Kafka

Thanks for PoAn to manage this release > sunil chaudhari <sunilmchaudhari05@gmail.com> 於 2026年6月2日 晚上11:23 寫道： > > Hi, > Thanks for announcement. > Are these changes available in 4.3.0 > We are setting up new cluster version 4.3.0. > Dont want to miss these bug fixes. > > Regards, > Sunil. > >> On Tue, 2 Jun 2026 at 7:41 PM, PoAn Yang <payang@apache.org> wrote: >> >> The Apache Kafka community is pleased to announce the release for Apache >> Kafka 4.2.1 >> >> This bug-fix release includes several critical fixes as documented in the >> release notes. >> >> All of the changes in this release can be found in the release notes: >> https://www.apache.org/dist/kafka/4.2.1/RELEASE_NOTES.html >> >> An overview of the release can be found in our announcement blog post: >> https://kafka.apache.org/blog >> >> You can download...

Hi, Thanks for announcement. Are these changes available in 4.3.0 We are setting up new cluster version 4.3.0. Dont want to miss these bug fixes. Regards, Sunil. On Tue, 2 Jun 2026 at 7:41 PM, PoAn Yang <payang@apache.org> wrote: > The Apache Kafka community is pleased to announce the release for Apache > Kafka 4.2.1 > > This bug-fix release includes several critical fixes as documented in the > release notes. > > All of the changes in this release can be found in the release notes: > https://www.apache.org/dist/kafka/4.2.1/RELEASE_NOTES.html > > An overview of the release can be found in our announcement blog post: > https://kafka.apache.org/blog > > You can download the source and binary release from: > https://kafka.apache.org/downloads#4.2.1 > > > --------------------------------------------------------------------------------------------------- > > > Apache Kafka is a distributed str...

The Apache Kafka community is pleased to announce the release for Apache Kafka 4.2.1 This bug-fix release includes several critical fixes as documented in the release notes. All of the changes in this release can be found in the release notes: https://www.apache.org/dist/kafka/4.2.1/RELEASE_NOTES.html An overview of the release can be found in our announcement blog post: https://kafka.apache.org/blog You can download the source and binary release from: https://kafka.apache.org/downloads#4.2.1 --------------------------------------------------------------------------------------------------- Apache Kafka is a distributed streaming platform with four core APIs: ** The Producer API allows an application to publish a stream of records to one or more Kafka topics. ** The Consumer API allows an application to subscribe to one or more topics and process the stream of records produced to them. ** The Streams API allows an application to act as a stream pro...

Severity: moderate Affected versions: - Apache Kafka 4.0.0 through 4.3.0 Description: An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This discrepancy can result in misconfigured Access Control Lists (ACLs) and unintended security postures, like granting READ permission to users who should not be able to join/sync groups, or allowing users without READ permission (but with DESCRIBE permission) to access sensitive group metadata. The correct permission for CONSUMER_GROUP_DESCRIBE API is DESCRIBE GROUP so the current implementation is correct. However, the kafka documentation as well as the KIP-848 will be updated to reflect the correct permission. We advise the Kafka users to review existing group ACLs to ensure the principle of l...

Hi Patrick, I've added you to the contributors group. You should now be able to self-assign the ticket. -Bill On Mon, Jun 1, 2026 at 11:17 AM Patrick Alllen <patrick.dt.allen@gmail.com> wrote: > Hi, > > My name is Patrick Allen, I am a software engineer at Palantir Technologies > on the Kafka team. I signed up to JIRA (username patrickallen) so I could > create a bug ticket, I would like to assign myself to it as I have a fix > (also would like to contribute more so useful to be able to pick up work). > > Can I be added to the developers list? > > Thanks, > > Patrick >

Hi, My name is Patrick Allen, I am a software engineer at Palantir Technologies on the Kafka team. I signed up to JIRA (username patrickallen) so I could create a bug ticket, I would like to assign myself to it as I have a fix (also would like to contribute more so useful to be able to pick up work). Can I be added to the developers list? Thanks, Patrick

In a personal cluster I used to have three kraft controllers, using Kafka 4.2.0. Because of "reasons" (the cluster is a lab), I downsized the cluster and now I only use a controller, just modifying "controller.quorum.voters" to include only the surviving controller. Working fine so far. Yes, I know that a single controller is a risk. Today I upgraded the brokers and the controller to Kafka 4.3.0 and I tried to upgrade de cluster version using "kafka-features.sh upgrade --release-version 4.3", but it is complaining that "old" controllers, offline and destroyed, are not compatible (they were Kafka 4.2.0 at the time of decommission). 1. How can I get rid of those dead controllers still haunting me? 2. I have tried to migrate to dynamic controller membership, but just changing "controller.quorum.voters" to "controller.quorum.bootstrap.server" doesn't work, although it is documented in <h...