Sync web site with Quarkus documentation

Author: quarkusbot

_generated-doc/latest/config/quarkus-all-config.adoc

@@ -69869,6 +69869,32 @@ endif::add-copy-button-to-env-var[]
 |string
 |
 
+a| [[quarkus-oidc_quarkus-oidc-resource-metadata-authorization-server]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resource-metadata-authorization-server[`quarkus.oidc.resource-metadata.authorization-server`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.oidc.resource-metadata.authorization-server+++[]
+endif::add-copy-button-to-config-props[]
+
+
+`quarkus.oidc."tenant".resource-metadata.authorization-server`
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.oidc."tenant".resource-metadata.authorization-server+++[]
+endif::add-copy-button-to-config-props[]
+
+[.description]
+--
+Authorization server URL. 'quarkus.oidc.auth-server-url' property value is reported by default.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOURCE_METADATA_AUTHORIZATION_SERVER+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_OIDC_RESOURCE_METADATA_AUTHORIZATION_SERVER+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|
+
 a| [[quarkus-oidc_quarkus-oidc-resource-metadata-force-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resource-metadata-force-https-scheme[`quarkus.oidc.resource-metadata.force-https-scheme`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.oidc.resource-metadata.force-https-scheme+++[]

_generated-doc/latest/config/quarkus-oidc.adoc

@@ -1913,6 +1913,32 @@ endif::add-copy-button-to-env-var[]
 |string
 |
 
+a| [[quarkus-oidc_quarkus-oidc-resource-metadata-authorization-server]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resource-metadata-authorization-server[`quarkus.oidc.resource-metadata.authorization-server`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.oidc.resource-metadata.authorization-server+++[]
+endif::add-copy-button-to-config-props[]
+
+
+`quarkus.oidc."tenant".resource-metadata.authorization-server`
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.oidc."tenant".resource-metadata.authorization-server+++[]
+endif::add-copy-button-to-config-props[]
+
+[.description]
+--
+Authorization server URL. 'quarkus.oidc.auth-server-url' property value is reported by default.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOURCE_METADATA_AUTHORIZATION_SERVER+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_OIDC_RESOURCE_METADATA_AUTHORIZATION_SERVER+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|
+
 a| [[quarkus-oidc_quarkus-oidc-resource-metadata-force-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resource-metadata-force-https-scheme[`quarkus.oidc.resource-metadata.force-https-scheme`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.oidc.resource-metadata.force-https-scheme+++[]

_generated-doc/latest/config/quarkus-oidc_quarkus.oidc.adoc

@@ -1913,6 +1913,32 @@ endif::add-copy-button-to-env-var[]
 |string
 |
 
+a| [[quarkus-oidc_quarkus-oidc-resource-metadata-authorization-server]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resource-metadata-authorization-server[`quarkus.oidc.resource-metadata.authorization-server`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.oidc.resource-metadata.authorization-server+++[]
+endif::add-copy-button-to-config-props[]
+
+
+`quarkus.oidc."tenant".resource-metadata.authorization-server`
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.oidc."tenant".resource-metadata.authorization-server+++[]
+endif::add-copy-button-to-config-props[]
+
+[.description]
+--
+Authorization server URL. 'quarkus.oidc.auth-server-url' property value is reported by default.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOURCE_METADATA_AUTHORIZATION_SERVER+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_OIDC_RESOURCE_METADATA_AUTHORIZATION_SERVER+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|
+
 a| [[quarkus-oidc_quarkus-oidc-resource-metadata-force-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resource-metadata-force-https-scheme[`quarkus.oidc.resource-metadata.force-https-scheme`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.oidc.resource-metadata.force-https-scheme+++[]

_guides/_attributes.adoc

@@ -1,7 +1,7 @@
 // Common attributes.
 // --> No blank lines (it ends the document header)
 :project-name: Quarkus
-:quarkus-version: 3.26.2
+:quarkus-version: 3.26.3
 :quarkus-platform-groupid: io.quarkus.platform
 // .
 :maven-version: 3.9.9

