The problem described at https://github.com/quarkusio/quarkus/issues/38055 has potential security impact. Note that this is NOT a runtime CVE and that it will happen in very specific circumstances but it could lead to Git credentials leaking and thus your Git repository being at risk. - If you are in an environment where you have a token in the Git URL of the Quarkus project you are building (which unfortunately sometimes happens on CI as it's the easiest way to authenticate) - if you build with an extension that generates a Kubernetes descriptor (e.g. Kubernetes or OpenShift extension) - if you publish the descriptor somehow (for instance as a build artifact attached to your CI build - for instance GitHub Actions artifacts) Then there's a risk for your token to be leaked and your Git repository potentially compromised. The fix is simple: https://github.com/quarkusio/quarkus/pull/38748/files
This issue has been addressed in the following products: Red Hat build of Quarkus 3.2.11 Via RHSA-2024:1662 https://access.redhat.com/errata/RHSA-2024:1662