-
Notifications
You must be signed in to change notification settings - Fork 9.2k
OpenJun 10, 2026
Due by September 3, 2026
•Last updated The 3.3 release will follow immediately from 3.2, but contain the items that would have otherwise substantially delayed 3.2's release. It will be strictly compatible with both 3.1 and 3.2.
At the time this milestone was created, 3.3 is expected to have more comprehensive updates to parameters, form data modeling, and security configurations. These new approaches will be created alongside the older, complex approaches, which will be frozen (but still supported). The intent is for the new approaches to be incremental steps towards Moonwalk, where the older approaches will be dropped.
38% complete
List view
0 of 27 selected 0 issues of 27 selected
Make patch optional in openapi field.
metadatatags, info, license, contact, markdown usage, etc.tags, info, license, contact, markdown usage, etc.Status: Draft (not ready).OAI/OpenAPI-Specificationnumber 4929#4929 In OAI/OpenAPI-Specification;How to state parameter requirements in HTTP headers?
media and encodingIssues regarding media type support and how to encode data (outside of query/path params)Issues regarding media type support and how to encode data (outside of query/path params)Status: Open.#2458 In OAI/OpenAPI-Specification;Representation of Client-Initiated Backchannel Authentication (CIBA)
security: configThe mechanics of severs and structure of security-related objectsThe mechanics of severs and structure of security-related objectsStatus: Open.#4106 In OAI/OpenAPI-Specification;Consolidated $ref-to-Some Object feature request
re-use: ref-everywhereRequests to support referencing in more / all placesRequests to support referencing in more / all placesStatus: Open.#3853 In OAI/OpenAPI-Specification;allowing $ref in descriptions
re-use: ref-everywhereRequests to support referencing in more / all placesRequests to support referencing in more / all placesStatus: Open.#2697 In OAI/OpenAPI-Specification;Link Object (and Arazzo?): require referencing operation with unambiguous path template
re-use: ref/id resolutionhow $ref, operationId, or anything else is resolvedhow $ref, operationId, or anything else is resolvedStatus: Open.#4084 In OAI/OpenAPI-Specification;Enhance Response cache-control header
httpSupporting HTTP features and interactionsSupporting HTTP features and interactionsparam serializationIssues related to parameter and/or header serializationIssues related to parameter and/or header serializationStatus: Open.#2784 In OAI/OpenAPI-Specification;Use wildcard or regex in cookie name in Cookie Authentication
param serializationIssues related to parameter and/or header serializationIssues related to parameter and/or header serializationsecurity: authAuthentication including overlap with authorizationAuthentication including overlap with authorizationStatus: Open.#2296 In OAI/OpenAPI-Specification;Structural improvements: enhance headers handling
re-use: globals/defaultsDefault or global components that can be overridden in some wayDefault or global components that can be overridden in some wayStatus: Open.#690 In OAI/OpenAPI-Specification;Support for structured-headers de/serialization
param serializationIssues related to parameter and/or header serializationIssues related to parameter and/or header serializationStatus: Open.#1980 In OAI/OpenAPI-Specification;Parameters for Media Types
media and encodingIssues regarding media type support and how to encode data (outside of query/path params)Issues regarding media type support and how to encode data (outside of query/path params)request matchingMatching requests to URL templates, media types, etc.Matching requests to URL templates, media types, etc.Status: Open.#2342 In OAI/OpenAPI-Specification;Is it possible to indicate the requiredness of a
multipart/form-data's request'sfilenamedirective?media and encodingIssues regarding media type support and how to encode data (outside of query/path params)Issues regarding media type support and how to encode data (outside of query/path params)param serializationIssues related to parameter and/or header serializationIssues related to parameter and/or header serializationStatus: Open.#4442 In OAI/OpenAPI-Specification;Add tokenExchange grant type to list of allowed grant types for oauth2 shape
security: access ctrlPermissions and controls distinct from authenticationPermissions and controls distinct from authenticationStatus: Open.#3709 In OAI/OpenAPI-Specification;Enhancing specification to describe token presentation mechanisms for OAuth 2.0
security: authAuthentication including overlap with authorizationAuthentication including overlap with authorizationStatus: Open.#3612 In OAI/OpenAPI-Specification;Add requirements or recommendations about allow/deny lists for reference target retrieval
re-use: ref/id resolutionhow $ref, operationId, or anything else is resolvedhow $ref, operationId, or anything else is resolvedsecurity: metaMetadata in and about the specificationMetadata in and about the specificationStatus: Open.#4037 In OAI/OpenAPI-Specification;Supporting of one separate 'required' option for query parameters
param serializationIssues related to parameter and/or header serializationIssues related to parameter and/or header serializationre-use: globals/defaultsDefault or global components that can be overridden in some wayDefault or global components that can be overridden in some wayre-use: traits/mergesSelective or modified re-useSelective or modified re-useStatus: Open.#2347 In OAI/OpenAPI-Specification;Allow required as sibling of $ref (like summary/description)
param serializationIssues related to parameter and/or header serializationIssues related to parameter and/or header serializationre-use: traits/mergesSelective or modified re-useSelective or modified re-useStatus: Open.#2498 In OAI/OpenAPI-Specification;Provide guidance on using OAS with Overlay and Arazzo
clarificationrequests to clarify, but not change, part of the specrequests to clarify, but not change, part of the specStatus: Open.#4221 In OAI/OpenAPI-Specification;Inconsistency in runtime expression examples for request headers
clarificationrequests to clarify, but not change, part of the specrequests to clarify, but not change, part of the specStatus: Open.#1323 In OAI/OpenAPI-Specification;Callbacks runtime expressions in multipart bodies
media and encodingIssues regarding media type support and how to encode data (outside of query/path params)Issues regarding media type support and how to encode data (outside of query/path params)Status: Open.#2146 In OAI/OpenAPI-Specification;- Status: Open.#1552 In OAI/OpenAPI-Specification;
Security Requirement Consistency with Server Objects
security: configThe mechanics of severs and structure of security-related objectsThe mechanics of severs and structure of security-related objectsStatus: Open.#1416 In OAI/OpenAPI-Specification;v3.3: Global parameters
param serializationIssues related to parameter and/or header serializationIssues related to parameter and/or header serializationre-use: globals/defaultsDefault or global components that can be overridden in some wayDefault or global components that can be overridden in some wayStatus: Open.#5320 In OAI/OpenAPI-Specification;Security Schemes for different roles and environments
security: authAuthentication including overlap with authorizationAuthentication including overlap with authorizationStatus: Open.#2284 In OAI/OpenAPI-Specification;Add default responses
re-use: globals/defaultsDefault or global components that can be overridden in some wayDefault or global components that can be overridden in some wayStatus: Open.#563 In OAI/OpenAPI-Specification;