Hi All, I am still strongly in support of backporting this patch as I stated in the earlier discussion thread.
Thank you Stig, Anton, Danish, Mateusz, Manfred, Monica, Istvan, Vincent, Clement, Anshu, Foivos, Drakgoku, Severin, Ozan, Georgios, and Guillaume, members of our extended community who have commented to discuss the impact and their support for this patch. I inevitably missed some people, such as everyone who has been encountering and silently working around the problem just from reading these threads and GitHub issues. Through our inaction, we have obligated several users to take actions to work around us: * The Trino project dropped two of their products [1, 2] * The Quarkus project disabled some tests [3] * Quarkus project users downgraded their java version [4] * Spring Boot users have installed the system property workaround [5] In my opinion this is unacceptable, and it's time for us to fix this. Thank you Stig for restarting the conversation! Greg [1] https://github.com/trinodb/trino/issues/24419 [2] https://github.com/trinodb/trino/issues/24417 [3] https://github.com/quarkusio/quarkus/pull/43543 [4] https://github.com/anshupitlia/product-information-system/commit/2c3a8dbd974dce0273f74969ec64b661abafef62 [5] https://github.com/vividus-framework/vividus-build-system/commit/53b7016a0d3b0ba04a23b4b1892e1cf7f62ba0a5 On Thu, Mar 27, 2025 at 7:39 PM Luke Chen <show...@gmail.com> wrote: > Hi Stig, > > Thanks for bringing this to us. > I'm +1 for backporting to 3.9 branch since there's no workaround for Java > 24. > > Thanks. > Luke > > > > On Tue, Mar 18, 2025 at 1:14 AM Stig Rohde Døssing <stigdoess...@gmail.com > > > wrote: > > > Thanks Ismail, > > > > I've opened https://github.com/apache/kafka/pull/19221 just to get any > > test > > failures out of the way in case it is decided to do this backport. > > > > I'm hoping people will weigh in with their concerns in this thread if > they > > don't like the idea of backporting this change. > > > > Den man. 17. mar. 2025 kl. 16.43 skrev Ismael Juma <m...@ismaeljuma.com>: > > > > > Hi Stig, > > > > > > Kafka 4.0 is likely to be released in a day or two. Even so, I think it > > > makes sense to revive the backporting thread given the lack of > workaround > > > for Java 24. > > > > > > Ismael > > > > > > On Mon, Mar 17, 2025 at 7:44 AM Stig Rohde Døssing < > > stigdoess...@gmail.com > > > > > > > wrote: > > > > > > > Hi, > > > > > > > > Some months ago, a reflective shim was added in > > > > https://issues.apache.org/jira/browse/KAFKA-17078, in order to > support > > > > running Kafka with SASL on JDKs that no longer support the security > > > > manager. > > > > > > > > This shim was added only to Kafka 4.0, but backporting was discussed > in > > > > https://lists.apache.org/thread/vl43q9wqq4xs67xx61f0t0850y2b037o. > > There > > > > was > > > > no clear consensus for or against backporting, but it ended up not > > > > happening. At the time, users could work around the issue by enabling > > the > > > > Security Manager again via a command-line flag. > > > > > > > > Java 24, which is planned to release tomorrow, no longer has this > > > > workaround available. > > > > > > > > This leaves users running Java 23 (I am one) in a slightly > > uncomfortable > > > > spot. > > > > > > > > If Kafka releases 4.0 in the next month, we can rush to upgrade to > > that, > > > > and hope that the first release has no regressions. > > > > > > > > Otherwise, we will need to downgrade back to Java 21, since staying > on > > 23 > > > > isn't a good idea past Oracle's quarterly security update in April > (see > > > > https://www.oracle.com/security-alerts/), which will include patches > > > that > > > > won't be released for Java 23. > > > > > > > > Would there be strong objections to attempting a backport of this > shim > > > to a > > > > 3.9.x release? > > > > > > > > > >
