Release 88.4: Security, Performance and Resizable Columns

Thursday, April 14th, 2022 by Factor House

Release Info

Kpow can be found on Dockerhub

docker pull operatr/kpow:88.4

View our Docker quick start here.

Kpow v88.4 brings nice new UI features including resizable columns and easy JSON export of tabular data. The results of a recent security audit bring improved websocket security and user session management configuration. Finally, we have reduced the local topic disk usage and CPU consumption.

This release blog provides details of both the 88.3 and 88.4 releases.

Table UI Improvements

Sometimes it's the little things.

Two often requested features of Kpow are the ability to download tabular information easily and to be able to resize columns for easy access to data.

Security Improvements

A recent security audit provided valuable feedback, with some minor improvements incorporated into Kpow v88.4.

Websocket Same-Origin Protection

The Kpow UI makes use of websockets and when a user session starts a websocket connection upgrade occurs in your browser.

It is now possible to restrict the websocket upgrade request with a same-origin policy.

To apply same-origin header checking to the websocket upgrade request configure the user-facing scheme, host, and (optional) port of the Kpow instance like so:

WS_ALLOWED_ORIGINS=https://kpow.mycorp:3000

Kpow websockets are also protected by CSRF tokens, same-origin checking is an optional extra setting. The default allowed origins are '*', in part because Kpow is often deployed in a manner that it is impossible for Kpow to determine the user-facing host of its own instance.

Concurrent User Login Controls

Kpow v88.4 introduces the ability to optionally detect and block concurrent logins to the same user account.

ALLOW_CONCURRENT_LOGIN=false

Concurrent sessions are allowed by default.

User Session Max Age

Kpow v88.4 provides a new configuration parameter to control the maximum user session age.

SESSION_MAX_AGE=-1

The default max age is -1, which means no expiry. You may manage this session age via the identity provide integrated with Kpow (e.g. Okta, etc). However if you are using Kpow with LDAP this new parameter allows you to evict session after a set period in seconds.

Performance Improvements

We continuously monitor, stress, and record metrics about Kpow's performance in multi-cluster, multi-connect, multi-schema environment.

Recent observations let us to performance improvements that reduce Kpow local topic disk usage by 75% and CPU usage by 50%.

Confluent Cloud Disk Usage

We recently detected that our internal topics were not being compressed in Confluent Cloud due to limitations on configuration that we rely on as default.

Kpow 88.4 brings performance improvements that drop disk usage in a Confluent Cloud environment by 95%.

Release v88.4 Changelog

See the Factor House Product Roadmap to understand current delivery priorities.

Kpow v88.4 Changelog

See the full Kpow Changelog for information on previous releases

  • Security improvement, reduce visibility of application functionality per RBAC rules.
  • Fix connect task actions bug
  • Fix schema subject actions bug
  • Fix Java 8 KpowLdapLoginModule bug
  • Improve connect UI labels
  • Schema and connect table to react-virtualized
  • Kpow application logs are JSON formatted
  • Improve UI to allow table export to JSON
  • Improve UI support dynamic table column resizing
  • Security improvement, optional disallow concurrent login
  • Security improvement, improved websocket CSRF and same-origin impl
  • Security improvement, LDAP session max age configuration
  • Reduce Kpow topic disk usage by 75%
  • Reduce Kpow CPU usage by 50%
  • Reduce Kpow Confluent Cloud topic disk usage by 95%
  • Support UUID literal in EDN data format
Performance
Security
UI
Websocket