Blog post for 0.9.0

rh-pre-commit.version: 2.0.1
rh-pre-commit.check-secrets: ENABLED

Signed-off-by: Sam Barker <[email protected]>

Author: SamBarker

_posts/2024-12-17-release-0_9_0.md

@@ -0,0 +1,30 @@
+---
+layout: post
+title:  "kroxylicious release 0.9.0"
+date:   2024-12-17 00:00:00 +0000
+author: "Sam Barker"
+author_url: "https://github.com/SamBarker"
+categories:  [releases, kroxylicious, kafka3.9]
+---
+
+The Kroxylicious project is very pleased to announce the [0.9.0](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.9.0) release of Kroxylicious. This release introduces support for Apache Kafka 3.9. 
+
+We generally expect Kroxylicious to be both forwards and backwards compatible across Kafka version just like the Apache Kafka client and broker. While we tested with pre-release versions Kafka 3.9 we discovered after it was released that we had missed a case in the protocol version negotiation. When the API Versions request version was updated we were unable to decode the response. In the 0.9.0 release we adopt the same behaviour as the Kafka broker and respond with API version 0 if we do not support the protocol version requested by the client - we have also expanded our test coverage to get earlier warnings of similar issues in the future. 
+
+This release also marks the introduction of our new connection handling sate machine at the core of the proxy. We have evolved state machine at the core of the proxy to separate out the state carried at various stages of the connection life cycle and provide stronger rules around transitions between states. This is still a work in progress as its implications are rather wide-ranging however with think it gives us a stronger core to base everything else around. This does for the moment limit our ability to offer authentication offload support, we do intend to restore this eventually (please do get in touch if this use case is important to you).
+
+There are many quality of life improvements in this release (in no particular order)
+
+- Ensure we now respond with errors instead of closing the connection when there are problems encrypting records 
+- We've made it easier for Filter authors to generate error responses of their own.
+- We realised forwarding partial requests from the record validation filter in the face of validation failures was a bad idea so it now rejects the whole batch.
+- We can now use EC2 instance metadata to authenticate against the AWS KMS. 
+- We now support the validation on M_TLS certificates on the downstream (or client side) of the proxy.
+
+We are very pleased to say we have first time contributions from
+- [Calum Murray](https://github.com/Cali0707)
+- [Alan Robinson](https://github.com/alanrobinson-dwp)
+
+### Feedback
+
+Please let us know, through [Slack](https://kroxylicious.slack.com) or [GitHub](https://github.com/kroxylicious/kroxylicious-junit5-extension/issues), if you find the extension interesting or helpful.