Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

An authenticated user can query alert instances that belong to alert groups for which they lack explicit permission. The advisory does not specify the exact API endpoint or payload shape, but the precondition is that the attacker must have a valid session on the DolphinScheduler instance. No special network position beyond normal application access is required.

The patch only updates version strings and POM metadata across the DolphinScheduler Maven project (e.g., `pom.xml`, `dolphinscheduler-alert-*/pom.xml`). It does **not** contain any source-code changes to alert-group authorization logic. The advisory states the vulnerability exists in versions before 3.4.2, but the commit shown is purely a release-version bump.

The provided patch (`patch_id=6329128`) only increments the project version from `dev-SNAPSHOT` to `3.4.2` and updates the SCM tag; it does **not** include any code changes that address the missing authorization check. The advisory recommends upgrading to version 3.4.2, implying the real fix is in a different commit that is not included in this bundle.