Hi all, I'd like to start discussion on a KIP to secure the internal "POST /connectors/<name>/tasks" endpoint for the Connect framework. The proposed changes address a vulnerability in the framework in its current state that allows malicious users to write arbitrary task configurations for connectors; it is vital that this issue be addressed in order for any Connect cluster to be secure.
Looking forward to your thoughts, Chris
