4

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

quarkusio/quarkus (io.quarkus:quarkus-maven-plugin)

v3.14.4

Compare Source

v3.14.3

Compare Source

Complete changelog

• #​30087 - jbang does not persist Q:CONFIG keys nor build set keys
• #​32831 - Hibernate Validator Failure When TZ Set to Non-UTC
• #​41558 - Add documentation for vertx and qute integration
• #​41559 - Add documentation for Vertx and Qute integration
• #​42256 - Gradle early task configuration causes quarkus.container-image. properties to be ignored
• #​42496 - Configuration Cache compatibility (QuarkusGenerateCode - QuarkusBuid)
• #​42511 - TLS Reference guide grammar check and review
• #​42724 - gRPC Server INTERNAL: HTTP status code 400 When Upgrading from 3.12.3 > 3.13.0
• #​42751 - tls command not found despite the extension present in the application
• #​42851 - classic resteasy-client: ensure sub-resources are also proxied
• #​42875 - Compatibility with configuration cache for image tasks
• #​42905 - Port resteasy fix for sub-resources
• #​42908 - Cannot initialize file manager
• #​42948 - Document generic synthetic bean creation
• #​42990 - logout.backchannel.path fails when http.root-path is present - Again
• #​42995 - Fix minor typo: Use correct syntax for TIP admonition
• #​42998 - Error page and not found page now looks the same in prod mode
• #​43000 - Fix registration of backchannel logout route
• #​43009 - mention gradle dsl kts not supported in quarkus update
• #​43010 - Fix error message when a REST Client throws an exception
• #​43015 - REST: comment out useless 10K System.out.printl() in the DrainTest
• #​43017 - DefaultJaxRsRolesAllowedImplMethodSecuredTest produces a large number of errors
• #​43018 - Reduce log clutter in security tests
• #​43019 - Properly escape log message additions
• #​43020 - Store Quarkus version in native executable
• #​43021 - Decorated stacktrace that is added to the log record is not properly decorated
• #​43023 - Reduce Agroal pool logging
• #​43025 - Support transitive extensions when searching for plugins
• #​43028 - Bump org.jboss.marshalling:jboss-marshalling from 2.2.0.Final to 2.2.1.Final
• #​43029 - Bump mongo-client.version from 5.1.3 to 5.1.4
• #​43040 - Excluding depencency from arc based on group id only results in NoSuchElementException
• #​43041 - Update Vertx to version 4.5.10
• #​43043 - Fix Arc dependency exclusion configuration
• #​43044 - include sbom feature in LTS
• #​43045 - Embed quarkus version in native executable as a global string symbol
• #​43051 - Show exception cause during logging filter initialization
• #​43052 - Show exception cause during logging filter initialization
• #​43055 - Avoid publishing the docs module in Maven Central in extension template
• #​43063 - Bump com.gradle:common-custom-user-data-maven-extension from 2 to 2.0.1
• #​43066 - Add Application links on the welcome page
• #​43070 - Add a note about let's encrypt challenge requiring the port 80 to be accessible
• #​43071 - Quarkus CLI for extension setting old rest name
• #​43082 - Fix guide URL in web-dependency-locator
• #​43083 - Apply quarkus-rest-client-oidc-token-propagation name
• #​43085 - [3.14] Fix Boolean serializer
• #​43089 - Avoid using "Reactive" for Quarkus REST in security doc
• #​43095 - Qute: fix unsatisfied exception when recording rendered results is off
• #​43096 - Use a Quarkus-specific clock provider that is reinitialized at runtime
• #​43107 - TLS registry named config and Quarkus Messaging Kafka or Kafka Client can lead to failed application startup
• #​43108 - Use the shared JsonProvider when creating Jsonb instance
• #​43109 - Documentation generation for configuration properties in OIDC module leaves out plenty of information
• #​43112 - Fix visual studio code svg
• #​43113 - Documentation is not rendering the VSCode icon
• #​43115 - Config Doc - Configure OIDC Common annotation processor for legacy root
• #​43116 - Kafka TLS Registry integration: include tls-configuration-name in Kafka config
• #​43118 - Fix doc numeration level of lists extension methods
• #​43126 - Allows users to exclude DefaultMismatchedInputException
• #​43131 - Revert "Satisfy GraalVM's classpath needs for the deletion of org.h2.fulltext.FullTextLucene"
• #​43132 - Fix obsolete name in integration tests pom.xml of quarkus extension codestart
• #​43135 - The class CertificateReloadedEvent missing
• #​43137 - The CDI event fired after a successful update of certificates was wrong in the documentation
• #​43139 - [3.14] Initial support for SBOM generation and CycloneDX
• #​43142 - Fix flaky OTel tests
• #​43157 - [3.14] Make generated Jackson serializers to work with null values of boxed types
• #​43160 - Add runtime properties to Quarkus builder
• #​43168 - Update rest-data-panache docs to clarify experimental status
• #​43169 - Fixes error if annotation processing directories do not exist
• #​43194 - Fix javadoc for quarkus.bootstrap.incubating-model-resolver
• #​43195 - Config Doc - Reset list status for passthrough maps

