Closed
Conversation
Contributor
There was a problem hiding this comment.
Isn't there a windows folder already with scripts like these?
Contributor
There was a problem hiding this comment.
Nvm, looks like they're all removed
guozhangwang
referenced
this pull request
in confluentinc/kafka
Aug 5, 2015
allow deserializer override at KStream construction
Parth-Brahmbhatt
pushed a commit
to Parth-Brahmbhatt/kafka
that referenced
this pull request
Oct 15, 2015
Fix kafka service check fails in ambari
Contributor
|
You are trying to merge into a repository of a Kafka version that is around 4 years old and will never see another release. Perhaps close and check if we still need this improvement on trunk? |
Contributor
|
ah, it really is that old. |
resetius
added a commit
to resetius/kafka
that referenced
this pull request
Jun 7, 2016
…lerant Don't override HighWaterMarks on bad metadata
jamesrgrinter
pushed a commit
to jamesrgrinter/kafka
that referenced
this pull request
Feb 2, 2018
MAPR-KAFKA-4 Kafka Connect Service Should Be Managed By Warden
wuqingjun
pushed a commit
to wuqingjun/kafka
that referenced
this pull request
Feb 27, 2019
Fixing build error during merge of APPKI code
xiowu0
pushed a commit
to xiowu0/kafka
that referenced
this pull request
Apr 2, 2019
lianetm
added a commit
to lianetm/kafka
that referenced
this pull request
May 24, 2023
…r & additions to utils (apache#9)
lianetm
added a commit
to lianetm/kafka
that referenced
this pull request
Jun 5, 2023
…r & additions to utils (apache#9)
lianetm
added a commit
to lianetm/kafka
that referenced
this pull request
Jun 12, 2023
…r & additions to utils (apache#9)
patrik-marton
pushed a commit
to patrik-marton/kafka
that referenced
this pull request
Mar 11, 2025
Contains the following commits: [CSP-515] AuthenticateCallbackHandler for LDAP authentication Change-Id: I0bd74daca7b0805480b8959933eecbb78977b1d5 [CLOUDERA-BUILD] [CDPD-5221] PAM AuthenticateCallbackHandler [CDPD-7289] Fixing issue with PAM Authentication. Releasing resource right after authentication. Change-Id: Ia9f07d04d84736e2d51dfe5bc8128d1e4deb5c9c CDPD-15002 Move custom plain callback handler plugins to broker side module Custom LdapPlainServerCallbackHandler and PamPlainServerCallbackHandler classes were originally part of the 'clients' module of Kafka introducing undesired dependencies for users of the kafka-client library. To address this, custom Cloudera plugins were moved to a new module in Kafka that is only used on broker side. Change-Id: I1612b72178402f06c8e61215af27738dd27f48fc CDPD-28870: Migrate tests in the plugins module to jUnit5 Change-Id: I8c9ed195c7930d34938f9e74050ea148efffb596 CDPD-40348: Log username for failed PAM and PLAIN authentication This change would help administrators to more quickly isolate applications that are failing. Change-Id: I37a020c183ccfa2c4a4114ca6043d0dd778cb8c2 CDPD-45322 Implement Ldaps connection ignore_commit_convention_check Change-Id: Ibf9541a316fbccb580aa3b8a3f717ee168cfd99b CDPD-53949: Fix flaky LdapAuthenticationSSLTest ignore_commit_convention_check Reason: Some security features have been added to the plugins module under org.apache.kafka. For these reasons we have to ignore the commit check. Cherry-picked from commit 7be1e54bc0877e7770bcce988a3b42f9a8e52264. Change-Id: I97fc27b58b0ba5731e2c3ae4e3e6d8553ec4066e Co-authored-by: In Park <inpark@cloudera.com> CSMDS-205: Upgrade JNA to version 5.13.0 to fix UnsatisfiedLinkError for PAM on arm64 CSMDS-207: Upgrade shiro in Kafka CSMDS-111 LDAP for Kafka Operator (apache#22) SSL properties for LdapPlainServerCallbackHandler can be provided by both properties file and jaas config entries. Jaas config entries will override properties. Change-Id: I57f11d4c9a42675e337a71c3cdb862f5250fe7b4
fvaleri
pushed a commit
to fvaleri/kafka
that referenced
this pull request
Sep 17, 2025
Add Create link api in Admin API
haianh1233
added a commit
to haianh1233/kafka
that referenced
this pull request
Apr 17, 2026
New tests: - apache#8 Port conflict (HTTP == PLAINTEXT port) → rejected - apache#9 HTTP port=0 (random) works - apache#10 HTTP + HTTPS coexist on same broker - apache#11 advertised.listeners with HTTP parsed correctly - apache#12 HTTP without httpAcceptorFactory → IllegalStateException - apache#13 inter.broker.listener=HTTPS also rejected (not just HTTP) - apache#14 Custom listener name mapped to HTTP protocol (MY_REST_API:HTTP) - apache#15 HTTPS with valid SSL config succeeds All 15 SocketServerHttpTest pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
blitzy Bot
pushed a commit
