0.49.1

⚠️ SECURITY: Strimzi 0.49.1 addresses CVE-2025-66623. If you use Strimzi 0.47.0 or newer, we recommend upgrading to 0.49.1.

⚠️ IMPORTANT: Strimzi 0.49 introduces new API version v1 to all Strimzi custom resources.

• Make sure to Upgrade the CRDs as part of the Strimzi upgrade as well (especially when using Helm).
• The old API versions (v1alpha1, v1beta1, and v1beta2) will continue to be supported until Strimzi 1.0.0 / 0.52.0.
• Before upgrading to Strimzi 0.49.0 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
• For more details about the migration to the v1 API and CRD upgrades, see the documentation.

---

Main changes since 0.49.0

This release contains the following bug fixes and improvements:

• Fixes CVE-2025-66623
• Fixed TLS configuration in MirrorMaker 2 examples
• v1 API Conversion Tool bug fixes
• Fixed incorrect default names for Strimzi Metrics Provider metrics
• Fixed Push secret handling when UseConnectBuildWithBuildah feature gate is enabled
• Documentation improvements

All changes can be found under the 0.49.1 milestone.

Upgrading from Strimzi 0.49.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:f0cea0535f65bca8d9e503d62de27bd1327e18e8cee64a515f3e9d06506c5aad
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:8f775ee53622bf68b791c405e40299baa3d845b98e282d1a9269f9466018e990
Apache Kafka 4.0.1	quay.io/strimzi/kafka@sha256:d495d3b6c98d1ea22ed3bdf0d6d06d6cda1c5b35087c817e8cf807892b178520
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:73799dcf5bc7d1bb19f500f345d8892a1f91cf0213e01d9b59d3a1a53cc80aca
Apache Kafka 4.1.1	quay.io/strimzi/kafka@sha256:bfbee54f85beb3731cf41483befa39d8c5ebe5db002df6265c6ea95b6a156749
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:b8831c2aad621b80dce38484fae353cc5226bfc4dffb0f4c9d8b8d86e0fb3933
Buildah builder	quay.io/strimzi/buildah@sha256:ba89470b45a49e5e09aaab91a5c3c03ecb14f9013d598bc14b3d756eb9a145b4

0.49.1-rc1

⚠️ IMPORTANT: Strimzi 0.49 introduces new API version v1 to all Strimzi custom resources.

• Make sure to Upgrade the CRDs as part of the Strimzi upgrade as well (especially when using Helm).
• The old API versions (v1alpha1, v1beta1, and v1beta2) will continue to be supported until Strimzi 1.0.0 / 0.52.0.
• Before upgrading to Strimzi 0.49.0 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
• For more details about the migration to the v1 API and CRD upgrades, see the documentation.

---

Main changes since 0.49.0

This release contains the following bug fixes and improvements:

• Fixed TLS configuration in MirrorMaker 2 examples
• v1 API Conversion Tool bug fixes
• Fixed incorrect default names for Strimzi Metrics Provider metrics
• Fixed Push secret handling when UseConnectBuildWithBuildah feature gate is enabled
• Documentation improvements

All changes can be found under the 0.49.1 milestone.

Maven artifacts

To test the Maven artifacts that are part of this release, use the 0.49.1-RC1 version in your pom.xml.

Upgrading from Strimzi 0.49.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:f0cea0535f65bca8d9e503d62de27bd1327e18e8cee64a515f3e9d06506c5aad
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:8f775ee53622bf68b791c405e40299baa3d845b98e282d1a9269f9466018e990
Apache Kafka 4.0.1	quay.io/strimzi/kafka@sha256:d495d3b6c98d1ea22ed3bdf0d6d06d6cda1c5b35087c817e8cf807892b178520
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:73799dcf5bc7d1bb19f500f345d8892a1f91cf0213e01d9b59d3a1a53cc80aca
Apache Kafka 4.1.1	quay.io/strimzi/kafka@sha256:bfbee54f85beb3731cf41483befa39d8c5ebe5db002df6265c6ea95b6a156749
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:b8831c2aad621b80dce38484fae353cc5226bfc4dffb0f4c9d8b8d86e0fb3933
Buildah builder	quay.io/strimzi/buildah@sha256:ba89470b45a49e5e09aaab91a5c3c03ecb14f9013d598bc14b3d756eb9a145b4

0.49.0

⚠️ IMPORTANT: Strimzi 0.49 introduces new API version v1 to all Strimzi custom resources.

• Make sure to Upgrade the CRDs as part of the Strimzi upgrade as well (especially when using Helm).
• The old API versions (v1alpha1, v1beta1, and v1beta2) will continue to be supported until Strimzi 1.0.0 / 0.52.0.
• Before upgrading to Strimzi 0.49.0 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
• For more details about the migration to the v1 API and CRD upgrades, see the documentation.

---

Main changes since 0.48

This release contains the following new features and improvements:

• Introduce the v1 API to Strimzi CRDs and move User and Topic Operators to use it.
  The v1 API Conversion Tool can be used to convert the resources in files or in your Kubernetes cluter from the v1beta2 API to the v1 API.
• Add support for Kafka 4.1.1 and 4.0.1
• Set blockOwnerDeletion to true in the owner references in Strimzi managed resources.
  Deleting the Strimzi custom resources will now, by default, wait for the deletion of all the owned Kubernetes resources.
• Make .spec.replicas properties required in the v1 of the KafkaBridge, KafkaConnect, and KafkaMirrorMaker2 custom resources.
• New fields .spec.groupId, .spec.configStorageTopic, .spec.offsetStorageTopic, and .spec.statusStorageTopic in the KafkaConnect custom resource for configuring Connect's group ID and internal topics.
• New way of defining the target (.spec.target) and source clusters (.spec.mirrors[].source) in the KafkaMirrorMaker2 custom resources.
• Improved behavior for merging the Kafka and KafkaNodePool template sections.
  The templates are now merged at a property level.
  If two different properties are defined in the two template sections, both are applied.
  If the same property is defined in both template sections, only the property from the KafkaNodePool template is used.
  See the Strimzi Proposal 120 for more details.
• New feature gate UseConnectBuildWithBuildah (disabled by default) for running the Connect Build feature with Buildah instead of Kaniko on Kubernetes - according to Strimzi Proposal #114.
• New field spec.version in the KafkaConnecter custom resource, and new version fields for each connector under spec.mirrors[] in the KafkaMirrorMaker2 custom resource for configuring the desired version of a connector.
• New field .volumeAttributesClass for persistent-claim type Storage in Kafka and KafkaNodePool custom resource. Enables configuring VolumeAttributesClass for PersistentVolumeClaims available since Kubernetes v1.34.

All changes can be found under the 0.49.0 milestone.

