KAFKA-1180 WhiteList topic filter gets a NullPointerException on complex Regex#11
Closed
joestein wants to merge 7 commits intoapache:0.8from
stealthly:KAFKA-1180
Closed
KAFKA-1180 WhiteList topic filter gets a NullPointerException on complex Regex#11joestein wants to merge 7 commits intoapache:0.8from stealthly:KAFKA-1180
joestein wants to merge 7 commits intoapache:0.8from
stealthly:KAFKA-1180
Conversation
ymatsuda
referenced
this pull request
in confluentinc/kafka
Aug 5, 2015
clear interrupted status after park
lentztopher
pushed a commit
to lentztopher/kafka
that referenced
this pull request
Aug 13, 2018
…ws-mods Non-windows APPIAN mods for 1.0.0
wuqingjun
pushed a commit
to wuqingjun/kafka
that referenced
this pull request
Feb 27, 2019
hzxa21
pushed a commit
to hzxa21/kafka
that referenced
this pull request
Apr 16, 2019
Log unclean leader election.
Hangleton
pushed a commit
to Hangleton/kafka
that referenced
this pull request
Feb 16, 2022
…e#11) * Moved highest remote offset fetching to RLMTask::run() method. The leader RLMTask needs to know the highest offset that is consistent with the leader's epoch history and is already copied to the remote tier. This is done by calling the findHighestRemoteOffset method inside the RLMTask::convertToLeader() until now. This call can fail if the RLMM is still initializing, and is not yet ready to take requests. In this scenario, findHighestRemoteOffset() throws an exception, causing the LeaderAndIsrRequest to fail and not be processed. After this change, the method will be called inside an execution of the RLMTask, and if an exception occurs, it will be retried again in the next execution. The task will succeed eventually once the RLMM is available to respond to thehighestOffsetForEpoch method. * Call updateRemoteIndexHighestOffset with the right argument.
divijvaidya
pushed a commit
to Hangleton/kafka
that referenced
this pull request
Apr 28, 2022
…e#11) * Moved highest remote offset fetching to RLMTask::run() method. The leader RLMTask needs to know the highest offset that is consistent with the leader's epoch history and is already copied to the remote tier. This is done by calling the findHighestRemoteOffset method inside the RLMTask::convertToLeader() until now. This call can fail if the RLMM is still initializing, and is not yet ready to take requests. In this scenario, findHighestRemoteOffset() throws an exception, causing the LeaderAndIsrRequest to fail and not be processed. After this change, the method will be called inside an execution of the RLMTask, and if an exception occurs, it will be retried again in the next execution. The task will succeed eventually once the RLMM is available to respond to thehighestOffsetForEpoch method. * Call updateRemoteIndexHighestOffset with the right argument.
lianetm
pushed a commit
to lianetm/kafka
that referenced
this pull request
May 24, 2023
* KAFKA-14274 # 1: basic refactoring Introduces some basic clean up and refactoring for forthcoming commits.
lianetm
pushed a commit
to lianetm/kafka
that referenced
this pull request
Jun 12, 2023
* KAFKA-14274 # 1: basic refactoring Introduces some basic clean up and refactoring for forthcoming commits.
haianh1233
added a commit
to haianh1233/kafka
that referenced
this pull request
Apr 17, 2026
New tests: - apache#8 Port conflict (HTTP == PLAINTEXT port) → rejected - apache#9 HTTP port=0 (random) works - apache#10 HTTP + HTTPS coexist on same broker - apache#11 advertised.listeners with HTTP parsed correctly - apache#12 HTTP without httpAcceptorFactory → IllegalStateException - apache#13 inter.broker.listener=HTTPS also rejected (not just HTTP) - apache#14 Custom listener name mapped to HTTP protocol (MY_REST_API:HTTP) - apache#15 HTTPS with valid SSL config succeeds All 15 SocketServerHttpTest pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Raikion201
added a commit
to Raikion201/kafka
that referenced
this pull request
Apr 17, 2026
Issue apache#4 — Quota entity serialization: Sort entity keys alphabetically before joining with "|" separator, so (user+client-id) always serializes identically regardless of HashMap iteration order. Previously could produce different strings for the same entity, causing silent duplicates. Issue apache#5 — Hardcoded credentials: SecurityStoreConfig.resolveValue() now supports ${VAR} and ${VAR:-default} syntax for environment variable substitution. Updated server.properties to use ${KAFKA_SECURITY_STORE_USER:-kafka} and ${KAFKA_SECURITY_STORE_PASSWORD:-kafka}. Issue apache#6 — Byte cast: Use rs.getShort() to match SMALLINT column type, then cast to byte. Previous getInt() + (byte) cast had overflow risk in theory. Issue apache#7 — MetadataLoader silent partial load: injectSecurityData() now throws on failure instead of silently returning stale image. Prevents users from retaining revoked access. Issue apache#10 — apiKey filter comments: Extracted SECURITY_STORE_API_KEYS constant with inline comments identifying each record type. Replaced boolean chain with Set.contains(). Issue apache#11 — persistUpsertion fragility: Now searches records by (name, mechanism) instead of assuming the target is always the last record. Throws IllegalStateException if no matching record is found. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Raikion201
added a commit
to Raikion201/kafka
that referenced
this pull request
Apr 17, 2026
