Sourced from io.quarkus:quarkus-bom's releases.

3.28.3

Complete changelog

• #29817 - quarkus cli fail hard on bad settings.xml
• #49733 - quarkus.thread-pool.shutdown-interrupt is not respected
• #50126 - HQL Console improvements
• #50306 - Unrecognized configuration key "quarkus.gradle-worker.no-process"
• #50317 - VertxOutputStream: Cannot reserve 65536 bytes of direct buffer memory (allocated: 760195093, limit: 760217600)
• #50318 - Avoid importing BOMs managing extensions managed by BOMs with higher preferences
• #50335 - Change quarkus.gradle-worker.* to gradle.quarkus.gradle-worker.*
• #50336 - Chunked response always finishes cleanly, client cannot detect incomplete download
• #50351 - Fix a few issues with Java 25 compatibility and include Java 25 in CI
• #50360 - Dev MCP: Make sure the config dir exist
• #50361 - When an error occurs during a streaming response, call HttpServerResponse.reset()
• #50364 - OIDC Steup authentication is missing information about insufficient authentication level in 'www-authenticate' when provider responses with single ACR
• #50365 - Bump keycloak to 26.4.0 and keycloak-client to 26.0.7
• #50366 - ArC: fix construction of interception proxies, part 2
• #50367 - Fix step authentication with Keycloak when protocol mapper has 'acr' user attribute configured as single valued string
• #50371 - HQL console: correct allow-hql config on hot reload and enter key to run query
• #50372 - Remove extra space in Dev UI welcome message
• #50375 - Log OIDC Client requests in debug mode
• #50376 - Handle backpressure whilst not on the event loop
• #50377 - Qute template results in timeout instead of NullPointerException
• #50383 - Qute: fix error propagation from section helpers
• #50390 - Quarkus OIDC incorrecty selects request filters for the token revocation
• #50397 - Fix OIDC TokenRevocation filter binding and improve request logging
• #50399 - Expand error messages when quarkus cli fail hard on bad settings.xml
• #50401 - Correctly handle Agroal Dev UI settings in hot-reload scenarios
• #50403 - Update links to Cassandra demo UI
• #50404 - Application with quarkus-keycloak-admin-rest-client fails to compile after recent Keycloak bump
• #50405 - Initialize org.keycloak.common.util.SecretGenerator at runtime for Keycloak admin client
• #50409 - Bump smallrye-graphql.version from 2.14.1 to 2.15.0
• #50416 - Set correct quarkus.oidc.token.require-jwt-introspection-only default value
• #50423 - Fix incorrect timing computation
• #50426 - Create proxies for abstract entity classes too in Hibernate ORM
• #50429 - Bump the hibernate group with 9 updates
• #50462 - Update Elasticsearch clients + dev service image version to 9.1.5
• #50472 - Fix NPE when no library versions exist in the DevUI

3.28.2

Complete changelog

• #48641 - Messaging kafka: incorrect setting of the graceful shutdown property for dev/test modes
• #49861 - Correct setting kafka graceful-shutdown property for dev and test profiles
• #50207 - Allow configuring Cache-Control when OIDC session cookie is created
• #50224 - Bump org.bouncycastle:bctls-fips from 2.1.20 to 2.1.22
• #50226 - Micrometer HTTP server requests metrics tags multiple URLs for 404s
• #50228 - @RestControllerAdvice raise exception

... (truncated)

• 55da99c [RELEASE] - Bump version to 3.28.3
• 34a11ff Merge pull request #50478 from gsmet/3.28.3-backports-1
• 87b4aba Fix NPE when no library versions exist in the DevUI
• 0217fa8 Set correct quarkus.oidc.token.require-jwt-introspection-only default value
• d18a862 Bump the hibernate group with 9 updates
• 197ff0e Create proxies for abstract entity classes too in Hibernate ORM
• e37fb4e Properly format parameters in LogCollectorTestResource#format
• 1a66220 Bump Elasticsearch version for dev services to 9.1.5
• c4daa63 Bump elasticsearch-opensource-components.version from 9.1.4 to 9.1.5
• 5d97c7a Fix incorrect timing computation
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)