GitHub user potiuk edited a comment on the discussion: Vulnerability in Flask-AppBuilder<=4.5.0
> All latest versions of airflow uses Flask-AppBuilder=4.5.0. Where did you get that information from? I am really curious @Huthesh - could you please elaborate on it ? As of quite a few releases back, Airflow does NOT depend on FAB directly. The depenedency has been moved to "apache-airflow-providers-fab" - and the latest "apache-airlfow-providers-fab" depends on `FAB == 4.5.2` and since you can upgrade/downgrade FAB provider independently on Airflow, you should be be able to upgrade to the version - even if you do not want to upgrade to latest Airflow with all recommended versions of providers. The - released yesterday - Airlfow 2.10.4 - for example - has FAB 4.5.2 included in the image. ``` [jarek:~/code/airflow-publish] main* 15s ± docker run -it apache/airflow:2.10.4 bash airflow@cd8d11fc7b1d:/opt/airflow$ pip freeze | grep -i Flask Flask==2.2.5 Flask-AppBuilder==4.5.2 Flask-Babel==2.0.0 Flask-Caching==2.3.0 Flask-JWT-Extended==4.7.1 Flask-Limiter==3.9.2 Flask-Login==0.6.3 Flask-Session==0.5.0 Flask-SQLAlchemy==2.5.1 Flask-WTF==1.2.2 airflow@cd8d11fc7b1d:/opt/airflow$ ``` I would be really curious how you came to the conclusion that "All latest versions of airflow uses Flask-AppBuilder=4.5.0." - could you please explain exactly how you came to that conclusion ? GitHub link: https://github.com/apache/airflow/discussions/44980#discussioncomment-11592393 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