Major changes, deprecations, and removals

There are also many important changes, deprecations, and removals:

• This version introduces a new API version to our CRDs.
  Before upgrading to Strimzi 0.49 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
  Especially when using Helm, make sure that the CRDs are updated when you upgrade the operator.
• When rack-awareness is enabled in the Kafka custom resource (.spec.kafka.rack), Strimzi will not automatically add the best-effort-affinity rules for spreading the Kafka Pods between the zones.
  Please make sure to set your own topologySpreadConstraint or affinity rules instead.
• The .status.kafkaMetadataState field in the Kafka custom resource is deprecated and not used anymore.
• The type: oauth authentication in Kafka brokers and Kafka clients (Kafka Connect, MirrorMaker 2, and Strimzi HTTP Bridge) has been deprecated.
  Please use the type: custom authentication instead.
  The Strimzi OAuth library continues to be packaged with the Strimzi container images.
  Follow the documentation for the examples and migration details.
• The Keycloak authorization (type: keycloak) has been deprecated and will be removed in the future.
  To use the Keycloak authorizer, you can use the type: custom authorization.
  The Strimzi OAuth library with the Keycloak authorizer continues to be packaged with the Strimzi container images.
  Follow the documentation for the examples and migration details.
• CPU and memory configuration for the Kafka nodes in .spec.kafka.resources is deprecated and will be removed in the v1 CRD API.
  Please use the KafkaNodePool resources to configure CPU and memory for Kafka nodes.
• The group.id, config.storage.topic, offset.storage.topic, and status.storage.topic fields in .spec.config section of the KafkaConnect resource are deprecated and will be forbidden in the v1 CRD API.
  Please use the new .spec.groupId, .spec.configStorageTopic, .spec.offsetStorageTopic, and .spec.statusStorageTopic fields instead.
• The .spec.connectCluster, .spec.clusters, .spec.mirrors[].sourceCluster, .spec.mirrors[].targetCluster, and .spec.mirrors[].heartbeatConnector fields of the KafkaMirrorMaker2 resource are deprecated and will be removed in the v1 CRD API.
  Please use the new fields .spec.target and .spec.mirrors[].source instead to configure the source and target clusters.
  If you want to deploy and run the Heartbeat connector, you can use separate KafkaConnect and KafkaConnector custom resources.
• The .spec.build.output.additionalKanikoOptions field in the KafkaConnect custom resource is deprecated and will be removed in the future.
  • Use .spec.build.output.additionalBuildOptions field instead.
• The way the template properties in the Kafka and KafkaNodePool resources are handled has changed.
  See the 0.49.0 section or the Strimzi Proposal 120 for more details.
• Kafka nodes are now configured with PEM certificates instead of P12/JKS for keystore and truststore.
• Configuring connector.plugin.version under spec.config in the KafkaConnector custom resource, and under spec.mirrors[].sourceConnector.config, spec.mirrors[].checkpointConnector.config, and spec.mirrors[].heartbeatConnector.config in the KafkaMirrorMaker2 custom resource is deprecated and will be forbidden in Strimzi 0.50.0.
  Instead, please use spec.version in the KafkaConnecter custom resource, and the connector specific version fields in the KafkaMirrorMaker2 custom resource.

Known issues

• Kafka Connect Build with Buildah (UseConnectBuildWithBuildah feature gate enabled) fails to push to container registries with authentication (#12157)

Upgrading from Strimzi 0.48.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:03c1eab418b7c0d0711d47d7b140d19bc9c8e4b6a590d0fe27193afe8e8a414a
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:4597937c5addc051f3c623b18f7dab95c7ecb45a6a3a36bb53680838058b4498
Apache Kafka 4.0.1	quay.io/strimzi/kafka@sha256:ef62adf737d52e98e0c09d6c988b4c82491916fe94f188a2b0b556b8fcb886ae
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:7a08fc4adddd559469921a200763c566003b5606ec2f86d3b21b0ceb4b4a5e89
Apache Kafka 4.1.1	quay.io/strimzi/kafka@sha256:435fcab3d03d2b829c54d602e2860a5d6769ad2d30bf05261e78126b5b716ec5
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:0bdebb0e3e0bac382449c5d6d7a421d908acad8ff045aab7c833f8d9863b2073
Buildah builder	quay.io/strimzi/buildah@sha256:ba89470b45a49e5e09aaab91a5c3c03ecb14f9013d598bc14b3d756eb9a145b4

New Contributors

• @rodrigo-molina made their first contribution in #11917
• @totochichi made their first contribution in #11948
• @championshuttler made their first contribution in #11995
• @Smoothengineer made their first contribution in #11953
• @Firoj-Patel made their first contribution in #12044
• @TanmaySrivastav made their first contribution in #12019

Full Changelog: 0.48.0...0.49.0-rc1

0.49.0-rc2

⚠️ IMPORTANT: Strimzi 0.49 introduces new API version v1 to all Strimzi custom resources.

• Make sure to Upgrade the CRDs as part of the Strimzi upgrade as well (especially when using Helm).
• The old API versions (v1alpha1, v1beta1, and v1beta2) will continue to be supported until Strimzi 1.0.0 / 0.52.0.
• Before upgrading to Strimzi 0.49.0 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
• For more details about the migration to the v1 API and CRD upgrades, see the documentation.

---

Main changes since 0.49.0-rc1

• Add support for Kafka 4.1.1

All changes can be found under the 0.49.0 milestone.

Maven artifacts

To test the Maven artifacts that are part of this release, use the 0.49.0-RC2 version in your pom.xml.

Upgrading from Strimzi 0.48.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:03c1eab418b7c0d0711d47d7b140d19bc9c8e4b6a590d0fe27193afe8e8a414a
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:4597937c5addc051f3c623b18f7dab95c7ecb45a6a3a36bb53680838058b4498
Apache Kafka 4.0.1	quay.io/strimzi/kafka@sha256:ef62adf737d52e98e0c09d6c988b4c82491916fe94f188a2b0b556b8fcb886ae
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:7a08fc4adddd559469921a200763c566003b5606ec2f86d3b21b0ceb4b4a5e89
Apache Kafka 4.1.1	quay.io/strimzi/kafka@sha256:435fcab3d03d2b829c54d602e2860a5d6769ad2d30bf05261e78126b5b716ec5
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:0bdebb0e3e0bac382449c5d6d7a421d908acad8ff045aab7c833f8d9863b2073
Buildah builder	quay.io/strimzi/buildah@sha256:ba89470b45a49e5e09aaab91a5c3c03ecb14f9013d598bc14b3d756eb9a145b4

0.49.0-rc1

⚠️ IMPORTANT: Strimzi 0.49 introduces new API version v1 to all Strimzi custom resources.

