librdkafka v2.8.0 is a maintenance release:
- Socket options are now all set before connection (#4893).
- Client certificate chain is now sent when using
ssl.certificate.pem
orssl_certificateorssl.keystore.location(#4894). - Avoid sending client certificates whose chain doesn't match with broker
trusted root certificates (#4900). - Fixes to allow to migrate partitions to leaders with same leader epoch,
or NULL leader epoch (#4901). - Support versions of OpenSSL without the ENGINE component (Chris Novakovic, #3535
and @remicollet, #4911).
Fixes
General fixes
- Socket options are now all set before connection, as documentation
says it's needed for socket buffers to take effect, even if in some
cases they could have effect even after connection.
Happening since v0.9.0 (#4893). - Issues: #3225.
Client certificate chain is now sent when usingssl.certificate.pem
orssl_certificateorssl.keystore.location.
Without that, broker must explicitly add any intermediate certification
authority certificate to its truststore to be able to accept client
certificate.
Happens since: 1.x (#4894).
Consumer fixes
- Issues: #4796.
Fix to allow to migrate partitions to leaders with NULL leader epoch.
NULL leader epoch can happen during a cluster roll with an upgrade to a
version supporting KIP-320.
Happening since v2.1.0 (#4901). - Issues: #4804.
Fix to allow to migrate partitions to leaders with same leader epoch.
Same leader epoch can happen when partition is
temporarily migrated to the internal broker (#4804), or if broker implementation
never bumps it, as it's not needed to validate the offsets.
Happening since v2.4.0 (#4901).
Note: there was no v2.7.0 librdkafka release
Checksums
Release asset checksums:
- v2.8.0.zip SHA256
5525efaad154e277e6ce30ab78bb00dbd882b5eeda6c69c9eeee69b7abee11a4 - v2.8.0.tar.gz SHA256
5bd1c46f63265f31c6bfcedcde78703f77d28238eadf23821c2b43fc30be3e25