[jira] [Updated] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Lucas Brutschy (Jira) Tue, 18 Feb 2025 01:46:26 -0800


     [ 
https://issues.apache.org/jira/browse/KAFKA-18819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Lucas Brutschy updated KAFKA-18819:
-----------------------------------
    Description: ConsumerGroupHeartbeat API and ConsumerGroupDescribe API must 
check topic describe to ensure that we don't leak topic information to clients 
without the required permissions. The simplest approach seems to filter out 
unauthorised topics from the responses of those APIs.

> StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic 
> describe
> --------------------------------------------------------------------------------
>
>                 Key: KAFKA-18819
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18819
>             Project: Kafka
>          Issue Type: Sub-task
>            Reporter: Lucas Brutschy
>            Priority: Major
>
> ConsumerGroupHeartbeat API and ConsumerGroupDescribe API must check topic 
> describe to ensure that we don't leak topic information to clients without 
> the required permissions. The simplest approach seems to filter out 
> unauthorised topics from the responses of those APIs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Reply via email to