• Make sure to Upgrade the CRDs as part of the Strimzi upgrade as well (especially when using Helm).
• The old API versions (v1alpha1, v1beta1, and v1beta2) will continue to be supported until Strimzi 1.0.0 / 0.52.0.
• Before upgrading to Strimzi 0.49.0 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
• For more details about the migration to the v1 API and CRD upgrades, see the documentation.

---

Main changes since 0.48

This release contains the following new features and improvements:

• Introduce the v1 API to Strimzi CRDs and move User and Topic Operators to use it.
  The v1 API Conversion Tool can be used to convert the resources in files or in your Kubernetes cluter from the v1beta2 API to the v1 API.
• Add support for Kafka 4.0.1
• Set blockOwnerDeletion to true in the owner references in Strimzi managed resources.
  Deleting the Strimzi custom resources will now by default wait for the deletion of all the owned Kubernetes resources.
• Make .spec.replicas properties required in the v1 of the KafkaBridge, KafkaConnect, and KafkaMirrorMaker2 custom resources.
• New fields .spec.groupId, .spec.configStorageTopic, .spec.offsetStorageTopic, and .spec.statusStorageTopic in the KafkaConnect custom resource for configuring Connect's group ID and internal topics.
• New way of defining the target (.spec.target) and source clusters (.spec.mirrors[].source) in the KafkaMirrorMaker2 custom resources.
• Improved behavior for merging the Kafka and KafkaNodePool template sections.
  The templates are now merged at a property level.
  If two different properties are defined in the two template sections, both are applied.
  If the same property is defined in both template sections, only the property from the KafkaNodePool template is used.
  See the Strimzi Proposal 120 for more details.
• New feature gate UseConnectBuildWithBuildah (disabled by default) for running the Connect Build feature with Buildah instead of Kaniko on Kubernetes - according to Strimzi Proposal #114.
• New field spec.version in the KafkaConnecter custom resource, and new version fields for each connector under spec.mirrors[] in the KafkaMirrorMaker2 custom resource for configuring the desired version of a connector.
• New field .volumeAttributesClass for persistent-claim type Storage in Kafka and KafkaNodePool custom resource. Enables configuring VolumeAttributesClass for PersistentVolumeClaims available since Kubernetes v1.34.

All changes can be found under the 0.49.0 milestone.

Major changes, deprecations, and removals

There are also many important changes, deprecations, and removals:

• This version introduces a new API version to our CRDs.
  Before upgrading to Strimzi 0.49 or newer, make sure that you update your KafkaUser resources to use the .spec.authorization.acls[]operations field instead of the deprecated .spec.authorization.acls[]operation.
  Especially when using Helm, make sure that the CRDs are updated when you upgrade the operator.
• When rack-awareness is enabled in the Kafka custom resource (.spec.kafka.rack), Strimzi will not automatically add the best-effort-affinity rules for spreading the Kafka Pods between the zones.
  Please make sure to set your own topologySpreadConstraint or affinity rules instead.
• The .status.kafkaMetadataState field in the Kafka custom resource is deprecated and not used anymore.
• The type: oauth authentication in Kafka brokers and Kafka clients (Kafka Connect, MirrorMaker 2, and Strimzi HTTP Bridge) has been deprecated.
  Please use the type: custom authentication instead.
  The Strimzi OAuth library continues to be packaged with the Strimzi container images.
  Follow the documentation for the examples and migration details.
• The Keycloak authorization (type: keycloak) has been deprecated and will be removed in the future.
  To use the Keycloak authorizer, you can use the type: custom authorization.
  The Strimzi OAuth library with the Keycloak authorizer continues to be packaged with the Strimzi container images.
  Follow the documentation for the examples and migration details.
• CPU and memory configuration for the Kafka nodes in .spec.kafka.resources is deprecated and will be removed in the v1 CRD API.
  Please use the KafkaNodePool resources to configure CPU and memory for Kafka nodes.
• The group.id, config.storage.topic, offset.storage.topic, and status.storage.topic fields in .spec.config section of the KafkaConnect resource are deprecated and will be forbidden in the v1 CRD API.
  Please use the new .spec.groupId, .spec.configStorageTopic, .spec.offsetStorageTopic, and .spec.statusStorageTopic fields instead.
• The .spec.connectCluster, .spec.clusters, .spec.mirrors[].sourceCluster, .spec.mirrors[].targetCluster, and .spec.mirrors[].heartbeatConnector fields of the KafkaMirrorMaker2 resource are deprecated and will be removed in the v1 CRD API.
  Please use the new fields .spec.target and .spec.mirrors[].source instead to configure the source and target clusters.
  If you want to deploy and run the Heartbeat connector, you can use separate KafkaConnect and KafkaConnector custom resources.
• The .spec.build.output.additionalKanikoOptions field in the KafkaConnect custom resource is deprecated and will be removed in the future.
  • Use .spec.build.output.additionalBuildOptions field instead.
• The way the template properties in the Kafka and KafkaNodePool resources are handled has changed.
  See the 0.49.0 section or the Strimzi Proposal 120 for more details.
• Kafka nodes are now configured with PEM certificates instead of P12/JKS for keystore and truststore.
• Configuring connector.plugin.version under spec.config in the KafkaConnector custom resource, and under spec.mirrors[].sourceConnector.config, spec.mirrors[].checkpointConnector.config, and spec.mirrors[].heartbeatConnector.config in the KafkaMirrorMaker2 custom resource is deprecated and will be forbidden in Strimzi 0.50.0.
  Instead, please use spec.version in the KafkaConnecter custom resource, and the connector specific version fields in the KafkaMirrorMaker2 custom resource.

Maven artifacts

To test the Maven artifacts that are part of this release, use the 0.49.0-RC1 version in your pom.xml.

Upgrading from Strimzi 0.48.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:666ac99317c3b3c2999e6b79fe9c22ef4ee0490d2bffa583cac83bdbb1fd8027
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:0cbfebdf62e3bf87d7848d34438a8b98c5636b776c72c2b4fbc4d97608f66b2c
Apache Kafka 4.0.1	quay.io/strimzi/kafka@sha256:45cc6aceb3b3db47ffb1b15dc72571098d4afba9cacfcc8931a2a5a0523a8419
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:446fafd949e3650af06a453c46f7f8dcdf45c99e0b858303291900e818ae2b92
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:051939442c2aebffb57b1a199f7ba9192dc6884685f7d92aaba747370636e429
Buildah builder	quay.io/strimzi/buildah@sha256:ba89470b45a49e5e09aaab91a5c3c03ecb14f9013d598bc14b3d756eb9a145b4

New Contributors

• @rodrigo-molina made their first contribution in #11917
• @totochichi made their first contribution in #11948
• @championshuttler made their first contribution in #11995
• @Smoothengineer made their first contribution in #11953
• @Firoj-Patel made their first contribution in #12044
• @TanmaySrivastav made their first contribution in #12019

