[{"data":1,"prerenderedAt":301},["ShallowReactive",2],{"blog-post-blog_en-quarkus-3-20-lts-maintenance-und-cve-fixes":3},{"id":4,"title":5,"body":6,"cover":285,"date":286,"description":287,"draft":288,"extension":289,"meta":290,"navigation":291,"path":292,"seo":293,"stem":294,"tags":295,"__hash__":300},"blog_en\u002Fen\u002Fblog\u002Fquarkus-3-20-lts-maintenance-und-cve-fixes.md","Quarkus 3.20 LTS: Maintenance Release 3.20.6 with Security Fixes",{"type":7,"value":8,"toc":280},"minimark",[9,22,27,30,58,65,69,72,97,100,261,265,276],[10,11,12,13,17,18,21],"p",{},"Cloud-native Java stacks operate under continuous patch pressure: frameworks, container bases, and dependencies must remain stable while staying current. The ",[14,15,16],"strong",{},"Quarkus 3.20"," LTS line addresses this tension through a maintenance process; in late March 2026, maintenance release ",[14,19,20],{},"3.20.6"," shipped with security fixes.",[23,24,26],"h2",{"id":25},"what-lts-means-in-quarkus","What LTS Means in Quarkus",[10,28,29],{},"An LTS branch is not a feature stream but a stable corridor for production:",[31,32,33,41,48,55],"ul",{},[34,35,36,37,40],"li",{},"Selective ",[14,38,39],{},"backports"," instead of continuous feature additions",[34,42,43,44,47],{},"Regular ",[14,45,46],{},"maintenance releases"," with bug fixes and security updates",[34,49,50,51,54],{},"Alignment around a stable ",[14,52,53],{},"platform BOM"," bundling extension and dependency versions",[34,56,57],{},"Goal: predictable updates for services with long operational lifecycles",[10,59,60],{},[61,62],"img",{"alt":63,"src":64},"Diagram: LTS branch → BOM → production","\u002Fimg\u002Fblog\u002Fquarkus-3-20-lts-maintenance-und-cve-fixes-diagram.svg",[23,66,68],{"id":67},"what-needs-updating-in-practice","What Needs Updating in Practice",[10,70,71],{},"A Quarkus update affects more than a single version bump:",[31,73,74,80,87,90],{},[34,75,76,77,79],{},"Updating the ",[14,78,53],{}," in Maven\u002FGradle (extensions follow the BOM set)",[34,81,82,83,86],{},"Rebuilding container images including ",[14,84,85],{},"SBOM"," generation and CVE scanning",[34,88,89],{},"Validating observability and security agents (OpenTelemetry, TLS, OAuth)",[34,91,92,93,96],{},"Rechecking ",[14,94,95],{},"native-image"," builds, where used",[10,98,99],{},"Example of importing a Quarkus platform BOM:",[101,102,107],"pre",{"className":103,"code":104,"language":105,"meta":106,"style":106},"language-xml shiki shiki-themes github-light github-dark","\u003C!-- pom.xml -->\n\u003CdependencyManagement>\n  \u003Cdependencies>\n    \u003Cdependency>\n      \u003CgroupId>io.quarkus.platform\u003C\u002FgroupId>\n      \u003CartifactId>quarkus-bom\u003C\u002FartifactId>\n      \u003Cversion>3.20.6\u003C\u002Fversion>\n      \u003Ctype>pom\u003C\u002Ftype>\n      \u003Cscope>import\u003C\u002Fscope>\n    \u003C\u002Fdependency>\n  \u003C\u002Fdependencies>\n\u003C\u002FdependencyManagement>\n","xml","",[108,109,110,119,133,144,155,171,186,201,216,231,241,251],"code",{"__ignoreMap":106},[111,112,115],"span",{"class":113,"line":114},"line",1,[111,116,118],{"class":117},"sJ8bj","\u003C!