v3.14.2

Compare Source

Complete changelog

• #​31375 - RuntimeException using VirtualThreads with Jacoco
• #​31802 - Unauthenticated request with a request path that contains a semicolon results in a server exception when using OIDC
• #​34395 - Spring Data API Extension Property Expressions with List not working
• #​41854 - REST request fails after adding maven dependency to quarkus-opentelemetry
• #​41927 - Fix off-by-one issue caused by ObservabilityIntegrationRecorder using its own method for getting path without prefix
• #​42098 - Kotlin junit ParameterizedTest with list as argument, not working anymore (3.13.0.CR1)
• #​42109 - Make sure arrays are always cloned as arrays
• #​42136 - Fail OIDC build if a primitive type Claim is injected in Singleton
• #​42205 - Enable comments (reasons) in the generated reflect-config.json and improve hierarchical registration tracing
• #​42228 - Native image build fails with -Dquarkus.native.report-errors-at-runtime
• #​42301 - Records that contain Enum are still unsupported with @ParameterizedTest even with Serializable in 3.13.0
• #​42394 - Take @JsonProperty into account in the reflection free Jackson serializers
• #​42466 - quarkus.knative.app-config-map misses adding the volumes to the ksvc template
• #​42485 - Fix quarkus.knative.app-config-map misses adding the volumes to the ksvc template
• #​42491 - Change dekorate template to use the intended knative object
• #​42535 - Add "how to write dev services" documentation
• #​42578 - OTEL + quarkus.http.test-timeout -> NullPointerException: Cannot invoke "io.vertx.core.spi.observability.HttpResponse.headers()" because "httpResponse" is null
• #​42619 - Jackson build time serializers could use SerializableString field names
• #​42651 - Use SerializableString field names + support for @JsonProperty in the reflection free Jackson serializers
• #​42661 - Bump Micrometer to 1.13
• #​42684 - Encode URL in OIDC cookie
• #​42702 - Updates to Infinispan 15.0.8.Final
• #​42703 - Update security docs
• #​42705 - Fix for resolving entity fields based on collections and generics
• #​42707 - Update OAuth2 docs because of change in Bearer token check change
• #​42714 - Continuous testing exclude-tags or exclude-engines cannot be configured via pom.xml anymore in 3.13
• #​42718 - Bump flyway.version from 10.17.1 to 10.17.2
• #​42733 - Qute template exception don't print origin
• #​42745 - Remove useless enum converter allocation
• #​42752 - quarkuscli always return 1 for exitcode for plugin commands
• #​42755 - Upload native build stats from a single GH runner
• #​42761 - Qute: ignore template files that contain whitespace in its name
• #​42766 - Use initial Quarkus Dev config for test tags and engines
• #​42773 - Remove jakarta.json.Json usage for performance reasons
• #​42774 - quarkus.rest.jackson.optimization.enable-reflection-free-serializers=true fails native build of StartStopTS microprofile application
• #​42778 - Rest Client (formerly reactive) keep using DEFAULT_MAX_POOL_SIZE
• #​42779 - QuarkusComponentTest: programmatic lookup improvements
• #​42783 - Qute: ignore template files that contain whitespace in its name
• #​42786 - Quarkus CLI Catalog wipes its content when a new plugin is added / removed
• #​42787 - Qute: print origin if non-literal value used in bracket notation
• #​42788 - Invalidate catalogs when adding/removing plugins
• #​42793 - Quote directory variable to support directories with spaces
• #​42794 - Avoid NullPointerExceptions when application fails to start
• #​42806 - quarkus-websockets-next client connect to WSS not possible
• #​42808 - quarkus-websockets-next client adds / to empty path
• #​42810 - Register InetAddressResolverProvider service providers
• #​42814 - OpenTelemetry traces and metrics config fallback to base
• #​42815 - The configuration options missing the quarkus.oidc.credentials.*
• #​42820 - Disable GrpcCliTest#testCommand due to CI failures
• #​42821 - CDI: add cross-reference links to docs
• #​42822 - Qute docs: clarify template record not annotated with @CheckedTemplate
• #​42823 - Properly set PoolOptions for REST Client
• #​42826 - WebSockets Next - client: support the wss scheme correctly
• #​42828 - Duplicate annotation for class: interface org.jetbrains.annotations.NotNull
• #​42830 - WebSockets Next: support endpoints with empty path
• #​42832 - Respect exit code of cli commands
• #​42833 - ArC - static methods interception: fix the set of copied annotations
• #​42835 - Config Doc - Fix two scanning issues
• #​42837 - ArC docs: mention @​Inject @All List<> in section about unused beans
• #​42840 - Possible to handle routes for base URI without path from extensions
• #​42844 - System properties config overrides in tests does not seem to take effect properly in quarkus 3.14.1
• #​42846 - Updating selected OIDC/OpenID guides
• #​42848 - Bump org.jetbrains.kotlinx:kotlinx-serialization-json from 1.7.1 to 1.7.2
• #​42853 - Config Doc - Also ignore FileNotFoundException
• #​42856 - Always put Jackson first in documentation
• #​42857 - quarkus-rest-client-jackson - Force property
• #​42858 - ExtLogRecord creation is more costly following the update to SmallRye Common 2.4.0
• #​42859 - Satisfy GraalVM's classpath needs for the deletion of org.h2.fulltext.FullTextLucene
• #​42860 - Quarkus output class in incorrect folder on live reload (gradle, multimodule, kotlin)
• #​42862 - Revert "QuarkusTestProfile overrides in a high ordinal application.properties"
• #​42864 - Correct typo in messaging.adoc
• #​42865 - kafka_version label is unkown in native mode
• #​42866 - DevUI log timestamp difference, as it was reported in GMT
• #​42867 - Dev mode error page stacktrace doesn't open problematic code IDE on click
• #​42869 - Dev UI log view doesn't catch up with logs after application restart
• #​42870 - Decorated stacktraces in dev mode are not provided when using tools like curl or postman
• #​42871 - org.springframework.aot.hint.annotation.Reflective missing from our Spring compatibilty layer?
• #​42877 - Quarkus CLI subcommand tls is missing help option despite showing help
• #​42880 - Remove BOOTSTRAP config phase from documentation
• #​42881 - Bump com.gradle.plugin-publish from 1.2.1 to 1.2.2 in /devtools/gradle
• #​42883 - Fix Quarkus CLI TLS command help option
• #​42884 - CompiledJavaVersionBuildStep may load a wrong class number with gradle
• #​42885 - Bump wildfly-elytron.version from 2.5.1.Final to 2.5.2.Final
• #​42889 - Fix some small Dev UI issues
• #​42895 - Upgrade spring-api dependency
• #​42896 - Possible to handle routes for base URI without path from extensions
• #​42897 - Process classes from the application artifact instead of the module output directory
• #​42898 - Fix Kafka kafka-version metrics tag missing in native
• #​42899 - Use quarkus-rest instead of quarkus-resteasy as default extension in maven plugin
• #​42901 - Add LGTM traces test / check
• #​42911 - Fix OTel DelayedAttributes bean handling
• #​42913 - Gradle - Correctly merge classes dir when using dev mode
• #​42914 - Fix Jackson serializers generation for interfaces and boxed primitive types
• #​42915 - Upgrading to 3.13.x+ causes parameterised tests using record argument to fail with LinkageError 'loader constraint violation'
• #​42916 - Update to JBoss Marshalling 2.2.0.Final
• #​42918 - Update SmallRye Common to 2.6.0
• #​42919 - ContainerRequestFilter checking for annotation fails in native
• #​42924 - Bump io.smallrye.common:smallrye-common-bom from 2.5.0 to 2.6.0
• #​42926 - Bump hibernate-search.version from 7.2.0.Final to 7.2.1.Final
• #​42927 - Add missing dot to GraalVM not found message
• #​42928 - Property [autoIncrement] was not found for object type [liquibase.datatype.core.BigIntType]
• #​42930 - Config Doc - Avoid annotations in primitive type name
• #​42932 - Improve compatibility of the REST Client configuration
• #​42936 - Add decorate to all contents types and added text base error response
• #​42941 - Register all resource classes for reflection when ResourceInfo is used
• #​42944 - Test: quarkus.http.port is not updated with random port activated through quarkus.http.test-port=0
• #​42950 - Changed order of property resolution in tests
• #​42958 - Signed OIDC UserInfo whith charset not recognized
• #​42962 - Support OIDC signed UserInfo with charset content type parameters
• #​42964 - Registering Liquibase BigIntType and Additional Classes for Reflection
• #​42968 - Bump flyway.version from 10.17.2 to 10.17.3
• #​42969 - Bump io.quarkus:quarkus-platform-bom-maven-plugin from 0.0.107 to 0.0.108
• #​42977 - Quarkus REST client and Quarkus REST with abstract resource - NATIVE build fails
• #​42980 - Prevent REST Client handling of abstract classes
• #​42981 - gu install native-image instructions are not need anymore
• #​42983 - Remove mentions to obsolete gu install native-image

