Hi Stig, Kafka 4.0 is likely to be released in a day or two. Even so, I think it makes sense to revive the backporting thread given the lack of workaround for Java 24.
Ismael On Mon, Mar 17, 2025 at 7:44 AM Stig Rohde Døssing <stigdoess...@gmail.com> wrote: > Hi, > > Some months ago, a reflective shim was added in > https://issues.apache.org/jira/browse/KAFKA-17078, in order to support > running Kafka with SASL on JDKs that no longer support the security > manager. > > This shim was added only to Kafka 4.0, but backporting was discussed in > https://lists.apache.org/thread/vl43q9wqq4xs67xx61f0t0850y2b037o. There > was > no clear consensus for or against backporting, but it ended up not > happening. At the time, users could work around the issue by enabling the > Security Manager again via a command-line flag. > > Java 24, which is planned to release tomorrow, no longer has this > workaround available. > > This leaves users running Java 23 (I am one) in a slightly uncomfortable > spot. > > If Kafka releases 4.0 in the next month, we can rush to upgrade to that, > and hope that the first release has no regressions. > > Otherwise, we will need to downgrade back to Java 21, since staying on 23 > isn't a good idea past Oracle's quarterly security update in April (see > https://www.oracle.com/security-alerts/), which will include patches that > won't be released for Java 23. > > Would there be strong objections to attempting a backport of this shim to a > 3.9.x release? >
