Merge pull request #2382 from jmartisk/3.20.2.1-3.15.6.1

Quarkus 3.15.6.1 and 3.20.2.1

Author: jmartisk

_posts/2025-08-18-cve-fixes-aug-2025.adoc

@@ -0,0 +1,27 @@
+---
+layout: post
+title: 'CVE emergency fixes - August 2025'
+date: 2025-08-18
+tags: release
+synopsis: 'We released Quarkus 3.15.6.1 and 3.20.2.1 with fixes for CVE-2025-55163.
+author: jmartisk
+---
+
+Today, we released two emergency releases for LTS branches - Quarkus 3.15.6.1 and 3.20.2.1 to address
+https://nvd.nist.gov/vuln/detail/CVE-2025-55163[CVE-2025-55163].
+The fix mitigates a vulnerability affecting the Quarkus HTTP/2 transport.
+Furthermore, 3.20.2.1 fixes a recent https://github.com/quarkusio/quarkus/issues/49133[regression in context propagation behavior].
+
+If you are using these versions and the mentioned components, the update is recommended.
+The fix will be also included in the upcoming 3.26.0 and 3.25.4 releases.
+
+== Come Join Us
+
+We value your feedback a lot so please report bugs, ask for improvements... Let's build something great together!
+
+If you are a Quarkus user or just curious, don't be shy and join our welcoming community:
+
+* provide feedback on https://github.com/quarkusio/quarkus/issues[GitHub];
+* craft some code and https://github.com/quarkusio/quarkus/pulls[push a PR];
+* discuss with us on https://quarkusio.zulipchat.com/[Zulip] and on the https://groups.google.com/d/forum/quarkus-dev[mailing list];
+* ask your questions on https://stackoverflow.com/questions/tagged/quarkus[Stack Overflow].