KAFKA-19664 Support building with Java 25 (LTS release) #20561
Merged
+26
−19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
triage
Contributor
Author
|
Thank you @brandboat 👌 |
ijuma
reviewed
Sep 23, 2025
Contributor
Author
|
It seems that Github Actions now supports Java 25 build; let's test that. |
Contributor
Author
|
Lots of test are failing when tested against Java 25: |
Contributor
Author
|
And also: some references to Java 24 are still present. |
Contributor
|
@dejan2609 The references to Java 24 are likely due to #20295 (comment) It might make sense to add a comment to ci-complete.yml, so the next person to come across this doesn't have to figure that out again :) |
Contributor
Author
|
Much obliged @srdo ! I was this close from digging into all related commits/PR's to figure out what is going on: Yes, it does make sense to add a small comment, I will do that for sure 🤝 |
github-actions
bot
added
the
dependencies
Contributor
Author
|
Update: Mockito version is upgraded in order to resolve build issues; see the output error for Related links: |
Contributor
Author
|
With latest Mockito version test results are looking much better: 
More details:
|
Contributor
Author
|
Small update:
|
Member
|
@dejan2609 please rebase this PR, thanks! |
notes: - spotbugs related Gradle tasks are temporarily disabled for Java 25 (see https://issues.apache.org/jira/browse/BCEL-377) - zinc upgrade: 1.10.8 -->> 1.11.0 (Java 25 compatibility): https://github.com/sbt/zinc/releases/tag/v1.11.0 - Scala version patch update: 2.13.16 -->> 2.13.17 https://contributors.scala-lang.org/t/scala-2-13-17-release-planning/6994/17 - GitHub Action now supports Java 25 - mockito version upgrade: 5.14.2 -->> 5.20.0 (in order to resolve test issues) - https://issues.apache.org/jira/browse/SOLR-17718 - https://github.com/mockito/mockito/releases/tag/v5.20.0
Contributor
Author
|
@chia7712 Done, PR is rebased 🔁 |
chia7712
reviewed
Oct 7, 2025
Member
chia7712
left a comment
chia7712
left a comment
There was a problem hiding this comment.
@dejan2609 thanks for this patch.
| java: [ 24, 17 ] | ||
| # Make sure these match build.yml and also keep in mind that Java version change in PR is not honored by CI | ||
| # (i.e. GitHub actions build will always use trunk branch version) | ||
| java: [ 25, 17 ] |
Member
There was a problem hiding this comment.
This will be a issue to other active branches. I open https://issues.apache.org/jira/browse/KAFKA-19768 to fix it.
Contributor
Author
There was a problem hiding this comment.
Yes, this is a good idea.
I see that @mingyen066 already took this JIRA ticket, so I can be around and maybe provide some non-binding review 💡
Contributor
Author
|
|
Contributor
Thanks for the PR @dejan2609 . Can you try updating the signature algorithm as I suggested in the JIRA please? Hopefully that should unblock you 🤞 Edit: for posterity, here's the relevant commit in OpenJDK25: openjdk/jdk25u@dfa79c3 |
…SA` to `SHA256withRSA`)
Contributor
Author
|
Update:
|
chia7712
approved these changes
Oct 8, 2025
Contributor
Author
|
Thank you for the merge @chia7712 ! |
Member
|
@dejan2609 thanks for your contribution
it would be helpful to have a jira |
Contributor
Author
@chia7712 Here it is: ➡️ KAFKA-19771 |
Contributor
|
@dejan2609 @chia7712 Just checking — is the plan to use JDK 25 in the release scripts as well, so that it will be used for the upcoming 4.2 release? |
Member
That's a good point. I'll file a patch to address it and also add a comment about using the latest LTS when updating the JDK for CI. |
Contributor
Thanks for the discussion! |
chia7712
pushed a commit
that referenced
this pull request
Oct 19, 2025
…on Java 25 (#20704) Prologue: - #20561 (comment) ___ Related JIRA ticket: KAFKA-19771 details: - spotbugs: 4.9.4 -->> 4.9.8 - spotbugs gradle plugin: 6.2.5 -->> 6.4.4 - spotbugs tasks are enabled for Java 25 related links: - https://github.com/spotbugs/spotbugs/blob/4.9.8/CHANGELOG.md#498---2025-10-18 - https://github.com/spotbugs/spotbugs-gradle-plugin/releases/tag/6.4.4 Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
