Factor House | Blog | Release 92.4: Kpow WCAG 2.1 AA Accessibility Compliance

Our mission at Factor House is to empower every engineer in the streaming tech space with superb tooling.

We are pleased to report that Kpow for Apache Kafka has achieved WCAG 2.1 AA accessibility compliance, confirmed and audited by an independent accessibility consultancy.

Kpow is the first Kafka UI to achieve WCAG 2.1 AA compliance and the only Kafka UI with a published VPAT (Voluntary Product Accessibility Template) report.

Kpow Community Edition achieves the same high standard of accessibility compliance as our commercially available products, and is free to use both by individuals and organisations, making accessible Kafka tooling available to everyone!

Release 92.4 also introduces new features for Kafka Connect, new features for Confluent Schema Registry, resolves a security advisory around Weak SSL/TLS Key Exchange, and fixes a number of minor bugs. See below for details of each and a full release changelog.

Product Accessibility at Factor House

As a part of our commitment to quality engineering, each future release of Kpow for Apache Kafka by Factor House will have a corresponding VPAT report published.

Flex for Apache Flink will achieve WCAG 2.1 AA compliance in April 2024, after which all Factor House product releases will contain a published VPAT report.

Kpow WCAG 2.1 AA Accessibility Compliance

Release 92.4 concludes a 12-month program of work in which the Factor House team resolved over 100 accessibility tickets.

We learned an enormous amount through the audits, workshops, issues, and expert guidance provided by the team at AccessibilityOz.

AccessibilityOz follow an exacting approach to accessibility audits. Their work includes testing with automated accessibility testing tool OzART, manual testing, testing with screen readers (JAWS, NVDA, VoiceOver, TalkBack), and color contrast analysis testing using TPG Colour Contrast Analyser.

We understand accessibility is not a tick-box, there remain areas where we can improve. We're committed to maintaing and working through accessibility tickets to further improve our products. As always, we welcome bug reports from our users.

See Kpow's Accessibility Documentation and VPAT for more details, including guides to using Factor House products with screen readers and keyboard shortcuts.

Kpow For Apache Kafka Topic UI Accessibility Report

Kafka Connect Features

Release 92.4 introduces the ability to secure Kafka Connect connections with mTLS, see our Kafka Connect documentation for details.

This release also introduces the ability to 'STOP' Kafka Connectors, a new feature in Kafka 3.6.0 that is now available in Kpow.

Confluent Schema Registry Features

Confluent introduced changes to the streams governance pricing on March 04, 2024:

Effective March 4, the free schema limit in Stream Governance Essentials will be 100 schemas per environment. Schemas over the free schema limit will be billed at a rate of $0.002/schema/hour.
Because you have active environments over the 100 schema limit, we will credit your Confluent Cloud account to cover 90 days of new schema charges based on your current schema count.

We have 55 schemas in our demo environment Confluent Schema Registry but were notified that we would be billed for excess schema.

Then we realised Confluent must be intent on charging us for soft-deleted schema.

When you delete a schema in Confluent Schema Registry it is not actually deleted, just marked for deletion and considered 'soft-deleted'. We had 269 soft-deleted schema just hanging around waiting to cost us money.

The new 'permanent delete' schema function allowed us to bulk delete 269 schema in seconds, saving us ~US$170/mo in excess charges in this one environment alone.

Weak SSL/TLS Key Exchange Security Advisory

A recent security advisory resulting from a Qualsys scan raised an issue regarding potential weak ciphers being available in Kpow's SSL handshake.

Note: these ciphers only apply to you if you are using Kpow's in-built HTTPS UI serving capabilities.

Finding: Weak SSL/TLS Key Exchange

Result:

PROTOCOL  CIPHER                      GROUP   KEY-SIZE   FORWARD-SECRET   CLASSICAL-STRENGTH   QUANTUM-STRENGTH
TLSv1.2   DHE-RSA-AES256-GCM-SHA384   DHE     1024       yes              80                   low
TLSv1.2   DHE-RSA-AES128-GCM-SHA256   DHE     1024       yes              80                   low
TLSv1.2   DHE-RSA-AES256-SHA256       DHE     1024       yes              80                   low
TLSv1.2   DHE-RSA-AES128-SHA256       DHE     1024       yes              80                   low

These ciphers are now removed by default in v92.4 of Kpow, if you rely on these ciphers and are comfortable retaining them you can revert back to previous Kpow behaviour by setting the following environment variable:

HTTPS_CIPHER_SET=v1

Release v92.4 Changelog

See the Factor House Product Roadmap to understand current delivery priorities.

Kpow v92.4 Changelog

See the full Kpow Changelog for information on previous releases

Introduce WCAG 2.1 AA compliance, closing 100+ externally audited UI tickets
Introduce feature to manage soft-deleted schemas in Confluent Schema Registry
Introduce feature to support 'STOP' state in Kafka Connect connectors
Introduce configuration to secure Kafka Connect connections with mTLS
Introduce configuration HTTPS_PROXY for proxied client connections
Improve heatmap contrast colours
Improve mutation error message messaging
Improve ksqlDB config/host misconfiguration logging
Fix Weak SSL/TLS Key Exchange security advisory
Fix Jetty authentication page visibility bug
Fix ksqlDB multi-resource select bug
Fix streams agent sanitise ID issue

Flex v92.4 Changelog

See the full Flex Changelog for information on previous releases

Introduce WCAG 2.1 AA compliance, closing 100+ externally audited UI tickets
Improve heatmap contrast colours
Fix Weak SSL/TLS Key Exchange security advisory
Fix Jetty authentication page visibility bug