Release Notes - Kafka - Version 3.9.2

Below is a summary of the JIRA issues addressed in the 3.9.2 release of Kafka. For full documentation of the release, a guide to get started, and information about the project, see the Kafka project site.

Note about upgrades: Please carefully review the upgrade documentation for this release thoroughly before upgrading your cluster. The upgrade notes discuss any critical information about incompatibilities and breaking changes, performance changes, and any other changes that might impact your production deployment of Kafka.

The documentation for the most recent release can be found at https://kafka.apache.org/documentation.html.

Improvement

  • [KAFKA-12456] - Log "Listeners are not identical across brokers" message at WARN/INFO instead of ERROR
  • [KAFKA-18168] - GlobalKTable does not checkpoint restored offsets until next 10K events
  • [KAFKA-19494] - Undeprecate JoinGroup V0 & V1 in 3.x
  • [KAFKA-19751] - Fix the "6.6 Java Version" for branch 3.9
  • [KAFKA-19876] - Replace the base image since openjdk image is deprecated
  • [KAFKA-19897] - Add support for Java 25 in 3.9 branch
  • [KAFKA-19966] - Upgrade commons-validator to 1.10.1

    • Bug

  • [KAFKA-17076] - logEndOffset could be lost due to log cleaning
  • [KAFKA-17632] - Custom `partitioner.class` with an even number of partitions always writes to even partitions if use RoundRobinPartitioner
  • [KAFKA-17941] - TransactionStateManager.loadTransactionMetadata method may get stuck in an infinite loop
  • [KAFKA-18345] - Investigate if binaryExponentialElectionBackoffMs can be removed or improved
  • [KAFKA-19012] - Messages ending up on the wrong topic
  • [KAFKA-19026] - AlterConfigPolicy incompatibility between ZK mode and KRaft mode when using AlterConfigOp.OpType.SUBTRACT/APPEND
  • [KAFKA-19242] - Fix commit bugs caused by race condition during rebalancing.
  • [KAFKA-19334] - MetadataShell bypasses file lock unexpectedly due to lock file deletion
  • [KAFKA-19359] - [8.8] [CVE-2025-48734] [commons-beanutils] [1.9.4]
  • [KAFKA-19390] - AbstractIndex#resize() does not release old mmap on Linux
  • [KAFKA-19439] - OffsetFetch API does not return group level errors correctly with version 1 for 4.0 and 3.9
  • [KAFKA-19479] - at_least_once mode in Kafka Streams silently drops messages when the producer fails with MESSAGE_TOO_LARGE, violating delivery guarantees
  • [KAFKA-19480] - KRaft migration hangs when /migration has null value
  • [KAFKA-19510] - Kafka Streams does not always release lock when adding or removing threads multiple times
  • [KAFKA-19520] - Bump Commons-Lang for CVE-2025-48924
  • [KAFKA-19529] - State updater does not always seem to remove all metrics
  • [KAFKA-19561] - Request Timeout During SASL Reauthentication Due to Missed OP_WRITE interest set
  • [KAFKA-19690] - Unexpected Fatal error InvalidTxnStateException on Kafka Streams (KIP-890)
  • [KAFKA-19719] - setting --no-initial-controllers flag should not validate kraft version against metadata version
  • [KAFKA-19724] - Global stream thread ignores all exceptions
  • [KAFKA-19930] - GlobalThread fails with NPE trying to use unsupported ProcessingExceptionHandler
  • [KAFKA-19951] - switch lz4-java to at.yawk.lz4 version due to CVE
  • [KAFKA-19988] - KRaft migration doc should account for ZK cluster id with a leading dash
  • [KAFKA-19990] - NPE on handling an AllocateProducerIdsResponse
  • [KAFKA-19994] - TaskManager may not close all tasks on task timeouts
  • [KAFKA-20027] - Fix the broken 'quickstart' link on the connector page
  • [KAFKA-20069] - Release script cannot update templateData.js

    • Task

  • [KAFKA-20042] - Upgrade Jose4J to remediate CVE-2024-29371