Merge pull request #42634 from gsmet/3.13.3-backports-1

[3.13] 3.13.3 backports 1

bom/application/pom.xml

@@ -20,7 +20,7 @@
         <bouncycastle.tls.fips.version>1.0.19</bouncycastle.tls.fips.version>
         <expressly.version>5.0.0</expressly.version>
         <findbugs.version>3.0.2</findbugs.version>
-        <jandex.version>3.2.1</jandex.version>
+        <jandex.version>3.2.2</jandex.version>
         <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
         <javax.inject.version>1</javax.inject.version>
         <parsson.version>1.1.7</parsson.version>
@@ -94,7 +94,7 @@
         <gizmo.version>1.8.0</gizmo.version>
         <jackson-bom.version>2.17.2</jackson-bom.version>
         <commons-logging-jboss-logging.version>1.0.0.Final</commons-logging-jboss-logging.version>
-        <commons-lang3.version>3.15.0</commons-lang3.version>
+        <commons-lang3.version>3.14.0</commons-lang3.version>
         <commons-codec.version>1.17.1</commons-codec.version>
         <classmate.version>1.7.0</classmate.version>
         <!-- See root POM for hibernate-orm.version, hibernate-reactive.version, hibernate-validator.version,

build-parent/pom.xml

@@ -28,7 +28,7 @@
         <scala-plugin.version>${scala-maven-plugin.version}</scala-plugin.version>
 
         <!-- Jandex versions -->
-        <jandex.version>3.2.1</jandex.version>
+        <jandex.version>3.2.2</jandex.version>
         <jandex-gradle-plugin.version>1.0.0</jandex-gradle-plugin.version>
 
         <asciidoctorj.version>2.5.13</asciidoctorj.version>

devtools/gradle/gradle-model/src/main/java/io/quarkus/gradle/dependency/ConditionalDependenciesEnabler.java

@@ -168,44 +168,15 @@ private void queueConditionalDependency(ExtensionDependency<?> extension, Depend
     }
 
     private Configuration createConditionalDependenciesConfiguration(Project project, Dependency conditionalDep) {
-        // previously we used a detached configuration here but apparently extendsFrom(enforcedPlatforms)
-        // wouldn't actually enforce platforms on a detached configuration
-        var name = getConditionalConfigurationName(conditionalDep);
-        var config = project.getConfigurations().findByName(name);
-        if (config == null) {
-            project.getConfigurations().register(name, configuration -> {
-                configuration.setCanBeConsumed(false);
-                configuration.extendsFrom(enforcedPlatforms);
-                configuration.getDependencies().add(conditionalDep);
-            });
-            config = project.getConfigurations().getByName(name);
-        }
-        return config;
-    }
-
-    private static String getConditionalConfigurationName(Dependency conditionalDep) {
-        var name = new StringBuilder().append("quarkusConditional");
-        appendCapitalized(name, conditionalDep.getGroup());
-        appendCapitalized(name, conditionalDep.getName());
-        appendCapitalized(name, conditionalDep.getVersion());
-        return name.append("Configuration").toString();
-    }
-
-    private static void appendCapitalized(StringBuilder sb, String part) {
-        if (part != null && !part.isEmpty()) {
-            boolean toUpperCase = true;
-            for (int i = 0; i < part.length(); ++i) {
-                var c = part.charAt(i);
-                if (toUpperCase) {
-                    sb.append(Character.toUpperCase(c));
-                    toUpperCase = false;
-                } else if (c == '.' || c == '-') {
-                    toUpperCase = true;
-                } else {
-                    sb.append(c);
-                }
-            }
-        }
+        // Ideally, we want a named configuration here to make sure platform version constraints are enforced
+        // on conditional dependencies (https://github.com/gradle/gradle/issues/6881)
+        // However, if we use a named configuration we run into issues preventing IDEs to import projects
+        // (https://github.com/quarkusio/quarkus/issues/41825) and ./gradlew refreshVersions seems to break as well.
+        Configuration conditionalDepConfiguration = project.getConfigurations()
+                .detachedConfiguration()
+                .extendsFrom(enforcedPlatforms);
+        conditionalDepConfiguration.getDependencies().add(conditionalDep);
+        return conditionalDepConfiguration;
     }
 