Full Changelog: 0.48.0...0.49.0-rc1

0.48.0

⚠️ Important: Strimzi 0.48.0 supports only Kubernetes 1.27 and newer. Kubernetes 1.25 and 1.26 are not supported anymore

Main changes since 0.47.0

This release contains the following new features and improvements:

• Add support for Kafka 4.1.0.
  Remove support for Kafka 3.9.0 and 3.9.1.
• KRaft mode and Kafka Node Pools are now enabled by default.
  The strimzi.io/node-pools and strimzi.io/kraft annotations are not required anymore and will be ignored if set.
• Make properties broker.session.timeout.ms, broker.heartbeat.interval.ms and controller.socket.timeout.ms configurable
• Add monitoring of custom resources using kubernetes-state-metrics (KSM) (see Strimzi proposal 087)
• Ignore users (their ACLs, Quotas and SCRAM-SHA-512 credentials) managed by some other tools based on a configurable pattern in User Operator
• Support for type: custom client authentication (to make it easier to use custom authentication mechanisms such as AWS IAM)
• Added support for Strimzi Metrics Reporter to Kafka Connect, Mirror Maker 2 and Kafka Bridge.
• Add new feature gate ServerSideApplyPhase1 (disabled by default) that adds support for Server Side Apply for ConfigMap, Ingress, PVC, Service, and ServiceAccount according to Strimzi Proposal #105.
• Added distinction between changes of "cluster-wide" broker properties applied dynamically at cluster level, and "per-broker" broker properties applied dynamically at broker level.
• Extend the EntityOperator, Cruise Control and KafkaExporter deployment to support PDB via the template section in the CR spec.
• Added support for KIP-1073
  to get the list of the registered brokers by using the Kafka Admin API. It replaces the usage of the .status.registeredNodeIds field in Kafka.
• Added support for KIP-745 in Kafka Connector and Mirror Maker 2, allowing the usage of
  includeTasks and onlyFailed arguments in Kafka connectors restart.
• Update OAuth library to 0.17.0.
• Additional OAuth configuration options have been added for 'oauth' authentication on the listener and the client.
  On the listener clientGrantType has been added.
  On the client grantType has been added.

Major changes, deprecations and removals

• Fix RBAC naming for KafkaMirrorMaker2 to avoid RoleBinding collisions when a KafkaConnect with the same name exists in the same namespace. KafkaMirrorMaker2 now uses dedicated RoleBinding names.

  Upgrade note for KafkaMirrorMaker2 users (0.47.0 → 0.48.0+): Cleanup recommended

  After upgrading the operator, a new (dedicated) RoleBinding for KafkaMirrorMaker2 will be created and used automatically.
  The old RoleBinding, if it exists, may remain in the cluster but is no longer referenced.

  # List RoleBindings for your KafkaMirrorMaker2 instance (replace <namespace> and <mm2-name>)
  kubectl get rolebindings -n <namespace> \
    -l strimzi.io/kind=KafkaMirrorMaker2,strimzi.io/cluster=<mm2-name>

  If multiple RoleBindings are shown, the legacy one is <mm2-name>-connect-connect-role
  and the new one is <mm2-name>-mirrormaker2-role.

  You can safely delete just the legacy RoleBinding (unused after upgrade):

  kubectl delete rolebinding -n <namespace> <mm2-name>-connect-connect-role

• From Strimzi 0.48.0 on, we support only Kubernetes 1.27 and newer.
  Kubernetes 1.25 and 1.26 are not supported anymore.

• Disable Cruise Control network resource goals when resource capacities are not set.

• The strimzi_resource_state metric in the Cluster Operator is deprecated and is planned to be removed in Strimzi 0.51.
  Use kube-state-metrics based metrics from the examples as a replacement.

• The field .spec.enableMetrics in KafkaBridge is now deprecated and replaced by .spec.metricsConfig.

• The User Operator does not ignore the ACL rules for the * and ANONYMOUS users by default anymore.
  If you need to re-enable this feature, you can do it by configuring the STRIMZI_IGNORED_USERS_PATTERN environment variable to the following regular expression: ^\*|ANONYMOUS$.
  In case you deployed the User Operator through a Kafka custom resource, you can set it using the following YAML directly in the Kafka CR:

  apiVersion: kafka.strimzi.io/v1beta2
  kind: Kafka
  spec:
    #...
    entityOperator:
      template:
        userOperatorContainer:
          env:
            - name: STRIMZI_IGNORED_USERS_PATTERN
              value: "^\\*|ANONYMOUS$" # Double \ needed for escaping
      #...

  In case you use the standalone User Operator, you can set the environment variable in its Deployment.
  Please keep in mind that the ignored users will apply not only to ACLs, but also to Quotas and SCRAM-SHA credentials.

• The field .status.registeredNodeIds in Kafka is now deprecated, it is not used anymore, and it will be removed in the future.

All changes can be found under the 0.48.0 milestone.

Maven artifacts

To test the Maven artifacts that are part of this release, use the 0.48.0 version in your pom.xml.

Upgrading from Strimzi 0.47.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:73dc9555c4a73094b497ffb14d816de5ff40144ffc470efd75ccf128afa22778
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:48db05ad2e9fa39eb388089e7e25654bcbf4da1ddc3a5635d675056c28bbcb96
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:34450afc1a3399a9026fc3c6ec90e9f6adfec9faf6520545b4d84e90cda34964
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:64380efcb8da87fdc0e0de238a20456be9abb830174c2f2331882b7a84657e57

New Contributors

• @shunki-fujita made their first contribution in #11787
• @kiku99 made their first contribution in #11862
• @bissquit made their first contribution in #11849

What's Changed

• Fix Strimzi Metric Exporter in Kafka brokers record in CHANGELOG by @scholzj in #11637
• Bump main branch to 0.48.0-SNAPSHOT by @scholzj in #11638
• Added testing Apache Kafka RCs with staging repo on the dev doc by @ppatierno in #11645
• Drop support for Kube 1.25 and 1.26 by @scholzj in #11640
• Fixed ambiguos call with varargs parameter by @ppatierno in #11649
• Add Strimzi 0.47.0 to the main branch by @scholzj in #11655
• Fixed deletion of auto-rebalancing related ConfigMap by @ppatierno in #11653
• Refactor CC capacity configuration classes by @kyguy in #11615
• Remove unused DeploymentConfig operators and other references by @scholzj in #11659
• Use persistent link for Maven used in TF jobs by @Frawless in #11660
• Add Strimzi 0.47.0 to the Upgrade/Downgrade STs by @scholzj in #11658
• feat(kafka): adding new properties as expections to broker configs by @rlanhellas in #11668
• Fix non-default primitive types within KafkaRebalance by @ppatierno in #11672
• docs(kraft): note on migrating zookeeper clusters by @PaulRMellor in #11666
• docs(pdb): clarifies PodDisruptionBudget behavior by @PaulRMellor in #11663
• feat(examples,metrics,kube-state-metrics): extend for 'KafkaAccess' by @sebastiangaiser in #11677
• feat(helm-charts,helm3,strimzi-kafka-operator): add optional deploymentStrategy to CO by @sebastiangaiser in #11681
• Disable CC network resource goals when resource capacities are not set. by @kyguy in #11465
• fix(operator): operator stuck when failing in parse kubernetes version by @rlanhellas in #11641
• Fix gramma and clarity across codebase by @see-quick in #11692
• Remove the KRaft and NodePool annotations by @scholzj in https://github.com/strimzi/strimzi-kafka-ope...

