Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 36 million developers.Sign up
librdkafka v1.1.0 release
v1.1.0 is a security-focused feature release:
- SASL OAUTHBEARER support (by @rondagostino at StateStreet)
- In-memory SSL certificates (PEM, DER, PKCS#12) support (by @noahdav at Microsoft)
- Pluggable broker SSL certificate verification callback (by @noahdav at Microsoft)
- Use Windows Root/CA SSL Certificate Store (by @noahdav at Microsoft)
ssl.endpoint.identification.algorithm=https(off by default) to validate the broker hostname matches the certificate. Requires OpenSSL >= 1.0.2.
- Improved GSSAPI/Kerberos ticket refresh
- Windows SSL users will no longer need to specify a CA certificate file/directory (
ssl.ca.location), librdkafka will load the CA certs by default from the Windows Root Certificate Store.
- SSL peer (broker) certificate verification is now enabled by default (disable with
New configuration properties:
ssl.key.pem- client's private key as a string in PEM format
ssl.certificate.pem- client's public key as a string in PEM format
enable.ssl.certificate.verification- enable(default)/disable OpenSSL's builtin broker certificate verification.
enable.ssl.endpoint.identification.algorithm- to verify the broker's hostname with its certificate (disabled by default).
- Add new
rd_kafka_conf_set_ssl_cert()to pass PKCS#12, DER or PEM certs in (binary) memory form to the configuration object.
- The private key data is now securely cleared from memory after last use.
- configure: Improve library checking
rd_kafka_conf()to retrieve the client's configuration object
message.timeout.msmax value from 15 minutes to 24 days (@sarkanyi, workaround for #2015)
- SASL GSSAPI/Kerberos: Don't run kinit refresh for each broker, just per client instance.
- SASL GSSAPI/Kerberos: Changed
sasl.kerberos.kinit.cmdto first attempt ticket refresh, then acquire.
- SASL: Proper locking on broker name acquisition.
max.poll.interval.msnow correctly handles blocking poll calls, allowing a longer poll timeout than the max poll interval.
- configure: Fix libzstd static lib detection
- rdkafka_performance: Fix for Misleading "All messages delivered!" message (@solar_coder)
- Windows build and CMake fixes (@myd7349)
librdkafka v1.0.1 release
v1.0.1 is a maintenance release with the following fixes: