September 2025
Confluent Cloud RBAC, policy migration, and rule diagnostics
Self-service RBAC role bindings for Confluent Cloud. Migrate legacy topic policies to CEL. Rule validation shows exactly where and why failures occur.
Create Confluent Cloud RBAC bindings through self-service
Self-service applications targeting Confluent Cloud now create native RBAC role bindings instead of Kafka ACLs. Permissions appear directly in Confluent Cloud without manual role assignments. Learn about self-service →
Migrate legacy topic policies to CEL
Convert legacy topic policies to CEL-based resource policies. Migration creates new policies with descriptions of their origin. Learn about Gateway policies →
See exactly where and why rules fail
Rule testing now highlights errors directly in the editor with the error path and reason. Hover over the icon to see what went wrong.
Add custom violation messages to rules
Attach custom messages to rules so violations explain themselves. When a message fails, users see why in plain language.
Example: Instead of "Schema validation failed," show "This event is missing the required user_id field."
Learn about data quality policies →
Handle different decryption failure types
Gateway now distinguishes between decryption error types:
- Retryable errors (temporary KMS or Schema Registry outage): throttled rather than failing fast
- Fatal errors (misconfiguration): flagged clearly, not lost in retries
- Key not found (crypto-shredding): surfaced explicitly to distinguish recoverable vs permanent inaccessibility
Download Partner Zone CA certificates directly
Download the CA certificate directly from the Partner Zone page instead of navigating multiple screens to gather connection details. Learn about Partner Zones →
For a full list of changes, read the complete release notes.
Enjoying the new features? Share your experience on G2