v3.14.1

Compare Source

Complete changelog

• #​42166 - LogManager error of type GENERIC_FAILURE: Handler with name 'console' is linked to a category but not configured.
• #​42537 - REST usage fails with native when e.g. ContainerResponseFilter is used
• #​42612 - MQTT dev services always start if another reactive messaging connector is present
• #​42670 - Upgrade opentelemetry-semconv to 1.26.0-alpha
• #​42672 - Add socket timeout config for the hotrod client
• #​42698 - Fix config encryption CLI command in guide
• #​42725 - Bump mssql-jdbc to 12.8.1
• #​42738 - Fix OIDC Discord provider configuration
• #​42742 - Bump org.postgresql:postgresql from 42.7.3 to 42.7.4
• #​42746 - Fix MQTT dev services always start if there is another connector present
• #​42753 - TLS - Prevent Duplicate Entries in .env File
• #​42754 - Register resource classes for reflection when ContainerResponseFilter exists
• #​42758 - Single enum converter
• #​42759 - Save Objects::hash varargs array allocation on JarResource::hashCode
• #​42784 - Quarkus CLI report error when using CLI plugins with flags
• #​42785 - False error message on cli plug with flags
• #​42789 - Fix logging categories doc example
• #​42797 - Upgrade to SmallRye GraphQL 2.9.2

v3.14.0

Compare Source

v3.13.3

Compare Source

Complete changelog

• #​39558 - quarkus-cache might block indefinitely when backed by Redis and lockTimeout=0
• #​41825 - Quarkus Gradle Plugin 3.12.1+ breaks composite builds
• #​42253 - Redis Cache doesn't run in worker thread
• #​42406 - Properly document the consequences of using restrictToAnnotatedClass = true
• #​42411 - Qute template records: fix the way the canonical constructor is found
• #​42415 - Upgrade to Jandex 3.2.2
• #​42435 - Update javadoc and docs about @WithTestResource
• #​42436 - Fix methos to methods typos
• #​42439 - Qute template records: fix the way the canonical constructor is found
• #​42453 - Integration test fails to start mongo with Liquibase
• #​42467 - Remove dead links in podman documentation
• #​42472 - Fix connection port for MongoDB dev services using shared network
• #​42477 - Switch back to Detached configuration for conditional dependencies in Gradle
• #​42480 - Fix SmallRye Health OpenAPI definitions
• #​42483 - logout.backchannel.path fails when http.root-path is present
• #​42486 - Make the boot jars in jib respect quarkus.jib.use-current-timestamp-file-modification
• #​42492 - Memory improvements related to PathTree and Manifests
• #​42521 - Updates to reflect current extension names and configuration roots
• #​42524 - Add http root to OIDC back channel logout handlers
• #​42532 - Remove quarkus-panache-common from docs
• #​42538 - Correct indendation in metadata documentation so metadata is actually in the metadata block
• #​42540 - Redis cache: make blocking executions unordered
• #​42571 - Qute template detection has changed on Windows for templates in project dependencies
• #​42588 - Use the root path for OpenContainerPathTree#getRoots()
• #​42591 - StringIndexOutOfBoundsException on OAuth2AuthMechanism
• #​42595 - Properly check header before extracting the bearer token
• #​42597 - Downgrade commons-lang3 to 3.14.0 to avoid entropy issues
• #​42611 - Fix obsolete csrf extension name and configuration

v3.13.2

Compare Source

Complete changelog

• #​41731 - BugFix Fixed mismatched number of args in string formats
• #​42075 - WebSockets Next: honor the quarkus.http.root-path correctly
• #​42273 - Regression: quarkus-test-oidc-server tries to start the dev services since 3.13.0
• #​42302 - Quarkus instrument live-reload doesn't work when using Kotlin 1.8+
• #​42313 - Vert.x Cache Directory configuration ignored
• #​42314 - JPA writes don't work when using ONLY named data sources since 3.13.0
• #​42342 - quarkus run failing
• #​42352 - Conditionally index test related transaction annotations
• #​42354 - Update to SmallRye-GraphQL 2.9.1
• #​42355 - OOM in tests since Quarkus 3.13.0 (Part 2)
• #​42363 - Ignore Kotlin compiler generated annotations during live reload
• #​42373 - Fix section level for Varying database in Hibernate ORM
• #​42376 - Fix spring-data-jpa @Modifying(flushAutomatically = true)
• #​42380 - Bump quarkus-http.version from 5.3.0 to 5.3.1
• #​42386 - Fix doc for IdOptimizerType
• #​42387 - Vert.x Cache Directory configuration ignored
• #​42388 - Ensure that all AutoCloseable binders are closed
• #​42393 - Doc - Do not start Keycloak Dev Services when test resource is around
• #​42400 - Use the proper PU for executeUpdate on entityClass

