Merge pull request #46 from SamBarker/0.5.1-release

SamBarker · web-flow · commit bb0cf9aa5aa0 · 2024-04-10T09:17:04.000+12:00
0.5.1 release
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -13,9 +13,10 @@ GEM
     eventmachine (1.2.7-x64-mingw32)
     ffi (1.16.3)
     forwardable-extended (2.6.0)
-    google-protobuf (3.25.3)
+    google-protobuf (4.26.1)
+      rake (>= 13)
     http_parser.rb (0.8.0)
-    i18n (1.14.1)
+    i18n (1.14.4)
       concurrent-ruby (~> 1.0)
     jekyll (4.3.3)
       addressable (~> 2.4)
@@ -49,37 +50,37 @@ GEM
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
     liquid (4.0.4)
-    listen (3.8.0)
+    listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.4.0)
     mini_portile2 (2.8.5)
-    nokogiri (1.16.2)
+    nokogiri (1.16.3)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    public_suffix (5.0.4)
+    public_suffix (5.0.5)
     racc (1.7.3)
     racc (1.7.3-java)
-    rake (13.1.0)
+    rake (13.2.1)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     rexml (3.2.6)
-    rouge (4.2.0)
+    rouge (4.2.1)
     safe_yaml (1.0.5)
-    sass-embedded (1.71.0)
-      google-protobuf (~> 3.25)
+    sass-embedded (1.74.1)
+      google-protobuf (>= 3.25, < 5.0)
       rake (>= 13.0.0)
-    sass-embedded (1.71.0-arm64-darwin)
-      google-protobuf (~> 3.25)
-    sass-embedded (1.71.0-x64-mingw32)
-      google-protobuf (~> 3.25)
-    sass-embedded (1.71.0-x86_64-darwin)
-      google-protobuf (~> 3.25)
-    sass-embedded (1.71.0-x86_64-linux-gnu)
-      google-protobuf (~> 3.25)
+    sass-embedded (1.74.1-arm64-darwin)
+      google-protobuf (>= 3.25, < 5.0)
+    sass-embedded (1.74.1-x64-mingw32)
+      google-protobuf (>= 3.25, < 5.0)
+    sass-embedded (1.74.1-x86_64-darwin)
+      google-protobuf (>= 3.25, < 5.0)
+    sass-embedded (1.74.1-x86_64-linux-gnu)
+      google-protobuf (>= 3.25, < 5.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     tzinfo (2.0.6)
diff --git a/_posts/2024-04-10-release-0_5_1.md b/_posts/2024-04-10-release-0_5_1.md
@@ -0,0 +1,47 @@
+---
+layout: post
+title:  "Kroxylicious release 0.5.1"
+date:   2024-04-09 20:00:00 +0000
+author: "Sam Barker"
+author_url: "https://www.github.com/sambarker"
+categories:  [releases, kroxylicious, record-encryption]
+---
+
+The Kroxylicious project is very pleased to announce the release of [Kroxylicious 0.5.1](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.5.1). See the [Changelog](https://github.com/kroxylicious/kroxylicious/blob/main/CHANGELOG.md#051) for a list of changes and summary of Deprecations, Changes and Removals.
+
+### Fixes and Improvements in 0.5.1
+
+* [@luozhenyu](https://github.com/luozhenyu) noticed that we didn't support Kafka 0.10.0 properly and provided a fix [PR#1110](https://github.com/kroxylicious/kroxylicious/pull/1110) so that our handling is inline with that of official [java client](https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/requests/ApiVersionsResponse.java#L90-L106)
+* [@luozhenyu](https://github.com/luozhenyu) also spotted that we were not cancelling the timeouts when filters sent additional requests to the broker.
+* The proxy now fails to start if any of the required cipher suites are unavailable.
+
+
+### Record Encryption
+
+The 0.5.X series is focused on refining [Record Encryption](/use-cases/#encryption-at-rest) to be ready for experimentation in secure environments, adding:
+* Enable users to configure Hashicorp Vault TLS, providing custom keystore and truststore
+* Enable users to supply the Hashicorp Vault token via file rather than having to inject it into the proxy configuration
+* Include Record Encryption filter (and other Kroxylicious project supported filters) in the binary distribution
+* Release a Docker image `quay.io/kroxylicious/kroxylicious` also containing the supported filters
+* Improvements in how we manage and control the usage of key material, preparing to support alternate Ciphers and configurable Additional Authenticated Data
+
+The protocol for immutable encrypted data written to the broker is now aligned with our initial design. We guarantee data encrypted with version 0.5.0 
+of the Filter will be decryptable by all future versions of the Record Encryption Filter forever (assuming the keys stored in the KMS remain available for decryption).
+
+{% capture record_encryption_note %}
+Until now we have used the term Envelope Encryption when describing the Filter. Going forward we will use the name Record Encryption 
+to better describe the granularity that encryption is happening at. Encryption is done per [record](https://kafka.apache.org/documentation/#record).
+Envelope Encryption is how we encrypt those records. Record Encryption is how we implement Encryption-At-Rest.
+{% endcapture %}
+{% include bs-alert.html type="primary" icon="info-circle-fill" content=record_encryption_note %}
+
+### Artefacts
+
+You'll find binaries attached to the GitHub [release](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.5.1), and available through [Maven Central](https://repo1.maven.org/maven2/io/kroxylicious/kroxylicious-app/0.5.1/).
+
+Docker images are hosted at [quay.io/kroxylicious/kroxylicious](https://quay.io/repository/kroxylicious/kroxylicious)
+
+### Feedback
+
+We are eager for any feedback, you can create an [issue in GitHub](https://github.com/kroxylicious/kroxylicious/issues) if you have any problems or want a
+feature added.
