August 18, 2025 #release

CVE emergency fixes - August 2025

Today, we released two emergency releases for LTS branches - Quarkus 3.15.6.1 and 3.20.2.1 to address CVE-2025-55163. The fix mitigates a vulnerability affecting the Quarkus HTTP/2 transport. Furthermore, 3.20.2.1 fixes a recent regression in context propagation behavior.

If you are using these versions and the mentioned components, the update is recommended. The fix will be also included in the upcoming 3.26.0 and 3.25.4 releases.

Come Join Us

We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!

If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:

provide feedback on GitHub;
craft some code and push a PR;
discuss with us on Zulip and on the mailing list;
ask your questions on Stack Overflow.

Quarkus is open. All dependencies of this project are available under the Apache Software License 2.0 or compatible license. CC by 3.0

This website was built with Jekyll, is hosted on GitHub Pages and is completely open source. If you want to make it better, fork the website and show us what you’ve got.

Navigation

Get Help

Languages

Quarkus is made of community projects

Copyright © Quarkus. All rights reserved. For details on our trademarks, please visit our Trademark Policy and Trademark List. Trademarks of third parties are owned by their respective holders and their mention here does not suggest any endorsement or association.