Sync documentation of main branch

actions-user · actions-user · commit ffe806cc2068 · 2025-02-21T01:54:47.000Z
diff --git a/_generated-doc/main/infra/quarkus-all-build-items.adoc b/_generated-doc/main/infra/quarkus-all-build-items.adoc
@@ -5383,6 +5383,21 @@ _No Javadoc found_
 
 
 
+a| https://github.com/quarkusio/quarkus/blob/main/extensions/kubernetes-client/spi/src/main/java/io/quarkus/kubernetes/client/spi/KubernetesDevServiceInfoBuildItem.java[`io.quarkus.kubernetes.client.spi.KubernetesDevServiceInfoBuildItem`, window="_blank"]
+[.description]
+--
+_No Javadoc found_
+-- a|`java.lang.String kubeConfig` 
+
+_No Javadoc found_
+
+`java.lang.String containerId` 
+
+_No Javadoc found_
+
+
+
+
 a| https://github.com/quarkusio/quarkus/blob/main/extensions/kubernetes-client/spi/src/main/java/io/quarkus/kubernetes/client/spi/KubernetesResourcesBuildItem.java[`io.quarkus.kubernetes.client.spi.KubernetesResourcesBuildItem`, window="_blank"]
 [.description]
 --
diff --git a/_versions/main/guides/http-reference.adoc b/_versions/main/guides/http-reference.adoc
@@ -40,8 +40,7 @@ Look at the xref:web-dependency-locator.adoc[Web dependency locator] guide for d
 
 Static resources can be served from a local directory by installing an additional route in the Vert.x router.
 
-For instance, to serve resources from the `static/` directory relative to the current path at http://localhost:8080/static/,
-you can install the following route:
+For instance, to serve resources from the `static/` directory relative to the current path at http://localhost:8080/static/, you can install the following route:
 
 [source,java]
 ----
@@ -248,6 +247,10 @@ The files are reloaded from the same location as they were initially loaded from
 If there is no content change, the reloading is a no-op.
 It the reloading fails, the server will continue to use the previous certificates.
 
+=== Preventing client renegotiation
+
+See xref:./tls-registry-reference.adoc#client-renegotiation[Preventing client renegotiation] for more information.
+
 == Additional HTTP Headers
 
 To enable HTTP headers to be sent on every response, add the following properties:
diff --git a/_versions/main/guides/observability-devservices-lgtm.adoc b/_versions/main/guides/observability-devservices-lgtm.adoc
@@ -10,8 +10,13 @@ include::_attributes.adoc[]
 :topics: observability,grafana,lgtm,otlp,opentelemetry,devservices,micrometer
 :extensions: io.quarkus:quarkus-observability-devservices
 
-This Dev Service provides the https://github.com/grafana/docker-otel-lgtm[Grafana OTel-LGTM], an `all-in-one` Docker image containing an https://opentelemetry.io/docs/collector[OpenTelemetry Collector] receiving and then forwarding telemetry data to https://prometheus.io/[Prometheus] (metrics), https://github.com/grafana/tempo[Tempo] (traces) and https://github.com/grafana/loki[Loki] (logs).
-This data can then be visualized by https://github.com/grafana/grafana[Grafana].
+This Dev Service provides the https://github.com/grafana/docker-otel-lgtm[Grafana OTel-LGTM], an `all-in-one` Docker image containing an https://opentelemetry.io/docs/collector[OpenTelemetry Collector] receiving and then forwarding telemetry data to Prometheus (metrics), Tempo (traces) and Loki (logs).
+This data can then be visualized by https://github.com/grafana/grafana[Grafana]. The LGTM abbreviation stands for:
+
+- L -> https://github.com/grafana/loki[Loki] (logs)
+- G -> https://github.com/grafana/grafana[Grafana] (metrics visualization)
+- T -> https://github.com/grafana/tempo[Tempo] (traces)
+- M -> https://grafana.com/oss/mimir[Mimir] (long term storage for Prometheus)
 
 == Configuring your project
 
diff --git a/_versions/main/guides/tls-registry-reference.adoc b/_versions/main/guides/tls-registry-reference.adoc
@@ -662,6 +662,34 @@ To disable hostname verification:
 quarkus.tls.hostname-verification-algorithm=NONE
 ----
 
+[[client-renegotiation]]
+==== Preventing client renegotiation
+
+Client-initiated renegotiation allows a client to request new session parameters, such as a different cipher suite, during an established TLS connection.
+While this feature can provide flexibility, it also introduces a potential security risk when using TLS 1.2.
+
+When a client initiates a new TLS handshake, the server typically consumes significantly more CPU resources than the client. This resource asymmetry can be exploited to launch denial-of-service (DoS) attacks, overwhelming the server with renegotiation requests.
+
+TLS 1.3 completely removes support for renegotiation, effectively closing this potential attack vector.
+
+* To secure TLS 1.2 and earlier, set `jdk.tls.rejectClientInitiatedRenegotiation` to `true` to prevent client-initiated renegotiation.
++
+[source]
+----
+# JVM mode:
+java -Djdk.tls.rejectClientInitiatedRenegotiation=true -jar ...
+# Native mode
+./application -Djdk.tls.rejectClientInitiatedRenegotiation=true
+----
++
+If you are using the Quarkus-provided `Dockerfile` in JVM mode, you can disable renegotiation by adding the property to the `JAVA_OPTS_APPEND` environment variable:
++
+[source]
+----
+ENV JAVA_OPTS_APPPEND="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Djdk.tls.rejectClientInitiatedRenegotiation=true"
+----
+
+
 === Configuration reference
 
 The following table lists the supported properties:
