The English version of is the official project site. Translated sites are community supported on a best-effort basis.

Quarkus 3.2.12.Final released - Maintenance LTS release

Quarkus 3.2.12.Final, the eleventh maintenance release of the 3.2 LTS release train has been released.

This release includes the following security-related fixes:

  • CVE-2024-2700 io.quarkus/quarkus-core: Leak of local configuration properties into Quarkus applications

  • CVE-2024-29025 io.netty/netty-codec-http: Allocation of Resources Without Limits or Throttling

  • CVE-2023-51775 org.bitbucket.b_c/jose4j: Dos Attack Via specifically crafted JWE

And the following component upgrades:

  • Apache Mime4J 0.8.9 → 0.8.11

  • Jose4J 0.9.3 → 0.9.6

  • Netty 4.1.100.Final → 4.1.108.Final

  • Netty tcnative 2.0.61.Final → 2.0.65.Final

  • Vert.x 4.4.8 → 4.4.9

  • com.dajudge.kindcontainer:kindcontainer 1.3.0 → 1.4.5

If you are not already using a 3.2 release, please refer to our migration guide.

Known issues include:

It should be a safe upgrade for anyone already using a 3.2.11.Final release. However, the fix for CVE-2024-2700 introduces a change in how configuration options are recoded at build time and should be taken into account. More specifically, properties from configuration sources that are considered local (those that are available at build time but not runtime, such as environment variables, system properties, Maven and Gradle project properties) will not override the default values of runtime configuration properties. This is done to avoid leaking local environment values into production builds.

Registro completo de cambios

Únete a nosotros

Valoramos mucho tus comentarios, así que por favor reporta errores, solicita mejoras…​ ¡Construyamos algo grandioso juntos!

Si eres un usuario de Quarkus o simplemente tienes curiosidad, no seas tímido y únete a nuestra acogedora comunidad: