- update to 2.0.2:
* OffsetFetch Protocol Update (#3995).
* Add Consumer Group operations to Admin API (started by @lesterfan, #3995).
* Allow listing consumer groups per state (#3995).
* Partially implemented: support for AlterConsumerGroupOffsets
* OpenSSL 3.0.x support - the maximum bundled OpenSSL version is now 3.0.7 (previously 1.1.1q).
* Fixes to the transactional and idempotent producer.
* The introduction of OpenSSL 3.0.x in the self-contained librdkafka
bundles changes the default set of available ciphers, in particular all obsolete
or insecure ciphers and algorithms as listed in the OpenSSL legacy
manual page are now disabled by default.
Should you need to use any of these old ciphers you'll need to
explicitly enable the `legacy` provider by configuring
`ssl.providers=default,legacy` on the librdkafka client.
OpenSSL 3.0.x deprecates the use of engines, which is being replaced by
providers. As such librdkafka will emit a deprecation warning if
`ssl.engine.location` is configured. OpenSSL providers may be
configured with the new `ssl.providers` configuration property.
The default value for `ssl.endpoint.identification.algorithm` has been
changed from `none` (no hostname verification) to `https`, which enables
broker hostname verification (to counter man-in-the-middle
impersonation attacks) by default. To restore the previous behaviour, set
`ssl.endpoint.identification.algorithm` to `none`.
* The Consumer Batch APIs `rd_kafka_consume_batch()` and
`rd_kafka_consume_batch_queue()` are not thread safe if
`rkmessages_size` is greater than 1 and any of the **seek**,
**pause**, **resume** or **rebalancing** operation is performed in
parallel with any of the above APIs. Some of the messages might be
lost, or erroneously returned to the application, in the above scenario.
* It is strongly recommended to use the Consumer Batch APIs and the