0.48.0-rc1

⚠️ Important: Strimzi 0.48.0 supports only Kubernetes 1.27 and newer. Kubernetes 1.25 and 1.26 are not supported anymore

Main changes since 0.47.0

This release contains the following new features and improvements:

• Add support for Kafka 4.1.0.
  Remove support for Kafka 3.9.0 and 3.9.1.
• KRaft mode and Kafka Node Pools are now enabled by default.
  The strimzi.io/node-pools and strimzi.io/kraft annotations are not required anymore and will be ignored if set.
• Make properties broker.session.timeout.ms, broker.heartbeat.interval.ms and controller.socket.timeout.ms configurable
• Add monitoring of custom resources using kubernetes-state-metrics (KSM) (see Strimzi proposal 087)
• Ignore users (their ACLs, Quotas and SCRAM-SHA-512 credentials) managed by some other tools based on a configurable pattern in User Operator
• Support for type: custom client authentication (to make it easier to use custom authentication mechanisms such as AWS IAM)
• Added support for Strimzi Metrics Reporter to Kafka Connect, Mirror Maker 2 and Kafka Bridge.
• Add new feature gate ServerSideApplyPhase1 (disabled by default) that adds support for Server Side Apply for ConfigMap, Ingress, PVC, Service, and ServiceAccount according to Strimzi Proposal #105.
• Added distinction between changes of "cluster-wide" broker properties applied dynamically at cluster level, and "per-broker" broker properties applied dynamically at broker level.
• Extend the EntityOperator, Cruise Control and KafkaExporter deployment to support PDB via the template section in the CR spec.
• Added support for KIP-1073
  to get the list of the registered brokers by using the Kafka Admin API. It replaces the usage of the .status.registeredNodeIds field in Kafka.
• Added support for KIP-745 in Kafka Connector and Mirror Maker 2, allowing the usage of
  includeTasks and onlyFailed arguments in Kafka connectors restart.
• Update OAuth library to 0.17.0.
• Additional OAuth configuration options have been added for 'oauth' authentication on the listener and the client.
  On the listener clientGrantType has been added.
  On the client grantType has been added.

Major changes, deprecations and removals

• Fix RBAC naming for KafkaMirrorMaker2 to avoid RoleBinding collisions when a KafkaConnect with the same name exists in the same namespace. KafkaMirrorMaker2 now uses dedicated RoleBinding names.

  Upgrade note for KafkaMirrorMaker2 users (0.47.0 → 0.48.0+): Cleanup recommended

  After upgrading the operator, a new (dedicated) RoleBinding for KafkaMirrorMaker2 will be created and used automatically.
  The old RoleBinding, if it exists, may remain in the cluster but is no longer referenced.

  # List RoleBindings for your KafkaMirrorMaker2 instance (replace <namespace> and <mm2-name>)
  kubectl get rolebindings -n <namespace> \
    -l strimzi.io/kind=KafkaMirrorMaker2,strimzi.io/cluster=<mm2-name>

  If multiple RoleBindings are shown, the legacy one is <mm2-name>-connect-connect-role
  and the new one is <mm2-name>-mirrormaker2-role.

  You can safely delete just the legacy RoleBinding (unused after upgrade):

  kubectl delete rolebinding -n <namespace> <mm2-name>-connect-connect-role

• From Strimzi 0.48.0 on, we support only Kubernetes 1.27 and newer.
  Kubernetes 1.25 and 1.26 are not supported anymore.

• Disable Cruise Control network resource goals when resource capacities are not set.

• The strimzi_resource_state metric in the Cluster Operator is deprecated and is planned to be removed in Strimzi 0.51.
  Use kube-state-metrics based metrics from the examples as a replacement.

• The field .spec.enableMetrics in KafkaBridge is now deprecated and replaced by .spec.metricsConfig.

• The User Operator does not ignore the ACL rules for the * and ANONYMOUS users by default anymore.
  If you need to re-enable this feature, you can do it by configuring the STRIMZI_IGNORED_USERS_PATTERN environment variable to the following regular expression: ^\*|ANONYMOUS$.
  In case you deployed the User Operator through a Kafka custom resource, you can set it using the following YAML directly in the Kafka CR:

  apiVersion: kafka.strimzi.io/v1beta2
  kind: Kafka
  spec:
    #...
    entityOperator:
      template:
        userOperatorContainer:
          env:
            - name: STRIMZI_IGNORED_USERS_PATTERN
              value: "^\\*|ANONYMOUS$" # Double \ needed for escaping
      #...

  In case you use the standalone User Operator, you can set the environment variable in its Deployment.
  Please keep in mind that the ignored users will apply not only to ACLs, but also to Quotas and SCRAM-SHA credentials.

• The field .status.registeredNodeIds in Kafka is now deprecated, it is not used anymore, and it will be removed in the future.

All changes can be found under the 0.48.0 milestone.

Maven artifacts

To test the Maven artifacts that are part of this release, use the 0.48.0-RC1 version in your pom.xml.

