Hi Frédérik, Thanks for your response! This KIP is intended to be implemented immediately after voting, so it will appear in Kafka 3.10 or 4.0 at the earliest. I'm currently working on a PR and in my opinion there is very little risk of the change slipping from a release during the implementation stage, it's all up to the vote.
I just re-read the KIP and believe it is still up-to-date given the current Java version deprecation schedule. KIP-1013 only applies to the broker and tools, while other modules such as clients and connect must still support Java 11. There are call-sites for these functions in the clients library and in connect, so the KIP mentions those versions explicitly. And it doesn't actually make a significant difference in the implementation complexity; The new APIs are not added until Java 18, so even the brokers cannot directly rely on the new APIs. Thanks, Greg On Wed, Jul 3, 2024 at 9:39 AM Frédérik Rouleau <froul...@confluent.io.invalid> wrote: > Hi all, > > When this KIP is intended to be implemented? As KIP-1013 is deprecating > Java 11 in AK 3.7 and removes its support in AK 4.0, maybe the KIP needs an > update. > > Regards, > > On Mon, Jul 1, 2024 at 10:39 PM Greg Harris <greg.har...@aiven.io.invalid> > wrote: > > > Hi Mickael, > > > > Thanks for the pointer to that JDK ticket, I did not realize that the > > legacy APIs were going to be degraded instead of removed. > > > > I have updated the KIP to accommodate for this change in the JDK > > implementation. In addition to detecting the removal of the > method/classes, > > it will also fall back to the new implementations when encountering an > > UnsupportedOperationException. > > Since this will be a blocker for supporting JDK 23, I'll open a vote > thread > > for this next week if I don't get any more comments here. > > > > Thanks, > > Greg > > > > On Wed, Apr 10, 2024 at 10:42 AM Mickael Maison < > mickael.mai...@gmail.com> > > wrote: > > > > > Hi, > > > > > > It looks like some of the SecurityManager APIs are starting to be > > > removed in JDK 23, see > > > - https://bugs.openjdk.org/browse/JDK-8296244 > > > - https://github.com/quarkusio/quarkus/issues/39634 > > > > > > JDK 23 is currently planned for September 2024. > > > Considering the timelines and that we only drop support for Java > > > versions in major Kafka releases, I think the proposed approach of > > > detecting the APIs to use makes sense. > > > > > > Thanks, > > > Mickael > > > > > > On Tue, Nov 21, 2023 at 8:38 AM Greg Harris > > > <greg.har...@aiven.io.invalid> wrote: > > > > > > > > Hey Ashwin, > > > > > > > > Thanks for your question! > > > > > > > > I believe we have only removed support for two Java versions: > > > > 7: > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-118%3A+Drop+Support+for+Java+7 > > > > in 2.0 > > > > 8: > > > > > > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=181308223 > > > > in 4.0 > > > > > > > > In both cases, we changed the gradle sourceCompatibility and > > > > targetCompatibility at the same time, which I believe changes the > > > > "-target" option in javac. > > > > > > > > We have no plans currently for dropping support for 11 or 17, but I > > > > presume they would work in much the same way. > > > > > > > > Hope this helps! > > > > Greg > > > > > > > > On Mon, Nov 20, 2023 at 11:19 PM Ashwin <apan...@confluent.io.invalid > > > > > wrote: > > > > > > > > > > Hi Greg, > > > > > > > > > > Thanks for writing this KIP. > > > > > I agree with you that handling this now will help us react to the > > > > > deprecation of SecurityManager, whenever it happens. > > > > > > > > > > I had a question regarding how we deprecate JDKs supported by > Apache > > > Kafka. > > > > > When we drop support for JDK 17, will we set the “-target” option > of > > > Javac > > > > > such that the resulting JARs will not load in JVMs which are lesser > > > than or > > > > > equal to that version ? > > > > > > > > > > Thanks, > > > > > Ashwin > > > > > > > > > > > > > > > On Tue, Nov 21, 2023 at 6:18 AM Greg Harris > > > <greg.har...@aiven.io.invalid> > > > > > wrote: > > > > > > > > > > > Hi all, > > > > > > > > > > > > I'd like to invite you all to discuss removing SecurityManager > > > support > > > > > > from Kafka. This affects the client and server SASL mechanism, > > Tiered > > > > > > Storage, and Connect classloading. > > > > > > > > > > > > Find the KIP here: > > > > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1006%3A+Remove+SecurityManager+Support > > > > > > > > > > > > I think this is a "code higiene" effort that doesn't need to be > > dealt > > > > > > with urgently, but it would prevent a lot of headache later when > > Java > > > > > > does decide to remove support. > > > > > > > > > > > > If you are currently using the SecurityManager with Kafka, I'd > > really > > > > > > appreciate hearing how you're using it, and how you're planning > > > around > > > > > > its removal. > > > > > > > > > > > > Thanks! > > > > > > Greg Harris > > > > > > > > > > > >
