potiuk commented on PR #37214: URL: https://github.com/apache/airflow/pull/37214#issuecomment-1932296310
I think having "alllow_insecure" while setting "ssl=True" is precisely the vulnerability here, because it is unexpected. So i think when user sets "ssl=True" then allow_insecure should be false by default. And it's ok to make breaking change while fixing security bug. We want people to find out they have security issue and make them fix it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
