[jira] [Commented] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Lan Ding (Jira) Wed, 05 Mar 2025 17:38:05 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-18819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17932797#comment-17932797
 ]


Lan Ding commented on KAFKA-18819:
----------------------------------

Hi [~lucasbru] , are we ready to do this? I'm happy to take this one over.

> StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic 
> describe
> --------------------------------------------------------------------------------
>
>                 Key: KAFKA-18819
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18819
>             Project: Kafka
>          Issue Type: Sub-task
>            Reporter: Lucas Brutschy
>            Assignee: Lucas Brutschy
>            Priority: Major
>
> StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic 
> describe to ensure that we don't leak topic information to clients without 
> the required permissions. The simplest approach seems to filter out 
> unauthorised topics from the responses of those APIs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Reply via email to