|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "Kroxylicious release 0.5.1" |
| 4 | +date: 2024-04-10 00:00:00 +0000 |
| 5 | +author: "Sam Barker" |
| 6 | +author_url: "https://www.github.com/sambarker" |
| 7 | +categories: [releases, kroxylicious, record-encryption] |
| 8 | +--- |
| 9 | + |
| 10 | +The Kroxylicious project is very pleased to announce the release of [Kroxylicious 0.5.1](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.5.1). See the [Changelog](https://github.com/kroxylicious/kroxylicious/blob/main/CHANGELOG.md#051) for a list of changes and summary of Deprecations, Changes and Removals. |
| 11 | + |
| 12 | +### Fixes and Improvements in 0.5.1 |
| 13 | + |
| 14 | +* [@luozhenyu](https://github.com/luozhenyu) noticed that we didn't support Kafka 0.10.0 properly and provided a fix [PR#1110](https://github.com/kroxylicious/kroxylicious/pull/1110) so that our handling is inline with that of official [java client](https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/requests/ApiVersionsResponse.java#L90-L106) |
| 15 | +* [@luozhenyu](https://github.com/luozhenyu) also spotted that we were not cancelling the timeouts when filters sent additional requests to the broker. |
| 16 | +* The proxy now fails to start if any of the required cipher suites are unavailable. |
| 17 | + |
| 18 | + |
| 19 | +### Record Encryption |
| 20 | + |
| 21 | +This release was focused on refining [Record Encryption](/use-cases/#encryption-at-rest) to be ready for experimentation in secure environments, adding: |
| 22 | +* Enable users to configure Hashicorp Vault TLS, providing custom keystore and truststore |
| 23 | +* Enable users to supply the Hashicorp Vault token via file rather than having to inject it into the proxy configuration |
| 24 | +* Include Record Encryption filter (and other Kroxylicious project supported filters) in the binary distribution |
| 25 | +* Release a Docker image `quay.io/kroxylicious/kroxylicious` also containing the supported filters |
| 26 | +* Improvements in how we manage and control the usage of key material, preparing to support alternate Ciphers and configurable Additional Authenticated Data |
| 27 | + |
| 28 | +The protocol for immutable encrypted data written to the broker is now aligned with our initial design. We guarantee data encrypted with version 0.5.0 |
| 29 | +of the Filter will be decryptable by all future versions of the Record Encryption Filter forever (assuming the keys stored in the KMS remain available for decryption). |
| 30 | + |
| 31 | +{% capture record_encryption_note %} |
| 32 | +Until now we have used the term Envelope Encryption when describing the Filter. Going forward we will use the name Record Encryption |
| 33 | +to better describe the granularity that encryption is happening at. Encryption is done per [record](https://kafka.apache.org/documentation/#record). |
| 34 | +Envelope Encryption is how we encrypt those records. Record Encryption is how we implement Encryption-At-Rest. |
| 35 | +{% endcapture %} |
| 36 | +{% include bs-alert.html type="primary" icon="info-circle-fill" content=record_encryption_note %} |
| 37 | + |
| 38 | +### Artefacts |
| 39 | + |
| 40 | +You'll find binaries attached to the GitHub [release](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.5.0), and available through [Maven Central](https://repo1.maven.org/maven2/io/kroxylicious/kroxylicious-app/0.5.0/). |
| 41 | + |
| 42 | +Docker images are hosted at [quay.io/kroxylicious/kroxylicious](https://quay.io/repository/kroxylicious/kroxylicious) |
| 43 | + |
| 44 | +### Feedback |
| 45 | + |
| 46 | +We are eager for any feedback, you can create an [issue in GitHub](https://github.com/kroxylicious/kroxylicious/issues) if you have any problems or want a |
| 47 | +feature added. |
| 48 | +`` |
0 commit comments