MicroProfile® OpenAPI 3.1

Release a minor update for MicroProfile OpenAPI.

The following updates are planned for this release:

Add extensions attribute to most annotations

Improvements to the definition of security requirements

  • Define behavior of @SecurityRequirementsSet and make it repeatable
  • Clarify that a individual @SecurityRequirement annotation applied to a class or method is equivalent to a @SecurityRequirementsSet annotation containing that @SecurityRequirement annotation
  • Add securitySets attribute to @OpenAPIDefinition and @CallbackOperation

Add additionalProperties attribute to @Schema (423)

Allow @APIResponse to be applied to a class, indicating that every resource method on that class has that response

Add processing of some Jakarta Bean Validation annotations

Define the precedence of the mp.openapi.scan.* config properties

Clarify that the name attribute of @Extension must include the x- prefix

Only require that the /openapi endpoint is made available if there is documentation to show

Recommend a standard endpoint for implementations which provide a user interface

Recommend that implementations provide a way to serve CORS headers on the /openapi endpoint

Release Date
Release Type
Minor release