Upgrading from Strimzi 0.47.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:73dc9555c4a73094b497ffb14d816de5ff40144ffc470efd75ccf128afa22778
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:48db05ad2e9fa39eb388089e7e25654bcbf4da1ddc3a5635d675056c28bbcb96
Apache Kafka 4.1.0	quay.io/strimzi/kafka@sha256:34450afc1a3399a9026fc3c6ec90e9f6adfec9faf6520545b4d84e90cda34964
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:53034f64f0b672f10b5bacea1c7a25132f118df7fd5c9032c4dbf702ed93796a
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:64380efcb8da87fdc0e0de238a20456be9abb830174c2f2331882b7a84657e57

New Contributors

• @shunki-fujita made their first contribution in #11787
• @kiku99 made their first contribution in #11862
• @bissquit made their first contribution in #11849

What's Changed

• Fix Strimzi Metric Exporter in Kafka brokers record in CHANGELOG by @scholzj in #11637
• Bump main branch to 0.48.0-SNAPSHOT by @scholzj in #11638
• Added testing Apache Kafka RCs with staging repo on the dev doc by @ppatierno in #11645
• Drop support for Kube 1.25 and 1.26 by @scholzj in #11640
• Fixed ambiguos call with varargs parameter by @ppatierno in #11649
• Add Strimzi 0.47.0 to the main branch by @scholzj in #11655
• Fixed deletion of auto-rebalancing related ConfigMap by @ppatierno in #11653
• Refactor CC capacity configuration classes by @kyguy in #11615
• Remove unused DeploymentConfig operators and other references by @scholzj in #11659
• Use persistent link for Maven used in TF jobs by @Frawless in #11660
• Add Strimzi 0.47.0 to the Upgrade/Downgrade STs by @scholzj in #11658
• feat(kafka): adding new properties as expections to broker configs by @rlanhellas in #11668
• Fix non-default primitive types within KafkaRebalance by @ppatierno in #11672
• docs(kraft): note on migrating zookeeper clusters by @PaulRMellor in #11666
• docs(pdb): clarifies PodDisruptionBudget behavior by @PaulRMellor in #11663
• feat(examples,metrics,kube-state-metrics): extend for 'KafkaAccess' by @sebastiangaiser in #11677
• feat(helm-charts,helm3,strimzi-kafka-operator): add optional deploymentStrategy to CO by @sebastiangaiser in #11681
• Disable CC network resource goals when resource capacities are not set. by @kyguy in #11465
• fix(operator): operator stuck when failing in parse kubernetes version by @rlanhellas in #11641
• Fix gramma and clarity across codebase by @see-quick in #11692
• Remove the KRaft and NodePool annotations by @scholzj in https://github.com/strimzi/strim...

0.47.0

⚠️ Important: Strimzi 0.47 is the last Strimzi version with support for Kubernetes 1.25 and 1.26. From Strimzi 0.48.0 on, we will support only Kubernetes 1.27 and newer.

Main changes since 0.46

This release contains the following new features and improvements:

• Support for Kafka 3.9.1
• Progress tracking for Cruise Control rebalances
• Support for Kubernetes Image Volumes to mount custom plugins
• Support for JsonTemplateLayout in Operators, Cruise Control, and Kafka 4.0.0
• Support for Strimzi Metrics Reporter for the Kafka brokers / controllers

All changes can be found under the 0.47.0 milestone.

Maven artifacts

To test the Maven artifacts that are part of this release, use the 0.47.0 version in your pom.xml.

Upgrading from Strimzi 0.46.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:589c4d63641d9a944462dd682f6e5febe8b38ff55b9253949b061aca16feb154
Apache Kafka 3.9.0	quay.io/strimzi/kafka@sha256:978e2ed5f0d315e8bf0ab0503ee839acbd9da01ca427e6581b59ac25d36bc9c9
Apache Kafka 3.9.1	quay.io/strimzi/kafka@sha256:8a793cdf5084cdb72c6663419530985158b16330a518720e9e9d1d96babbaf7e
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:551882f47a6d2dc8300bcfca251fffffc3379acb2724a7efe16f17c0c4f529fb
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:428c5587f547dabfc995a73745569d113380c7e6b8bf0b2504c6a9a00d6c4608
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:c67a3ad3d92420ac8b7f8435eeec53ebffaea4e894e65414a7c47c20e3faba27

New Contributors

• @gabriel-farache made their first contribution in #11424
• @marceloavan made their first contribution in #11434
• @leisma made their first contribution in #11408
• @rajith77 made their first contribution in #11439
• @danielvrog made their first contribution in #11441
• @StevenJDH made their first contribution in #11429
• @CodeReaper made their first contribution in #11533
• @rlanhellas made their first contribution in #11543
• @mdraevich made their first contribution in #11623

What's Changed

• Bump the main branch to Strimzi 0.47.0-SNAPSHOT by @ppatierno in #11378
• Fix missing jmx reporter by @ppatierno in #11379
• Add deploymentAnnotations to helm chart by @fork-twilio in #11376
• Fix and add some content to the release documentation by @ppatierno in #11383
• Bump test-clients to 0.11.0 by @im-konge in #11380
• Use more human-readable appender format for STs logs by @Frawless in #11377
• Update Fabric8 Kubernetes Client to 7.2.0 by @ppatierno in #11392
• docs(bridge): updates the deployment instructions for Kafka Bridge by @PaulRMellor in #11382
• docs(volumes): updates JBOD reassignment procedure to include volume cleanup step by @PaulRMellor in #11398
• Improved release doc around Azure pipelines on RCs by @ppatierno in #11396
• Add the 0.46.0 release to the main branch by @ppatierno in #11405
• [ST] Add Strimzi 0.46.0 to the upgrade/downgrade tests by @see-quick in #11419
• helm: Add unhealthyPodEvictionPolicy to PDB by @jcpunk in #11404
• [system test] [performance] Make from scheduler class singleton. by @see-quick in #11410
• docs(link cleanup): removes some unnecessary internal doc links by @PaulRMellor in #11420
• Fix doc after removal of the example/kraft folder by @gabriel-farache in #11424
• Fixed minor mistakes on the RELEASE doc by @ppatierno in #11428
• Remove .jenkins directory by @im-konge in #11431
• docs: custom registry and repository clarification by @marceloavan in #11434
• Fixed typo to define a shell block by @ppatierno in #11435
• feat(user-operator): provide possibility to configure key name of use… by @leisma in #11408
• Update ADOPTERS.md with Randoli by @rajith77 in #11439
• Update tiered storage doc for moving to GA by @showuon in #11423
• Improved release bundle documentation by @ppatierno in #11440
• docs(adopters): include AppsFlyer by @danielvrog in #11441
• Fix MirrorMaker 2 client rack init container override by @StevenJDH in #11429
• Add support for the Strimzi Metrics Reporter to Kafka brokers/controllers components by @OwenCorrigan76 in #11051
• chore: Minor formatting and style cleanups in ClusterOperator by @see-quick in #11436
• docs(tiered storage): updates storage considerations by @PaulRMellor in #11444
• Provide full qualified name for KubeRegistryProxy for s390x by @yasiribmcon in #11445
• Update assemblies and modules Docs for Metrics Reporter integration by @OwenCorrigan76 in #11329
• Enhance CI scripts to better work with arm runners and bump Minikube version by @Frawless in #11443
• Bump Jaeger version to 1.65.0 to make tests working on Kube 1.33 by @Frawless in #11460
• docs(fix): fixes some broken links in the doc by @PaulRMellor in #11454
• Update Minikube version to 1.36.0 by @im-konge in #11474
• [system test] Update TESTING.md doc by @see-quick in #11471
• Added support for Apache Kafka 3.9.1 by @ppatierno in #11469
• [ST] Update Cert Manager to 1.17 and Jaeger to 2.6 in system tests by @Frawless in #11479
• Update to Vert.x 5 by @ppatierno in #11374
• Fixed adding new Kafka versions documentation by @ppatierno in #11482
• [system test] [doc] MirrorMaker2ST by @see-quick in #11473
• Allow us to change control and worker nodes count via env vars, bump Kind version by @Frawless in #11458
• Update different dependencies - Kaniko, Fabric8, JMX Exporter, Maven builder by @scholzj in #11492
• Moved to use the Sonatype Central Portal by @ppatierno in #11493
• Use sudo for docker manupulation in Kind script by @Frawless in #11497
• Add note/warning about Kubernetes 1.25 and 1.26 support removal by @im-konge in #11498
• Added project names for the ones to be published to Maven Central by @ppatierno in #11501
• Add support for Image Volumes by @scholzj in #11467
• docs(kraft): clarifies static quorum limit applies to new deployments by @PaulRMellor in #11505
• [ST] Add systemtest with user specific configuraton for ssl.* fields for custom type of listener by @Frawless in #11500
• Adding progress updates for Cruise Control rebalances by @kyguy in #11348
• [ST] Fix testSendMessagesCustomListenerTlsCustomization by @im-konge in https://github.com/strimzi/strimzi-kafka-o...

