Sync web site with Quarkus documentation

Author: quarkusbot

_guides/_attributes.adoc

@@ -1,7 +1,7 @@
 // Common attributes.
 // --> No blank lines (it ends the document header)
 :project-name: Quarkus
-:quarkus-version: 3.17.6
+:quarkus-version: 3.17.7
 :quarkus-platform-groupid: io.quarkus.platform
 // .
 :maven-version: 3.9.9

_guides/deploying-to-kubernetes.adoc

@@ -301,7 +301,7 @@ of secret that contains the required credentials. Quarkus can automatically gene
 quarkus.kubernetes.generate-image-pull-secret=true
 ----
 
-More specifically a `Secret`like the one bellow is genrated:
+More specifically a `Secret` like the one below is generated:
 
 [source,yaml]
 ----

_guides/native-reference.adoc

@@ -2293,14 +2293,29 @@ One can see which Mandrel version was used to generate a binary by inspecting th
 
 [source,bash]
 ----
-$ strings target/debugging-native-1.0.0-SNAPSHOT-runner | grep GraalVM
-com.oracle.svm.core.VM=GraalVM 22.0.0.2-Final Java 11 Mandrel Distribution
+$ strings target/debugging-native-1.0.0-SNAPSHOT-runner | \
+  grep -e 'com.oracle.svm.core.VM=' -e 'com.oracle.svm.core.VM.Java.Version' -F
+com.oracle.svm.core.VM.Java.Version=21.0.5
+com.oracle.svm.core.VM=Mandrel-23.1.5.0-Final
 ----
 
 === How do I enable GC logging in native executables?
 
 See <<gc-logging,Native Memory Management GC Logging section>> for details.
 
+=== Can I get a thread dump of a native executable?
+
+Yes, Quarkus sets up a signal handler for the `SIGQUIT` signal (or `SIGBREAK` on windows) that will result in a thread
+dump being printed when receiving the `SIGQUIT/SIGBREAK` signal.
+You may use `kill -SIGQUIT <pid>` to trigger a thread dump.
+
+[NOTE]
+====
+Quarkus uses its own signal handler, to use GraalVM's default signal handler instead you will need to:
+1. Add `-H:+DumpThreadStacksOnSignal` to `quarkus.native.additional-build-args` and rebuild the application.
+2. Set the environment variable `DISABLE_SIGNAL_HANDLERS` before running the app.
+====
+
 [[heap-dumps]]
 === Can I get a heap dump of a native executable? e.g. if it runs out of memory
 

_guides/scheduler-reference.adoc

@@ -156,7 +156,7 @@ Property Expressions.
 .Time Zone Configuration Property Example
 [source,java]
 ----
-@Scheduled(cron = "0 15 10 * * ?", timeZone = "{myMethod.timeZone}")
+@Scheduled(cron = "0 15 10 * * ?", timeZone = "${myMethod.timeZone}")
 void myMethod() { }
 ----
 

_guides/security-authorize-web-endpoints-reference.adoc

@@ -1122,6 +1122,49 @@ public class ProjectPermissionChecker {
 TIP: Permission checks run by default on event loops.
 Annotate a permission checker method with the `io.smallrye.common.annotation.Blocking` annotation if you want to run the check on a worker thread.
 
+Matching between the `@PermissionsAllowed` values and the `@PermissionChecker` value is based on string equality as shown in the example below:
+
+[source,java]
+----
+package org.acme.security;
+
+import io.quarkus.security.PermissionChecker;
+import io.quarkus.security.PermissionsAllowed;
+import jakarta.enterprise.context.ApplicationScoped;
+
+@ApplicationScoped
+public class FileService {
+
+    @PermissionsAllowed({ "delete:all", "delete:dir" }) <1>
+    void deleteDirectory(Path directoryPath) {
+        // delete directory
+    }
+
+    @PermissionsAllowed(value = { "delete:service", "delete:file" }, inclusive = true) <2>
+    void deleteServiceFile(Path serviceFilePath) {
+        // delete service file
+    }
+
+    @PermissionChecker("delete:all")
+    boolean canDeleteAllDirectories(SecurityIdentity identity) {
+        String filePermissions = identity.getAttribute("user-group-file-permissions");
+        return filePermissions != null && filePermissions.contains("w");
+    }
+
+    @PermissionChecker("delete:service")
+    boolean canDeleteService(SecurityIdentity identity) {
+        return identity.hasRole("admin");
+    }
+
+    @PermissionChecker("delete:file")
+    boolean canDeleteFile(Path serviceFilePath) {
+        return serviceFilePath != null && !serviceFilePath.endsWith("critical");
+    }
+}
+----
+<1> The permission checker method `canDeleteAllDirectories` grants access to the `deleteDirectory` because the `delete:all` values are equal.
+<2> There must be exactly two permission checker methods, one for the `delete:service` permission and other for the `delete:file` permission.
+
 [[permission-meta-annotation]]
 ==== Create permission meta-annotations
 

_guides/security-ldap.adoc

@@ -177,6 +177,18 @@ quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter-base-dn=ou=
 
 The `elytron-security-ldap` extension requires a dir-context and an identity-mapping with at least one attribute-mapping to authenticate the user and its identity.
 
+=== Map LDAP groups to `SecurityIdentity` roles
+
+Previously described application configuration showed how to map `CN` attribute of the LDAP Distinguished Name group to a Quarkus `SecurityIdentity` role.
+More specifically, the `standardRole` CN was mapped to a `SecurityIdentity` role and thus allowed access to the `UserResource#me` endpoint.
+However, required `SecurityIdentity` roles may differ between applications and you may need to map LDAP groups to local `SecurityIdentity` roles like in the example below:
+
+[source,properties]
+----
+quarkus.http.auth.roles-mapping."standardRole"=user <1>
+----
+<1> Map the `standardRole` role to the application-specific `SecurityIdentity` role `user`.
+
 == Testing the Application
 
 The application is now protected and the identities are provided by our LDAP server.