potiuk commented on PR #24201: URL: https://github.com/apache/airflow/pull/24201#issuecomment-1146834476
BTW. If there are serious vulnerabilities the pointers to them should not be disclosed publickly. We have the ASF security Policy and unless the vulnerabilities are public they should be announced in Private. Please DON't explain it here @chethanuk-plutoflume if this is an undisclosed vulnerability (and in the future avoid to mention vulnerability in the PR description). This makes it easier for bad actors to exploit the vulnerabilities and we do not want to make it easier for them. If this is a public vulnerability - as of recently we have Depebdabot enabled for those and it should be raising an automated PR to fix them. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
