MicroProfile® OpenAPI 3.1 Release Review

End Date of the Review Period

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.


OpenAPI 3.1


Release a minor update for MicroProfile OpenAPI.

The following updates are planned for this release:

Add extensions attribute to most annotations

Improvements to the definition of security requirements

  • Define behavior of @SecurityRequirementsSet and make it repeatable
  • Clarify that a individual @SecurityRequirement annotation applied to a class or method is equivalent to a @SecurityRequirementsSet annotation containing that @SecurityRequirement annotation
  • Add securitySets attribute to @OpenAPIDefinition and @CallbackOperation

Add additionalProperties attribute to @Schema (423)

Allow @APIResponse to be applied to a class, indicating that every resource method on that class has that response

Add processing of some Jakarta Bean Validation annotations

Define the precedence of the mp.openapi.scan.* config properties

Clarify that the name attribute of @Extension must include the x- prefix

Only require that the /openapi endpoint is made available if there is documentation to show

Recommend a standard endpoint for implementations which provide a user interface

Recommend that implementations provide a way to serve CORS headers on the /openapi endpoint

Conforms To UI/UX Guidelines
Not verified