_guides/blaze-persistence.adoc

@@ -51,7 +51,7 @@ Add the following dependencies to your project:
 </dependency>
 <dependency>
     <groupId>com.blazebit</groupId>
-    <artifactId>blaze-persistence-integration-hibernate-7.0</artifactId>
+    <artifactId>blaze-persistence-integration-hibernate-7.1</artifactId>
     <scope>runtime</scope>
 </dependency>
 ----
@@ -60,7 +60,7 @@ Add the following dependencies to your project:
 .Using Gradle
 ----
 implementation("com.blazebit:blaze-persistence-integration-quarkus-3")
-runtimeOnly("com.blazebit:blaze-persistence-integration-hibernate-7.0")
+runtimeOnly("com.blazebit:blaze-persistence-integration-hibernate-7.1")
 ----
 
 The use in native images requires a dependency on the entity view annotation processor that may be extracted into a separate `native` profile:

_guides/building-native-image.adoc

@@ -39,14 +39,16 @@ What does having a working C developer environment mean?
 sudo dnf install gcc glibc-devel zlib-devel libstdc++-static
 # Debian-based distributions:
 sudo apt-get install build-essential libz-dev zlib1g-dev
+# Arch Linux
+sudo pacman -S freetype2 gcc glibc lib32-gcc-libs zlib
 ----
 * XCode provides the required dependencies on macOS:
 +
 [source,bash]
 ----
 xcode-select --install
 ----
-* On Windows, you will need to install the https://aka.ms/vs/15/release/vs_buildtools.exe[Visual Studio 2017 Visual C++ Build Tools]
+* On Windows, you will need to install the https://aka.ms/vs/17/release/vs_buildtools.exe[Visual Studio 2022 Visual C++ Build Tools]
 ====
 
 === Background
@@ -220,7 +222,7 @@ Another solution is to write a script to do this for you:
 
 [source,bash]
 ----
-cmd /c 'call "C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvars64.bat" && mvn package -Dnative'
+cmd /c 'call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat" && mvn package -Dnative'
 ----
 ====
 

_guides/extension-registry-user.adoc

@@ -214,3 +214,26 @@ image:registry-nexus-repository.png[Nexus Repository Proxy]
 - Set the `Remote Storage` URL to `https://registry.quarkus.io/maven`
 
 image:registry-nexus3-repository.png[Nexus Repository Proxy]
+
+==== Environment Variables
+
+Applications using a registry client can be configured using environment variables.
+
+`QUARKUS_REGISTRIES` environment variable can be used to specify which registries should be enabled as a comma-separated list of registry IDs.
+For example
+```
+QUARKUS_REGISTRIES=registry.acme.org,registry.quarkus.io
+```
+That alone will be enough to initialize a registry client to pull extension catalogs from two registries using their default configurations.
+
+Certain registry options could be initialized with their specific environment variables. Each such option will have the following environment variable prefix:
+```
+QUARKUS_REGISTRY_<UPPERCASED_AND_UNDERSCORED_REGISTRY_ID>_
+```
+where `<UPPERCASED_AND_UNDERSCORED_REGISTRY_ID>` is a registry ID with each character converted to uppercase and a `.` replaced with `_`. For example, `REGISTRY_ACME_ORG`.
+
+The following options can be configured with this approach:
+
+- Repository URL, for example `QUARKUS_REGISTRY_REGISTRY_ACME_ORG_REPO_URL=https://internal.registry.acme.org/maven`
+- Update policy, for example `QUARKUS_REGISTRY_REGISTRY_ACME_ORG_UPDATE_POLICY=always`
+- Offering, for example `QUARKUS_REGISTRY_REGISTRY_ACME_ORG_OFFERING=acme-magic`

_guides/quarkus-runtime-base-image.adoc

@@ -32,75 +32,74 @@ CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]
 == Extending the image
 
 Your application may have additional requirements.
-For example, if you have an application that requires `libfreetype.so`, you need to copy the native libraries to the container.
-In this case, you need to use a multi-stage `dockerfile` to copy the required libraries:
+For example, if you have an application that manipulates graphics, images, or PDFs, you likely have Quarkus AWT extension included in the project and your native executable will require some additional libraries to run.
+In this case, you need to use a multi-stage `dockerfile` to copy the required libraries.
 
