Skip to content

v0.7.0

Compare
Choose a tag to compare
@kroxylicious-robot kroxylicious-robot released this 20 Aug 14:15
· 440 commits to main since this release

0.7.0

  • #1414 Address record validation filter name inconsistency
  • #1348 Fix #1348: Rework the Record Encryption documentation describing the role of the administrator
  • #1415 Fix #1415: Improve record validation docs #1429
  • #1417: Extend JsonSchemaValidator to validate the incoming schema id matches the expected.
  • #1401: Support a FIPs-certified cipher from an alternative provider
  • #1416: Schema validation should not rely on the syntax validation
  • #1393: Remove api versions service
  • #1404: Move deprecated Context classes out of kroxylicious-api
  • #1402: Move FilterInvoker classes to kroxylicious-runtime
  • #1289: Record Encryption - expose maxEncryptionsPerDek for configuration
  • #1394: Make ClusterNetworkAddressConfigProvider and co internal
  • #1356: Changes for Kafka 3.8.0 #1356
  • #1354: Make EDEK cache refresh and expiry durations configurable
  • #1360: Bump kafka.version from 3.7.0 to 3.7.1
  • #1322: Introduce FilterDispatchExecutor
  • #1154: Apicurio based schema validation filter

Changes, deprecations and removals

  • The Record Encryption Filter now uses AES/GCM/NoPadding as the transformation String and checks the KMS
    returns a 256bit DEK. This enables users to configure an alternative JCE Provider in their JRE configuration
    that offers this algorithm.
  • FilterFactoryContext#eventLoop() is deprecated, replaced by FilterFactoryContext#filterDispatchExecutor().
    This returns FilterDispatchExecutor, a new interface extending ScheduledExecutorService. FilterDispatchExecutor
    has methods to enable Filters to check if the current thread is the Filter Dispatch Thread and it offers
    specialized futures, where chained async methods will also run on the Filter Dispatch Thread when no executor
    is supplied. This is intended to be a tool to make it convenient for Filters to hand off work to uncontrolled
    threads, then switch back to an execution context where mutation of Filter members is safe.
  • Record Encryption Filter: Data Encryption Keys will now be refreshed one hour after creation by default.
    This is a bugfix for #1139 to ensure we start
    using new key material after key-encryption-keys are rotated in the KMS within some controlled duration.
  • Breaking changes to public kroxylicious-api module, Filter Authors may be affected
    • Deprecated io.kroxylicious.proxy.clusternetworkaddressconfigprovider.ClusterNetworkAddressConfigProviderContributor moved to internal module
    • Deprecated io.kroxylicious.proxy.service.ClusterNetworkAddressConfigProvider moved to internal module
    • Deprecated io.kroxylicious.proxy.service.HostPort moved to internal module
    • Deprecated io.kroxylicious.proxy.filter.FilterInvoker and implementations moved to internal module
    • Deprecated io.kroxylicious.proxy.filter.FilterAndInvoker moved to internal module
    • Deprecated io.kroxylicious.proxy.filter.FilterInvokers moved to internal module
    • Deprecated io.kroxylicious.proxy.service.Context moved to internal module
    • Deprecated io.kroxylicious.proxy.service.Contributor moved to internal module
    • Deprecated io.kroxylicious.proxy.ApiVersionsService removed without replacement