Hi all, I would like to start a discussion on KIP-1296: Shadow Jetty dependencies to decouple from SLF4J version conflict <https://cwiki.apache.org/confluence/x/c5I8G>
Kafka is pinned to Jetty 12.0.25 because Jetty 12.0.30+ uses SLF4J 2.x fluent API calls that cause NoSuchMethodError with Kafka's SLF4J 1.7.x. This blocks two CVE fixes (KAFKA-20270, KAFKA-20283). This KIP proposes a shadow JAR module that bundles Jetty with a relocated slf4j-api 2.x, allowing Jetty to use SLF4J 2.x internally without affecting Kafka's SLF4J 1.x. No public interfaces are changed. Example PR: https://github.com/apache/kafka/pull/21773 Thanks, Ming-Yen