v3.13.1

Compare Source

Complete changelog

• #​16292 - Liquibase includeAll does not work in native mode
• #​39934 - Kubernetes Client fails to create a new Pod in native executable because Pod Overhead set without corresponding RuntimeClass defined Overhead.
• #​40574 - When Using Liquibase with "quarkus.liquibase.clean-at-start=true" a RuntimeException Is Thrown in Quarkus 3.10.0
• #​40575 - When Using Liquibase in Native Mode a ServiceConfigurationError is Logged
• #​41500 - The total count for page links do not considered the complete query
• #​41729 - Gradle imageBuild fails with java.util.ConcurrentModificationException quarkus 3.12.1
• #​41894 - Gradle imageTask: look for builders among the dependencies of the runtime Quarkus application configuration instead of all the project configurations
• #​41918 - Qute: single quotes in variables break string
• #​41928 - Automatically Load Liquibase Resource Files for Native Image Build
• #​41968 - quarkus image build overrides container-image.group with the docker username
• #​42028 - Register fields for reflection in kubernetes-client
• #​42055 - Bump org.mvnpm.at.mvnpm:vaadin-webcomponents from 24.4.2 to 24.4.4
• #​42095 - Enable Liquibase includeAll in Native Image
• #​42099 - Register sun.security.provider.NativePRNG#<init> for reflection
• #​42112 - Update examples to use org.htmlunit:htmlunit
• #​42120 - Bump io.strimzi:strimzi-test-container from 0.106.0 to 0.107.0
• #​42121 - Update from net.sourceforge.htmlunit to org.htmlunit
• #​42122 - Add support for CompletableFuture when using JsonRPC in Dev UI
• #​42127 - Scheduler: make sure an exception never slips through an invokers chain
• #​42132 - Clarify RedisClientConfig documentation for max-pool-size
• #​42133 - Incorrect data in the ReactiveDatasourceHealthCheck being set when the connection is down
• #​42143 - Native Image run issue with XML Changelog quarkus-liquibase
• #​42146 - Removed missed deprecated @QuarkusTestResource from docs
• #​42159 - Resteasy-reactive Unit endpoint reported as "Run time writers required"
• #​42160 - Qute: fix parsing of string literals and lenient section parameters
• #​42168 - Unable to migrate to non-deprecated AnnotationsTransformerBuildItem
• #​42170 - Bump com.gradle:quarkus-build-caching-extension from 1.6 to 1.7
• #​42178 - Rename suggested extensions in "Consider adding ..." warning messages
• #​42181 - toplevel class can't have static
• #​42186 - Manage opentelemetry-semconv-incubating
• #​42195 - Treat Kotlin's Unit as void for the Quarkus REST scoring system
• #​42202 - Using filtering parameters and namedQuery in the count query
• #​42204 - Upgrade to Jandex 3.2.1
• #​42207 - Possible NPE during shutdown
• #​42208 - Avoid a possible NPE during application stop
• #​42216 - Add a note about JpaSpecificationExecutor not being supported
• #​42218 - Fix group overriding with machine username
• #​42220 - Qute: support synthetic named CDI beans injected in templates
• #​42223 - Quartz - fix job refire behavior, improve dep. bean job scenario
• #​42231 - Bump org.eclipse.parsson:parsson from 1.1.6 to 1.1.7
• #​42235 - Update kafka-schema-registry-json-schema.adoc
• #​42239 - Spring Data JPA findFirstBy with Optional throws NullPointerException
• #​42240 - Application tests failing w/ Quarkus 3.13.0 + io.smallrye.config:smallrye-config-source-keystore
• #​42241 - Fix Optional result type handling in Spring Data JPA
• #​42250 - Testing/3.13.0: QuarkusMainLauncher always returns exit code 0 for integration tests
• #​42252 - Fix QuarkusMainLauncher not returning exit code
• #​42259 - Bump io.quarkus.develocity:quarkus-project-develocity-extension from 1.1.3 to 1.1.4
• #​42260 - Fix a race condition in ReactiveDatasourceHealthCheck data field population
• #​42264 - Bump smallrye-config from 3.9.0 to 3.9.1
• #​42268 - Add a note about the REST Client's dev mode proxy
• #​42271 - NPE in websockets-next
• #​42276 - Bump io.smallrye.config:smallrye-config-source-yaml from 3.8.3 to 3.9.1 in /devtools/gradle
• #​42282 - WebSockets Next: CloseReason - fix NPE if connection terminated abruptly
• #​42284 - Add one more level of TOC for Qute reference guide
• #​42287 - Fix typo in JBang doc
• #​42288 - Allow finer tuning of shared network usage by Keycloak DevServices
• #​42291 - Missing = in system property additionalUpdateRecipes for quarkus update maven runner
• #​42297 - Can't change between light and dark mode in DevUI
• #​42303 - OOM in tests since Quarkus 3.13.0
• #​42310 - Fix Dev UI Theme switch
• #​42320 - Actually upgrade Vert.x to 4.5.9 in the BOM
• #​42325 - Bump org.eclipse:yasson from 3.0.3 to 3.0.4
• #​42332 - Add ability to always require a socket
• #​42336 - Manage mutiny-zero to avoid dependency convergence issues in downstream Camel Quarkus
• #​42338 - Fix ClassLoader leak in KeycloakDevServicesProcessor

v3.13.0

Compare Source

v3.12.3

Compare Source

Complete changelog

• #​40349 - HandleRequestCollectionHelper for Quarkus Amazon Lambda
• #​40464 - Fix correct parsing of collections in AmazonLambdaRecorder
• #​41592 - Update quarkus-build-caching-extension to 1.3
• #​41677 - Infinispan extension needs to include Wildly SASL providers in the native executable
• #​41688 - Infinispan Extension adds SASL to reflective classes
• #​41717 - quarkus-scheduler trigger getNextFireTime does not consider cron timezone
• #​41746 - SmallRye Health leaks MDC properties between health checks
• #​41778 - Scheduler: fix Trigger#getNextFireTime() for cron-based jobs
• #​41787 - Use SecureDirectoryStream to avoid FS problems and fix other minor issues in IoUtils
• #​41811 - Resteasy Reactive AsyncFile is never closed
• #​41814 - Fix code example for JSON serialisation in rest guide
• #​41815 - Create new vertx context for blocking health checks
• #​41818 - 3.12.1 - InvalidPathException quarkus-rest-kotlin Configuration.lockfile
• #​41824 - Properly close AsyncFile in Quarkus REST
• #​41836 - Module java.security.jgss should export sun.security.jgss
• #​41847 - Bump com.gradle:quarkus-build-caching-extension from 1.3 to 1.4
• #​41856 - WebSockets Next: broadcasting fixes
• #​41872 - Bump com.gradle:quarkus-build-caching-extension from 1.4 to 1.5
• #​41896 - Fix flaky InputCollectionOutputCollectionLambdaTest
• #​41902 - Use quarkusConditional prefix for Quarkus conditional dependency configurations
• #​41911 - Bump com.gradle:quarkus-build-caching-extension from 1.5 to 1.6
• #​41924 - Fix formatting issue in security-openid-connect-client-reference.adoc

