0.20.0

• #3570: build(deps): bump netty.version from 4.2.10.Final to 4.2.12.Final
• #3535: bugfix: bootstrapServers containing whitespace parsed unexpectedly
• #3496: feat(runtime): make Netty shutdown durations configurable
• #3457: refactor(config): register DurationSerde globally on ObjectMapper rather than per-field (see note)
• #3534: (docs) Include our Javadocs on kroxylicious.io website
• #3449: Add Connection Expiration filter that closes client connections after a configurable maximum age, helping to rebalance connections across proxy instances in dynamic environments like Kubernetes.
• #2697 EntityIsolationFilter (restricted to groupId and transactionalId entity type only)
• #3007 Allow schema validation to use a schema registry protected by an internally signed certificate.
• #2890 Update record-validation to Apicurio v3.
• #3383: fix(operator): the operator now uses Server-Side Apply for all dependent resources. This is a no-op change for users: existing deployments are unaffected and externally-applied SSA patches (e.g. annotations or env vars added by observability tooling) will now survive operator reconciles. Users upgrading from a prior release may observe one additional reconcile cycle as Kubernetes transfers field ownership to the SSA manager.
• #3444: feat(authorization): support v13 Produce with topicIds
• #3444: feat(authorization): support v13-v18 Fetch with topicIds
• #3358: feat(encryption): produce and fetch tolerate topicIds
• #3506: feat(validation): support v13+ Produce with topicIds
• #3448: feat(authorization): support authorization of group new consumer protocol group
• #3399: feat(operator): add KafkaProxyIngress.spec.openShiftRoute

Changes, deprecations and removals

• #3496: The shutdownQuietPeriodSeconds field under network.proxy and network.management is deprecated.
  Use the new shutdownQuietPeriod field instead, which accepts Go-style durations (e.g. "2s", "500ms") and adds support for sub-second precision.
  A new shutdownTimeout field is also available to configure the previously hardcoded 15-second Netty shutdown timeout.
• Apicurio v3 has changed the default way schemas are identified. They are now referred to using contentId rather than globalId.
  The reason for this change was to allow interop with Confluent based kafka clients.
  Unfortunately, this causes breaking changes for users of schemaValidation rules of the record-validation feature.
  • The config field apicurioContentId is removed. It is replaced with a new config field apicurioId.
  • This field apicurioId refers to the contentId of the schema.
  • You must also ensure that any Kafka client embedding schema identifiers into records (using headers or magic bytes) are updated to send the contentId rather than the globalId.
    Refer to the Apicurio upgrade documentation for details.
  • Alternatively, the old behaviour can be restored by setting the config option wireFormatVersion to V2. In this mode, the apicurioId refers to the globalId and clients must send globalId.
    V2 mode is deprecated and will be removed in a future release.
• The operator now has the ability to enable external access to a Virtual Cluster via OpenShift Routes using KafkaProxyIngress.spec.openShiftRoute.
  This enables off-cluster client access on OpenShift, with graceful rejection when the Route API is unavailable.
• The preview Authorization Filter no longer supports ConsumerGroupHeartbeat version 1 RPCs, see #3561.
• The Proxy now registers a custom Duration serialization/deserialization module on the config ObjectMapper, meaning Filter Config classes can use Duration and it will
  be serialized to/from golang-style strings (e.g "1h" for 1 hour) without adding any annotations to your parameters.
• Javadoc for public APIs will now be published on the website, alongside the other per-version documentation when we create a new release