Quarkus 3.2.12.Final released - Maintenance LTS release
Quarkus 3.2.12.Final, the eleventh maintenance release of the 3.2 LTS release train has been released.
This release includes the following security-related fixes:
-
CVE-2024-2700 io.quarkus/quarkus-core: Leak of local configuration properties into Quarkus applications
-
CVE-2024-29025 io.netty/netty-codec-http: Allocation of Resources Without Limits or Throttling
-
CVE-2023-51775 org.bitbucket.b_c/jose4j: Dos Attack Via specifically crafted JWE
And the following component upgrades:
-
Apache Mime4J 0.8.9 → 0.8.11
-
Jose4J 0.9.3 → 0.9.6
-
Netty 4.1.100.Final → 4.1.108.Final
-
Netty tcnative 2.0.61.Final → 2.0.65.Final
-
Vert.x 4.4.8 → 4.4.9
-
com.dajudge.kindcontainer:kindcontainer 1.3.0 → 1.4.5
If you are not already using a 3.2 release, please refer to our migration guide.
Known issues include:
It should be a safe upgrade for anyone already using a 3.2.11.Final release. However, the fix for CVE-2024-2700 introduces a change in how configuration options are recoded at build time and should be taken into account. More specifically, properties from configuration sources that are considered local (those that are available at build time but not runtime, such as environment variables, system properties, Maven and Gradle project properties) will not override the default values of runtime configuration properties. This is done to avoid leaking local environment values into production builds.
Registro completo de cambios
You can get the full changelog of 3.2.12.Final on GitHub.
Únete a nosotros
Valoramos mucho tus comentarios, así que por favor reporta errores, solicita mejoras… ¡Construyamos algo grandioso juntos!
Si eres un usuario de Quarkus o simplemente tienes curiosidad, no seas tímido y únete a nuestra acogedora comunidad:
-
proporcionar retroalimentación en GitHub;
-
escribir algo de código y enviar push a PR;
-
comentar con nosotros en Zulip y en nuestra lista de correo;
-
hacer tus preguntas en Stack Overflow.
