From dc9679e05d59bf2b329a00cfb46354ced72a22e4 Mon Sep 17 00:00:00 2001 From: Marko Strukelj Date: Thu, 10 Apr 2025 17:18:15 +0200 Subject: [PATCH 1/3] Update RELEASE_NOTES.md Signed-off-by: Marko Strukelj --- RELEASE_NOTES.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 59e19437..3cd91867 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -19,6 +19,12 @@ All the components are built with Java 11 bytecode compatibility except `kafka-o Since Zookeeper mode is no longer supported, the ACL authorizer delegation only works if the Kafka node runs in KRaft mode. If `KeycloakAuthorizer` is deployed to Kafka running in Zookeeper mode, and `strimzi.authorization.delegate.to.kafka.acl` is set to `true`, the broker will fail to start. +Kafka 4.x users should upgrade to this OAuth version (0.16.0). Kafka 3.x users can also use this OAuth version in both Kraft or Zookeeper mode, but if they use `KeycloakAuthorizer` with ACL delegation, that will not work in Zookeeper mode. + +### Added a test and a fix for 'Overflow parsing timestamps in oauth JWTs as 32 bit int' + +See [#260](https://github.com/strimzi/strimzi-kafka-oauth/issues/260) + 0.15.0 ------ From 5618c5cfe88fb80b3f93739fff97d094978f8f0c Mon Sep 17 00:00:00 2001 From: Marko Strukelj Date: Fri, 11 Apr 2025 14:41:30 +0200 Subject: [PATCH 2/3] Bump json-smart version to 2.5.2 Signed-off-by: Marko Strukelj --- RELEASE_NOTES.md | 8 ++++++++ pom.xml | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 3cd91867..547da856 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,6 +1,14 @@ Release Notes ============= +0.16.1 +------ + +### Override json-smart version to 2.5.2 to address CVE-2024-57699 warnings + +`net.minidev:json-smart` is a transitive dependency pulled in by `com.jayway.jsonpath:json-path`. There is a PR open at JsonPath project https://github.com/json-path/JsonPath/pull/1030 +Once the new version of JsonPath is released, with the fixed dependency, we can remove the override. + 0.16.0 ------ diff --git a/pom.xml b/pom.xml index fc67b301..c6dad081 100644 --- a/pom.xml +++ b/pom.xml @@ -114,6 +114,7 @@ 2.15.3 2.15.3 2.9.0 + 2.5.2 4.13.2 1.7.36 3.12.4 @@ -208,6 +209,12 @@ json-path ${jsonpath.version} + + + net.minidev + json-smart + ${jsonsmart.version} + com.nimbusds nimbus-jose-jwt From 2efa903b63814fd7c46867ce365e92feef009e1a Mon Sep 17 00:00:00 2001 From: Marko Strukelj Date: Fri, 11 Apr 2025 14:48:14 +0200 Subject: [PATCH 3/3] Fix Azure job name Signed-off-by: Marko Strukelj --- .azure/templates/jobs/deploy_java.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure/templates/jobs/deploy_java.yaml b/.azure/templates/jobs/deploy_java.yaml index 63fc8864..5321253c 100644 --- a/.azure/templates/jobs/deploy_java.yaml +++ b/.azure/templates/jobs/deploy_java.yaml @@ -4,7 +4,7 @@ jobs: # Strategy for the job => we deploy the artifacts only from Java 11 strategy: matrix: - 'java-11': + 'java-17': image: 'Ubuntu-22.04' jdk_version: '17' main_build: 'true'