David Jacot created KAFKA-18813:
-----------------------------------
Summary: ConsumerGroupHeartbeat API and ConsumerGroupDescribe API
must check topic describe
Key: KAFKA-18813
URL: https://issues.apache.org/jira/browse/KAFKA-18813
Project: Kafka
Issue Type: Bug
Reporter: David Jacot
Assignee: David Jacot
Fix For: 4.0.0
ConsumerGroupHeartbeat API and ConsumerGroupDescribe API must check topic
describe to ensure that we don't leak topic information to clients without the
required permissions. The simplest approach seems to filter out unauthorised
topics from the responses of those APIs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
