Release Notes - Kafka - Version 4.1.2

Below is a summary of the JIRA issues addressed in the 4.1.2 release of Kafka. For full documentation of the release, a guide to get started, and information about the project, see the Kafka project site.

Note about upgrades: Please carefully review the upgrade documentation for this release thoroughly before upgrading your cluster. The upgrade notes discuss any critical information about incompatibilities and breaking changes, performance changes, and any other changes that might impact your production deployment of Kafka.

The documentation for the most recent release can be found at https://kafka.apache.org/documentation.html.

Improvement

  • [KAFKA-19876] - Replace the base image since openjdk image is deprecated
  • [KAFKA-19966] - Upgrade commons-validator to 1.10.1
  • [KAFKA-20168] - Upgrade jetty to fix CVE-2025-5115

    • Bug

  • [KAFKA-19012] - Messages ending up on the wrong topic
  • [KAFKA-19449] - Unexpected UNREVOKED_PARTITIONS to UNRELEASED_PARTITIONS transition in consumer member reconciliation
  • [KAFKA-19561] - Request Timeout During SASL Reauthentication Due to Missed OP_WRITE interest set
  • [KAFKA-19571] - Race condition between log segment flush and file deletion causing log dir to go offline
  • [KAFKA-19678] - Streams open iterator tracking has high contention on metrics lock
  • [KAFKA-19720] - Regex subscription should be empty for classic members joining mixed group
  • [KAFKA-19831] - Failures in the StateUpdater thread may lead to inability to shut down a stream thread
  • [KAFKA-19857] - CoordinatorExecutorImpl.cancelAll always throws IllegalStateException when there are running tasks
  • [KAFKA-19862] - Group coordinator loading may fail when there is concurrent compaction
  • [KAFKA-19882] - JMX tags applied to all client metrics, not just client state for KIP-1091
  • [KAFKA-19888] - Coordinator histogram negative values causing persistent write timeouts and consumer instability in Kafka 4.1.0
  • [KAFKA-19899] - Bumping group epoch when member regex subscription changes from non empty to empty
  • [KAFKA-19930] - GlobalThread fails with NPE trying to use unsupported ProcessingExceptionHandler
  • [KAFKA-19951] - switch lz4-java to at.yawk.lz4 version due to CVE
  • [KAFKA-19959] - Apply NPE fix for oldest-iterator-open-since-ms to other store types
  • [KAFKA-19960] - Spurious failure to close StateDirectory due to some task directories still locked
  • [KAFKA-19990] - NPE on handling an AllocateProducerIdsResponse
  • [KAFKA-19994] - TaskManager may not close all tasks on task timeouts
  • [KAFKA-20002] - Reset-by-duration should not hand back task to state-updater
  • [KAFKA-20027] - Fix the broken 'quickstart' link on the connector page
  • [KAFKA-20038] - [CVE-2025-68161] [log4j-core] [2.17.1][Kafka]
  • [KAFKA-20046] - streams-scala artifact is compiled with java 17 instead of 11.
  • [KAFKA-20064] - A race condition in admin client can lead to the result future never being completed
  • [KAFKA-20069] - Release script cannot update templateData.js
  • [KAFKA-20111] - Describing group configs for pre-4.1 broker with later kafka-configs.sh fails
  • [KAFKA-20115] - Group coordinator fails to unload metadata when no longer leader or follower

    • Test

  • [KAFKA-19894] - Reintroduce SaslPlainSslEndToEndAuthorizationTest