Apache Kafka®
Apache®, Apache Kafka®, are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.
TuxCare's Endless Lifecycle Support (ELS) for Apache Kafka® provides security patches, and selected bug fixes, that are integral to the stable operation of applications running on Apache Kafka®.
Supported Versions
- Apache Kafka® 3.2.3
Connection to ELS for Apache Kafka® Repository
This guide outlines the steps needed to integrate the TuxCare ELS for Apache Kafka® repository into your Java application. The repository provides trusted Java libraries that can be easily integrated into your Maven and Gradle projects.
Step 1: Get user credentials
You need username and password in order to use TuxCare ELS Apache Kafka® repository. Anonymous access is disabled. To receive username and password please contact sales@tuxcare.com.
Step 2: Configure Registry
Navigate to the directory depending on your operating system.
- Windows
Maven: C:\Users\{username}\.m2 Gradle: C:\Users\{username}\.gradle- macOS
Maven: /Users/{username}/.m2 Gradle: /Users/{username}/.gradle- Linux
Maven: /home/{username}/.m2 Gradle: /home/{username}/.gradleAdd the TuxCare repository and plugin repository to your build configuration.
For Maven, you may choose any valid
<id>value instead oftuxcare-registry, but the same value must be used in bothsettings.xmlandpom.xml.<?xml version="1.0" encoding="UTF-8"?> <settings xmlns="http://maven.apache.org/SETTINGS/1.1.0"> <servers> <server> <id>tuxcare-registry</id> <username>USERNAME</username> <password>PASSWORD</password> </server> </servers> </settings>Here
USERNAMEandPASSWORDare your credentials mentioned in the Step 1.
Step 3: Update Build Configuration
Add the TuxCare Apache Kafka® repository and plugins to your build configuration:
<repositories>
<repository>
<id>tuxcare-registry</id>
<url>https://nexus.repo.tuxcare.com/repository/els_spring/</url>
</repository>
</repositories>- To fully switch from the official Apache Kafka® repository, replace it with the TuxCare repository.
- To keep both, add TuxCare after the official one.
Example Maven and Gradle projects are available on GitHub. Remember to set the required environment variables.
Step 4: Update Dependencies
Replace the Apache Kafka® dependencies in your build file with the TuxCare-maintained versions to cover both direct and transitive dependencies.
You can find a specific artifact version in your TuxCare account on Nexus (anonymous access is restricted).
<dependencies>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>3.2.3.tuxcare.1</version>
</dependency>
</dependencies>Step 5: Verify and Build
To confirm the TuxCare Apache Kafka® repository is set up correctly, use your build tool to list the project's dependencies. It shows both direct and transitive dependencies in the classpath.
mvn dependency:tree -DverboseAfter reviewing the dependencies, include any library from the repository into your project and then run a build:
mvn clean install
The build tool you're using should be able to identify and resolve dependencies from the TuxCare ELS for Apache Kafka® repository.
Conclusion
You've successfully integrated the TuxCare ELS for Apache Kafka® repository into your project. You can now benefit from the secure and vetted Apache Kafka® libraries it provides.
Vulnerability Exploitability eXchange (VEX)
VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives, helps prioritize real risks.
TuxCare provides VEX for Apache Kafka® ELS versions: security.tuxcare.com/vex/cyclonedx/els_lang_java/org.apache.kafka/.
How to Upgrade to a Newer Version of TuxCare Packages
If you have already installed a package with a tuxcare.1 suffix and want to upgrade to a newer release (for example, tuxcare.3), you need to update version strings in your Maven or Gradle build file.
