[jira] [Assigned] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Lucas Brutschy (Jira) Wed, 12 Mar 2025 06:55:12 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-18819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Lucas Brutschy reassigned KAFKA-18819:
--------------------------------------

    Assignee: Lan Ding  (was: Lucas Brutschy)

> StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic 
> describe
> --------------------------------------------------------------------------------
>
>                 Key: KAFKA-18819
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18819
>             Project: Kafka
>          Issue Type: Sub-task
>            Reporter: Lucas Brutschy
>            Assignee: Lan Ding
>            Priority: Major
>
> StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic 
> describe to ensure that we don't leak topic information to clients without 
> the required permissions. The simplest approach seems to filter out 
> unauthorised topics from the responses of those APIs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (KAFKA-18819) StreamsGroupHeartbeat API and StreamsGroupDescribe API must check topic describe

Reply via email to