v3.12.2

Compare Source

Complete changelog

• #​39515 - Programmatic Cache API does not preserve Vertx Duplicate Context
• #​41081 - ContextNotActiveException in SecurityIdentityAugmentor since Quarkus 3.10
• #​41182 - Running Quarkus CLI rewrites gradle.properties
• #​41236 - Liquibase fails when changelog file is not the default resource path
• #​41304 - Update the MappingStructure constant in the docs to match the enum value
• #​41530 - Fix liquibase issue with resource path
• #​41535 - Log records show the hostname on which the native executable was generated
• #​41567 - Quarkus REST abstract resources with @Path requires impl. to be CDI beans while RESTEasy does not
• #​41597 - Bump narayana.version from 7.0.1.Final to 7.0.2.Final
• #​41600 - GraphQL Query generated from windows doesn't work
• #​41605 - Bump kubernetes-client-bom from 6.13.0 to 6.13.1
• #​41606 - Allow use of abstract classes in Quarkus REST in the same way as interfaces
• #​41609 - Fix bytecode recording issue when default method is used as a getter
• #​41625 - Error when deploying to OpenShift
• #​41637 - Lock docker image version for the OTel Collector
• #​41647 - Handle duplicated Vert.x context in CaffeineCacheImpl
• #​41649 - Fix a broken xref to configuration-based-tenant-resolver
• #​41650 - Fix broken xrefs to configuration-based-tenant-resolver
• #​41654 - Register @JsonNaming value for reflection
• #​41659 - Since 3.12.0 filesystem write access during container build IT tests results in AccessDeniedException
• #​41662 - Update quarkus-project-develocity-extension to 1.1.3
• #​41664 - Reinitialize the SmallRye HostName class as well
• #​41669 - Dev mode always complaining about module-info not being supported
• #​41670 - Only warn about module-info if it exists
• #​41672 - Docs: Remove additional ) at the end
• #​41676 - Don't always set the user parameter when starting container in tests
• #​41685 - SmallRye GraphQL: added \r to PATTERN_NEWLINE_OR_TAB
• #​41707 - Fix native issue with @Providers when only the REST Client exists
• #​41716 - BugFix fixed comparison of field with itself
• #​41720 - Bump com.fasterxml.jackson:jackson-bom from 2.17.1 to 2.17.2
• #​41721 - Fix Quarkus REST concurrent modification exception when making abstract resource classes inheritors beans
• #​41730 - Probable bug in VertxCoreProcessor line 372
• #​41732 - Probable bug in AsyncResponseImpl lines 156 183
• #​41737 - Update telemetry-micrometer.adoc
• #​41752 - Fix bug in AsyncResponseImpl#register
• #​41753 - Fix * handling of debug configuration in VertxCoreProcessor
• #​41762 - Avoid storing timestamp in Gradle.properties
• #​41763 - For NOTE and TIP, use admonition syntax instead of ID syntax
• #​41768 - Using safe Integer comparison
• #​41779 - WebSockets Next: Dev UI fixes
• #​41791 - Update keycloak version to 25.0.0 in security docs

v3.12.1

Compare Source

Complete changelog

• #​39575 - Quarkus devmode crashes on JDK >= 22 (Windows)
• #​40834 - Flyway documentation should mention required database modules
• #​40904 - Bump aesh (2.7 to 2.8.2) & aesh-readline (2.4 to 2.6)
• #​41224 - QuarkusComponentTest -> No ParameterResolver registered for parameter
• #​41237 - InvalidPathException on Windows with web-dependency-locator and webRoot
• #​41260 - Update to maven 3.9.8
• #​41271 - Small Windows fixes for web dev and welcome page
• #​41275 - Improve Infinispan cache guide
• #​41279 - WebSockets Next - client: document TLS registry configuration
• #​41280 - WebSockets Next: document the client API
• #​41285 - Config Doc - LGTM doc is not expanded
• #​41291 - Work around conf

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[what-the-diff]

PR Summary

• Quarkus version upgraded
  Quarkus has been updated from version 2.16.6 to version 3.0, providing the latest features and improvements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (cb20e21) to head (6301d66).
Report is 2 commits behind head on master.

Additional details and impacted files

@@              Coverage Diff              @@
##             master     #3139      +/-   ##
=============================================
+ Coverage     96.16%   100.00%   +3.83%     
=============================================
  Files            60         6      -54     
  Lines           939        86     -853     
  Branches         28         2      -26     
=============================================
- Hits            903        86     -817     
+ Misses           30         0      -30     
+ Partials          6         0       -6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[datadog-github-app-for-yurake]

Datadog Report

Branch report: renovate/major-quarkus.platform.version
Commit report: c6ffcb3

✅ webapp-service: 0 Failed, 0 New Flaky, 24 Passed, 0 Skipped, 1.97s Wall Time

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[datadog-github-app-for-yurake]

Datadog Report

All test runs 7e22886 🔗

✅ 7 Total Test Services: 0 Failed, 0 with New Flaky, 7 Passed

Test Services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Wall Time	Branch View
consumer-activemq-quarkus	0	0	0	2	0	2.02s	Link
consumer-hazelcast-quarkus	0	0	0	4	0	1.52s	Link
consumer-rabbitmq-quarkus	0	0	0	1	0	2.07s	Link
consumer-redis-quarkus	0	0	0	1	0	1.99s	Link
converter-rabbitmq-quarkus	0	0	0	1	0	2.1s	Link
jaxrs-activemq-quarkus	0	0	0	16	0	1.59s	Link
webapp-service	0	0	0	24	0	1.36s	Link

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[datadog-github-app-for-yurake]

Datadog Report

Branch report: renovate/major-quarkus.platform.version
Commit report: 317b8d3
Test service: webapp-service

