Today, we released Quarkus 3.25 with the following significant new features:#47802 - Virtual threads support for SmallRye GraphQL#47978 - Use Prometheus client v1 on Micrometer#48482 - Security - Provide a fluent API to set up path-specific authorization programmatically#48296 - OIDC Client: Add periodic asynchronous tokens refresh for performance critical applications#48734 - Support for OAuth2 Protected Resource MetadataWe are now preparing 3.26, which will be the base for our new LTS, 3.27 LTS.The feature freeze for the next LTS is on August 12th.UpdateTo update to Quarkus 3.25, we recommend updating to the latest version of the Quarkus CLI and run:quarkus updateNote that quarkus update can update your applications from any version of Quarkus (including 2.x) to Quarkus 3.25.For more information about the adjustments you need to make to your applications, please refer to the Quarkus 3.25 migration guide.What’s new?Virtual threads support for SmallRye GraphQLWe have had a Quarkus virtual threads story for a long time:Quarkus 3.6 introduced virtual threads support for Quarkus REST.Since then, a lot more features got support for virtual threads added e.g. Quarkus Messaging, gRPC.In Quarkus 3.25, we introduce the support of virtual threads in the SmallRye GraphQL extension.Prometheus Client v1 for MicrometerWe updated Micrometer to 1.15 and switched to the Prometheus Client v1.It comes with some breaking changes that are documented in our migration guide.SecurityFluent API to set up path-specific authorizationTo defined path-specific authorization, you previously had to use configuration properties such as:quarkus.http.auth.permission.permit1.paths=/public/*quarkus.http.auth.permission.permit1.policy=permitquarkus.http.auth.permission.permit1.methods=GETquarkus.http.auth.permission.deny1.paths=/forbiddenquarkus.http.auth.permission.deny1.policy=denyquarkus.http.auth.permission.roles1.paths=/roles-secured/*,/other/*,/api/*quarkus.http.auth.permission.roles1.policy=role-policy1quarkus.http.auth.policy.role-policy1.roles-allowed=user,adminIt is still a possibility but you now also have the option to use a programmatic API if it is more convenient for you.For instance:public class HttpSecurityConfiguration { void configure(@Observes HttpSecurity httpSecurity) { httpSecurity .get("/public/*").permit() .path("/roles-secured/*", "/other/*", "/api/*").roles("admin", "user") .path("/forbidden").authorization().deny(); }}Periodic asynchronous tokens refreshThe OIDC Client currently refreshes the token during the current request execution,which might be impractical for high performance applications.Quarkus 3.25 introduces the ability to refresh the tokens in the background by using the quarkus.oidc-client.refresh-interval configuration property.Support for OAuth2 Protected Resource MetadataQuarkus 3.25 adds initial support for RFC 9728’s OAuth 2.0 Protected Resource Metadata.See our documentation for all the details about this new feature.Legacy config classesWe have started sunsetting the legacy config classes support and, with 3.25, you can’t build an extension using legacy config classes anymore.In 3.26, the support for legacy config classes will be entirely dropped from Quarkus.Platform component upgradesQuarkus LangChain4jQuarkus LangChain4j is now part of the Quarkus Platform.The first version of Quarkus LangChain4j we included is 1.1.0.Camel QuarkusCamel Quarkus has been upgraded to 3.25.0.Full changelogYou can get the full changelog of 3.25.0.CR1 and 3.25.0 on GitHub.ContributorsThe Quarkus community is growing and has now 1103 contributors.Many many thanks to each and everyone of them.In particular for the 3.25 release, thanks to Alex Martel, Alexey Loubyansky, Anis Ikram, Antonio Macrì, Blaz Mrak, Bruno Baptista, Chris Laprun, Christian, Christian Beikov, Clement Escoffier, comrt, David M. Lloyd, Erik Mattheis, Foivos Zakkak, Fouad Almalki, Francesco Nigro, George Gastaldi, Georgios Andrianakis, Guillaume LECLERC, Guillaume Smet, Holly Cummins, Ilya Korennoy, Inaki Villar, Ivan Petkov, Izziizzi-ux, James Netherton, Jan Martiska, Jonathan Dowland, Julien Ponge, Katia Aresti, Kevin Wooten, Ladislav Thon, Lars Andringa, Lorenzo Vannucchi, Marco Belladelli, Marco Bungart, marko-bekhta, Martin Bartoš, Martin Kouba, Matej Novotny, Matej Vašek, Matheus Oliveira da Silva, Max Rydahl Andersen, melloware, Michal Vavřík, Nicola Concetti, Ozan Gunalp, Paulo Casaes, Peter Palaga, Phillip Krüger, Pierre Beitz, Ramon Boss, Robert Pospisil, Roberto Cortez, Rostislav Svoboda, Sebastian Zieja, Sergey Beryozkin, Severin Gehwolf, Sopka, Stéphane Épardaud, Teymur Babayev, Thomas Canava, Vincent Sevel, and Yoann Rodière.Come Join UsWe value your feedback a lot so please report bugs, ask for improvements…​ Let’s build something great together!If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:provide feedback on GitHub;craft some code and push a PR;discuss with us on Zulip and on the mailing list;ask your questions on Stack Overflow.