This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 95a9db76275 Update main as 3.1.3 has been released (#58341)
95a9db76275 is described below
commit 95a9db7627531bd91863a4d63101de348ae82d17
Author: Ephraim Anierobi <[email protected]>
AuthorDate: Sat Nov 15 14:00:00 2025 +0100
Update main as 3.1.3 has been released (#58341)
---
.github/ISSUE_TEMPLATE/1-airflow_bug_report.yml | 2 +-
Dockerfile | 2 +-
README.md | 12 +--
RELEASE_NOTES.rst | 89 ++++++++++++++++++++++
.../docs/installation/supported-versions.rst | 2 +-
airflow-core/newsfragments/56583.significant.rst | 49 ------------
airflow-core/newsfragments/56609.significant.rst | 14 ----
generated/PYPI_README.md | 10 +--
reproducible_build.yaml | 4 +-
scripts/ci/prek/supported_versions.py | 2 +-
10 files changed, 106 insertions(+), 80 deletions(-)
diff --git a/.github/ISSUE_TEMPLATE/1-airflow_bug_report.yml
b/.github/ISSUE_TEMPLATE/1-airflow_bug_report.yml
index 789490abf03..6bf54207a50 100644
--- a/.github/ISSUE_TEMPLATE/1-airflow_bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1-airflow_bug_report.yml
@@ -25,7 +25,7 @@ body:
the latest release or main to see if the issue is fixed before
reporting it.
multiple: false
options:
- - "3.1.2"
+ - "3.1.3"
- "2.11.0"
- "main (development)"
- "Other Airflow 2/3 version (please specify below)"
diff --git a/Dockerfile b/Dockerfile
index 461bd4f0083..6282b344c4c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,7 +46,7 @@ ARG AIRFLOW_UID="50000"
ARG AIRFLOW_USER_HOME_DIR=/home/airflow
# latest released version here
-ARG AIRFLOW_VERSION="3.1.2"
+ARG AIRFLOW_VERSION="3.1.3"
ARG BASE_IMAGE="debian:bookworm-slim"
ARG AIRFLOW_PYTHON_VERSION="3.12.12"
diff --git a/README.md b/README.md
index f91bc364b77..d4644a21dba 100644
--- a/README.md
+++ b/README.md
@@ -99,7 +99,7 @@ Airflow is not a streaming solution, but it is often used to
process real-time d
Apache Airflow is tested with:
-| | Main version (dev) | Stable version (3.1.2) |
+| | Main version (dev) | Stable version (3.1.3) |
|------------|------------------------------|------------------------|
| Python | 3.10, 3.11, 3.12, 3.13 | 3.10, 3.11, 3.12, 3.13 |
| Platform | AMD64/ARM64(\*) | AMD64/ARM64(\*) |
@@ -172,15 +172,15 @@ them to the appropriate format and workflow that your
tool requires.
```bash
-pip install 'apache-airflow==3.1.2' \
- --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.2/constraints-3.10.txt";
+pip install 'apache-airflow==3.1.3' \
+ --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.3/constraints-3.10.txt";
```
2. Installing with extras (i.e., postgres, google)
```bash
-pip install 'apache-airflow[postgres,google]==3.1.2' \
- --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.2/constraints-3.10.txt";
+pip install 'apache-airflow[postgres,google]==3.1.3' \
+ --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.3/constraints-3.10.txt";
```
For information on installing provider distributions, check
@@ -294,7 +294,7 @@ Apache Airflow version life cycle:
| Version | Current Patch/Minor | State | First Release | Limited
Maintenance | EOL/Terminated |
|-----------|-----------------------|-----------|-----------------|-----------------------|------------------|
-| 3 | 3.1.2 | Supported | Apr 22, 2025 | TBD
| TBD |
+| 3 | 3.1.3 | Supported | Apr 22, 2025 | TBD
| TBD |
| 2 | 2.11.0 | Supported | Dec 17, 2020 | Oct 22,
2025 | Apr 22, 2026 |
| 1.10 | 1.10.15 | EOL | Aug 27, 2018 | Dec 17,
2020 | June 17, 2021 |
| 1.9 | 1.9.0 | EOL | Jan 03, 2018 | Aug 27,
2018 | Aug 27, 2018 |
diff --git a/RELEASE_NOTES.rst b/RELEASE_NOTES.rst
index ccd7a9cd8c3..b5121c60197 100644
--- a/RELEASE_NOTES.rst
+++ b/RELEASE_NOTES.rst
@@ -24,6 +24,95 @@
.. towncrier release notes start
+Airflow 3.1.3 (2025-11-13)
+--------------------------
+
+Significant Changes
+^^^^^^^^^^^^^^^^^^^
+
+Fix Connection & Variable access in API server contexts (plugins, log
handlers)(#56583)
+"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+Previously, hooks used in API server contexts (plugins, middlewares, log
handlers) would fail with an ``ImportError``
+for ``SUPERVISOR_COMMS``, because ``SUPERVISOR_COMMS`` only exists in task
runner child processes.