     private void enableConditionalDependency(ModuleVersionIdentifier dependency) {

docs/src/main/asciidoc/extension-metadata.adoc

@@ -64,6 +64,9 @@ And here is the final version of the file included in the runtime JAR augmented
 ----
 name: "Quarkus REST (formerly RESTEasy Reactive)"
 artifact: "io.quarkus:quarkus-rest:999-SNAPSHOT"
+description: "A Jakarta REST implementation utilizing build time processing and Vert.x.\
+  \ This extension is not compatible with the quarkus-resteasy extension, or any of\
+  \ the extensions that depend on it." <1>
 metadata:
   short-name: "rest"
   keywords:
@@ -84,13 +87,13 @@ metadata:
     artifact: "io.quarkus:quarkus-project-core-extension-codestarts::jar:999-SNAPSHOT"
   config:
   - "quarkus.rest."
-  built-with-quarkus-core: "3.8.5" <1>
-  requires-quarkus-core: "[3.8,)" <2>
-  capabilities: <3>
+  built-with-quarkus-core: "3.8.5" <2>
+  requires-quarkus-core: "[3.8,)" <3>
+  capabilities: <4>
     provides:
     - "io.quarkus.rest"
     - "io.quarkus.resteasy.reactive"
-  extension-dependencies: <4>
+  extension-dependencies: <5>
   - "io.quarkus:quarkus-rest-common"
   - "io.quarkus:quarkus-mutiny"
   - "io.quarkus:quarkus-smallrye-context-propagation"
@@ -100,21 +103,18 @@ metadata:
   - "io.quarkus:quarkus-vertx-http"
   - "io.quarkus:quarkus-core"
   - "io.quarkus:quarkus-jsonp"
-description: "A Jakarta REST implementation utilizing build time processing and Vert.x.\
-  \ This extension is not compatible with the quarkus-resteasy extension, or any of\
-  \ the extensions that depend on it." <5>
-scm-url: "https://github.com/quarkusio/quarkus" <6>
-sponsor: A Sponsoring Organisation <7>
+  scm-url: "https://github.com/quarkusio/quarkus" <6>
+  sponsor: A Sponsoring Organisation <7>
 ----
-
-<1> Quarkus version the extension was built with
-<2> The Quarkus version range this extension requires. Optional, and will be set automatically by using the `built-with-quarkus-core` as the minimum range.
-<3> https://quarkus.io/guides/capabilities[Capabilities] this extension provides
-<4> Direct dependencies on other extensions
-<5> Description that can be displayed to users. In this case, the description was copied from the `pom.xml` of the extension module but it could also be provided in the template file.
+<1> Description that can be displayed to users. In this case, the description was copied from the `pom.xml` of the extension module but it could also be provided in the template file.
+<2> Quarkus version the extension was built with
+<3> The Quarkus version range this extension requires. Optional, and will be set automatically by using the `built-with-quarkus-core` as the minimum range.
+<4> https://quarkus.io/guides/capabilities[Capabilities] this extension provides
+<5> Direct dependencies on other extensions
 <6> The source code repository of this extension. Optional, and will often be set automatically by using the `<scm>` information in the pom. In GitHub Actions builds, it will be inferred from the CI environment. For other GitHub repositories, it can be controlled by setting a `GITHUB_REPOSITORY` environment variable.
 <7> The sponsor(s) of this extension. Optional, and will sometimes be determined automatically from commit history.
 
+
 [[quarkus-extension-properties]]
 == META-INF/quarkus-extension.properties
 

docs/src/main/asciidoc/getting-started-testing.adoc

@@ -1088,11 +1088,16 @@ If you are using Quarkus Security, check out the xref:security-testing.adoc[Test
 
 A very common need is to start some services on which your Quarkus application depends, before the Quarkus application starts for testing. To address this need, Quarkus provides `@io.quarkus.test.common.WithTestResource` and `io.quarkus.test.common.QuarkusTestResourceLifecycleManager`.
 