-[source, dockerfile]
-----
-# First stage - install the dependencies in an intermediate container
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 as BUILD
-RUN microdnf install freetype -y
-
-# Second stage - copy the dependencies
-FROM quay.io/quarkus/ubi9-quarkus-micro-image:2.0
-COPY --from=BUILD \
-   /lib64/libfreetype.so.6 \
-   /lib64/libbz2.so.1 \
-   /lib64/libpng16.so.16 \
-   /lib64/
-
-WORKDIR /work/
-COPY --chmod=0755 target/*-runner /work/application
-EXPOSE 8080
-CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]
-----
+[WARNING]
+====
+Copying handpicked libraries makes up for a small container image, yet it is somewhat britte, differs for different base image versions, and it is a subject to change as transitive dependencies of these libraries might change.
+====
 
-If you need to have access to the full AWT support, you need more than just `libfreetype.so`, but also the font and font configurations:
+[NOTE]
+====
+Headless graphics, PDF documents, QR code images etc. manipulation is natively supported on amd64/aarch64 Linux only. Neither Windows nor MacOS are supported and require running the application in a Linux container.
+====
 
 [source, dockerfile]
 ----
 # First stage - install the dependencies in an intermediate container
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 as BUILD
-RUN microdnf install freetype fontconfig -y
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 as nativelibs
+RUN microdnf install -y freetype fontconfig expat
 
 # Second stage - copy the dependencies
 FROM quay.io/quarkus/ubi9-quarkus-micro-image:2.0
-COPY --from=BUILD \
+WORKDIR /work/
+COPY --from=nativelibs \
+   /lib64/libz.so.1 \
+   /lib64/libstdc++.so.6 \
    /lib64/libfreetype.so.6 \
    /lib64/libgcc_s.so.1 \
    /lib64/libbz2.so.1 \
    /lib64/libpng16.so.16 \
    /lib64/libm.so.6 \
-   /lib64/libbz2.so.1 \
+   /lib64/libexpat.so.1 \
    /lib64/libuuid.so.1 \
+   /lib64/libxml2.so.2 \
+   /lib64/libharfbuzz.so.0 \
+   /lib64/libbrotlidec.so.1 \
+   /lib64/libbrotlicommon.so.1 \
+   /lib64/liblzma.so.5 \
+   /lib64/libglib-2.0.so.0 \
+   /lib64/libgraphite2.so.3 \
+   /lib64/libpcre.so.1 \
    /lib64/
-
-COPY --from=BUILD \
+COPY --from=nativelibs \
    /usr/lib64/libfontconfig.so.1 \
    /usr/lib64/
-
-COPY --from=BUILD \
+COPY --from=nativelibs \
     /usr/share/fonts /usr/share/fonts
-
-COPY --from=BUILD \
+COPY --from=nativelibs \
     /usr/share/fontconfig /usr/share/fontconfig
-
-COPY --from=BUILD \
+COPY --from=nativelibs \
     /usr/lib/fontconfig /usr/lib/fontconfig
-
-COPY --from=BUILD \
+COPY --from=nativelibs \
      /etc/fonts /etc/fonts
 
-WORKDIR /work/
-COPY --chmod=0755 target/*-runner /work/application
+RUN chown 1001 /work \
+    && chmod "g+rwX" /work \
+    && chown 1001:root /work
+# Shared objects to be dynamically loaded at runtime as needed,
+COPY target/*.so /work/
+COPY --chown=1001:root --chmod=0755 target/*-runner /work/application
+
 EXPOSE 8080
-CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]
-----
+USER 1001
 
