https://github.com/quarkusio/quarkus/issues/26748 Expected behavior Everytime a new Request is performed by a client, the Request headers should be inline with the actual HTTP Request Actual behavior With 2.10.x the first request headers became like cached value and any subsequent request headers will contain those instead of the actual headers How to Reproduce? create an app with Quarkus 2.10.1 - 2.10.2 and the smallrye graphql extension create an endpoint or a bean injecting RoutingContext set some HTTP headers like Authorization, MyCustomHeader etc and send the http request print RoutingContext.request().headers set others HTTP headers or remove the previous and send the new http request the second request headers will contain first request data also if you did not send them 7 ) switch to quarkus 2.9.x and will work as expected
Marking RHBQ as not affected because this issue affects only upstream Quarkus 2.10.1 - 2.10.2 and not the RHBQ counterpart which atm based on version 2.7.6.Final.
Just to clarify: it affects 2.10.0.CR1 and 2.10.0.Final too. I don't mind us not communicating about CR1 but please include the .0.Final in the affected versions. Thanks!
Unfortunately, the fix we introduced in 2.10.3.Final and 2.11.0.Final was incomplete and these versions are still affected by the issue. Quarkus 2.10.4.Final and 2.11.1.Final have been released to completely fix the issue: https://quarkus.io/blog/quarkus-2-11-1-final-released/ .
Unfortunately, the problem is still not fix. I will follow up here once we are completely positive the issue is fixed.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2466