[pull] main from quarkusio:main

bom/application/pom.xml

@@ -29,8 +29,7 @@
         <resteasy-microprofile.version>3.0.0.Final</resteasy-microprofile.version>
         <resteasy-spring-web.version>3.1.3.Final</resteasy-spring-web.version>
         <resteasy.version>6.2.11.Final</resteasy.version>
-        <opentelemetry.version>1.42.1</opentelemetry.version>
-        <opentelemetry-alpha.version>2.8.0-alpha</opentelemetry-alpha.version>
+        <opentelemetry-instrumentation.version>2.8.0-alpha</opentelemetry-instrumentation.version>
         <opentelemetry-semconv.version>1.27.0-alpha</opentelemetry-semconv.version>
         <quarkus-http.version>5.3.3</quarkus-http.version>
         <micrometer.version>1.14.1</micrometer.version><!-- keep in sync with hdrhistogram -->
@@ -433,24 +432,12 @@
                 <version>${opensearch-testcontainers.version}</version>
             </dependency>
             <!-- OpenTelemetry components, imported as a BOM -->
-            <dependency>
-                <groupId>io.opentelemetry</groupId>
-                <artifactId>opentelemetry-bom</artifactId>
-                <version>${opentelemetry.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-            <dependency>
-                <groupId>io.opentelemetry</groupId>
-                <artifactId>opentelemetry-bom-alpha</artifactId>
-                <version>${opentelemetry.version}-alpha</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
+            <!-- opentelemetry-instrumentation-bom-alpha includes the main and alpha-bom inside.-->
+            <!-- Also includes semantic conventions-->
             <dependency>
                 <groupId>io.opentelemetry.instrumentation</groupId>
                 <artifactId>opentelemetry-instrumentation-bom-alpha</artifactId>
-                <version>${opentelemetry-alpha.version}</version>
+                <version>${opentelemetry-instrumentation.version}</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -1391,6 +1378,16 @@
                 <artifactId>quarkus-mongodb-panache-common-deployment</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-hibernate-search-backend-elasticsearch-common</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-hibernate-search-backend-elasticsearch-common-deployment</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.quarkus</groupId>
                 <artifactId>quarkus-hibernate-search-orm-elasticsearch</artifactId>
@@ -6494,11 +6491,6 @@
                 <version>${mime4j.version}</version>
             </dependency>
             <!-- OpenTelemetry libs not in BOM -->
-            <dependency>
-                <groupId>io.opentelemetry.semconv</groupId>
-                <artifactId>opentelemetry-semconv</artifactId>
-                <version>${opentelemetry-semconv.version}</version>
-            </dependency>
             <dependency>
                 <groupId>io.opentelemetry.semconv</groupId>
                 <artifactId>opentelemetry-semconv-incubating</artifactId>

devtools/bom-descriptor-json/pom.xml

@@ -954,6 +954,19 @@
                         </exclusion>
                     </exclusions>
                 </dependency>
+                <dependency>
+                    <groupId>io.quarkus</groupId>
+                    <artifactId>quarkus-hibernate-search-backend-elasticsearch-common</artifactId>
+                    <version>${project.version}</version>
+                    <type>pom</type>
+                    <scope>test</scope>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>*</groupId>
+                            <artifactId>*</artifactId>
+                        </exclusion>
+                    </exclusions>
+                </dependency>
                 <dependency>
                     <groupId>io.quarkus</groupId>
                     <artifactId>quarkus-hibernate-search-orm-elasticsearch</artifactId>

docs/pom.xml

@@ -965,6 +965,19 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-hibernate-search-backend-elasticsearch-common-deployment</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-hibernate-search-orm-elasticsearch-deployment</artifactId>

docs/src/main/asciidoc/security-cors.adoc

@@ -4,68 +4,91 @@ and pull requests should be submitted there:
 https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
 ////
 [id="security-cors"]
-= Cross-origin resource sharing
+= Cross-Origin Resource Sharing (CORS)
 include::_attributes.adoc[]
-:diataxis-type: concept
+:diataxis-type: reference
 :categories: security,web
-:keywords: cors,http
+:summary: Enable and configure CORS in Quarkus to specify allowed origins, methods, and headers, guiding browsers in handling cross-origin requests safely.
+:keywords: cors,http,configuration, security, headers
 :extensions: io.quarkus:quarkus-vertx-http
 
-Cross-origin resource sharing (CORS) is an HTTP-header-based mechanism that allows a server to indicate any origins other than its own, from which a browser should permit loading resources.
+Enable and configure CORS in Quarkus to specify allowed origins, methods, and headers, guiding browsers in handling cross-origin requests safely.
 
