The English version of quarkus.io is the official project site. Translated sites are community supported on a best-effort basis.

November 28, 2019 #release

Quarkus 1.0.1.Final released - Important security fix

By Guillaume Smet

We just released 1.0.1.Final to fix an important security issue introduced in CR2 and still present in 1.0.0.Final.

Please upgrade to this version as soon as possible if you are using our security layer.

What’s new?

Security issue fix

If you are using our security annotations (e.g. @RolesAllowed) and also other annotations (such as Bean Validation annotations) on the parameters of your secured methods, the security checks would entirely be bypassed.

This issue was originally reported here: https://github.com/quarkusio/quarkus/issues/5763 .

1.0.1.Final fixes this issue and upgrade is highly recommended.

Full changelog

You can get the full changelog of 1.0.1.Final on GitHub.

Come Join Us

We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!

If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:

provide feedback on GitHub;
craft some code and push a PR;
discuss with us on Zulip and on the mailing list;
ask your questions on Stack Overflow.

Quarkus is open. All dependencies of this project are available under the Apache Software License 2.0 or compatible license.

This website was built with Jekyll, is hosted on GitHub Pages and is completely open source. If you want to make it better, fork the website and show us what you’ve got.

Navigation

Get Help

Languages

Quarkus is made of community projects

CC by 3.0 | Privacy Policy Sponsored by