✅ 0 Failed, 24 Passed, 0 Skipped, 1.36s Total Time

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@cypress/request@2.88.12	environment, filesystem, network	0	133 kB	cypress-npm-publisher
npm/@cypress/xvfb@1.2.4	environment, filesystem, shell	+1	90.3 kB	cypress-npm-publisher
npm/@types/node@16.18.108	None	0	1.8 MB	types
npm/@types/sinonjs__fake-timers@8.1.1	None	0	15.5 kB	types
npm/@types/sizzle@2.3.2	None	0	5.04 kB	types
npm/@types/yauzl@2.10.3	None	0	6.11 kB	types
npm/aggregate-error@3.1.0	None	0	6.69 kB	sindresorhus
npm/ansi-colors@4.1.3	environment	0	26.1 kB	jonschlinkert
npm/ansi-escapes@4.3.2	None	0	16.4 kB	sindresorhus
npm/ansi-regex@5.0.1	None	0	5.61 kB	qix
npm/ansi-styles@4.3.0	None	0	17 kB	sindresorhus
npm/arch@2.2.0	environment, filesystem, shell	0	7.75 kB	feross
npm/asn1@0.2.6	None	0	19.8 kB	bahamat
npm/assert-plus@1.0.0	environment	0	11.4 kB	pfmooney
npm/astral-regex@2.0.0	None	0	3.4 kB	kevva
npm/async@3.2.3	None	0	821 kB	aearly
npm/asynckit@0.4.0	None	0	27.4 kB	alexindigo
npm/at-least-node@1.0.0	None	0	2.63 kB	ryanzim
npm/aws-sign2@0.7.0	None	0	14.2 kB	mikeal
npm/aws4@1.13.2	environment	0	23.4 kB	hichaelmart
npm/base64-js@1.5.1	None	0	9.62 kB	feross
npm/bcrypt-pbkdf@1.0.2	None	0	29 kB	arekinath
npm/blob-util@2.0.2	None	0	79 kB	nolanlawson
npm/bluebird@3.7.2	environment, eval, unsafe	0	632 kB	esailija
npm/buffer-crc32@0.2.13	None	0	7.95 kB	brianloveswords
npm/buffer@5.7.1	None	0	82.5 kB	feross
npm/cachedir@2.3.0	environment	0	5.96 kB	linusu
npm/call-bind@1.0.7	None	0	22.1 kB	ljharb
npm/caseless@0.12.0	None	0	14.3 kB	mikeal
npm/chalk@4.1.2	None	+1	42.1 kB	sindresorhus
npm/check-more-types@2.24.0	None	0	63.8 kB	bahmutov
npm/ci-info@3.9.0	environment	0	26.1 kB	sibiraj-s
npm/clean-stack@2.2.0	None	0	5.51 kB	sindresorhus
npm/cli-cursor@3.1.0	None	0	4.37 kB	sindresorhus
npm/cli-table3@0.6.5	None	0	46.2 kB	speedytwenty
npm/cli-truncate@2.1.0	None	0	10.4 kB	sindresorhus
npm/color-convert@2.0.1	None	0	27.2 kB	qix
npm/color-name@1.1.4	None	0	6.69 kB	dfcreative
npm/colorette@2.0.20	None	0	17 kB	jorgebucaran
npm/combined-stream@1.0.8	None	0	11.5 kB	alexindigo
npm/commander@6.2.1	filesystem, shell	0	113 kB	abetomo
npm/common-tags@1.8.0	None	0	226 kB	fatfisz
npm/core-util-is@1.0.2	None	0	23.2 kB	isaacs
npm/cross-spawn@7.0.3	environment, filesystem, shell	0	21.2 kB	satazor
npm/cypress@12.17.4	environment, filesystem, shell, unsafe	0	5 MB	cypress-npm-publisher
npm/dashdash@1.14.1	environment, filesystem	0	80.6 kB	trentm
npm/dayjs@1.11.13	None	0	670 kB	iamkun
npm/debug@4.3.6	environment	0	42.4 kB	qix
npm/define-data-property@1.1.4	None	0	30.9 kB	ljharb
npm/delayed-stream@1.0.0	None	0	8.02 kB	apechimp
npm/ecc-jsbn@0.1.2	None	0	27.8 kB	aduh95
npm/emoji-regex@8.0.0	None	0	48.3 kB	mathias
npm/end-of-stream@1.4.4	None	0	6.23 kB	mafintosh
npm/enquirer@2.4.1	environment	0	189 kB	jonschlinkert
npm/es-define-property@1.0.0	None	0	11.8 kB	ljharb
npm/es-errors@1.3.0	None	0	12.3 kB	ljharb
npm/escape-string-regexp@1.0.5	None	0	2.69 kB	jbnicolai
npm/eventemitter2@6.4.7	None	0	81.3 kB	rangermauve
npm/execa@4.1.0	environment, shell	0	56 kB	sindresorhus
npm/executable@4.1.1	filesystem	0	3.79 kB	kevva
npm/extend@3.0.2	None	0	23.5 kB	ljharb
npm/extract-zip@2.0.1	filesystem	0	10.7 kB	malept
npm/extsprintf@1.3.0	None	0	22.8 kB	dap
npm/fd-slicer@1.1.0	filesystem	0	29.8 kB	thejoshwolfe
npm/figures@3.2.0	None	0	12.1 kB	sindresorhus
npm/forever-agent@0.6.1	network	0	14 kB	simov
npm/form-data@2.3.3	filesystem, network	0	119 kB	alexindigo
npm/fs-extra@9.1.0	filesystem	0	130 kB	ryanzim
npm/function-bind@1.1.2	None	0	31.4 kB	ljharb
npm/get-intrinsic@1.2.4	eval	0	41.6 kB	ljharb
npm/get-stream@5.2.0	None	0	12.4 kB	sindresorhus
npm/getos@3.2.1	filesystem	0	39.7 kB	retrohack3r
npm/getpass@0.1.7	filesystem	0	5.67 kB	arekinath
npm/global-dirs@3.0.1	environment, filesystem	0	8.36 kB	sindresorhus
npm/gopd@1.0.1	None	0	7.7 kB	ljharb
npm/graceful-fs@4.2.11	environment, filesystem	0	32.5 kB	isaacs
npm/has-flag@4.0.0	None	0	4.42 kB	sindresorhus
npm/has-property-descriptors@1.0.2	None	0	10.9 kB	ljharb
npm/has-proto@1.0.3	None	0	12 kB	ljharb
