Kroxylicious release 0.5.1

April 9, 2024 by Sam Barker

The Kroxylicious project is very pleased to announce the release of Kroxylicious 0.5.1. See the Changelog for a list of changes and summary of Deprecations, Changes and Removals.

Fixes and Improvements in 0.5.1

  • @luozhenyu noticed that we didn’t support Kafka 0.10.0 properly and provided a fix PR#1110 so that our handling is inline with that of official java client
  • @luozhenyu also spotted that we were not cancelling the timeouts when filters sent additional requests to the broker.
  • The proxy now fails to start if any of the required cipher suites are unavailable.

Record Encryption

The 0.5.X series is focused on refining Record Encryption to be ready for experimentation in secure environments, adding:

  • Enable users to configure Hashicorp Vault TLS, providing custom keystore and truststore
  • Enable users to supply the Hashicorp Vault token via file rather than having to inject it into the proxy configuration
  • Include Record Encryption filter (and other Kroxylicious project supported filters) in the binary distribution
  • Release a Docker image also containing the supported filters
  • Improvements in how we manage and control the usage of key material, preparing to support alternate Ciphers and configurable Additional Authenticated Data

The protocol for immutable encrypted data written to the broker is now aligned with our initial design. We guarantee data encrypted with version 0.5.0 of the Filter will be decryptable by all future versions of the Record Encryption Filter forever (assuming the keys stored in the KMS remain available for decryption).


You’ll find binaries attached to the GitHub release, and available through Maven Central.

Docker images are hosted at


We are eager for any feedback, you can create an issue in GitHub if you have any problems or want a feature added.