v0.7.0
kroxylicious-robot
released this
20 Aug 14:15
·
440 commits
to main
since this release
0.7.0
- #1414 Address record validation filter name inconsistency
- #1348 Fix #1348: Rework the Record Encryption documentation describing the role of the administrator
- #1415 Fix #1415: Improve record validation docs #1429
- #1417: Extend JsonSchemaValidator to validate the incoming schema id matches the expected.
- #1401: Support a FIPs-certified cipher from an alternative provider
- #1416: Schema validation should not rely on the syntax validation
- #1393: Remove api versions service
- #1404: Move deprecated Context classes out of kroxylicious-api
- #1402: Move FilterInvoker classes to kroxylicious-runtime
- #1289: Record Encryption - expose maxEncryptionsPerDek for configuration
- #1394: Make ClusterNetworkAddressConfigProvider and co internal
- #1356: Changes for Kafka 3.8.0 #1356
- #1354: Make EDEK cache refresh and expiry durations configurable
- #1360: Bump kafka.version from 3.7.0 to 3.7.1
- #1322: Introduce FilterDispatchExecutor
- #1154: Apicurio based schema validation filter
Changes, deprecations and removals
- The Record Encryption Filter now uses
AES/GCM/NoPadding
as the transformation String and checks the KMS
returns a 256bit DEK. This enables users to configure an alternative JCE Provider in their JRE configuration
that offers this algorithm. - FilterFactoryContext#eventLoop() is deprecated, replaced by FilterFactoryContext#filterDispatchExecutor().
This returns FilterDispatchExecutor, a new interface extending ScheduledExecutorService. FilterDispatchExecutor
has methods to enable Filters to check if the current thread is the Filter Dispatch Thread and it offers
specialized futures, where chained async methods will also run on the Filter Dispatch Thread when no executor
is supplied. This is intended to be a tool to make it convenient for Filters to hand off work to uncontrolled
threads, then switch back to an execution context where mutation of Filter members is safe. - Record Encryption Filter: Data Encryption Keys will now be refreshed one hour after creation by default.
This is a bugfix for #1139 to ensure we start
using new key material after key-encryption-keys are rotated in the KMS within some controlled duration. - Breaking changes to public kroxylicious-api module, Filter Authors may be affected
- Deprecated
io.kroxylicious.proxy.clusternetworkaddressconfigprovider.ClusterNetworkAddressConfigProviderContributor
moved to internal module - Deprecated
io.kroxylicious.proxy.service.ClusterNetworkAddressConfigProvider
moved to internal module - Deprecated
io.kroxylicious.proxy.service.HostPort
moved to internal module - Deprecated
io.kroxylicious.proxy.filter.FilterInvoker
and implementations moved to internal module - Deprecated
io.kroxylicious.proxy.filter.FilterAndInvoker
moved to internal module - Deprecated
io.kroxylicious.proxy.filter.FilterInvokers
moved to internal module - Deprecated
io.kroxylicious.proxy.service.Context
moved to internal module - Deprecated
io.kroxylicious.proxy.service.Contributor
moved to internal module - Deprecated
io.kroxylicious.proxy.ApiVersionsService
removed without replacement
- Deprecated