|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "Kroxylicious release 0.5.0" |
| 4 | +date: 2024-03-13 00:00:00 +0000 |
| 5 | +author: "Robert Young" |
| 6 | +author_url: "https://www.github.com/robobario" |
| 7 | +categories: [releases, kroxylicious, record-encryption] |
| 8 | +--- |
| 9 | + |
| 10 | +The Kroxylicious project is very pleased to announce the release of [Kroxylicious 0.5.0](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.5.0). See the [Changelog](https://github.com/kroxylicious/kroxylicious/blob/main/CHANGELOG.md#050) for a list of changes and summary of Deprecations, Changes and Removals. |
| 11 | + |
| 12 | +### Record Encryption |
| 13 | + |
| 14 | +This release was focused on refining [Record Encryption](/use-cases/#encryption-at-rest) to be ready for experimentation in secure environments, adding: |
| 15 | +* Enable users to configure Hashicorp Vault TLS, providing custom keystore and truststore |
| 16 | +* Enable users to supply the Hashicorp Vault token via file rather than having to inject it into the proxy configuration |
| 17 | +* Include Record Encryption filter (and other Kroxylicious project supported filters) in the binary distribution |
| 18 | +* Release a Docker image `quay.io/kroxylicious/kroxylicious` also containing the supported filters |
| 19 | +* Improvements in how we manage and control the usage of key material, preparing to support alternate Ciphers and configurable Additional Authenticated Data |
| 20 | + |
| 21 | +The protocol for immutable encrypted data written to the broker is now aligned with our initial design. We guarantee data encrypted with version 0.5.0 |
| 22 | +of the Filter will be decryptable by all future versions of the Record Encryption Filter forever (assuming the keys stored in the KMS remain available for decryption). |
| 23 | + |
| 24 | +{% capture record_encryption_note %} |
| 25 | +Until now we have used the term Envelope Encryption when describing the Filter. Going forward we will use the name Record Encryption |
| 26 | +to better describe the granularity that encryption is happening at. Encryption is done per [record](https://kafka.apache.org/documentation/#record). |
| 27 | +Envelope Encryption is how we encrypt those records. Record Encryption is how we implement Encryption-At-Rest. |
| 28 | +{% endcapture %} |
| 29 | +{% include bs-alert.html type="primary" icon="info-circle-fill" content=record_encryption_note %} |
| 30 | + |
| 31 | +### Other Improvements |
| 32 | + |
| 33 | +* Support for Apache Kafka 3.7.0 API additions (Kroxylicious is version agnostic and can interface with all current broker and client versions, but must |
| 34 | +be updated to intercept/forward new APIs or fields added to existing APIs of the Kafka Protocol) |
| 35 | +* A fix for upstream TLS connections failing, [@callaertanthony](https://github.com/callaertanthony)'s first PR contribution, thank you! |
| 36 | +* Added a `lowestTargetBrokerId` configuration for Port-per-broker Virtual Cluster exposition |
| 37 | +* Numerous bugfixes, documentation improvements, test enhancements |
| 38 | + |
| 39 | +### Artefacts |
| 40 | + |
| 41 | +You'll find binaries attached to the GitHub [release](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.5.0), and available through [Maven Central](https://repo1.maven.org/maven2/io/kroxylicious/kroxylicious-app/0.5.0/). |
| 42 | + |
| 43 | +Docker images are hosted at [quay.io/kroxylicious/kroxylicious](https://quay.io/repository/kroxylicious/kroxylicious) |
| 44 | + |
| 45 | +### Feedback |
| 46 | + |
| 47 | +We are eager for any feedback, you can create an [issue in GitHub](https://github.com/kroxylicious/kroxylicious/issues) if you have any problems or want a |
| 48 | +feature added. |
0 commit comments