npm/has-symbols@1.0.3	None	0	20.6 kB	ljharb
npm/hasown@2.0.2	None	0	8.77 kB	ljharb
npm/http-signature@1.3.6	None	0	40.7 kB	bahamat
npm/human-signals@1.1.1	None	0	42.4 kB	ehmicky
npm/ieee754@1.2.1	None	0	6.8 kB	feross
npm/indent-string@4.0.0	None	0	4.4 kB	sindresorhus
npm/ini@2.0.0	None	0	9.47 kB	isaacs
npm/is-ci@3.0.1	None	0	3.81 kB	sibiraj-s
npm/is-fullwidth-code-point@3.0.0	None	0	4.99 kB	sindresorhus
npm/is-installed-globally@0.4.0	filesystem	0	3.61 kB	sindresorhus
npm/is-path-inside@3.0.3	None	0	4.12 kB	sindresorhus
npm/is-stream@2.0.1	None	0	5.93 kB	sindresorhus
npm/is-typedarray@1.0.0	None	0	4.41 kB	hughsk
npm/is-unicode-supported@0.1.0	None	0	3.54 kB	sindresorhus
npm/isexe@2.0.0	environment, filesystem	0	11 kB	isaacs
npm/isstream@0.1.2	None	0	13.3 kB	rvagg
npm/jsbn@0.1.1	None	0	45.8 kB	andyperlitch
npm/json-schema@0.4.0	None	0	26.1 kB	kriszyp
npm/json-stringify-safe@5.0.1	None	0	12.7 kB	isaacs
npm/jsonfile@6.1.0	filesystem	0	19.8 kB	ryanzim
npm/jsprim@2.0.2	None	0	31.4 kB	bahamat
npm/lazy-ass@1.6.0	None	0	19.4 kB	bahmutov
npm/listr2@3.14.0	environment	0	168 kB	cenk1cenk2
npm/lodash.once@4.1.1	None	0	10.2 kB	jdalton
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/log-symbols@4.1.0	None	0	4.58 kB	sindresorhus
npm/log-update@4.0.0	None	+2	23.5 kB	sindresorhus
npm/merge-stream@2.0.0	None	0	4.31 kB	stevemao
npm/mime-db@1.52.0	None	0	206 kB	dougwilson
npm/mime-types@2.1.35	None	0	18.3 kB	dougwilson
npm/mimic-fn@2.1.0	None	0	4.46 kB	sindresorhus
npm/minimist@1.2.8	None	0	54.5 kB	ljharb
npm/ms@2.1.2	None	0	6.84 kB	styfle
npm/npm-run-path@4.0.1	environment	0	8.13 kB	sindresorhus
npm/object-inspect@1.13.2	None	0	99.1 kB	ljharb
npm/once@1.4.0	None	0	4.05 kB	isaacs
npm/onetime@5.1.2	None	0	6.17 kB	sindresorhus
npm/ospath@1.2.2	environment	0	3.38 kB	jprichardson
npm/p-map@4.0.0	None	0	8.69 kB	sindresorhus
npm/path-key@3.1.1	None	0	4.55 kB	sindresorhus
npm/pend@1.2.0	None	0	6.01 kB	superjoe
npm/performance-now@2.1.0	None	0	11.3 kB	meryn
npm/pify@2.3.0	None	0	6.02 kB	sindresorhus
npm/pretty-bytes@5.6.0	None	0	11.5 kB	sindresorhus
npm/process@0.11.10	None	0	15.3 kB	cwmma
npm/proxy-from-env@1.0.0	environment	0	24.2 kB	rob-w
npm/psl@1.9.0	None	0	461 kB	lupomontero
npm/pump@3.0.0	filesystem	0	7.78 kB	mafintosh
npm/punycode@2.3.1	None	0	33.5 kB	google-wombot
npm/qs@6.10.4	None	0	226 kB	ljharb
npm/querystringify@2.2.0	None	0	6.96 kB	lpinca
npm/request-progress@3.0.0	None	0	23 kB	satazor
npm/requires-port@1.0.0	None	0	8.56 kB	3rdeden
npm/restore-cursor@3.1.0	None	0	2.82 kB	sindresorhus
npm/rfdc@1.4.1	None	0	27.1 kB	matteo.collina
npm/rxjs@7.8.1	None	0	4.5 MB	blesh
npm/safe-buffer@5.2.1	None	0	32.1 kB	feross
npm/safer-buffer@2.1.2	None	0	42.3 kB	chalker
npm/semver@7.6.3	None	0	95.8 kB	npm-cli-ops
npm/set-function-length@1.2.2	None	0	14.7 kB	ljharb
npm/shebang-command@2.0.0	None	0	2.56 kB	kevva
npm/shebang-regex@3.0.0	None	0	2.83 kB	sindresorhus
npm/side-channel@1.0.6	None	0	23.2 kB	ljharb
npm/signal-exit@3.0.7	None	0	9.96 kB	isaacs
npm/slice-ansi@3.0.0	None	0	6.2 kB	sindresorhus
npm/sshpk@1.18.0	None	0	231 kB	bahamat
npm/string-width@4.2.3	None	0	5.16 kB	sindresorhus
npm/strip-ansi@6.0.1	None	0	4.03 kB	sindresorhus
npm/strip-final-newline@2.0.0	None	0	3.05 kB	sindresorhus
npm/supports-color@8.1.1	None	0	8.45 kB	sindresorhus
npm/throttleit@1.0.0	None	0	4.49 kB	dominicbarnes
npm/through@2.3.8	None	0	12.5 kB	dominictarr
npm/tmp@0.2.3	filesystem	0	54.4 kB	raszi
npm/tough-cookie@4.1.4	None	+1	117 kB	ccasey
npm/tslib@2.7.0	None	0	86.2 kB	typescript-bot
npm/tunnel-agent@0.6.0	environment, network	0	16.7 kB	mikeal
npm/tweetnacl@0.14.5	None	0	174 kB	dchest
npm/type-fest@0.21.3	None	0	119 kB	sindresorhus
npm/universalify@2.0.1	None	0	4.67 kB	ryanzim
npm/untildify@4.0.0	None	0	3.01 kB	sindresorhus
npm/url-parse@1.5.10	None	0	63 kB	swaagie
npm/uuid@8.3.2	None	0	116 kB	ctavan
npm/verror@1.10.0	None	0	35.8 kB	dap
npm/which@2.0.2	environment	0	9.97 kB	isaacs
npm/wrap-ansi@7.0.0	None	0	10.6 kB	sindresorhus
npm/wrappy@1.0.2	None	0	2.96 kB	zkat
npm/yauzl@2.10.0	filesystem	0	66.2 kB	thejoshwolfe