chia7712
pushed a commit
that referenced
this pull request
Oct 22, 2025
Related discussion:#20561 (comment) This PR primarily upgrades release tooling to JDK 25, and includes two fixes identified while dry-running `release.py` locally. 1. JDK upgrade: Switches `release.py` to run under JDK 25. 2. Pre‑req check false negative in git clean‑state verification task * When running `release.py` with a clean working tree, the script incorrectly failed the pre‑requisite check. ```bash $ git status On branch MINOR-1014 nothing to commit, working tree clean $ python release.py ... FAILURE: Pre-requisite not met: Verifying that you have no unstaged git changes. ``` * Root cause: the checks used `has_unstaged_changes()` / `has_staged_changes()` in a way that treated success as “has changes”. The fix inverts the logic to assert **no** changes. 3. Gradle 9 aggregatedJavadoc failure * With **Gradle 9**, `aggregatedJavadoc` currently fails in parallel mode. ``` FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':aggregatedJavadoc'. > Resolution of the configuration ':connect:compileClasspath' was attempted without an exclusive lock. This is unsafe and not allowed. ``` * The change adds `--no-parallel` for the aggregated Javadoc step to avoid build failures (discussion: #19513 (comment)) Reviewers: Mickael Maison <mickael.maison@gmail.com>, Ming-Yen Chung <mingyen066@gmail.com>, kuoche1712003 <kuoche1712003@gmail.com>, Chia-Ping Tsai <chia7712@gmail.com>
joshua2519
pushed a commit
to joshua2519/kafka
that referenced
this pull request
Oct 27, 2025
Related discussion:apache#20561 (comment) This PR primarily upgrades release tooling to JDK 25, and includes two fixes identified while dry-running `release.py` locally. 1. JDK upgrade: Switches `release.py` to run under JDK 25. 2. Pre‑req check false negative in git clean‑state verification task * When running `release.py` with a clean working tree, the script incorrectly failed the pre‑requisite check. ```bash $ git status On branch MINOR-1014 nothing to commit, working tree clean $ python release.py ... FAILURE: Pre-requisite not met: Verifying that you have no unstaged git changes. ``` * Root cause: the checks used `has_unstaged_changes()` / `has_staged_changes()` in a way that treated success as “has changes”. The fix inverts the logic to assert **no** changes. 3. Gradle 9 aggregatedJavadoc failure * With **Gradle 9**, `aggregatedJavadoc` currently fails in parallel mode. ``` FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':aggregatedJavadoc'. > Resolution of the configuration ':connect:compileClasspath' was attempted without an exclusive lock. This is unsafe and not allowed. ``` * The change adds `--no-parallel` for the aggregated Javadoc step to avoid build failures (discussion: apache#19513 (comment)) Reviewers: Mickael Maison <mickael.maison@gmail.com>, Ming-Yen Chung <mingyen066@gmail.com>, kuoche1712003 <kuoche1712003@gmail.com>, Chia-Ping Tsai <chia7712@gmail.com>
eduwercamacaro
pushed a commit
to littlehorse-enterprises/kafka
that referenced
this pull request
Nov 12, 2025
This patch updates the Apache Kafka project's build, test, and dependency configurations. - Java Version Update: The build and test processes have been upgraded from Java 24 to Java 25. - Scala Version Update: The Scala library version has been updated from 2.13.16 to 2.13.17. - Dependency Upgrades: Several dependencies have been updated to newer versions, including mockito (5.14.2 to 5.20.0), zinc (1.10.8 to 1.11.0), and scala-library/reflect (2.13.16 to 2.13.17). - Code and Configuration Changes: The patch modifies build.gradle to exclude certain Spotbugs tasks for Java 25 compatibility. It also changes the default signing algorithm in TestSslUtils.java from SHA1withRSA to SHA256withRSA, enhancing security. - Documentation: The README.md file has been updated to reflect the new Java 25 requirement. Reviewers: Ismael Juma <ismael@juma.me.uk>, Liam Clarke-Hutchinson <liam@steelsky.co.nz>, Gaurav Narula <gaurav_narula2@apple.com>, Chia-Ping Tsai <chia7712@gmail.com>
eduwercamacaro
pushed a commit
to littlehorse-enterprises/kafka
that referenced
this pull request
Nov 12, 2025
…on Java 25 (apache#20704) Prologue: - apache#20561 (comment) ___ Related JIRA ticket: KAFKA-19771 details: - spotbugs: 4.9.4 -->> 4.9.8 - spotbugs gradle plugin: 6.2.5 -->> 6.4.4 - spotbugs tasks are enabled for Java 25 related links: - https://github.com/spotbugs/spotbugs/blob/4.9.8/CHANGELOG.md#498---2025-10-18 - https://github.com/spotbugs/spotbugs-gradle-plugin/releases/tag/6.4.4 Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
eduwercamacaro
pushed a commit
to littlehorse-enterprises/kafka
that referenced
this pull request
Nov 12, 2025
Related discussion:apache#20561 (comment) This PR primarily upgrades release tooling to JDK 25, and includes two fixes identified while dry-running `release.py` locally. 1. JDK upgrade: Switches `release.py` to run under JDK 25. 2. Pre‑req check false negative in git clean‑state verification task * When running `release.py` with a clean working tree, the script incorrectly failed the pre‑requisite check. ```bash $ git status On branch MINOR-1014 nothing to commit, working tree clean $ python release.py ... FAILURE: Pre-requisite not met: Verifying that you have no unstaged git changes. ``` * Root cause: the checks used `has_unstaged_changes()` / `has_staged_changes()` in a way that treated success as “has changes”. The fix inverts the logic to assert **no** changes. 3. Gradle 9 aggregatedJavadoc failure * With **Gradle 9**, `aggregatedJavadoc` currently fails in parallel mode. ``` FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':aggregatedJavadoc'. > Resolution of the configuration ':connect:compileClasspath' was attempted without an exclusive lock. This is unsafe and not allowed. ``` * The change adds `--no-parallel` for the aggregated Javadoc step to avoid build failures (discussion: apache#19513 (comment)) Reviewers: Mickael Maison <mickael.maison@gmail.com>, Ming-Yen Chung <mingyen066@gmail.com>, kuoche1712003 <kuoche1712003@gmail.com>, Chia-Ping Tsai <chia7712@gmail.com>
Member
@gaurav-narula Thanks for sharing this. I encountered a similar error while running the test on my Fedora server. I will file a patch for 4.1, 4.0, and 3.9 based on your suggestion. |
This was referenced Nov 22, 2025
chia7712
pushed a commit
that referenced
this pull request
Nov 22, 2025
…portLayerTest (#20961) `SHA1withRSA` is disabled in some linux distribution, such as Fedora 43 server, which results in the following error. Hence, this PR adopts the solution suggested by @gaurav-narula in #20561 (comment), which is to use `SHA256withRSA` instead of `SHA1withRSA` ``` Gradle Test Run :clients:test > Gradle Test Executor 28 > Tls13SslFactoryTest > testSslFactoryConfiguration() FAILED org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: (handshake_failure) No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings. at app//org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:105) at app//org.apache.kafka.common.security.ssl.SslFactoryTest.testSslFactoryConfiguration(SslFactoryTest.java:80) at java.base@21.0.9/java.lang.reflect.Method.invoke(Method.java:580) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) ``` Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
chia7712
pushed a commit
to chia7712/kafka
that referenced
this pull request
Nov 22, 2025
…portLayerTest (apache#20961) `SHA1withRSA` is disabled in some linux distribution, such as Fedora 43 server, which results in the following error. Hence, this PR adopts the solution suggested by @gaurav-narula in apache#20561 (comment), which is to use `SHA256withRSA` instead of `SHA1withRSA` ``` Gradle Test Run :clients:test > Gradle Test Executor 28 > Tls13SslFactoryTest > testSslFactoryConfiguration() FAILED org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: (handshake_failure) No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings. at app//org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:105) at app//org.apache.kafka.common.security.ssl.SslFactoryTest.testSslFactoryConfiguration(SslFactoryTest.java:80) at java.base@21.0.9/java.lang.reflect.Method.invoke(Method.java:580) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) ``` Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
