Kafka

Hi Apoorva, I made a typo in my email, I was referring to CVE-2025-5115. The short answer is upgrade to Kafka >= 4.1.0 to get a version of Jetty that addresses this issue. Kind regards, Jim > On 12 Mar 2026, at 07:17, Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > wrote: > > Hello Jim, > > Thanks for the quick response. > > But I need information about Jetty v12.0.25, in order to address Jetty CVE-2025-5115 not CVE-2025-5151. > > > Also, if we see any compatibility concerns, with latest jetty and current Kafka will Kafka support that? > > Regards, > Apoorva Maheshwari > > From: Jim Halfpenny <jim.halfpenny@stackable.tech <mailto: jim.halfpenny@stackable.tech >> > Sent: 11 March 2026 15:30 > To: users@kafka.apache.org <mailto: users@kafka.apache.org > > Cc: Steven Schlansker < stevenschlansker@gmail.com <mailto: stevenschlansker@gmail.com >>; users...

Hello Jim, Thanks for the quick response. But I need information about Jetty v12.0.25, in order to address Jetty CVE-2025-5115 not CVE-2025-5151. Also, if we see any compatibility concerns, with latest jetty and current Kafka will Kafka support that? Regards, Apoorva Maheshwari From: Jim Halfpenny <jim.halfpenny@stackable.tech> Sent: 11 March 2026 15:30 To: users@kafka.apache.org Cc: Steven Schlansker < stevenschlansker@gmail.com >; users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < abhishek.kant.rattan@ericsson.com >; Sahil Sharma D < sahil.d.sharma@ericsson.com >; Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > Subject: Re: Version info that supports Jetty v12.0.25 You don't often get email from jim.halfpenny@stackable.tech<mailto: jim.halfpenny@stackable.tech >. Learn why this is important< https://aka.ms/LearnAboutSenderIdentification > Hi Apoorva, I've looked through the Kafka dependencies ...

Hi Apoorva, I've looked through the Kafka dependencies in Github and 4.1.0 contains Jetty 12.0.22, which contains fixes to address CVE-2025-5151. https://github.com/apache/kafka/blob/4.1.0/gradle/dependencies.gradle Is this the information you need? If you are using Kafka 3.x I expect you will need to upgrade to 4.x to obtain this fix, I am guessing that jumping from Jetty 9 to 12 is too big a leap for a simple backport of this fix. Kind regards, Jim On Wed, 11 Mar 2026 at 06:54, Apoorva Maheshwari via users < users@kafka.apache.org > wrote: > Hello, > > Can you please share your plan for Jetty release? > > Regards, > Apoorva Maheshwari > > -----Original Message----- > From: Steven Schlansker < stevenschlansker@gmail.com > > Sent: 26 February 2026 22:00 > To: users@kafka.apache.org > Cc: users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < > abhishek.kant.rattan@ericsson.com >; Sahi...

Hello, Can you please share your plan for Jetty release? Regards, Apoorva Maheshwari -----Original Message----- From: Steven Schlansker < stevenschlansker@gmail.com > Sent: 26 February 2026 22:00 To: users@kafka.apache.org Cc: users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < abhishek.kant.rattan@ericsson.com >; Sahil Sharma D < sahil.d.sharma@ericsson.com >; Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > Subject: Re: Version info that supports Jetty v12.0.25 [You don't often get email from stevenschlansker@gmail.com . Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] > On Feb 16, 2026, at 1:14 AM, Apoorva Maheshwari via users < users@kafka.apache.org > wrote: > > Hello Team, > > Can you please confirm this pattern, that when we get any vulnerability of jetty and fix from Jetty is available, how soon Kafka release a new version with this Jetty? If you are urgentl...

Hi Kafka experts, I have a large-scale distributed system that takes around 200K connections to single broker on various topic partitions. I sometimes see my SSL port becomes unresponsive to client with high metadata latency when I sudden spike of around 30K connections (when a broker restarts or it become leader when any other high traffic broker goes for a repair). Is there a reliable way to tune the config to suit the load? Regards, Nanda

Hi Kafka Experts, Even I am looking for comprehensive document on TLS and MTLs with all tyeps of certs. my organisation gives me signed certs in p12 format with a root cert and .key and .cer file. With my limited knowledge of ssl security, when I look at apache kafka ssl document I clueless about where to configure what? Appreciate if someone share documents with little elaboration in above sense for both TLS and mTLS this is how my org signed certs look like. For every Kafka Broker and controller node. hostname.p12 hostname.cer hostname.key myOrgRoot.crt myOrgRoot-Ent.crt Regards, Sunil. On Fri, 6 Mar 2026 at 4:38 AM, Renko Alexander P via users < users@kafka.apache.org > wrote: > Good Day, > Errors trying to start KAFKA 4.1 server with SSL using PEM files. Was > successful starting it without SSL. Under LINUX with Java 17. > > After reading several older posts about PEM files and Kafka nothing is > still working. I'm eith...

Good Day, Errors trying to start KAFKA 4.1 server with SSL using PEM files. Was successful starting it without SSL. Under LINUX with Java 17. After reading several older posts about PEM files and Kafka nothing is still working. I'm either getting 1. Failed to load PEM SSL keystore (when putting keys and certs in files) Or 1. No matching PRIVATE KEY entries in PEM file (putting key and cert contents in the server.properties file) I've tried using encrypted (password) and unencrypted (no password) Private Keys - no difference. My keys/certs/ and CA certs all match up (openssl commands performed to verify) I have a private key, a server certificate (1 cert) and a CA cert (6 certs). There are no clear instructions on whether intermediate or all signing certs should be part of ssl.keystore.certificate.chain= Or, it is unclear how ssl.keystore.location= should be constructed if using files. There are just no good recent examples to be found any...