0.47.0-rc1

⚠️ Important: Strimzi 0.47 is the last Strimzi version with support for Kubernetes 1.25 and 1.26. From Strimzi 0.48.0 on, we will support only Kubernetes 1.27 and newer.

Main changes since 0.46

This release contains the following new features and improvements:

• Support for Kafka 3.9.1
• Progress tracking for Cruise Control rebalances
• Support for Kubernetes Image Volumes to mount custom plugins
• Support for JsonTemplateLayout in Operators, Cruise Control, and Kafka 4.0.0
• Support for Strimzi Metrics Reporter for the Kafka brokers / controllers

All changes can be found under the 0.47.0 milestone.

Maven artifacts

To test the Maven artifacts that are part of this release, use the 0.47.0-RC1 version in your pom.xml.

Upgrading from Strimzi 0.46.0

See the documentation for upgrade instructions.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:589c4d63641d9a944462dd682f6e5febe8b38ff55b9253949b061aca16feb154
Apache Kafka 3.9.0	quay.io/strimzi/kafka@sha256:978e2ed5f0d315e8bf0ab0503ee839acbd9da01ca427e6581b59ac25d36bc9c9
Apache Kafka 3.9.1	quay.io/strimzi/kafka@sha256:8a793cdf5084cdb72c6663419530985158b16330a518720e9e9d1d96babbaf7e
Apache Kafka 4.0.0	quay.io/strimzi/kafka@sha256:551882f47a6d2dc8300bcfca251fffffc3379acb2724a7efe16f17c0c4f529fb
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:428c5587f547dabfc995a73745569d113380c7e6b8bf0b2504c6a9a00d6c4608
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:a5088c14d7b8bf1d336669cba047b971bf3ece8969647dae2c1e3a07a7be0c5e
Maven Builder	quay.io/strimzi/maven-builder@sha256:c67a3ad3d92420ac8b7f8435eeec53ebffaea4e894e65414a7c47c20e3faba27

New Contributors

• @gabriel-farache made their first contribution in #11424
• @marceloavan made their first contribution in #11434
• @leisma made their first contribution in #11408
• @rajith77 made their first contribution in #11439
• @danielvrog made their first contribution in #11441
• @StevenJDH made their first contribution in #11429
• @CodeReaper made their first contribution in #11533
• @rlanhellas made their first contribution in #11543
• @mdraevich made their first contribution in #11623

What's Changed

• Bump the main branch to Strimzi 0.47.0-SNAPSHOT by @ppatierno in #11378
• Fix missing jmx reporter by @ppatierno in #11379
• Add deploymentAnnotations to helm chart by @fork-twilio in #11376
• Fix and add some content to the release documentation by @ppatierno in #11383
• Bump test-clients to 0.11.0 by @im-konge in #11380
• Use more human-readable appender format for STs logs by @Frawless in #11377
• Update Fabric8 Kubernetes Client to 7.2.0 by @ppatierno in #11392
• docs(bridge): updates the deployment instructions for Kafka Bridge by @PaulRMellor in #11382
• docs(volumes): updates JBOD reassignment procedure to include volume cleanup step by @PaulRMellor in #11398
• Improved release doc around Azure pipelines on RCs by @ppatierno in #11396
• Add the 0.46.0 release to the main branch by @ppatierno in #11405
• [ST] Add Strimzi 0.46.0 to the upgrade/downgrade tests by @see-quick in #11419
• helm: Add unhealthyPodEvictionPolicy to PDB by @jcpunk in #11404
• [system test] [performance] Make from scheduler class singleton. by @see-quick in #11410
• docs(link cleanup): removes some unnecessary internal doc links by @PaulRMellor in #11420
• Fix doc after removal of the example/kraft folder by @gabriel-farache in #11424
• Fixed minor mistakes on the RELEASE doc by @ppatierno in #11428
• Remove .jenkins directory by @im-konge in #11431
• docs: custom registry and repository clarification by @marceloavan in #11434
• Fixed typo to define a shell block by @ppatierno in #11435
• feat(user-operator): provide possibility to configure key name of use… by @leisma in #11408
• Update ADOPTERS.md with Randoli by @rajith77 in #11439
• Update tiered storage doc for moving to GA by @showuon in #11423
• Improved release bundle documentation by @ppatierno in #11440
• docs(adopters): include AppsFlyer by @danielvrog in #11441
• Fix MirrorMaker 2 client rack init container override by @StevenJDH in #11429
• Add support for the Strimzi Metrics Reporter to Kafka brokers/controllers components by @OwenCorrigan76 in #11051
• chore: Minor formatting and style cleanups in ClusterOperator by @see-quick in #11436
• docs(tiered storage): updates storage considerations by @PaulRMellor in #11444
• Provide full qualified name for KubeRegistryProxy for s390x by @yasiribmcon in #11445
• Update assemblies and modules Docs for Metrics Reporter integration by @OwenCorrigan76 in #11329
• Enhance CI scripts to better work with arm runners and bump Minikube version by @Frawless in #11443
• Bump Jaeger version to 1.65.0 to make tests working on Kube 1.33 by @Frawless in #11460
• docs(fix): fixes some broken links in the doc by @PaulRMellor in #11454
• Update Minikube version to 1.36.0 by @im-konge in #11474
• [system test] Update TESTING.md doc by @see-quick in #11471
• Added support for Apache Kafka 3.9.1 by @ppatierno in #11469
• [ST] Update Cert Manager to 1.17 and Jaeger to 2.6 in system tests by @Frawless in #11479
• Update to Vert.x 5 by @ppatierno in #11374
• Fixed adding new Kafka versions documentation by @ppatierno in #11482
• [system test] [doc] MirrorMaker2ST by @see-quick in #11473
• Allow us to change control and worker nodes count via env vars, bump Kind version by @Frawless in #11458
• Update different dependencies - Kaniko, Fabric8, JMX Exporter, Maven builder by @scholzj in #11492
• Moved to use the Sonatype Central Portal by @ppatierno in #11493
• Use sudo for docker manupulation in Kind script by @Frawless in #11497
• Add note/warning about Kubernetes 1.25 and 1.26 support removal by @im-konge in #11498
• Added project names for the ones to be published to Maven Central by @ppatierno in #11501
• Add support for Image Volumes by @scholzj in #11467
• docs(kraft): clarifies static quorum limit applies to new deployments by @PaulRMellor in #11505
• [ST] Add systemtest with user specific configuraton for ssl.* fields for custom type of listener by @Frawless in #11500
• Adding progress updates for Cruise Control rebalances by @kyguy in #11348
• [ST] Fix testSendMessagesCustomListenerTlsCustomization by @im-konge in https://github.com/strimzi/str...