-By simply annotating any test in the test suite with `@WithTestResource`, Quarkus will run the corresponding `QuarkusTestResourceLifecycleManager` before any tests are run.
-A test suite is also free to utilize multiple `@WithTestResource` annotations, in which case all the corresponding `QuarkusTestResourceLifecycleManager` objects will be run before the tests. When using multiple test resources they can be started concurrently. For that you need to set `@WithTestResource(parallel = true)`.
+When a test annotated with `@WithTestResource`, Quarkus will run the corresponding `QuarkusTestResourceLifecycleManager` before the test.
+
+IMPORTANT: By default, `@WithTestResource` applies only to the test on which the annotation is placed. Each test that is annotated with `@WithTestResource`  will result in the application being re-augmented and restarted
+(in a similar fashion as happens in dev-mode when a change is detected) in order to incorporate the settings configured by the annotation. This means that if there are many instances of the annotation used throughout the testsuite,
+test execution speed will be impacted by these restarts.
 
 NOTE: Test resources are applied for a given test class or custom profile. To activate for all tests you can use `@WithTestResource(restrictToAnnotatedClass = false)`.
 
+NOTE: When using multiple test resources they can be started concurrently. For that you need to set `@WithTestResource(parallel = true)`.
+
 Quarkus provides a few implementations of `QuarkusTestResourceLifecycleManager` out of the box (see `io.quarkus.test.h2.H2DatabaseTestResource` which starts an H2 database, or `io.quarkus.test.kubernetes.client.KubernetesServerTestResource` which starts a mock Kubernetes API server),
 but it is common to create custom implementations to address specific application needs.
 Common cases include starting docker containers using https://www.testcontainers.org/[Testcontainers] (an example of which can be found https://github.com/quarkusio/quarkus/blob/main/test-framework/keycloak-server/src/main/java/io/quarkus/test/keycloak/server/KeycloakTestResourceLifecycleManager.java[here]),

docs/src/main/asciidoc/mongodb-panache.adoc

@@ -90,37 +90,6 @@ If you don't want to generate a new project, add the dependency in your build fi
 implementation("io.quarkus:quarkus-mongodb-panache")
 ----
 
-[NOTE]
-====
-If your project is already configured to use other annotation processors, you will need to additionally add the Panache annotation processor:
-
-[source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
-.pom.xml
-----
-<plugin>
-    <artifactId>maven-compiler-plugin</artifactId>
-    <version>${compiler-plugin.version}</version>
-    <configuration>
-        <parameters>${maven.compiler.parameters}</parameters>
-        <annotationProcessorPaths>
-            <!-- Your existing annotation processor(s)... -->
-            <path>
-                <groupId>io.quarkus</groupId>
-                <artifactId>quarkus-panache-common</artifactId>
-                <version>${quarkus.platform.version}</version>
-            </path>
-        </annotationProcessorPaths>
-    </configuration>
-</plugin>
-----
-
-[source,gradle,role="secondary asciidoc-tabs-target-sync-gradle"]
-.build.gradle
-----
-annotationProcessor("io.quarkus:quarkus-panache-common")
-----
-====
-
 == Setting up and configuring MongoDB with Panache
 
 To get started:

docs/src/main/asciidoc/podman.adoc

@@ -22,12 +22,7 @@ The Homebrew package manager on Mac (*brew*) *should not be used to install Podm
 
 On Linux, Podman is integrated as part of the operating system, and installed through the system's packager manager. As with Mac, and Windows, Podman Desktop can also be installed to supplement the Podman CLI. However, on Linux, Podman Desktop acts as a client to the native Podman integration, and does not manage the underlying Podman installation.
 
-See https://podman-desktop.io/downloads/ for the latest version of Podman Desktop or pick the version that suits your operating system from the list below:
-
-- https://podman-desktop.io/macos/[MacOS]
-- https://podman-desktop.io/windows/[Windows]
-- https://podman-desktop.io/linux/[Linux]
-
+See https://podman-desktop.io/downloads/ for the latest version of Podman Desktop.
 
 Additionally, if you are using Linux, see the Podman https://podman.io/docs/installation#installing-on-linux[Linux installation documentation] for instructions installing Podman to your specific Linux distribution.
 

docs/src/main/asciidoc/security-csrf-prevention.adoc

@@ -7,7 +7,7 @@ https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
 include::_attributes.adoc[]
 :categories: security
 :topics: security,csrf,http
-:extensions: io.quarkus:quarkus-csrf-reactive
+:extensions: io.quarkus:quarkus-rest-csrf
 
 https://owasp.org/www-community/attacks/csrf[Cross-Site Request Forgery (CSRF)] is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.
 
