[jira] [Comment Edited] (KAFKA-18813) ConsumerGroupHeartbeat API and ConsumerGroupDescribe API must check topic describe

Lianet Magrans (Jira) Wed, 26 Feb 2025 13:59:57 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-18813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17930865#comment-17930865
 ]


Lianet Magrans edited comment on KAFKA-18813 at 2/26/25 9:57 PM:
-----------------------------------------------------------------

Last PR merged to trunk and 4.0 
([https://github.com/apache/kafka/commit/8e44ddccb5b3335e3450cb46e6be58130f8851a1])


was (Author: JIRAUSER300183):
Merged to trunk and 4.0 
(https://github.com/apache/kafka/commit/8e44ddccb5b3335e3450cb46e6be58130f8851a1)

> ConsumerGroupHeartbeat API and ConsumerGroupDescribe API must check topic 
> describe
> ----------------------------------------------------------------------------------
>
>                 Key: KAFKA-18813
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18813
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: David Jacot
>            Assignee: David Jacot
>            Priority: Blocker
>             Fix For: 4.0.0
>
>
> ConsumerGroupHeartbeat API and ConsumerGroupDescribe API must check topic 
> describe to ensure that we don't leak topic information to clients without 
> the required permissions. The simplest approach seems to filter out 
> unauthorised topics from the responses of those APIs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (KAFKA-18813) ConsumerGroupHeartbeat API and ConsumerGroupDescribe API must check topic describe

Reply via email to