to blitzy-public-samples/blitzy-kafka
that referenced
this pull request
Apr 18, 2026
Resolve all 9 Minor and 10 Info findings from the Checkpoint 1 code review, correcting factual inaccuracies, citation line-range imprecisions, and cross- artifact consistency drift. No modifications to pre-existing Kafka source, tests, build files, or comments — Audit Only rule preserved. Findings by file: accepted-mitigations.md #1 [MINOR] AclCache imports corrected: org.apache.kafka.server.immutable (PCollections-backed Kafka-internal) instead of Guava's com.google.common.collect. apache#2 [MINOR] API surface rewritten to reflect PCollections-style structural- sharing methods .updated()/.added()/.removed() instead of Guava builder pattern. apache#3 [MINOR] ZstdCompression BufferPool path split: wrap-for-output uses zstd-jni RecyclingBufferPool.INSTANCE (L55-L63), wrap-for- input uses ChunkedBytesStream (L65-L75), wrap-for-zstd-input uses anonymous Kafka-owned BufferPool delegating to BufferSupplier (L77-L98). apache#4 [INFO] MAX_RECORDS_PER_USER_OP citation corrected: declaration at QuorumController.java:L185; AclControlManager.java:L52 is the static import only. apache#5 [INFO] AclCache.removeAcl(Uuid) line corrected to L91-L103 (was L89+). references.md apache#6 [MINOR] SafeObjectInputStream citation range tightened from L17-L25 (class header + imports only) to L25-L62 covering the class declaration, DEFAULT_NO_DESERIALIZE_CLASS_NAMES blocklist (L27-L37), resolveClass (L43-L52), and isBlocked helper (L54-L62). apache#7 [INFO] PropertyFileLoginModule citation corrected to L42-L50, pointing at the Javadoc PLAINTEXT warning (L47-L48) plus the class declaration (L50). remediation-roadmap.md apache#8 [INFO] Gantt markers sanitised: all :done/:active markers replaced with :crit (illustrative critical emphasis) or plain markers to avoid any visual suggestion of work already performed. Explanatory blockquote added clarifying the marker change. severity-matrix.md apache#9 [MINOR] 7 occurrences of parenthesised '(Accepted Mitigation)' replaced with bracketed '[Accepted Mitigation]' per Global Conventions for plain-text markers. Cross-validated 9 bracketed instances, 0 parenthesised remaining. README.md apache#11 [MINOR] HEAD commit reference corrected to the pre-audit baseline 6d16f68 (was 8a99096, a mid-audit snapshot); baseline attestation now refers to the commit immediately before the audit began. apache#12 [MINOR] Snapshot date unified to 2026-04-17 across all artifacts. apache#14 [INFO] '25 files' claim qualified as 'planned at project completion' vs 'delivered at this checkpoint (15 files)'. attack-surface-map.md apache#16 [MINOR] Clients module category count corrected from 'six' to 'nine' (actual Mermaid edges: C1, C2, C3, C4, C5, C7, C8, C9, C10). apache#17 [MINOR] Connect module category count corrected from 'five' to 'seven' (actual Mermaid edges: C1, C4, C6, C7, C8, C9, C10). oauth-jwt-validation-paths.md apache#18 [INFO] Outer citation ranges tightened: BrokerJwtValidator.configure at L107-L138 (not L102-L134); OAuthBearerUnsecuredValidatorCallbackHandler.handleCallback at L154-L177 (not L161-L204, which spanned unrelated helpers); allowableClockSkewMs helper cited separately at L194-L207. executive-summary.html Cross-ref A [MINOR] HEAD commit aligned to 6d16f68 at three sites (L621, L668, L1544); methodology Mermaid node re-labelled 'Baseline 6d16f68'. Cross-ref B [MINOR] Snapshot date aligned to 2026-04-17 at two sites (L619, L1542). Out-of-scope (Info-level forward-refs): apache#10, apache#13, apache#15 — Links to docs/security-audit/findings/*.md deliverables not yet present at Checkpoint 1; expected per scope boundary; will resolve at Checkpoint 2 when the 10 per-category findings files land. Validation results (Phase 3): - Mermaid fences: all balanced (20 blocks total, all typed) - HTML tag balance: 22 sections + all 20+ tag types balanced - CDNs intact: reveal.js 5.1.0, Mermaid 11.4.0, Font Awesome 6.6.0 - Emojis: zero across all 15 artifacts - TODOs/placeholders introduced: zero - Gantt markers: :crit + plain only (no :done/:active) - Cross-artifact consistency: zero wrong SHA/date values remaining - Citation ranges: 12 verified against AclCache, QuorumController, AclControlManager, ZstdCompression, SafeObjectInputStream, PropertyFileLoginModule, BrokerJwtValidator, and OAuthBearerUnsecuredValidatorCallbackHandler. Audit Only rule verification: git diff --name-status 6d16f68..HEAD returns only 'A' entries, all under docs/security-audit/. Zero modifications, deletions, or renames of any pre-existing Kafka path.
blitzy Bot
pushed a commit
to blitzy-public-samples/blitzy-kafka
that referenced
this pull request
Apr 18, 2026
QA Checkpoint #1 identified 9 MINOR documentation-quality findings in the Apache Kafka 4.2 security audit deliverables. All 9 findings are documentation corrections confined to the docs/security-audit/ tree; no source code, tests, or build configuration touched — fully compliant with the Audit Only rule. FIXES APPLIED (by QA finding number): Issue #1 [MINOR] — findings/07-external-function-callback-misuse.md L247 Validation Checklist cited legacy path 'internals/secured/BrokerJwtValidator.java'. Updated to current Kafka 4.2 canonical path 'clients/src/main/java/org/apache/kafka/common/security/oauthbearer/BrokerJwtValidator.java' with an explanatory note that the class was reorganized out of the internals/secured sub-package in a prior Kafka refactor. Issue apache#2 [MINOR] — findings/08-deserialization-attacks.md L305 Same pattern as #1 — Validation Checklist updated from 'internals/secured/{Broker,Client}JwtValidator.java' to 'clients/.../oauthbearer/{Broker,Client}JwtValidator.java' with explanatory note. Issue apache#3 [MINOR] — findings/09-information-leakage.md L245 Validation Checklist cited legacy path 'connect/runtime/src/main/java/org/apache/kafka/connect/runtime/RecordRedactor.java'. Updated to current canonical path 'metadata/src/main/java/org/apache/kafka/metadata/util/RecordRedactor.java' with explanatory note. Issue apache#4 [MINOR] — findings/09-information-leakage.md L248 Validation Checklist BrokerJwtValidator and ClientJwtValidator paths updated to current 'oauthbearer/' canonical paths with explanatory note. Issue apache#5 [MINOR] — findings/10-public-api-developer-misuse.md L298 Validation Checklist BrokerJwtValidator path updated to current 'oauthbearer/BrokerJwtValidator.java:L131' canonical path with explanatory note. Issue apache#6 [MINOR] — findings/10-public-api-developer-misuse.md L302 Validation Checklist cited legacy path 'server-common/src/main/java/org/apache/kafka/server/config/ReplicationConfigs.java'. Updated to current canonical path 'server/src/main/java/org/apache/kafka/server/config/ReplicationConfigs.java' with explanatory note that the file moved from the server-common module to the server module in a prior Kafka refactor. Issue apache#7 [MINOR] — references.md Section 3.1 Configuration Added missing entry for 'AllowedPaths.java' ('clients/src/main/java/org/apache/kafka/common/config/internals/AllowedPaths.java'), inserted between the DirectoryConfigProvider and EnvVarConfigProvider entries. Finding 01 cites AllowedPaths 14 times; this bibliography gap is now closed. Issue apache#8 [MINOR] — references.md Section 7 Server Module Added missing entry for 'SocketServerConfigs.java' ('server/src/main/java/org/apache/kafka/network/SocketServerConfigs.java'), inserted after the ReplicationConfigs entry with an inline note about the 'org.apache.kafka.network' vs 'org.apache.kafka.server.config' package mismatch. Findings 03 (11 cites) and 10 (5 cites) reference SocketServerConfigs; this bibliography gap is now closed. Issue apache#9 [MINOR] — findings/01 and findings/10 section header numbering Harmonized H2 section headers to match the numbered 1-10 pattern used by findings 02-09. Applied 20 header replacements total: 10 in finding 01 ('## Category' -> '## 1. Category', etc.), 10 in finding 10 (same pattern). Validation Checklist and Key Insights remain unnumbered per the existing majority convention. Content substance is unchanged; only section prefixes updated. VALIDATION RESULTS: - All 6 canonical file paths verified via 'test -f' to exist in the Kafka source tree at HEAD. - Zero stale 'internals/secured/', 'connect/runtime/.../RecordRedactor', or 'server-common/.../ReplicationConfigs' references remain across the audit corpus. - All 10 findings now have exactly 10 numbered H2 section headers (verified via 'grep -cE "^## [0-9]+\. "'). - Markdown fence balance intact (all diagram files: 4 fences each; findings: all balanced). - Cross-referenced anchors (DISALLOW_NONE, ALLOW_LEADING_ZEROS, AllowedPaths, MAX_RECORDS_PER_USER_OP) preserved. - references.md entries verified present (AllowedPaths=1 match, SocketServerConfigs=1 match). AUDIT ONLY RULE COMPLIANCE: Modifications confined exclusively to documentation artifacts under docs/security-audit/. Zero source code, test, build-configuration, or inline-comment modifications. The untracked 'blitzy/' directory (pre-existing baseline) is NOT part of this commit. Files changed: 6 (+46 / -26 lines) M docs/security-audit/findings/01-filesystem-access-path-traversal.md M docs/security-audit/findings/07-external-function-callback-misuse.md M docs/security-audit/findings/08-deserialization-attacks.md M docs/security-audit/findings/09-information-leakage.md M docs/security-audit/findings/10-public-api-developer-misuse.md M docs/security-audit/references.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.