chia7712
pushed a commit
that referenced
this pull request
Nov 22, 2025
…portLayerTest (#20961) `SHA1withRSA` is disabled in some linux distribution, such as Fedora 43 server, which results in the following error. Hence, this PR adopts the solution suggested by @gaurav-narula in #20561 (comment), which is to use `SHA256withRSA` instead of `SHA1withRSA` ``` Gradle Test Run :clients:test > Gradle Test Executor 28 > Tls13SslFactoryTest > testSslFactoryConfiguration() FAILED org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: (handshake_failure) No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings. at app//org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:105) at app//org.apache.kafka.common.security.ssl.SslFactoryTest.testSslFactoryConfiguration(SslFactoryTest.java:80) at java.base@21.0.9/java.lang.reflect.Method.invoke(Method.java:580) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) ``` Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
chia7712
pushed a commit
to chia7712/kafka
that referenced
this pull request
Nov 22, 2025
…portLayerTest (apache#20961) `SHA1withRSA` is disabled in some linux distribution, such as Fedora 43 server, which results in the following error. Hence, this PR adopts the solution suggested by @gaurav-narula in apache#20561 (comment), which is to use `SHA256withRSA` instead of `SHA1withRSA` ``` Gradle Test Run :clients:test > Gradle Test Executor 28 > Tls13SslFactoryTest > testSslFactoryConfiguration() FAILED org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: (handshake_failure) No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings. at app//org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:105) at app//org.apache.kafka.common.security.ssl.SslFactoryTest.testSslFactoryConfiguration(SslFactoryTest.java:80) at java.base@21.0.9/java.lang.reflect.Method.invoke(Method.java:580) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) at java.base@21.0.9/java.util.ArrayList.forEach(ArrayList.java:1596) ``` Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
TaiJuWu
pushed a commit
to TaiJuWu/kafka
that referenced
this pull request
Dec 3, 2025
…on Java 25 (apache#20704) Prologue: - apache#20561 (comment) ___ Related JIRA ticket: KAFKA-19771 details: - spotbugs: 4.9.4 -->> 4.9.8 - spotbugs gradle plugin: 6.2.5 -->> 6.4.4 - spotbugs tasks are enabled for Java 25 related links: - https://github.com/spotbugs/spotbugs/blob/4.9.8/CHANGELOG.md#498---2025-10-18 - https://github.com/spotbugs/spotbugs-gradle-plugin/releases/tag/6.4.4 Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
TaiJuWu
pushed a commit
to TaiJuWu/kafka
that referenced
this pull request
Dec 3, 2025
Related discussion:apache#20561 (comment) This PR primarily upgrades release tooling to JDK 25, and includes two fixes identified while dry-running `release.py` locally. 1. JDK upgrade: Switches `release.py` to run under JDK 25. 2. Pre‑req check false negative in git clean‑state verification task * When running `release.py` with a clean working tree, the script incorrectly failed the pre‑requisite check. ```bash $ git status On branch MINOR-1014 nothing to commit, working tree clean $ python release.py ... FAILURE: Pre-requisite not met: Verifying that you have no unstaged git changes. ``` * Root cause: the checks used `has_unstaged_changes()` / `has_staged_changes()` in a way that treated success as “has changes”. The fix inverts the logic to assert **no** changes. 3. Gradle 9 aggregatedJavadoc failure * With **Gradle 9**, `aggregatedJavadoc` currently fails in parallel mode. ``` FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':aggregatedJavadoc'. > Resolution of the configuration ':connect:compileClasspath' was attempted without an exclusive lock. This is unsafe and not allowed. ``` * The change adds `--no-parallel` for the aggregated Javadoc step to avoid build failures (discussion: apache#19513 (comment)) Reviewers: Mickael Maison <mickael.maison@gmail.com>, Ming-Yen Chung <mingyen066@gmail.com>, kuoche1712003 <kuoche1712003@gmail.com>, Chia-Ping Tsai <chia7712@gmail.com>
