• build(deps): bump the github-actions group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/Activiti/Activiti/pull/5279
• build(deps): bump the github-actions group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/Activiti/Activiti/pull/5283
• build(deps-dev): bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0 in the maven-plugins group by @dependabot[bot] in https://github.com/Activiti/Activiti/pull/5282

• Fixed issue with db upgrade by @arpanhyland in https://github.com/Activiti/Activiti/pull/5275

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.990...7.20.0-rc.991

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.989...7.20.0-rc.990

• #52019 - Remove Jackson from quarkus-analytics-common module
• #52153 - JaCoCo: add support for QuarkusUnitTest
• #52198 - CLI build report: include produced items (if available)
• #52222 - Bump the hibernate group with 9 updates
• #52235 - Use namespaced name in default guides link in extension template
• #52236 - Pin strimzi kafka container version in Dev Service
• #52237 - Add missing space when quarkus cli throws ExclusiveProviderConflictException
• #52242 - Build failure after upgrading to Quarkus 3.31.0 or 3.31.1 with Maven plugins using Jackson
• #52250 - Panache Next maven Question
• #52253 - Workaround JDK-8376576
• #52257 - Dev UI: Fix the Add and remove extension issues
• #52259 - Looks like we did not rename hibernate-panache after all
• #52260 - Quarkus Panache Next should not require reactive classes
• #52263 - Ensure that media type is passed through writer interceptor chain
• #52264 - Quarkus Jacoco 0% coverage when changing data-file name
• #52265 - Panache Next: do not call HR class if the HR extension is not present
• #52275 - Bump Gradle to 9.3.1
• #52276 - Make ValueRegistryParameterResolver a bit more relaxed
• #52285 - Change recommended-java-version to 25
• #52287 - Fix NPE in HibernateSearchElasticsearcRecorder
• #52290 - JaCoCo: resolve data-file and report-location against the project root
• #52292 - java.net.URISyntaxException: Illegal character in path when accessing JAR resource with [] in name
• #52303 - Disabling swagger-ui does not remove link in dev-ui card
• #52305 - Dev UI: Do not display Swagger UI link when disabled
• #52307 - Documentation: Use alphabetic quarkus.security.ldap.identity-mapping.attribute-mappings."attribute-mappings".* configuration property
• #52310 - RestAssured.baseURI is not set when using quarkus.http.test-host after update to Quarkus 3.31
• #52312 - Quarkus start-stop's FULL-MICROPROFILE app fails with Quarkus 3.31
• #52313 - Extend ReflectiveHierarchyStep
• #52317 - JaCoCo - QuarkusUnitTest support: fixes
• #52318 - TestHostLauncher to return the default ListeningAddress
• #52321 - Use 5 argument URI constructor to work around JDK bug
• #52323 - AccessDeniedException at / during runtime re-augmentation in Quarkus 3.30.1 (Parallel Archive Creator ignores tmp settings)
• #52325 - build(deps): bump the hibernate group with 10 updates
• #52332 - Use standard tmp directory to create temp files for parallel jar
• #52340 - Test interface implementers registration for reflection
• #52342 - IsolatedTestModeMain and IsolatedDevModeMain were app entry points which didn't suppress JVM's Unsafe warnings yet
• #52343 - StartupActionImpl needs to open modules to both runtime and base classloaders
• #52344 - Docs: fix admonition block syntax in writing-extensions.adoc
• #52345 - In dev-mode, we need to apply JVM module configuration to both base and runtime classloaders

• a163fe7: explicitly tell Claude code to look in .local directory for user-specific instructions (Titus Fortner)
• 3334f0f: [py]: enable edge browser tests for bidi (#17032) (Navin Chandra) #17032
• 36b25ca: [build] File-level test target indexing for precise affected test detection (#17033) (Titus Fortner) #17033
• 01eb8f0: [build] add smart targeting and --lint flag to format.sh (#17035) (Titus Fortner) #17035

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.988...7.20.0-rc.989

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.987...7.20.0-rc.988

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.986...7.20.0-rc.987

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.985...7.20.0-rc.986

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.984...7.20.0-rc.985

API Changes

• core: Delete the never-used io.grpc.internal.ReadableBuffer.readBytes(ByteBuffer) (#12580) (738782fb0). This is deeply internal and not accessible, so shouldn’t impact anything. However, Apache Arrow Java uses reflection to access private fields; GH-939: Remove reflection for gRPC buffers is swapping to gRPC’s public zero-copy APIs

• opentelemetry: Add target attribute filter for metrics (#12587). Introduce an optional Predicate targetAttributeFilter to control how grpc.target is recorded in OpenTelemetry client metrics. When a filter is provided, targets rejected by the predicate are normalized to "other" to reduce grpc.target metric cardinality, while accepted targets are recorded as-is. If no filter is set, existing behavior is preserved. This change adds a new Builder API on GrpcOpenTelemetry to allow applications to configure the filter. 

Behavior Changes

• core: Convert AutoConfiguredLB to an actual LB (4bbf8eee5). This is an internal refactoring, but it does improve how errors are handled for broken binaries. Previously, not being able to load pick_first would result in a channel panic. Now it is handled as a regular load balancing error

• okhttp: Assert no pending streams before transport READY (#12566) (ed6d175fc). No pending streams should exist when the transport transitions to READY. This PR adds an assertion to help verify this invariant.

Bug Fixes

• core: PickFirstLB should not return a subchannel during CONNECTING (228fc8ecd). Pick-first in grpc-java has behaved this way since it was created, and it was of no consequence. However, now there are some load balancing policies (mainly RLS) that will do a pick() and hope the result to be reasonably accurate for metrics.

Improvements

• core: Improve DEADLINE_EXCEEDED message for CallCreds delays (ead532b39). Previously the error message contained “buffered_nanos” and “waiting_for_connection” for connection delays. However, we discovered the same strings were also used if waiting on CallCredentials. Now you’ll see details like “connecting_and_lb_delay”, “call_credentials_delay”, and “was_still_waiting”.

• opentelemetry: Add Android API checking (a9f73f4c0). Previously we assumed OpenTelemetry support would not be used on Android. It did happen to be compatible with Android, but since OpenTelemetry does have some Android support, we now have a check that it remains compatible

• core: Catch Errors when calling complex config parsing code (a535ed799). Error (and any other Throwable) is now caught and handled when parsing configuration (e.g., service config, xds). This will cause such failures to be handled gracefully instead of panicking the channel

• core: Implement LoadBalancer.Helper.createOobChannel() with the internals of createResolvingOobChannel() (3915d029c). This API is only expected to be relevant to the gRPC-LB lookaside load balancer, and is not believed to have behavior changes. Out-of-band channel had been implemented with its own stripped-down Channel without load balancing. Reimplementing using the resolving oob channel makes it a full-fledged channel and reduces the burden when integrating new features and allows us to have a ManagedChannelBuilder to use with efforts like gRFC A110: Child Channel Options.

• xds: Implement the proactive connection logic in RingHashLoadBalancer as outlined in gRFC A61 (#12596). Previously, the Java implementation only initialized child balancers when a ring-chosen endpoint was in TRANSIENT_FAILURE during a picker's pickSubchannel call. This PR adds the missing logic: when a child balancer reports TRANSIENT_FAILURE, the LoadBalancer now proactively initializes the first available IDLE child if no other children are currently connecting or ready.

This ensures a backup subchannel starts warming up immediately outside the RPC flow, reducing failover latency and improving overall resilience. This behavior was previously present but was inadvertently lost after #10610.

• api: Add RFC 3986 support to DnsNameResolverProvider (#12602) (f65127cf7) Experimental RFC 3986 target URI parsing mode (disabled by default)

New Features

• opentelemetry: Actual reason for the disconnects in subchannel metrics(6b2f7580c), completing the remaining work in gRFC A96: OTel metrics for Subchannels

Dependencies 

• protobuf: Upgrade Bazel protobuf to 33.1 (#12553) (b61a8f49c) and load java_proto_library from the protobuf repo (c7f3cdbc3)

• protobuf: Fix build with Bazel 9 by upgrading bazel_jar_jar and grpc-proto versions (#12569)

• Upgrade dependencies (#12588) (6422092e3) Netty to 4.1.130, error-prone annotations to 2.45.0, google-auth-library to 1.41.0, tomcat-embed-core9 to 9.0.113, tomcat-embed-core to 10.1.50, opentelemetry to 1.57.0, jetty-ee10-servlet to 12.1.5, jetty-http2-server to 12.1.5, google-cloud-logging to 3.23.9, google-auth to 1.41.0, proto-google-common-protos to 2.63.2.

Thanks to

• @benjaminp
• @becomeStar
• @meteorcloudy