@@ -24,15 +24,15 @@ First, we need a new project.
 Create a new project with the following command:
 
 :create-app-artifact-id: security-csrf-prevention
-:create-app-extensions: csrf-reactive
+:create-app-extensions: rest-csrf
 include::{includes}/devtools/create-app.adoc[]
 
-This command generates a project which imports the `csrf-reactive` extension.
+This command generates a project which imports the `rest-csrf` extension.
 
-If you already have your Quarkus project configured, you can add the `csrf-reactive` extension
+If you already have your Quarkus project configured, you can add the `rest-csrf` extension
 to your project by running the following command in your project base directory:
 
-:add-extension-extensions: csrf-reactive
+:add-extension-extensions: rest-csrf
 include::{includes}/devtools/extension-add.adoc[]
 
 This will add the following to your build file:
@@ -42,14 +42,14 @@ This will add the following to your build file:
 ----
 <dependency>
     <groupId>io.quarkus</groupId>
-    <artifactId>quarkus-csrf-reactive</artifactId>
+    <artifactId>quarkus-rest-csrf</artifactId>
 </dependency>
 ----
 
 [source,gradle,role="secondary asciidoc-tabs-target-sync-gradle"]
 .build.gradle
 ----
-implementation("io.quarkus:quarkus-csrf-reactive")
+implementation("io.quarkus:quarkus-rest-csrf")
 ----
 
 Next, let's add a `csrfToken.html` Qute template producing an HTML form in the `src/main/resources/templates` folder:
@@ -126,8 +126,8 @@ At this stage no additional configuration is needed - by default the CSRF form f
 
 [source,properties]
 ----
-quarkus.csrf-reactive.form-field-name=csrftoken
-quarkus.csrf-reactive.cookie-name=csrftoken
+quarkus.rest-csrf.form-field-name=csrftoken
+quarkus.rest-csrf.cookie-name=csrftoken
 ----
 
 == Sign CSRF token
@@ -136,7 +136,7 @@ You can get `HMAC` signatures created for the generated CSRF tokens and have the
 
 [source,properties]
 ----
-quarkus.csrf-reactive.token-signature-key=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
+quarkus.rest-csrf.token-signature-key=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
 ----
 
 [[csrf-request-header]]
@@ -151,18 +151,18 @@ If HTML `form` tags are not used and you need to pass CSRF token as a header, th
 ----
 <1> This expression is used to inject a CSRF token header and token. This token will be verified by the CSRF filter against a CSRF cookie.
 
-Default header name is `X-CSRF-TOKEN`, you can customize it with `quarkus.csrf-reactive.token-header-name`, for example:
+Default header name is `X-CSRF-TOKEN`, you can customize it with `quarkus.rest-csrf.token-header-name`, for example:
 
 [source,properties]
 ----
-quarkus.csrf-reactive.token-header-name=CUSTOM-X-CSRF-TOKEN
+quarkus.rest-csrf.token-header-name=CUSTOM-X-CSRF-TOKEN
 ----
 
 If you need to access the CSRF cookie from JavaScript in order to pass its value as a header, use `{inject:csrf.cookieName}` and `{inject:csrf.headerName}` to inject the cookie name which has to be read as a CSRF header value and allow accessing this cookie:
 
 [source,properties]
 ----
-quarkus.csrf-reactive.cookie-http-only=false
+quarkus.rest-csrf.cookie-http-only=false
 ----
 
 == Cross-origin resource sharing
@@ -255,11 +255,11 @@ As you can see a CSRF token verification will be required at the `/service/user`
 [source,properties]
 ----
 # Verify CSRF token only for the `/service/user` path, ignore other paths such as `/service/users`
-quarkus.csrf-reactive.create-token-path=/service/user
+quarkus.rest-csrf.create-token-path=/service/user
 
 # If `/service/user` path accepts not only `application/x-www-form-urlencoded` payloads but also other ones such as JSON then allow them
 # Setting this property is not necessary when the token is submitted as a header value
-quarkus.csrf-reactive.require-form-url-encoded=false
+quarkus.rest-csrf.require-form-url-encoded=false
 ----
 
 == Verify CSRF token in the application code
@@ -316,7 +316,7 @@ Also disable the token verification in the filter:
 
 [source,properties]
 ----
-quarkus.csrf-reactive.verify-token=false
+quarkus.rest-csrf.verify-token=false
 ----
 
 [[csrf-reactive-configuration-reference]]