Kafka

Hi Apoorva, I've looked through the Kafka dependencies in Github and 4.1.0 contains Jetty 12.0.22, which contains fixes to address CVE-2025-5151. https://github.com/apache/kafka/blob/4.1.0/gradle/dependencies.gradle Is this the information you need? If you are using Kafka 3.x I expect you will need to upgrade to 4.x to obtain this fix, I am guessing that jumping from Jetty 9 to 12 is too big a leap for a simple backport of this fix. Kind regards, Jim On Wed, 11 Mar 2026 at 06:54, Apoorva Maheshwari via users < users@kafka.apache.org > wrote: > Hello, > > Can you please share your plan for Jetty release? > > Regards, > Apoorva Maheshwari > > -----Original Message----- > From: Steven Schlansker < stevenschlansker@gmail.com > > Sent: 26 February 2026 22:00 > To: users@kafka.apache.org > Cc: users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < > abhishek.kant.rattan@ericsson.com >; Sahi...

Hello, Can you please share your plan for Jetty release? Regards, Apoorva Maheshwari -----Original Message----- From: Steven Schlansker < stevenschlansker@gmail.com > Sent: 26 February 2026 22:00 To: users@kafka.apache.org Cc: users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < abhishek.kant.rattan@ericsson.com >; Sahil Sharma D < sahil.d.sharma@ericsson.com >; Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > Subject: Re: Version info that supports Jetty v12.0.25 [You don't often get email from stevenschlansker@gmail.com . Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] > On Feb 16, 2026, at 1:14 AM, Apoorva Maheshwari via users < users@kafka.apache.org > wrote: > > Hello Team, > > Can you please confirm this pattern, that when we get any vulnerability of jetty and fix from Jetty is available, how soon Kafka release a new version with this Jetty? If you are urgentl...

Hi Kafka experts, I have a large-scale distributed system that takes around 200K connections to single broker on various topic partitions. I sometimes see my SSL port becomes unresponsive to client with high metadata latency when I sudden spike of around 30K connections (when a broker restarts or it become leader when any other high traffic broker goes for a repair). Is there a reliable way to tune the config to suit the load? Regards, Nanda

Hi Kafka Experts, Even I am looking for comprehensive document on TLS and MTLs with all tyeps of certs. my organisation gives me signed certs in p12 format with a root cert and .key and .cer file. With my limited knowledge of ssl security, when I look at apache kafka ssl document I clueless about where to configure what? Appreciate if someone share documents with little elaboration in above sense for both TLS and mTLS this is how my org signed certs look like. For every Kafka Broker and controller node. hostname.p12 hostname.cer hostname.key myOrgRoot.crt myOrgRoot-Ent.crt Regards, Sunil. On Fri, 6 Mar 2026 at 4:38 AM, Renko Alexander P via users < users@kafka.apache.org > wrote: > Good Day, > Errors trying to start KAFKA 4.1 server with SSL using PEM files. Was > successful starting it without SSL. Under LINUX with Java 17. > > After reading several older posts about PEM files and Kafka nothing is > still working. I'm eith...

Good Day, Errors trying to start KAFKA 4.1 server with SSL using PEM files. Was successful starting it without SSL. Under LINUX with Java 17. After reading several older posts about PEM files and Kafka nothing is still working. I'm either getting 1. Failed to load PEM SSL keystore (when putting keys and certs in files) Or 1. No matching PRIVATE KEY entries in PEM file (putting key and cert contents in the server.properties file) I've tried using encrypted (password) and unencrypted (no password) Private Keys - no difference. My keys/certs/ and CA certs all match up (openssl commands performed to verify) I have a private key, a server certificate (1 cert) and a CA cert (6 certs). There are no clear instructions on whether intermediate or all signing certs should be part of ssl.keystore.certificate.chain= Or, it is unclear how ssl.keystore.location= should be constructed if using files. There are just no good recent examples to be found any...

Hello Kafka users, developers and client-developers, This is the third candidate for release of Apache Kafka 4.0.2. This is a patch release and therefore it contains important bug fixes. Release notes for the 4.0.2 release: https://dist.apache.org/repos/dist/dev/kafka/4.0.2-rc3/RELEASE_NOTES.html *** Please download, test and vote by Wednesday, March 11. Kafka's KEYS file containing PGP keys we use to sign the release: https://kafka.apache.org/KEYS * Release artifacts to be voted upon (source and binary): https://dist.apache.org/repos/dist/dev/kafka/4.0.2-rc3/ * Docker release artifacts to be voted upon: apache/kafka:4.0.2-rc3 apache/kafka-native:4.0.2-rc3 https://dist.apache.org/repos/dist/dev/kafka/4.0.2-rc3/kafka_2.13-4.0.2.tgz * Maven artifacts to be voted upon: https://repository.apache.org/content/groups/staging/org/apache/kafka/ * Javadoc: https://dist.apache.org/repos/dist/dev/kafka/4.0.2-rc3/javadoc/ * Tag to be voted upon (off 4...

Hi Andrew, Thanks for running the release. * Built from source with openjdk 17 and 21 * Verified basic produce/consume * Validated the checksums and keys * Ran basic quickstart using apache/kafka:4.1.2-rc1 and apache/kafka-native:4.1.2-rc1 docker image The protocol link is changed to https://kafka.apache.org/41/design/protocol/ . I created a PR to fix it. https://github.com/apache/kafka/pull/21628 Thank you, PoAn > On Mar 2, 2026, at 6:39 PM, Viktor Somogyi-Vass < viktorsomogyi@gmail.com > wrote: > > Hi Andrew, > > * verified the gpg signatures > * looked at the release notes > * checked that the artifacts can be resolved in maven > * ran the quickstart and clients against them > * ran the docker quickstart > * checked the docs > > Apart from the protocol link pointing to the old docs (I think) all seems > good. > > +1 (binding) > > Thanks for running the release! > > Viktor >...