Release Notes - Kafka - Version 4.2.1

Below is a summary of the JIRA issues addressed in the 4.2.1 release of Kafka. For full documentation of the release, a guide to get started, and information about the project, see the Kafka project site.

Note about upgrades: Please carefully review the upgrade documentation for this release thoroughly before upgrading your cluster. The upgrade notes discuss any critical information about incompatibilities and breaking changes, performance changes, and any other changes that might impact your production deployment of Kafka.

The documentation for the most recent release can be found at https://kafka.apache.org/documentation.html.

Improvement

  • [KAFKA-19851] - Delete dynamic config that were removed by Kafka
  • [KAFKA-20344] - upgrade jetty to 12.0.34
  • [KAFKA-20373] - CVE-2025-67030 in plexus-utils-3.5.1.jar

    • Bug

  • [KAFKA-19697] - NPE Cannot invoke org.apache.kafka.connect.runtime.ConnectMetrics$MetricGroup.close()
  • [KAFKA-20131] - ClassicKafkaConsumer does not clear endOffsetRequested flag on failed LIST_OFFSETS calls
  • [KAFKA-20165] - Consumer poll may fail with unrecoverable KafkaException if topic not in metadata when fetching committed offsets
  • [KAFKA-20183] - Share consumer group fails when group ID contains colon character
  • [KAFKA-20241] - Jackson core vulnerability GHSA-72hv-8253-57qq
  • [KAFKA-20247] - ControllerRegistrationManager does not retry registration after timing out
  • [KAFKA-20254] - Streams group replay fails after log compaction removes classic group tombstone
  • [KAFKA-20302] - Receive buffers allocated from MemoryPool may not be released if request is invalid
  • [KAFKA-20309] - Too many SharePollEvents created
  • [KAFKA-20322] - TransactionMarkerChannelManager has discoverBrokerVersions=false causing UnsupportedVersionException during rolling upgrades
  • [KAFKA-20332] - Ensure app thread not collecting records for partitions being revoked
  • [KAFKA-20380] - controller.quorum.voters should act as advertised.listeners if the latter is not defined
  • [KAFKA-20393] - Kafka client send to wong IP caused by stickyNode in TelemetrySender
  • [KAFKA-20398] - Memory leak when stream threads are replaced
  • [KAFKA-20505] - Deadlock in KIP-932 share path: `SharePartition.rollbackOrProcessStateUpdates` completes future inside write lock, reenters `DelayedOperation` lock held by request handler
  • [KAFKA-20572] - Connect REST server throws NPE on startup when using listener-prefixed SSL configs

    • Task

  • [KAFKA-20306] - StreamsGroupCommand does not display committed offsets for repartition topics
  • [KAFKA-20446] - Native image contains CVE-2026-28390 in libcrypto3 and libssl3
  • [KAFKA-20447] - Native image contains CVE-2026-22184 in zlib
  • [KAFKA-20536] - Empty "Upgrading Servers to 4.1.0" section in upgrade docs across trunk/4.2/4.3

    • Sub-task

  • [KAFKA-20034] - DeliveryCompleteCount should be 0 when share group offsets are altered.
  • [KAFKA-20085] - Let's replace this verbose instruction with a custom Gradle task
  • [KAFKA-20181] - cherry-pick KAFKA-20168 to 3.9 and 4.2