Quarkus 3.15.6.1 and 3.20.2.1

jmartisk · jmartisk · commit f58b367a33cd · 2025-08-18T14:53:57.000+02:00
diff --git a/_posts/2025-08-18-cve-fixes-aug-2025.adoc b/_posts/2025-08-18-cve-fixes-aug-2025.adoc
@@ -0,0 +1,26 @@
+---
+layout: post
+title: 'CVE fixes - August 2025'
+date: 2025-08-18
+tags: release
+synopsis: 'We released Quarkus 3.15.6.1 and 3.20.2.1 with a fix for CVE-2025-55163.
+author: jmartisk
+---
+
+Today, we released CVE fixes releases for Quarkus 3.15 LTS and 3.20 LTS to address
+https://nvd.nist.gov/vuln/detail/CVE-2025-55163[CVE-2025-55163].
+The fix mitigates a vulnerability against DoS attacks over the HTTP/2 protocol.
+Furthermore, 3.20.2.1 fixes a recent https://github.com/quarkusio/quarkus/issues/49133[regression in context propagation behavior].
+
+If you are using these versions and the mentioned components, the update is recommended.
+
+== Come Join Us
+
+We value your feedback a lot so please report bugs, ask for improvements... Let's build something great together!
+
+If you are a Quarkus user or just curious, don't be shy and join our welcoming community:
+
+* provide feedback on https://github.com/quarkusio/quarkus/issues[GitHub];
+* craft some code and https://github.com/quarkusio/quarkus/pulls[push a PR];
+* discuss with us on https://quarkusio.zulipchat.com/[Zulip] and on the https://groups.google.com/d/forum/quarkus-dev[mailing list];
+* ask your questions on https://stackoverflow.com/questions/tagged/quarkus[Stack Overflow].