-- pom.xml -->\n",[111,120,122,126,130],{"class":113,"line":121},2,[111,123,125],{"class":124},"sVt8B","\u003C",[111,127,129],{"class":128},"s9eBZ","dependencyManagement",[111,131,132],{"class":124},">\n",[111,134,136,139,142],{"class":113,"line":135},3,[111,137,138],{"class":124},"  \u003C",[111,140,141],{"class":128},"dependencies",[111,143,132],{"class":124},[111,145,147,150,153],{"class":113,"line":146},4,[111,148,149],{"class":124},"    \u003C",[111,151,152],{"class":128},"dependency",[111,154,132],{"class":124},[111,156,158,161,164,167,169],{"class":113,"line":157},5,[111,159,160],{"class":124},"      \u003C",[111,162,163],{"class":128},"groupId",[111,165,166],{"class":124},">io.quarkus.platform\u003C\u002F",[111,168,163],{"class":128},[111,170,132],{"class":124},[111,172,174,176,179,182,184],{"class":113,"line":173},6,[111,175,160],{"class":124},[111,177,178],{"class":128},"artifactId",[111,180,181],{"class":124},">quarkus-bom\u003C\u002F",[111,183,178],{"class":128},[111,185,132],{"class":124},[111,187,189,191,194,197,199],{"class":113,"line":188},7,[111,190,160],{"class":124},[111,192,193],{"class":128},"version",[111,195,196],{"class":124},">3.20.6\u003C\u002F",[111,198,193],{"class":128},[111,200,132],{"class":124},[111,202,204,206,209,212,214],{"class":113,"line":203},8,[111,205,160],{"class":124},[111,207,208],{"class":128},"type",[111,210,211],{"class":124},">pom\u003C\u002F",[111,213,208],{"class":128},[111,215,132],{"class":124},[111,217,219,221,224,227,229],{"class":113,"line":218},9,[111,220,160],{"class":124},[111,222,223],{"class":128},"scope",[111,225,226],{"class":124},">import\u003C\u002F",[111,228,223],{"class":128},[111,230,132],{"class":124},[111,232,234,237,239],{"class":113,"line":233},10,[111,235,236],{"class":124},"    \u003C\u002F",[111,238,152],{"class":128},[111,240,132],{"class":124},[111,242,244,247,249],{"class":113,"line":243},11,[111,245,246],{"class":124},"  \u003C\u002F",[111,248,141],{"class":128},[111,250,132],{"class":124},[111,252,254,257,259],{"class":113,"line":253},12,[111,255,256],{"class":124},"\u003C\u002F",[111,258,129],{"class":128},[111,260,132],{"class":124},[23,262,264],{"id":263},"why-this-matters","Why This Matters",[10,266,267,268,271,272,275],{},"LTS lines structure upgrades in production platforms and reduce risk through controlled backports. At the same time, security patching remains mandatory. Maintenance releases like 3.20.6 are a key mechanism to combine ",[14,269,270],{},"stable runtimes"," with ",[14,273,274],{},"fast CVE response",".",[277,278,279],"style",{},"html pre.shiki code .sJ8bj, html code.shiki .sJ8bj{--shiki-default:#6A737D;--shiki-dark:#6A737D}html pre.shiki code .sVt8B, html code.shiki .sVt8B{--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .s9eBZ, html code.shiki .s9eBZ{--shiki-default:#22863A;--shiki-dark:#85E89D}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":106,"searchDepth":121,"depth":121,"links":281},[282,283,284],{"id":25,"depth":121,"text":26},{"id":67,"depth":121,"text":68},{"id":263,"depth":121,"text":264},"\u002Fimg\u002Fblog\u002Fquarkus-3-20-lts-maintenance-und-cve-fixes-cover.jpg","2026-03-18","Quarkus 3.20 is maintained as an LTS line via maintenance releases; version 3.20.6 combines bug fixes, platform updates, and CVE fixes.",false,"md",{},true,"\u002Fen\u002Fblog\u002Fquarkus-3-20-lts-maintenance-und-cve-fixes",{"title":5,"description":287},"en\u002Fblog\u002Fquarkus-3-20-lts-maintenance-und-cve-fixes",[296,297,298,299],"Quarkus","Java","Cloud-Native","Security","RXt3E0JAosIK-PNSHd3nA5NMo0CobqwJW4UiJRuPy_c",1775892934800]