Upstream Quarkus is currently using Kafka version 4.1.1, but during productization we consume the Kafka built by another Red Hat team and the version produced was 4.1.0.redhat-00006. This version is actually upstream Kafka 4.1.1 + a CVE fix (yet to be disclosed) on top. The Kafka team confirmed to us the productized version of 4.1.0 is binary compatible with the upstream 4.1.1.

I'm creating this Jira so QE is aware that when we deliver 3.32.ER and 3.33.ER/CR there would be probably a failure in the job that compares the product BOM with upstream BOM, but that is expected.