Issue apache#4 — Quota entity serialization: Sort entity keys alphabetically before joining with "|" separator, so (user+client-id) always serializes identically regardless of HashMap iteration order. Issue apache#5 — Hardcoded credentials: SecurityStoreConfig.resolveValue() now supports ${VAR} and ${VAR:-default} syntax for environment variable substitution. server.properties updated to use env vars by default. Issue apache#6 — Byte cast: Use rs.getShort() to match SMALLINT column type, then cast to byte. Issue apache#7 — MetadataLoader silent partial load: injectSecurityData() now throws on failure instead of silently returning stale image. Issue apache#10 — apiKey filter comments: Extracted SECURITY_STORE_API_KEYS constant with inline comments. Issue apache#11 — persistUpsertion fragility: Searches records by (name, mechanism) instead of assuming the target is last. Also add .gitignore entries for .metals/, .bloop/, and runtime logs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
blitzy Bot
pushed a commit
to blitzy-public-samples/blitzy-kafka
that referenced
this pull request
Apr 18, 2026
Resolve all 9 Minor and 10 Info findings from the Checkpoint 1 code review, correcting factual inaccuracies, citation line-range imprecisions, and cross- artifact consistency drift. No modifications to pre-existing Kafka source, tests, build files, or comments — Audit Only rule preserved. Findings by file: accepted-mitigations.md #1 [MINOR] AclCache imports corrected: org.apache.kafka.server.immutable (PCollections-backed Kafka-internal) instead of Guava's com.google.common.collect. apache#2 [MINOR] API surface rewritten to reflect PCollections-style structural- sharing methods .updated()/.added()/.removed() instead of Guava builder pattern. apache#3 [MINOR] ZstdCompression BufferPool path split: wrap-for-output uses zstd-jni RecyclingBufferPool.INSTANCE (L55-L63), wrap-for- input uses ChunkedBytesStream (L65-L75), wrap-for-zstd-input uses anonymous Kafka-owned BufferPool delegating to BufferSupplier (L77-L98). apache#4 [INFO] MAX_RECORDS_PER_USER_OP citation corrected: declaration at QuorumController.java:L185; AclControlManager.java:L52 is the static import only. apache#5 [INFO] AclCache.removeAcl(Uuid) line corrected to L91-L103 (was L89+). references.md apache#6 [MINOR] SafeObjectInputStream citation range tightened from L17-L25 (class header + imports only) to L25-L62 covering the class declaration, DEFAULT_NO_DESERIALIZE_CLASS_NAMES blocklist (L27-L37), resolveClass (L43-L52), and isBlocked helper (L54-L62). apache#7 [INFO] PropertyFileLoginModule citation corrected to L42-L50, pointing at the Javadoc PLAINTEXT warning (L47-L48) plus the class declaration (L50). remediation-roadmap.md apache#8 [INFO] Gantt markers sanitised: all :done/:active markers replaced with :crit (illustrative critical emphasis) or plain markers to avoid any visual suggestion of work already performed. Explanatory blockquote added clarifying the marker change. severity-matrix.md apache#9 [MINOR] 7 occurrences of parenthesised '(Accepted Mitigation)' replaced with bracketed '[Accepted Mitigation]' per Global Conventions for plain-text markers. Cross-validated 9 bracketed instances, 0 parenthesised remaining. README.md apache#11 [MINOR] HEAD commit reference corrected to the pre-audit baseline 6d16f68 (was 8a99096, a mid-audit snapshot); baseline attestation now refers to the commit immediately before the audit began. apache#12 [MINOR] Snapshot date unified to 2026-04-17 across all artifacts. apache#14 [INFO] '25 files' claim qualified as 'planned at project completion' vs 'delivered at this checkpoint (15 files)'. attack-surface-map.md apache#16 [MINOR] Clients module category count corrected from 'six' to 'nine' (actual Mermaid edges: C1, C2, C3, C4, C5, C7, C8, C9, C10). apache#17 [MINOR] Connect module category count corrected from 'five' to 'seven' (actual Mermaid edges: C1, C4, C6, C7, C8, C9, C10). oauth-jwt-validation-paths.md apache#18 [INFO] Outer citation ranges tightened: BrokerJwtValidator.configure at L107-L138 (not L102-L134); OAuthBearerUnsecuredValidatorCallbackHandler.handleCallback at L154-L177 (not L161-L204, which spanned unrelated helpers); allowableClockSkewMs helper cited separately at L194-L207. executive-summary.html Cross-ref A [MINOR] HEAD commit aligned to 6d16f68 at three sites (L621, L668, L1544); methodology Mermaid node re-labelled 'Baseline 6d16f68'. Cross-ref B [MINOR] Snapshot date aligned to 2026-04-17 at two sites (L619, L1542). Out-of-scope (Info-level forward-refs): apache#10, apache#13, apache#15 — Links to docs/security-audit/findings/*.md deliverables not yet present at Checkpoint 1; expected per scope boundary; will resolve at Checkpoint 2 when the 10 per-category findings files land. Validation results (Phase 3): - Mermaid fences: all balanced (20 blocks total, all typed) - HTML tag balance: 22 sections + all 20+ tag types balanced - CDNs intact: reveal.js 5.1.0, Mermaid 11.4.0, Font Awesome 6.6.0 - Emojis: zero across all 15 artifacts - TODOs/placeholders introduced: zero - Gantt markers: :crit + plain only (no :done/:active) - Cross-artifact consistency: zero wrong SHA/date values remaining - Citation ranges: 12 verified against AclCache, QuorumController, AclControlManager, ZstdCompression, SafeObjectInputStream, PropertyFileLoginModule, BrokerJwtValidator, and OAuthBearerUnsecuredValidatorCallbackHandler. Audit Only rule verification: git diff --name-status 6d16f68..HEAD returns only 'A' entries, all under docs/security-audit/. Zero modifications, deletions, or renames of any pre-existing Kafka path.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.