cuu508 opened a new issue, #23882:
URL: https://github.com/apache/airflow/issues/23882
### Apache Airflow version
2.3.0 (latest released)
### What happened
setup.cfg contains
croniter>=0.3.17
croniter versions before 1.0.5 have a security issue: if you pass expressions
like "0-1000000000 * * * *" to it, croniter can throw an exception, or
take a long time to return, or crash the python process.
### What you think should happen instead
It would be a good idea to tighten up the croniter dependency and require at
least version 1.0.5.
### How to reproduce
_No response_
### Operating System
N/A
### Versions of Apache Airflow Providers
_No response_
### Deployment
Other
### Deployment details
_No response_
### Anything else
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