🚮 Removed packages: maven/io.quarkus/quarkus-bom@2.16.12.Final

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	maven/dom4j/dom4j@1.6.1	CVE: GHSA-hwj3-m3p6-hj38 dom4j allows External Entities by default which might enable XXE attacks (CRITICAL) Affected versions: <= 1.6.1 Patched version: No patched versions	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.jboss.netty/netty@3.2.9.Final	CVE: GHSA-cqqj-4p63-rrmm HTTP Request Smuggling in Netty (CRITICAL) Affected versions: < 4.0.0 Patched version: No patched versions	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.slf4j/slf4j-ext@1.7.25	CVE: GHSA-w77p-8cfg-2x43 Improper Access Control in SLF4J (CRITICAL) Affected versions: <= 1.7.25 Patched version: 1.7.26	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-cassandra-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/com.thoughtworks.xstream/xstream@1.4.10	CVE: GHSA-f554-x222-wgf7 Command Injection in Xstream (CRITICAL) Affected versions: = 1.4.10 Patched version: 1.4.11	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/com.thoughtworks.xstream/xstream@1.4.10	CVE: GHSA-hf23-9pf7-388p Deserialization of Untrusted Data and Code Injection in xstream (CRITICAL) Affected versions: <= 1.4.10 Patched version: 1.4.11	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.apache.ivy/ivy@2.4.0	CVE: GHSA-94rr-4jr5-9h2p Apache Ivy does not verify target path when extracting the archive (CRITICAL) Affected versions: >= 2.4.0, < 2.5.1 Patched version: 2.5.1	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.scala-lang/scala-library@2.13.6	CVE: GHSA-8qv5-68g4-248j Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization (CRITICAL) Affected versions: >= 2.13.0, < 2.13.9 Patched version: 2.13.9	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.codehaus.plexus/plexus-utils@3.0.8	CVE: GHSA-8vhq-qq4p-grq3 OS Command Injection in Plexus-utils (CRITICAL) Affected versions: < 3.0.16 Patched version: 3.0.16	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.apache.hadoop/hadoop-common@2.7.3	CVE: GHSA-rmpj-7c96-mrg8 Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2 (CRITICAL) Affected versions: < 2.10.2 Patched version: 2.10.2	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.apache.hadoop/hadoop-common@2.7.3	CVE: GHSA-8wm5-8h9c-47pc Apache Hadoop argument injection vulnerability (CRITICAL) Affected versions: >= 2.0.0, < 2.10.2 Patched version: 2.10.2	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.apache.hadoop/hadoop-common@2.7.3	CVE: GHSA-gx2c-fvhc-ph4j Path traversal in Hadoop (CRITICAL) Affected versions: < 3.2.3 Patched version: 3.2.3	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.apache.zookeeper/zookeeper@3.5.9	CVE: GHSA-7286-pgfv-vxvh Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper (CRITICAL) Affected versions: < 3.7.2 Patched version: 3.7.2	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/log4j/log4j@1.2.16	CVE: GHSA-65fg-84f6-3jq3 SQL Injection in Log4j 1.2.x (CRITICAL) Affected versions: <= 2.0 Patched version: No patched versions	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-cassandra-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/log4j/log4j@1.2.16	CVE: GHSA-f7vh-qwp3-x37m Deserialization of Untrusted Data in Apache Log4j (CRITICAL) Affected versions: <= 2.0 Patched version: No patched versions	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-cassandra-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/log4j/log4j@1.2.16	CVE: GHSA-2qrg-x229-3v8q Deserialization of Untrusted Data in Log4j (CRITICAL) Affected versions: >= 1.2, <= 1.2.17 Patched version: No patched versions	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-cassandra-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.springframework/spring-beans@3.0.3.RELEASE	CVE: GHSA-36p3-wjmg-h94x Remote Code Execution in Spring Framework (CRITICAL) Affected versions: < 5.2.20.RELEASE Patched version: 5.2.20.RELEASE	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-cassandra-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.springframework.boot/spring-boot-starter-web@2.7.15	CVE: GHSA-36p3-wjmg-h94x Remote Code Execution in Spring Framework (CRITICAL) Affected versions: < 5.2.20.RELEASE Patched version: 5.2.20.RELEASE	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.springframework/spring-core@3.0.3.RELEASE	CVE: GHSA-3rmv-2pg5-xvqj Improperly Implemented Security Check for Standard in org.springframework:spring-core (CRITICAL) Affected versions: < 4.3.16 Patched version: 4.3.16	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-cassandra-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.springframework/spring-core@3.0.3.RELEASE	CVE: GHSA-p5hg-3xm3-gcjg Spring Framework allows applications to expose STOMP over WebSocket endpoints (CRITICAL) Affected versions: < 4.3.16 Patched version: 4.3.16	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-cassandra-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.redisson/redisson@3.17.0	CVE: GHSA-4hvc-qwr2-f8rv Redisson vulnerable to Deserialization of Untrusted Data (CRITICAL) Affected versions: < 3.22.0 Patched version: 3.22.0	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎
Critical CVE	maven/org.springframework/spring-web@5.3.29	CVE: GHSA-4wrc-f8pq-fpqp Pivotal Spring Framework contains unsafe Java deserialization methods (CRITICAL) Affected versions: < 6.0.0 Patched version: 6.0.0	application/consumer-hazelcast-quarkus/pom.xml application/jaxrs-hazelcast-quarkus/pom.xml	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore maven/dom4j/dom4j@1.6.1
• @SocketSecurity ignore maven/org.jboss.netty/netty@3.2.9.Final
• @SocketSecurity ignore maven/org.slf4j/slf4j-ext@1.7.25
• @SocketSecurity ignore maven/com.thoughtworks.xstream/xstream@1.4.10
• @SocketSecurity ignore maven/org.apache.ivy/ivy@2.4.0
• @SocketSecurity ignore maven/org.scala-lang/scala-library@2.13.6
• @SocketSecurity ignore maven/org.codehaus.plexus/plexus-utils@3.0.8
• @SocketSecurity ignore maven/org.apache.hadoop/hadoop-common@2.7.3
• @SocketSecurity ignore maven/org.apache.zookeeper/zookeeper@3.5.9
• @SocketSecurity ignore maven/log4j/log4j@1.2.16
• @SocketSecurity ignore maven/org.springframework/spring-beans@3.0.3.RELEASE
• @SocketSecurity ignore maven/org.springframework.boot/spring-boot-starter-web@2.7.15
• @SocketSecurity ignore maven/org.springframework/spring-core@3.0.3.RELEASE
• @SocketSecurity ignore maven/org.redisson/redisson@3.17.0
• @SocketSecurity ignore maven/org.springframework/spring-web@5.3.29

[codeclimate]

Code Climate has analyzed commit d0eaa44 and detected 0 issues on this pull request.

View more on Code Climate.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.