Quarkus today exposes different endpoints on the same default HTTP port, which either has to be turned off or filtered if one doesn't want to expose these externally. Using a separate port for management interfaces like '/q' would improve the default configuration to be more secure.  The developer console should also use the management port. 

Starting with the community 3.0 release I would like to make the management port configuration default and while this might cause backward incompatibilities the overall gain of having a more secure default configuration justifies doing this break.

It should be possible to revert to the old behavior using the default HTTP port via a configuration option.