Hello Kafka users, developers and client-developers, This is the first candidate for release of Apache Kafka 3.5.1.
This release is a security patch release. It upgrades the dependency, snappy-java, to a version which is not vulnerable to CVE-2023-34455. You can find more information about the CVE at Kafka CVE list <https://kafka.apache.org/cve-list#CVE-2023-3445>. Additionally, this releases fixes a regression introduced in 3.3.0, which caused security.protocol configuration values to be restricted to upper case only. With this release, security.protocol values are case insensitive. See KAFKA-15053 <https://issues.apache.org/jira/browse/KAFKA-15053> for details. Release notes for the 3.5.1 release: https://home.apache.org/~divijv/kafka-3.5.1-rc0/RELEASE_NOTES.html *** Please download, test and vote by Tuesday, July 18, 9am PT Kafka's KEYS file containing PGP keys we use to sign the release: https://kafka.apache.org/KEYS Release artifacts to be voted upon (source and binary): https://home.apache.org/~divijv/kafka-3.5.1-rc0/ Maven artifacts to be voted upon: https://repository.apache.org/content/groups/staging/org/apache/kafka/ Javadoc: https://home.apache.org/~divijv/kafka-3.5.1-rc0/javadoc/ Tag to be voted upon (off 3.5 branch) is the 3.5.1 tag: https://github.com/apache/kafka/releases/tag/3.5.1-rc0 Documentation: https://kafka.apache.org/35/documentation.html Please note that documentation will be updated with upgrade notes ( https://github.com/apache/kafka/commit/4c78fd64454e25e3536e8c7ed5725d3fbe944a49) after the release is complete. Protocol: https://kafka.apache.org/35/protocol.html Unit/integration tests: https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/35/ (9 failures). I am running another couple of runs to ensure that there are no consistently failing tests. I have verified that unit/integration tests on my local machine successfully pass. System tests: Not planning to run system tests since this is a patch release. Thank you. -- Divij Vaidya Release Manager for Apache Kafka 3.5.1
