Applies To
Applies To: Confluent Platform versions equal to or higher than 8.2.1, 8.1.3, 8.0.5, 7.9.7, 7.8.8, 7.7.9, 7.6.11, 7.5.14, 7.4.15 and io.confluent.kafka-json-schema-serializer versions 8.2.1, 8.1.3, 8.0.5, 7.9.7, 7.8.8, 7.7.9, 7.6.11, 7.5.14, 7.4.15
Impacted CP Components: Kafka Connect, Custom Kafka clients using kafka-json-schema-serializer
Related advisory: CONFSA-2026-06: Confluent Cloud and Confluent Platform: Arbitrary Class Instantiation via JSON Schema Deserialization
Overview
Confluent Platform releases and io.confluent.kafka-json-schema-serializer versions mentioned above introduce a new configuration property json.type.allowed.packages to address a security issue. After upgrading, you should explicitly set this property on components called out below, that use the JSON Schema deserializer. This will let you control which Java classes may be instantiated during deserialization.
Note: The default value is * (allow all), which preserves backward compatibility but is not a secure setting. This article explains how to configure the property for each affected component.
Affected components — action required
| Component | Where to configure |
| Kafka Connect — any connector using io.confluent.connect.json.JsonSchemaConverter See this | Individual Connector config or connect-distributed.properties |
| Custom code using io.confluent.kafka-json-schema-serializer directly | Application config passed to KafkaJsonSchemaDeserializer |
Unaffected CP components — no action needed
| Component | Why no action is needed |
| REST Proxy (v2) | json.type.allowed.packages="" is set as the default. |
| ksqlDB | json.type.allowed.packages="" is set as the default. |
Option 1 — Block all javaType resolution (most secure)
Set the property to an empty string. This disables javaType resolution entirely. Any message whose registered JSON Schema contains a javaType field will be rejected at deserialization time with a SerializationException.
Use this option if your schemas do not rely on javaType to target specific Java types during deserialization. .
Kafka Connect — connector-level config
Set on each connector that uses JsonSchemaConverter as its value or key converter:
value.converter=io.confluent.connect.json.JsonSchemaConverter
value.converter.json.type.allowed.packages=
key.converter=io.confluent.connect.json.JsonSchemaConverter
key.converter.json.type.allowed.packages=Kafka Connect — worker-level config (applies to all connectors on the worker)
Add to connect-distributed.properties or connect-standalone.properties:
value.converter.json.type.allowed.packages=
key.converter.json.type.allowed.packages=Note: Worker-level config takes precedence over connector-level config.
Custom code
Pass the property when configuring KafkaJsonSchemaDeserializer or KafkaConsumer:
props.put("json.type.allowed.packages", "");Or in a properties file:
json.type.allowed.packages=Option 2 — Allow specific packages (allowlist)
Set the property to a comma-separated list of package prefixes. Only classes whose fully qualified name starts with one of the listed prefixes will be allowed. All other classes will be rejected.
Use this option if your application depends on javaType to deserialize messages into specific domain model classes.
Kafka Connect — connector-level config
value.converter=io.confluent.connect.json.JsonSchemaConverter
value.converter.json.type.allowed.packages=com.mycompany.models,com.mycompany.events
key.converter=io.confluent.connect.json.JsonSchemaConverter
key.converter.json.type.allowed.packages=com.mycompany.keysCustom code
props.put("json.type.allowed.packages", "com.mycompany.models,com.mycompany.events");Tip: Use the most specific package prefix that covers your model classes. Avoid broad prefixes such as com or org that would include third-party libraries.
Configuration reference
| Property | Scope | Default | Recommended |
| json.type.allowed.packages | Deserializer / custom code | * (allow all) | "" (empty — block all) |
| value.converter.json.type.allowed.packages | Connect connector or worker | * | "" |
| key.converter.json.type.allowed.packages | Connect connector or worker | * | "" |
Accepted values:
- "" (empty) — block all javaType resolution
- * — allow all classes (default; not recommended after upgrade)
- com.example.models — allow only classes in this package and its sub-packages
- com.example.models,com.example.events — allow multiple packages
Verifying the configuration is active
After applying the configuration and restarting the affected component, produce a test message using a schema that contains a javaType field. If the property is configured correctly, the deserializer will reject the message and log a SerializationException similar to the following:
SerializationException: javaType resolution is disabled
(json.type.allowed.packages is empty); refusing to load class <classname>or, for the allowlist case:
SerializationException: Class <classname> is not in json.type.allowed.packagesIf neither message appears and the message is processed without error, verify that the configuration was applied to the correct component and that it has been restarted.
Further reading
- https://docs.confluent.io/platform/current/schema-registry/fundamentals/serdes-develop/serdes-json.html
- https://developer.confluent.io/courses/kafka-connect/how-connectors-work/#converters-serializedeserialize-the-data
- https://docs.confluent.io/platform/current/connect/userguide.html#configuring-key-and-value-converters
- https://docs.confluent.io/platform/current/schema-registry/connect.html#json-schema