-These origins consist of a single domain, scheme, and port.
-For the complete origin definition, see the link:https://datatracker.ietf.org/doc/html/rfc6454[Web Origin Concept] page.
+Cross-Origin Resource Sharing (CORS) uses HTTP headers to manage browser requests for resources from external origins securely.
+By specifying permitted origins, methods, and headers, Quarkus servers can use the CORS filter to enable browsers to request resources across domains while maintaining controlled access.
+This mechanism enhances security and supports legitimate cross-origin requests.
+For more on origin definitions, see the link:https://datatracker.ietf.org/doc/html/rfc6454[Web Origin Concept].
 
 [[cors-filter]]
-== CORS filter
+== Enabling the CORS filter
 
-Quarkus provides a CORS filter, which implements the `jakarta.servlet.Filter` interface and intercepts all incoming HTTP requests.
-It can be enabled in the Quarkus configuration file, `src/main/resources/application.properties`:
+To enforce CORS policies in your application, enable the Quarkus CORS filter by adding the following line to the `src/main/resources/application.properties` file:
 
 [source, properties]
 ----
 quarkus.http.cors=true
 ----
 
-When the filter is enabled and identifies an HTTP request as cross-origin, it will enforce the CORS policy.
-It will also add headers configured with the following properties before forwarding the request to its intended destination, like a servlet, Jakarta REST resource, or other endpoints.
+The filter intercepts all incoming HTTP requests to identify cross-origin requests and applies the configured policy.
+The filter then adds CORS headers to the HTTP response, informing browsers about allowed origins and access parameters.
+For preflight requests, the filter returns an HTTP response immediately.
+For regular CORS requests, the filter denies access with an HTTP 403 status if the request violates the configured policy; otherwise, the filter forwards the request to the destination if the policy allows it.
+
+For detailed configuration options, see the following Configuration Properties section.
 
 include::{generated-dir}/config/quarkus-vertx-http_quarkus.http.cors.adoc[leveloffset=+1, opts=optional]
 
-. An example of a full CORS filter configuration that includes a regular expression defining an allowed origin
+== Example CORS configuration
+
+The following example shows a complete CORS filter configuration, including a regular expression to define one of the origins.
+
 [source, properties]
 ----
-quarkus.http.cors=true
-quarkus.http.cors.origins=http://foo.com,http://www.bar.io,/https://([a-z0-9\\-_]+)\\\\.app\\\\.mydomain\\\\.com/
-quarkus.http.cors.methods=GET,PUT,POST
-quarkus.http.cors.headers=X-Custom
-quarkus.http.cors.exposed-headers=Content-Disposition
-quarkus.http.cors.access-control-max-age=24H
-quarkus.http.cors.access-control-allow-credentials=true
+quarkus.http.cors=true <1>
+quarkus.http.cors.origins=http://example.com,http://www.example.io,/https://([a-z0-9\\-_]+)\\\\.app\\\\.mydomain\\\\.com/ <2>
+quarkus.http.cors.methods=GET,PUT,POST <3>
+quarkus.http.cors.headers=X-Custom <4>
+quarkus.http.cors.exposed-headers=Content-Disposition <5>
+quarkus.http.cors.access-control-max-age=24H <6>
+quarkus.http.cors.access-control-allow-credentials=true <7>
 ----
 
-`/https://([a-z0-9\\-_]+)\\\\.app\\\\.mydomain\\\\.com/` is treated as a regular expression because forward slash characters surround it.
+<1> Enables the CORS filter.
+<2> Specifies allowed origins, including a regular expression.
+<3> Lists allowed HTTP methods for cross-origin requests.
+<4> Declares custom headers that clients can include in requests.
+<5> Identifies response headers that clients can access.
+<6> Sets how long preflight request results are cached.
+<7> Allows cookies or credentials in cross-origin requests.
 
