Hello Kafka users, developers and client-developers, This is the second candidate (RC1) for release of Apache Kafka 3.5.1. First release candidate (RC0) was discarded due to incorrect license files. They have been fixed since then.
This release is a security patch release. It upgrades the dependency, snappy-java, to a version which is not vulnerable to CVE-2023-34455. You can find more information about the CVE at Kafka CVE list <https://kafka.apache.org/cve-list#CVE-2023-3445>. Additionally, this releases fixes a regression introduced in 3.3.0, which caused security.protocol configuration values to be restricted to upper case only. With this release, security.protocol values are case insensitive. See KAFKA-15053 <https://issues.apache.org/jira/browse/KAFKA-15053> for details. Release notes for the 3.5.1 release: https://home.apache.org/~divijv/kafka-3.5.1-rc1/RELEASE_NOTES.html *** Please download, test and vote by Thursday, July 20, 9am PT Kafka's KEYS file containing PGP keys we use to sign the release: https://kafka.apache.org/KEYS Release artifacts to be voted upon (source and binary): https://home.apache.org/~divijv/kafka-3.5.1-rc1/ Maven artifacts to be voted upon: https://repository.apache.org/content/groups/staging/org/apache/kafka/ Javadoc: https://home.apache.org/~divijv/kafka-3.5.1-rc1/javadoc/ Tag to be voted upon (off 3.5 branch) is the 3.5.1 tag: https://github.com/apache/kafka/releases/tag/3.5.1-rc1 Documentation: https://kafka.apache.org/35/documentation.html Please note that documentation will be updated with upgrade notes ( https://github.com/apache/kafka/commit/4c78fd64454e25e3536e8c7ed5725d3fbe944a49) after the release is complete. Protocol: https://kafka.apache.org/35/protocol.html Unit/integration tests: https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/43/ (2 failures) https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/42/ (6 failures) https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.5/39/ (9 failures) In all 3 runs above, there are no common tests which are failing, which leads me to believe that they are flaky. I have also verified that unit/integration tests on my local machine successfully pass (JDK 17 + Scala 2.13) System tests: Not planning to run system tests since this is a patch release. Thank you. -- Divij Vaidya Release Manager for Apache Kafka 3.5.1
