Release Notes - Kafka - Version 4.0.2

Below is a summary of the JIRA issues addressed in the 4.0.2 release of Kafka. For full documentation of the release, a guide to get started, and information about the project, see the Kafka project site.

Note about upgrades: Please carefully review the upgrade documentation for this release thoroughly before upgrading your cluster. The upgrade notes discuss any critical information about incompatibilities and breaking changes, performance changes, and any other changes that might impact your production deployment of Kafka.

The documentation for the most recent release can be found at https://kafka.apache.org/documentation.html.

Improvement

  • [KAFKA-18168] - GlobalKTable does not checkpoint restored offsets until next 10K events
  • [KAFKA-18617] - Support ClusterInstance in BeforeEach/AfterEach fixtures
  • [KAFKA-19546] - Rebalance should be triggered if the subscription is changed during group protocol downgrade triggered by static member replacement
  • [KAFKA-19747] - Improve handling of failed push telemetry request
  • [KAFKA-19876] - Replace the base image since openjdk image is deprecated
  • [KAFKA-19966] - Upgrade commons-validator to 1.10.1
  • [KAFKA-20168] - Upgrade jetty to fix CVE-2025-5115

    • Bug

  • [KAFKA-19012] - Messages ending up on the wrong topic
  • [KAFKA-19390] - AbstractIndex#resize() does not release old mmap on Linux
  • [KAFKA-19439] - OffsetFetch API does not return group level errors correctly with version 1 for 4.0 and 3.9
  • [KAFKA-19449] - Unexpected UNREVOKED_PARTITIONS to UNRELEASED_PARTITIONS transition in consumer member reconciliation
  • [KAFKA-19479] - at_least_once mode in Kafka Streams silently drops messages when the producer fails with MESSAGE_TOO_LARGE, violating delivery guarantees
  • [KAFKA-19510] - Kafka Streams does not always release lock when adding or removing threads multiple times
  • [KAFKA-19561] - Request Timeout During SASL Reauthentication Due to Missed OP_WRITE interest set
  • [KAFKA-19571] - Race condition between log segment flush and file deletion causing log dir to go offline
  • [KAFKA-19690] - Unexpected Fatal error InvalidTxnStateException on Kafka Streams (KIP-890)
  • [KAFKA-19719] - setting --no-initial-controllers flag should not validate kraft version against metadata version
  • [KAFKA-19720] - Regex subscription should be empty for classic members joining mixed group
  • [KAFKA-19724] - Global stream thread ignores all exceptions
  • [KAFKA-19732] - Backport KAFKA-19716 fix to 4.0 and 4.1
  • [KAFKA-19760] - RecordTooLargeExceptions in group coordinator when offsets.topic.compression.codec is used
  • [KAFKA-19775] - Error if an empty topic is created when there is a regex source KS
  • [KAFKA-19831] - Failures in the StateUpdater thread may lead to inability to shut down a stream thread
  • [KAFKA-19857] - CoordinatorExecutorImpl.cancelAll always throws IllegalStateException when there are running tasks
  • [KAFKA-19862] - Group coordinator loading may fail when there is concurrent compaction
  • [KAFKA-19882] - JMX tags applied to all client metrics, not just client state for KIP-1091
  • [KAFKA-19888] - Coordinator histogram negative values causing persistent write timeouts and consumer instability in Kafka 4.1.0
  • [KAFKA-19930] - GlobalThread fails with NPE trying to use unsupported ProcessingExceptionHandler
  • [KAFKA-19951] - switch lz4-java to at.yawk.lz4 version due to CVE
  • [KAFKA-19959] - Apply NPE fix for oldest-iterator-open-since-ms to other store types
  • [KAFKA-19960] - Spurious failure to close StateDirectory due to some task directories still locked
  • [KAFKA-19990] - NPE on handling an AllocateProducerIdsResponse
  • [KAFKA-19994] - TaskManager may not close all tasks on task timeouts
  • [KAFKA-20002] - Reset-by-duration should not hand back task to state-updater
  • [KAFKA-20027] - Fix the broken 'quickstart' link on the connector page
  • [KAFKA-20038] - [CVE-2025-68161] [log4j-core] [2.17.1][Kafka]
  • [KAFKA-20046] - streams-scala artifact is compiled with java 17 instead of 11.
  • [KAFKA-20064] - A race condition in admin client can lead to the result future never being completed
  • [KAFKA-20069] - Release script cannot update templateData.js
  • [KAFKA-20115] - Group coordinator fails to unload metadata when no longer leader or follower

    • Test

  • [KAFKA-18606] - Flaky test DeleteSegmentsByRetentionTimeTest#executeTieredStorageTest
  • [KAFKA-19894] - Reintroduce SaslPlainSslEndToEndAuthorizationTest