Release date: 2025-06-14
Breaking changes
New features
GATEWAY_SECURITY_MODE environment variable
This release introduces the GATEWAY_SECURITY_MODE environment variable,
which simplifies the security configuration by splitting out what manages authentication/authorization (valid values: KAFKA_MANAGED or GATEWAY_MANAGED) from how it should be managed (still set in the GATEWAY_SECURITY_PROTOCOL environment variable).
This change:
- Deprecates the
DELEGATED_SASL_PLAINTEXTandDELEGATED_SASL_SSLsecurity protocols (though they remain supported for backward compatibility) - Enables ACLs by default when managing security on the Gateway, by changing the default behaviour of the
GATEWAY_ACL_ENABLEDenvironment variable. ACL behavior is now derived from the security mode - Is backwards compatible, supporting existing configurations while encouraging the new approach
Please see How to: Migration Guide to Security Mode for full guidance on how to adopt the new security configuration.