0.45.1

⚠️ Important: Strimzi 0.45 supports only Kubernetes 1.25 and newer. Kubernetes 1.23 and 1.24 are not supported anymore.

Main changes since 0.45.0

This release contains the following new features and improvements:

• Dependency updates (Vert.x 4.5.13, Netty 4.1.118.Final).
• Fixed bug which may lead to metadata loss within the cluster when restarting a KRaft migration after a previous rollback due to missing /migration znode deletion.
• Fixed CVE-2024-57699 by overriding json-smart dependency with 2.5.2 version.
• Add support for Kafka 3.9.1

All changes can be found under the 0.45.1 milestone.

Watch out also for some notable changes, deprecations, and removals:

• Strimzi 0.45 is the last minor Strimzi version with support for ZooKeeper-based Apache Kafka clusters and MirrorMaker 1 deployments.
  Please make sure to migrate to KRaft and MirrorMaker 2 before upgrading to Strimzi 0.46 or newer.
• Strimzi 0.45 is the last Strimzi version to include the Strimzi EnvVar Configuration Provider (deprecated in Strimzi 0.38.0) and Strimzi MirrorMaker 2 Extensions (deprecated in Strimzi 0.28.0).
  Please use the Apache Kafka EnvVarConfigProvider and Identity Replication Policy instead.

Upgrading from Strimzi 0.45.0

See the documentation for upgrade instructions.

Upgrading from Strimzi 0.22 or earlier

Direct upgrade from Strimzi 0.22 or earlier is not supported anymore! You have to upgrade first to one of the previous versions of Strimzi. You will also need to convert the CRD resources. For more details, see the documentation.

Container images

The following container images are part of this release:

Name	Image
Operators	quay.io/strimzi/operator@sha256:58e8722216b0b0e8b1dd79109725238fa4016a16cc6a9fca0e327bccb1506810
Apache Kafka 3.8.0	quay.io/strimzi/kafka@sha256:173cb5793756f75739c51a83bbe06d7f0094fd003a2982160a5cc6e216cd6d28
Apache Kafka 3.8.1	quay.io/strimzi/kafka@sha256:6a05924839a2c7da0431408e6d6223a055e75d88b3f057ac5caa7f9097227f56
Apache Kafka 3.9.0	quay.io/strimzi/kafka@sha256:e98fbe49cadbc5d3afbd8f17abea218f216c95d52f4fa1fe514a7a988624da24
Apache Kafka 3.9.1	quay.io/strimzi/kafka@sha256:ba52ed046b1dccdbd96f4e68057ce014d862a7c9c1fc670760c023b9aa09f23f
Strimzi Bridge	quay.io/strimzi/kafka-bridge@sha256:c462441a966f0732855e684b4840563bfad45391345c9511fa49e1630ba9c3e3
Kaniko executor	quay.io/strimzi/kaniko-executor@sha256:ef1a39c363e145041d80103c3c12da9429ce06cf21dff6fb1fb75d0c0ed9c35b
Maven Builder	quay.io/strimzi/maven-builder@sha256:770e410f1e7e0e92c31bae6c19831ba36d59dd11b44e90c159aef16a965aa998

What's Changed

• Cherry-pick OPA and Additional Volumes in MM2 fixes to 0.45 release branch by @scholzj in #11030
• Cherry-pick bumped Vert.x 4.5.12 and Netty 4.1.117.Final to 0.45.x release branch by @ppatierno in #11079
• Cherry-pick update Fabric8 Kubernetes Client to 7.1.0 to 0.45.x release branch by @ppatierno in #11265
• Chery-pick Update Vert.x to 4.5.13 to 0.45.x release branch by @ppatierno in #11266
• Added initial CHANGELOG for 0.45.1 by @ppatierno in #11268
• Fixed missing deletion of the migration znode on KRaft migration rollback by @ppatierno in #11271
• Added deleteClaim usage on KRaft controllers PVCs deletion on migration by @ppatierno in #11282
• docs(kraft): kraft migration: previous rollback warning by @PaulRMellor in #11284
• [ST] Add test for migration-rollback-migration with additional checks by @im-konge in #11285
• Update GitHub actions/cache plugin by @im-konge in #11289
• Chery-pick Update Fabric8 Kubernetes Client to 7.2.0 to 0.45.x release branch by @ppatierno in #11395
• Chery-pick allow ignore path kaniko opt to 0.45.x release branch by @ppatierno in #11397
• Added json-smart 2.5.2 as dependency to fix CVE-2024-57699 on 0.45.x release branch by @ppatierno in #11411
• Add support for Kafka 3.9.1 by @ppatierno in #11364
• Removed leftover staging repo on 0.45.x release branch by @ppatierno in #11470
• Moved to use the Sonatype Central Portal cherry pick on release-0.45.x branch by @ppatierno in #11494
• Cherry-pick 'Added project names for the ones to be published to Maven Central' to release-0.45.x branch by @im-konge in #11502
• [release-0.45.x] Release RC artifacts directly to Sonatype by @im-konge in #11508
• Bump jetty to address CVE-2024-6763 and CVE-2024-13009 by @fvaleri in #11536
• [release-0.45.x] Bump test-containers to 0.109.2 by @im-konge in #11547
• [release-0.45.x] Bumped OAuth 0.15.1 by @ppatierno in #11545
• Updated bridge to 0.31.2 by @ppatierno in #11564