-[NOTE]
+When using regular expressions in an `application.properties` file, escape special characters with four backward slashes (`\\\\`) to ensure proper behavior.
+For example:
+
+* `\\\\.` matches a literal `.` character.
+* `\\.` matches any single character as a regular expression metadata character.
+
+[IMPORTANT]
 ====
-If you use regular expressions in an `application.properties` file, make sure four backward slashes are used to represent `.` and other regular expression metadata characters as normal characters, for example, `\\\\.` represents a `.` character while `\\.` represents a metadata character allowing for any character.
+Incorrectly escaped patterns can lead to unintended behavior or security vulnerabilities.
+Always verify regular expression syntax before deployment.
 ====
 
-=== Support all origins in dev mode
+== Allowing all origins in dev mode
 
-Configuring required origins when developing a Quarkus application requiring CORS support can be difficult.
-In such cases, consider allowing all origins in dev mode only in order to focus on the actual development first:
+Configuring origins during development can be challenging.
+To simplify development, consider allowing all origins in development mode only:
 
 [source, properties]
 ----
 quarkus.http.cors=true
 %dev.quarkus.http.cors.origins=/.*/
 ----
 
-[IMPORTANT]
+[WARNING]
 ====
-Enable all origins exclusively for the dev profile.
-It is not advisable to permit all origins in a production environment, as it can lead to significant security risks.
+Only allow all origins in the development profile (`%dev`).
+Allowing unrestricted origins in production environments poses severe security risks, such as unauthorized data access or resource abuse.
+For production, define explicit origins in the `quarkus.http.cors.origins` property.
 ====
 
 == References

extensions/hibernate-search-backend-elasticsearch-common/deployment/pom.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>quarkus-hibernate-search-backend-elasticsearch-common-parent</artifactId>
+        <groupId>io.quarkus</groupId>
+        <version>999-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>quarkus-hibernate-search-backend-elasticsearch-common-deployment</artifactId>
+    <name>Quarkus - Hibernate Search - Elasticsearch - Deployment</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-core-deployment</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-elasticsearch-rest-client-common-deployment</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-hibernate-search-backend-elasticsearch-common</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>io.quarkus</groupId>
+                            <artifactId>quarkus-extension-processor</artifactId>
+                            <version>${project.version}</version>
+                        </path>
+                    </annotationProcessorPaths>
+                </configuration>
+            </plugin>
+            <plugin>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

extensions/hibernate-search-backend-elasticsearch-common/deployment/src/main/java/io/quarkus/hibernate/search/backend/elasticsearch/common/deployment/HibernateSearchBackendElasticsearchEnabledBuildItem.java

@@ -0,0 +1,28 @@
+package io.quarkus.hibernate.search.backend.elasticsearch.common.deployment;
+
+import java.util.Map;
+
+import io.quarkus.builder.item.MultiBuildItem;
+import io.quarkus.hibernate.search.backend.elasticsearch.common.runtime.HibernateSearchBackendElasticsearchBuildTimeConfig;
+import io.quarkus.hibernate.search.backend.elasticsearch.common.runtime.MapperContext;
+
+public final class HibernateSearchBackendElasticsearchEnabledBuildItem extends MultiBuildItem {
+
+    private final MapperContext mapperContext;
+    private final Map<String, HibernateSearchBackendElasticsearchBuildTimeConfig> buildTimeConfig;
+
+    public HibernateSearchBackendElasticsearchEnabledBuildItem(MapperContext mapperContext,
+            Map<String, HibernateSearchBackendElasticsearchBuildTimeConfig> buildTimeConfig) {
+        this.mapperContext = mapperContext;
+        this.buildTimeConfig = buildTimeConfig;
+    }
+
+    public MapperContext getMapperContext() {
+        return mapperContext;
+    }
+
+    public Map<String, HibernateSearchBackendElasticsearchBuildTimeConfig> getBuildTimeConfig() {
+        return buildTimeConfig;
+    }
+
+}