From 16304a6de8ca0b4c8ca2032cdaae715262eb3981 Mon Sep 17 00:00:00 2001 From: Sam Barker Date: Wed, 4 Mar 2026 16:06:19 +1300 Subject: [PATCH 1/2] test PR check for future date. Signed-off-by: Sam Barker --- _posts/2026-03-11-release-0_19_1.md | 54 +++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 _posts/2026-03-11-release-0_19_1.md diff --git a/_posts/2026-03-11-release-0_19_1.md b/_posts/2026-03-11-release-0_19_1.md new file mode 100644 index 0000000..2a01bbe --- /dev/null +++ b/_posts/2026-03-11-release-0_19_1.md @@ -0,0 +1,54 @@ +--- +layout: post +title: "Kroxylicious release 0.19.0" +date: 2026-03-11 00:00:00 +0000 +author: "Sam Barker" +author_url: "https://github.com/SamBarker" +# noinspection YAMLSchemaValidation +categories: blog kroxylicious-proxy releases +tags: [ "releases", "kroxylicious-proxy" ] +--- + +We're excited to announce the release of [Kroxylicious 0.19.0](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.19.0)! There's a lot to dig into — check out the full [Changelog](https://github.com/kroxylicious/kroxylicious/blob/main/CHANGELOG.md#0190) for everything including deprecations, changes, and removals. + +Here are the highlights: + +### Kafka 4.2 Support + +Hot off the press — Kroxylicious now bites into Kafka 4.2! We are keeping pace with upstream Kafka releases so your filters can take advantage of new RPCs as they land. All versions of Kroxylicious can be deployed in front of any supported version of Apache Kafka. + +### Authorizer Filter: Transactional ID Support + +The Authorizer Filter just got more powerful. It now covers transactional ID authorization, so you can enforce `WRITE` and `DESCRIBE` operations with full parity to Apache Kafka's own ACL authorization. + +### Kubernetes Secrets as Trust Anchors + +Good news for Kubernetes users: you can now use Kubernetes Secrets in the `trustAnchorRef` field of `KafkaService` and `VirtualKafkaCluster` custom resources. One less thing to manage outside of your cluster. + +### Filter API: API Version in `onResponse` + +`ResponseFilter#onResponse` now receives API version information via a new five-argument form. The previous four-argument form is deprecated. + +### Munching on Idle Connections + +Ever wanted to clean up connections that have outstayed their welcome? Kroxylicious can now be configured with idle timeouts for client connections: +- `unauthenticatedIdleTimeout` — for connections that haven't authenticated yet +- `authenticatedIdleTimeout` — for authenticated connections + +Both use Go-style duration formats. And to help you keep an eye on things, a new metric `kroxylicious_client_to_proxy_disconnects_total` tracks why connections are closing — idle timeout, client-initiated, or server-initiated. + +### Artefacts + +Binaries are attached to the GitHub [release](https://github.com/kroxylicious/kroxylicious/releases/tag/v0.19.0) and available through [Maven Central](https://repo1.maven.org/maven2/io/kroxylicious/kroxylicious-app/0.19.0/). + +Container images are available on quay.io: + +| Image | Repository | +|---|---| +| Proxy | [quay.io/kroxylicious/kroxylicious:0.19.0](https://quay.io/repository/kroxylicious/kroxylicious?tab=tags) (`sha256:f9cd83454ed1d6507be7876fb6a712c8c1d611fb26db47675e55777c10f46228`) | +| Operator | [quay.io/kroxylicious/operator:0.19.0](https://quay.io/repository/kroxylicious/operator?tab=tags) (`sha256:a531ec14e555d5df719cb5c64d751d10d515fa791044fe8b059106d25bcbc39a`) | + +### Feedback + +We'd love to hear from you! Whether you're kicking the tyres, running Kroxylicious in production, or just find the project interesting — drop by and say hello. +You can reach us through [Slack](https://kroxylicious.slack.com), [GitHub](https://github.com/kroxylicious/kroxylicious/issues) or even [bsky](https://bsky.app/profile/kroxylicious.io)), or tell us in person on one of our upcoming [community calls]({% link join-us/community-call/index.md %}). From a655c9323e1d00c33c5e810482aaaff460afd699 Mon Sep 17 00:00:00 2001 From: Sam Barker Date: Wed, 4 Mar 2026 16:13:45 +1300 Subject: [PATCH 2/2] Relax post date check to allow front matter date newer than filename Rather than requiring an exact match, only fail if the front matter date is older than the filename date, which is the case that would cause Jekyll to publish later than expected. Assisted-by: Claude Sonnet 4.6 Signed-off-by: Sam Barker --- .github/workflows/pr-build.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index b655f5c..0c4225a 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -39,6 +39,27 @@ jobs: CONTAINER_ENGINE: docker BUILD_IMAGE_SPEC: localhost:5000/kroxy-jekyll:latest + - name: Require post front matter date is not older than filename date + run: | + mismatches=() + for post in _posts/*.md; do + filename=$(basename "$post") + file_date=$(echo "$filename" | grep -oP '^\d{4}-\d{2}-\d{2}') + front_matter_date=$(grep -oP '^date:\s*\K\d{4}-\d{2}-\d{2}' "$post" || true) + if [[ -n "$file_date" && -n "$front_matter_date" && "$front_matter_date" < "$file_date" ]]; then + mismatches+=("$filename: filename date=$file_date, front matter date=$front_matter_date") + fi + done + if [[ ${#mismatches[@]} -gt 0 ]]; then + echo "Error: post front matter date is older than filename date:" >&2 + for mismatch in "${mismatches[@]}"; do + echo " $mismatch" >&2 + done + exit 1 + else + echo "Success: all post front matter dates are consistent with filename dates" + fi + # Currently the image shas are not available when we create the release, they need to be manually # updated in the release PR before merge. - name: Require release manifests to contain non-placeholder container image SHAs