The GitHub Actions job "CI" on fluss.git/add-replication-control-authorization has failed. Run started by GitHub user vaibhavk1992 (triggered by vaibhavk1992).
Head commit for run: 742bd61dae8e998ace8423dc280350860db10317 / vaibhav kumar <[email protected]> [server] Fix internal RPC authorization - reject all external sessions Previous implementation allowed external clients with CLUSTER/WRITE permission to call internal replication control RPCs (notifyLeaderAndIsr, updateMetadata, stopReplica, adjustIsr), which could corrupt cluster metadata. Changed all 4 RPCs to strictly reject ANY external session, regardless of permissions. These RPCs are now truly internal-only (session.isInternal() must be true). Updated testInternalReplicationControlAuthorization to verify rejection of external sessions (including super users) without attempting operations that would corrupt cluster state. Fixes security vulnerability where external clients could send malformed metadata updates. Co-Authored-By: Claude Sonnet 4.5 <[email protected]> Report URL: https://github.com/apache/fluss/actions/runs/26048117927 With regards, GitHub Actions via GitBox
