Kpow Release 96.1 June 5, 2026
Factor Platform, performance improvements and new features in Kpow and Flex
Show changelog Hide changelog
- Update to JVM 25 and Jetty 12.1
- Introduce data lineage derived from schema registry metadata
- Introduce new 'Clone to topic' function for message replay without modification
- Introduce wildcard '*' action for RBAC policies
- Introduce
SNAPSHOT_CONFIG_PERIOD_MSto provide configurable config period - Introduce
JETTY_SECURE_COOKIEflag to require secure cookies when ssl terminated at proxy - Improve UI behavior and performance with large datasets and long field-names
- Improve broker and topic filtering when viewing consumer groups
- Improve tenant materialization performance
- Fix empty consumer count by removing simple consumers from the empty consumer total
- Fix simple consumer topic summary information
- Fix OpenID Connect authentication error when presented with an overage claim
- Fix sort-by columns for consumer topic, host, and broker views
- Fix potential OOM when supporting a high number of concurrent users
- Fix simple consumer offset-reset function
CVE Resolved
- CRITICAL CVE-2026-4140 org.apache.mina:mina-core
- CRITICAL CVE-2026-4163 org.apache.mina:mina-core
- CRITICAL CVE-2026-4277 org.apache.mina:mina-core
- CRITICAL CVE-2026-4277 org.apache.mina:mina-core
- CRITICAL CVE-2026-4202 org.apache.opennlp:opennlp-tools
- CRITICAL CVE-2026-4068 org.apache.opennlp:opennlp-tools
- HIGH CVE-2026-4258 io.netty:netty-codec
- HIGH CVE-2026-4257 io.netty:netty-codec-dns
- HIGH CVE-2026-4258 io.netty:netty-codec-http
- HIGH CVE-2026-4258 io.netty:netty-codec-http
- HIGH CVE-2026-4258 io.netty:netty-codec-http2
- HIGH CVE-2026-34480 org.apache.logging.log4j
- HIGH CVE-2026-34478 org.apache.logging.log4j
- HIGH CVE-2026-4244 org.apache.opennlp:opennlp-tools
- HIGH CVE-2026-233 org.eclipse.jetty:jetty-http
- MEDIUM CVE-2026-4258 io.netty:netty-codec-http
- MEDIUM CVE-2026-4258 io.netty:netty-codec-http
- MEDIUM CVE-2026-4258 io.netty:netty-codec-http
- MEDIUM CVE-2026-4141 io.netty:netty-codec-http
- MEDIUM CVE-2026-686 io.vertx:vertx-core
- MEDIUM CVE-2026-3447 org.apache.logging.log4j:log4j-1.2-api
- MEDIUM CVE-2026-3447 org.apache.logging.log4j:log4j-core
- MEDIUM CVE-2026-3447 org.apache.logging.log4j:log4j-core
- MEDIUM CVE-2026-3448 org.apache.logging.log4j:log4j-core
- MEDIUM CVE-2024-676 org.eclipse.jetty:jetty-http
- LOW CVE-2026-4257 io.netty:netty-handler-proxy
- LOW CVE-2025-1114 org.eclipse.jetty:jetty-http