Releases: strimzi/strimzi-kafka-oauth
0.17.0
Main Changes since 0.16.2
Make client credentials grant type configurable
OAuth clients using client_credentials can now set grant_type to a custom value.
Custom authorization servers' OAuth implementations of client_credentials mechanism can now use grant_type as a discriminator.
A new configuration option was introduced: oauth.client.credentials.grant.type.
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.17.0 milestone.
Full Changelog: 0.16.2...0.17.0
0.17.0-rc1
Main Changes since 0.16.2
Make client credentials grant type configurable
OAuth clients using client_credentials can now set grant_type to a custom value.
Custom authorization servers' OAuth implementations of client_credentials mechanism can now use grant_type as a discriminator.
A new configuration option was introduced: oauth.client.credentials.grant.type.
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.17.0 milestone.
How to test
Released Maven repository artifacts are available in Maven Central using version 0.17.0-RC1
Example:
<dependency>
<groupId>io.strimzi</groupId>
<artifactId>kafka-oauth-client</artifactId>
<version>0.17.0-RC1</version>
</dependency>
Full Changelog: 0.16.2...0.17.0-rc1
0.15.1
0.15.1-rc1
Main changes since 0.15.0
Update json-smart to 2.5.2 and Kafka version to 3.9.1 (#273)
json-smart dependency was updated to 2.5.2 and Kafka version to 3.9.1 in order to fix CVEs.
How to test 0.15.1-rc1
In order to test 0.15.1-rc1, please use 0.15.1-RC1 version directly in your pom.xml for any of the OAuth component.
You don't need to include any staging or other repository in order to use this version.
Example:
<dependency>
<groupId>io.strimzi</groupId>
<artifactId>oauth</artifactId>
<version>0.15.1-RC1</version>
</dependency>
Full Changelog: 0.15.0...0.15.1-rc1
0.16.2
Main Changes since 0.16.1
Properly fixed version of json-smart transitive dependency for third parties (#266)
Properly bumped json-smart version to 2.5.2 in order to address CVE-2024-57699 brought in by JsonPath 2.9.0. It also fixes json-smart version being pulled in for third party projects using OAuth project’s artifacts.
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.16.2 milestone.
0.16.2-rc1
Main Changes since 0.16.1
Properly fixed version of json-smart transitive dependency for third parties (#266)
Properly bumped json-smart version to 2.5.2 in order to address CVE-2024-57699 brought in by JsonPath 2.9.0. It also fixes json-smart version being pulled in for third party projects using OAuth project’s artifacts.
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.16.2 milestone.
Staging repository
To test the release, use the staging repository by including the following in your pom.xml:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1263</url>
</repository>
</repositories>0.16.1
Main Changes since 0.16.0
Unsuccessfully bumped json-smart version to 2.5.2
Unsuccessfully bumped json-smart version to 2.5.2 in order to address CVE-2024-57699 brought in by JsonPath 2.9.0. It does not fix json-smart version 2.5.0 being pulled in for third party projects using OAuth project’s artifacts. Users should wait for 0.16.2 with a proper fix and ignore the 0.16.1.
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.16.1 milestone.
0.16.1-rc1
Main Changes since 0.16.0
Bumped json-smart version to 2.5.2
Addressed the CVE-2024-57699 brought in via JsonPath 2.9.0
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.16.1 milestone.
Staging repository
To test the release, use the staging repository by including the following in your pom.xml:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1261</url>
</repository>
</repositories>0.16.0
Main Changes since 0.15.x
Using Kafka 4.0.0
Kafka libraries have been bumped to version 4.0.0 which removes support for Zookeeper. Kafka 4.0.0 server-side libraries are built with Java 17 bytecode compatibility. The client libraries are still built with Java 11 bytecode compatibility.
Java 17 required for building the project
Java 17 is now required for building the project. The example clients and the testsuite can also run with Java 11.
All the components are built with Java 11 bytecode compatibility except kafka-oauth-keycloak-authorizer which requires Java 17 due to the dependency on server-side Kafka 4.0.0 libraries.
Removed support for KeycloakAuthorizer ACL delegation in Zookeeper mode
KeycloakAuthorizer can be configured to delegate authorization decision to standard ACL authorizer provided by Kafka.
Since Zookeeper mode is no longer supported, the ACL authorizer delegation only works if the Kafka node runs in KRaft mode.
If KeycloakAuthorizer is deployed to Kafka running in Zookeeper mode, and strimzi.authorization.delegate.to.kafka.acl is set to true, the broker will fail to start. In order to keep using the delegation mode you should upgrade your Kafka brokers to KRaft mode.
Kafka 4.x users should upgrade to this OAuth version (0.16.0). Kafka 3.x users can use this OAuth version in both Kraft or Zookeeper mode, but if they use KeycloakAuthorizer with ACL delegation, that will not work in Zookeeper mode.
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.16.0 milestone.
0.16.0-rc1
Main Changes since 0.15.x
Using Kafka 4.0.0
Kafka libraries have been bumped to version 4.0.0 which removes support for Zookeeper. Kafka 4.0.0 server-side libraries are built with Java 17 bytecode compatibility. The client libraries are still built with Java 11 bytecode compatibility.
Java 17 required for building the project
Java 17 is now required for building the project. The example clients and the testsuite can also run with Java 11.
All the components are built with Java 11 bytecode compatibility except kafka-oauth-keycloak-authorizer which requires Java 17 due to the dependency on server-side Kafka 4.0.0 libraries.
Removed support for KeycloakAuthorizer ACL delegation in Zookeeper mode
KeycloakAuthorizer can be configured to delegate authorization decision to standard ACL authorizer provided by Kafka.
Since Zookeeper mode is no longer supported, the ACL authorizer delegation only works if the Kafka node runs in KRaft mode.
If KeycloakAuthorizer is deployed to Kafka running in Zookeeper mode, and strimzi.authorization.delegate.to.kafka.acl is set to true, the broker will fail to start. In order to keep using the delegation mode you should upgrade your Kafka brokers to KRaft mode.
For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.16.0 milestone.
Staging repository
To test the release, use the staging repository by including the following in your pom.xml:
<repositories>
<repository>
<id>staging</id>
<url>https://oss.sonatype.org/content/repositories/iostrimzi-1259</url>
</repository>
</repositories>