potiuk commented on issue #16541:
URL: https://github.com/apache/airflow/issues/16541#issuecomment-864444187
Announcing non-fixed issue via public information (even you could figure out
a software is vulnerable) is never a good idea. It's disclosed elsewehere, but
not in Airflow. Anyhow the milk is spilled now.
While critical in severity, in order to exploit this vulnerability you need
to get access to the underlying storage so I think it does not require an
immediate action. Possibly we can wait for a fix.
@ashb @kaxil WDYT ?- I am not sure whether we can somehow replace
flask-caching easily (I know in the past we used flask-cache but it's not been
updated since 2014 and flask-caching is a fork of it)..
Currently cache mechanism is hard-coded in Airflow:
```
Cache(app=flask_app, config={'CACHE_TYPE': 'filesystem', 'CACHE_DIR':
'/tmp'})
```
We can make it configurable, or disable it by default. Or simply wait until
fixed WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
