[jira] [Updated] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Lucas Brutschy (Jira) Tue, 18 Feb 2025 01:46:20 -0800


     [ 
https://issues.apache.org/jira/browse/KAFKA-18819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Lucas Brutschy updated KAFKA-18819:
-----------------------------------
    Description: StreamsGroupHeartbeat API and StreamsGroupDescribe API must 
check topic describe to ensure that we don't leak topic information to clients 
without the required permissions. The simplest approach seems to filter out 
unauthorised topics from the responses of those APIs.  (was: 
StreamsGroupHeartbeat API and ConsumerGroupDescribe API must check topic 
describe to ensure that we don't leak topic information to clients without the 
required permissions. The simplest approach seems to filter out unauthorised 
topics from the responses of those APIs.)

> StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic 
> describe
> --------------------------------------------------------------------------------
>
>                 Key: KAFKA-18819
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18819
>             Project: Kafka
>          Issue Type: Sub-task
>            Reporter: Lucas Brutschy
>            Priority: Major
>
> StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic 
> describe to ensure that we don't leak topic information to clients without 
> the required permissions. The simplest approach seems to filter out 
> unauthorised topics from the responses of those APIs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Reply via email to