+ENTRYPOINT ["./application", "-Dquarkus.http.host=0.0.0.0"]
+----
 
 == Alternative - Using ubi-minimal
 
-
 If the micro image does not suit your requirements, you can use https://catalog.redhat.com/software/containers/ubi9-minimal/61832888c0d15aff4912fe0d[ubi9-minimal].
 It's a bigger image, but contains more utilities and is closer to a full Linux distribution.
 Typically, it contains a package manager (`microdnf`), so you can install packages more easily.
@@ -121,3 +120,25 @@ USER 1001
 
 CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]
 ----
+
+To make documents processing, graphics, PDFs, etc. available for the application, you can install the required libraries using `microdnf` without manually copying anything:
+
+[source, dockerfile]
+----
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6
+RUN microdnf install -y freetype fontconfig \
+    && microdnf clean all
+
+WORKDIR /work/
+RUN chown 1001 /work \
+    && chmod "g+rwX" /work \
+    && chown 1001:root /work
+# Shared objects to be dynamically loaded at runtime as needed
+COPY --chown=1001:root target/*.so /work/
+COPY --chown=1001:root --chmod=0755 target/*-runner /work/application
+
+EXPOSE 8080
+USER 1001
+
+ENTRYPOINT ["./application", "-Dquarkus.http.host=0.0.0.0"]
+----

_guides/security-oidc-expanded-configuration.adoc

@@ -1295,6 +1295,7 @@ In turn, a client that requested the protected resource metadata can use its pro
 
 |quarkus.oidc.resource-metadata.enabled |false|Enable resource metadata properties
 |quarkus.oidc.resource-metadata.resource ||Resource identifier
+|quarkus.oidc.resource-metadata.authorization-server ||Authorization server URL
 |quarkus.oidc.resource-metadata.force-https-scheme |true|Force that a resource identifier URL has an HTTPS scheme
 |====
 
@@ -1307,7 +1308,9 @@ According to the https://datatracker.ietf.org/doc/rfc9728/[OAuth2 Protected Reso
 
 If it is configured as a relative path then it is added to the current request URL's host and port to build a resource identifier URL. If it is not configured at all then, unless it is a default tenant id, the tenand id is added to the current request URL's host and port to build a resource identifier URL.
 
-In such cases, the `quarkus.oidc.resource-metadata.force-https-scheme` property can be used to set a correct URL scheme, which is set to HTTPS by default.
+The resource identifier URL scheme is set to `HTTPS` by default. You can enable an `HTTP` URL scheme with `quarkus.oidc.resource-metadata.force-https-scheme=false`, it can be particularly useful in simple demos and tests.
+
+`quarkus.oidc.resource-metadata.authorization-server` allows to customize an authorization server URL that will be included in the resource metadata. The `quarkus.oidc.auth-server-url` URL is included by default, however, for some cases where an OIDC proxy interposes over the actual OIDC provider, returning the OIDC proxy's URL is required instead.
 
 See also the <<oidc-metadata-properties>> for details about the OIDC provider metadata that Quarkus OIDC uses for its work.
 

_guides/security-openid-connect-client-reference.adoc

@@ -768,7 +768,7 @@ You can also inject named `Tokens`, see <<named-oidc-clients,Inject named OidcCl
 Additionally, the `quarkus.oidc-client.refresh-token-time-skew` property can be used for a preemptive access token refreshment to avoid sending nearly expired access tokens that might cause HTTP 401 errors. For example, if this property is set to `3S` and the access token will expire in less than 3 seconds, then this token will be auto-refreshed.
 
 
-By default, OIDC client refreshes the token during the current request, when it detects that it has expired, or nearly expired if the [refresh token time skew](https://quarkus.io/guides/security-openid-connect-client-reference#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew) is configured.
+By default, OIDC client refreshes the token during the current request, when it detects that it has expired, or nearly expired if the xref:#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew[refresh token time skew] is configured.
 Performance critical applications may want to avoid having to wait for a possible token refresh during the incoming requests and configure an asynchronous token refresh instead, for example:
 
 [source,properties]