Status

Current state: Approved

Discussion thread: here

Vote thread: here

JIRA: here

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

Apache Kafka currently includes support for MX4J, a library that enables exposing JMX beans over HTTP.

This feature adds maintenance burden and potential security concerns while providing no apparent value to the Kafka community.

1. Disabled by default: requires manual activation via -Dkafka_mx4jenable=true
2. Completely undocumented: there is no official Kafka documentation on how to activate this feature
3. Potentially vulnerable: it is not maintained and last release was on October 12, 2006 (18 years ago)
4. Apparently unused: a 2016 query on the Kafka users mailing list received no responses

Nowadays, the Prometheus JMX Exporter is a popular choice for Kafka monitoring, offering seamless integration with contemporary monitoring stacks such as Prometheus and Grafana.

A closer alternative to MX4j is Jolokia (RESTful JSON API) paired with Hawtio (web-based management console).

These alternatives operates through Java agents and relies solely on JMX exposure without requiring additional Kafka-specific support.

Public Interfaces

The kafka_mx4jenable system property handling logic will be first deprecated and then removed.

Proposed Changes

Add deprecation annotation and warning log to the Mx4jLoader class. The warning will be logged only when MX4j is enabled.

Compatibility, Deprecation, and Migration Plan

Phase 1 (Kafka 4.2): deprecation

• Mark MX4j-related code as deprecated
• Log deprecation warning when MX4j is enabled
• Add release note to inform that it was deprecated

Phase 2 (Kafka 5.0): removal

• Remove all MX4j-related code
• Add release note to inform that it was removed

Test Plan

No test is present and none will be added for a deprecated feature.

Rejected Alternatives

There is no rejected alternative.