Quarkus 1.0.1.Final released - Important security fix
We just released 1.0.1.Final to fix an important security issue introduced in CR2 and still present in 1.0.0.Final.
Please upgrade to this version as soon as possible if you are using our security layer.
If you are using our security annotations (e.g.
@RolesAllowed) and also other annotations (such as Bean Validation annotations) on the parameters of your secured methods, the security checks would entirely be bypassed.
This issue was originally reported here: https://github.com/quarkusio/quarkus/issues/5763 .
1.0.1.Final fixes this issue and upgrade is highly recommended.
You can get the full changelog of 1.0.1.Final on GitHub.
We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!
If you are a Quarkus user or just curious, don’t be shy and join our welcoming community: