> Has the SecurityManager been fully removed in JDK 23? > What is the effect of running Kafka 3.9.0 with JDK 23?
The SecurityManager has been degraded, so by default our users experience an UnsupportedOperationException. They can work-around this by setting a system property. In JRE 24, JEP-486 [1] has removed this workaround, so an unpatched 3.9.x will experience an UnsupportedOperationException unconditionally. > I see https://issues.apache.org/jira/browse/KAFKA-17638 > which explicitly adds JDK 23 to our CI with a fix version of 4.0.0. Lack of > support for JDK 23 in 3.9.x is not a bug, it is what we planned (as far as > I can tell). Originally we were planning to get this change into 3.9.0, but we missed the merge deadline. I opened that ticket afterwards to be fixed in 4.0.0 because that's the next release. The patch was always intended to be backportable, and I intended to backport it [2]. I understand that if we consider Java 23 support to be a feature (which is the standing decision), this is a pretty obvious case of missing feature freeze, and the current course of action (releasing in 4.0.0) is how we would handle it. I'm asking for this to be reconsidered as a bug fix, because it allows us to backport the change, which is what our users are asking for [3]. Thanks, Greg [1] https://openjdk.org/jeps/486 [2] https://github.com/apache/kafka/pull/16522#issuecomment-2377340024 [3] https://lists.apache.org/thread/312lm617q05k87kxsrwlqhk8rfg29t7g On Wed, Nov 20, 2024 at 11:50 AM David Arthur <mum...@gmail.com> wrote: > Greg, > > I have not been following this closely, so apologies for some basic > questions. > > Has the SecurityManager been fully removed in JDK 23? > > What is the effect of running Kafka 3.9.0 with JDK 23? > > By "4.0 breaking changes" do you mean changes to our JDK/Scala supported > versions, removal or ZK, Kafka API changes, or something else? > > In general, I do not think we should change our supported JDK versions in a > hotfix release. I see https://issues.apache.org/jira/browse/KAFKA-17638 > which explicitly adds JDK 23 to our CI with a fix version of 4.0.0. Lack of > support for JDK 23 in 3.9.x is not a bug, it is what we planned (as far as > I can tell). > > Also, I feel that we should not add too much to 3.9.x aside from actual > bugs. If we backport things into 3.9.x, it will slow adoption of 4.x and > increase our maintenance burden over time. > > Just my $0.02 > > Thanks! > David A > > On Wed, Nov 20, 2024 at 12:22 PM Greg Harris <greg.har...@aiven.io.invalid > > > wrote: > > > Hi all, > > > > Now that 3.9.0 is released and 4.0.x is progressing, I'd like to > understand > > everyone's expectations about the 3.9.x branch, and ask for a specific > > consensus on Java 23 support. > > > > Some context that I think is relevant to the discussion: > > * KIP-1006 [1] proposes a backwards-compatible strategy for handling the > > ongoing removal of the SecurityManager, which is merged and due to > release > > in 4.0.0 [2]. > > * KIP-1012 [3] rejected ongoing parallel feature development on a 3.x > > branch while having trunk on 4.x. > > * During the 3.9.0 release, the patch [2] was rejected [4] due to being a > > new feature which did not meet the feature freeze deadline. > > * Other than the SecurityManager removal, there are additional PRs which > > would also need to be backported for full Java 23 support [5] including a > > Scala patch upgrade. > > * Downstream users are asking for a backport [6] because adding support > for > > Java 23 would obligate them to also include the 4.0 breaking changes. > > > > So while adding Java version support in the past has been a KIP-less > > feature and normally only appears in the next version, it happens to > align > > with a major version bump this time. This will cause additional pain for > > users if we do not elect to backport this. > > > > Thanks, > > Greg > > > > [1] > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1006%3A+Remove+SecurityManager+Support > > [2] https://github.com/apache/kafka/pull/16522 > > [3] > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1012%3A+The+need+for+a+Kafka+3.8+and+3.9+release > > [4] https://lists.apache.org/thread/xy5rwd1w274qgpwf3qxxnzlqpoly5d4p > > [5] https://issues.apache.org/jira/browse/KAFKA-17638 > > [6] https://github.com/apache/kafka/pull/16522#issuecomment-2488340682 > > > > > -- > David Arthur >