shashankhs11
pushed a commit
to shashankhs11/kafka
that referenced
this pull request
Dec 15, 2025
This patch updates the Apache Kafka project's build, test, and dependency configurations. - Java Version Update: The build and test processes have been upgraded from Java 24 to Java 25. - Scala Version Update: The Scala library version has been updated from 2.13.16 to 2.13.17. - Dependency Upgrades: Several dependencies have been updated to newer versions, including mockito (5.14.2 to 5.20.0), zinc (1.10.8 to 1.11.0), and scala-library/reflect (2.13.16 to 2.13.17). - Code and Configuration Changes: The patch modifies build.gradle to exclude certain Spotbugs tasks for Java 25 compatibility. It also changes the default signing algorithm in TestSslUtils.java from SHA1withRSA to SHA256withRSA, enhancing security. - Documentation: The README.md file has been updated to reflect the new Java 25 requirement. Reviewers: Ismael Juma <ismael@juma.me.uk>, Liam Clarke-Hutchinson <liam@steelsky.co.nz>, Gaurav Narula <gaurav_narula2@apple.com>, Chia-Ping Tsai <chia7712@gmail.com>
shashankhs11
pushed a commit
to shashankhs11/kafka
that referenced
this pull request
Dec 15, 2025
…on Java 25 (apache#20704) Prologue: - apache#20561 (comment) ___ Related JIRA ticket: KAFKA-19771 details: - spotbugs: 4.9.4 -->> 4.9.8 - spotbugs gradle plugin: 6.2.5 -->> 6.4.4 - spotbugs tasks are enabled for Java 25 related links: - https://github.com/spotbugs/spotbugs/blob/4.9.8/CHANGELOG.md#498---2025-10-18 - https://github.com/spotbugs/spotbugs-gradle-plugin/releases/tag/6.4.4 Reviewers: Chia-Ping Tsai <chia7712@gmail.com>
shashankhs11
pushed a commit
to shashankhs11/kafka
that referenced
this pull request
Dec 15, 2025
Related discussion:apache#20561 (comment) This PR primarily upgrades release tooling to JDK 25, and includes two fixes identified while dry-running `release.py` locally. 1. JDK upgrade: Switches `release.py` to run under JDK 25. 2. Pre‑req check false negative in git clean‑state verification task * When running `release.py` with a clean working tree, the script incorrectly failed the pre‑requisite check. ```bash $ git status On branch MINOR-1014 nothing to commit, working tree clean $ python release.py ... FAILURE: Pre-requisite not met: Verifying that you have no unstaged git changes. ``` * Root cause: the checks used `has_unstaged_changes()` / `has_staged_changes()` in a way that treated success as “has changes”. The fix inverts the logic to assert **no** changes. 3. Gradle 9 aggregatedJavadoc failure * With **Gradle 9**, `aggregatedJavadoc` currently fails in parallel mode. ``` FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':aggregatedJavadoc'. > Resolution of the configuration ':connect:compileClasspath' was attempted without an exclusive lock. This is unsafe and not allowed. ``` * The change adds `--no-parallel` for the aggregated Javadoc step to avoid build failures (discussion: apache#19513 (comment)) Reviewers: Mickael Maison <mickael.maison@gmail.com>, Ming-Yen Chung <mingyen066@gmail.com>, kuoche1712003 <kuoche1712003@gmail.com>, Chia-Ping Tsai <chia7712@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch updates the Apache Kafka project's build, test, and
dependency configurations.
from Java 24 to Java 25.
2.13.16 to 2.13.17.
versions, including mockito (5.14.2 to 5.20.0), zinc (1.10.8 to 1.11.0),
and scala-library/reflect (2.13.16 to 2.13.17).
exclude certain Spotbugs tasks for Java 25 compatibility. It also
changes the default signing algorithm in TestSslUtils.java from
SHA1withRSA to SHA256withRSA, enhancing security.
Java 25 requirement.
Reviewers: Ismael Juma ismael@juma.me.uk, Liam Clarke-Hutchinson
liam@steelsky.co.nz, Gaurav Narula gaurav_narula2@apple.com,
Chia-Ping Tsai chia7712@gmail.com