Skip to content

v2.10.0

Choose a tag to compare

View all tags
@programmiri programmiri released this 15 Apr 09:35
· 70 commits to main since this release
v2.10.0
9c80481
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Date: 15 April, 2025

Overview

Klaw version 2.10.0 is a minor release with security updates and several improvement. With v2.10.0, users with the role SUPERADMIN will have access to the new React UI for certain screens.

🛡️ Security updates

  • Default superadmin password removed from application configuration, it is required now to be configured on startup.
  • Discourage and warn users from usage of PLAINTEXT as protocol (UI change).
  • Update rules for passwords.
  • Delete unused, old dependency (owl carousal-js)
  • Add API permission check on testClusterApiConnection as this should be elevated for administrators only.
  • Remove deprecated and unused parameters from API calls.
  • Change permission to add/update super admin users (only super admin can do so).
  • Upgrade encryption to BCrypt for password storage, also no longer sends plain text passwords to users on initial creation.
  • Change emails for new user registration so that they do not get sent a plaintext password in their email.
  • Re-enable and correctly configured CSRF protection in both backend and frontend (Angular as well as React).

⚠️ Rollback notes

This release updates password hashing to use bcrypt for improved security. If you rollback to Klaw 2.9.0 or earlier, users may not be able to log in with passwords created or changed in 2.10.0.

  • Older versions do not support bcrypt, so bcrypt-hashed passwords will fail validation.
  • In such cases, affected users may need to reset their passwords manually.

Recommendation: Avoid rolling back unless absolutely necessary. If you must, ensure you have a process in place to assist users with password resets.

New features

  • React UI:
    With this release, superadmin user will have access to the new UI.

Improvements

  • Improves cross DB compatibility by using jpq
  • Improve Claim experience
  • Enable viewing Topic events based on offset range and partition

Bug fixes

  • Prevent orphan ACl without service user being created
  • Fix validation to parse partitions as ints first
  • Avoid NullPointerException when trying to login with Keycloak SSO
  • Avoid possible NullPointerException when trying to login with Google SSO
  • Fix NullPointerException when trying to read topic events from coral UI

Upgrade

To upgrade to this release, download the package from https://github.com/aiven/klaw/releases/tag/v2.10.0 and follow the instructions on Klaw documentation to upgrade. You can also refer to the README file for information.

Contributors

Full Changelog: v2.9.0...v2.10.0

Contributors

programmiri, luke-zhou, and 5 other contributors
Assets 4
Loading