+
+This has been fixed by implementing automatic context detection with three
separate secrets backend chains:
+
+**Context Detection:**
+
+1. **Client contexts** (task runner in worker): Detected via
``SUPERVISOR_COMMS`` presence
+2. **Server contexts** (API server, scheduler): Explicitly marked with
``_AIRFLOW_PROCESS_CONTEXT=server`` environment variable
+3. **Fallback contexts** (supervisor, unknown contexts): Neither marker
present, uses minimal safe chain
+
+**Backend Chains:**
+
+- **Client**: ``EnvironmentVariablesBackend`` → ``ExecutionAPISecretsBackend``
(routes to Execution API via SUPERVISOR_COMMS)
+- **Server**: ``EnvironmentVariablesBackend`` → ``MetastoreBackend`` (direct
database access)
+- **Fallback**: ``EnvironmentVariablesBackend`` only (+ external backends from
config like AWS Secrets Manager, Vault)
+
+The fallback chain is crucial for supervisor processes (worker-side, before
task runner starts) which need to access
+external secrets for remote logging setup but should not use
``MetastoreBackend`` (to maintain worker isolation).
+
+**Architecture Benefits:**
+
+- Workers (supervisor + task runner) never use ``MetastoreBackend``,
maintaining strict isolation
+- External secrets backends (AWS Secrets Manager, Vault, etc.) work in all
three contexts
+- Supervisor falls back to Execution API client for connections not found in
external backends
+- API server and scheduler have direct database access for optimal performance
+
+**Impact:**
+
+- Hooks like ``GCSHook``, ``S3Hook`` now work correctly in log handlers and
plugins
+- No code changes required for existing plugins or hooks
+- Workers remain isolated from direct database access (network-level DB
blocking fully supported)
+- External secrets work everywhere (workers, supervisor, API server)
+- Robust handling of unknown contexts with safe minimal chain
+
+See: `#56120 <https://github.com/apache/airflow/issues/56120>`__, `#56583
<https://github.com/apache/airflow/issues/56583>`__, `#51816
<https://github.com/apache/airflow/issues/51816>`__
+
+Remove insecure dag reports API endpoint that executed user code in API server
(#56609)
+"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+ The ``/api/v2/dagReports`` endpoint has been removed because it loaded user
DAG files directly in the API server process,
+ violating Airflow's security architecture. This endpoint was not used in the
UI and had no known consumers.
+ Use the ``airflow dags report`` CLI command instead for DAG loading reports.
+
+Bug Fixes
+^^^^^^^^^
+- Fix HITL tasks not properly validating params (#57547) (#58144)
+- Fix secrets being exposed in Jinja template rendering error messages
(#57467) (#57962)
+- UI: Fix slow loading on next run assets page (#58052) (#58064)
+- Fix logout not working in airflow-core (#57990) (#58043)
+- Fix slow loading on UI [(#57820) (#57856), (#57956) (#57973), (#57957)
(#57972),(#57869) (#57882), (#57868) (#57918),(#57624) (#57757)]
+- UI: Fix log download to include .txt file extension (#57991) (#58040)
+- Fix scheduler using incorrect max_active_runs value from cached DAG (#57619)
(#57959)
+- Fix database migration failures when XCom contains NaN values (#57866)
(#57893)
+- Fix incorrect task context in trigger rule scenarios (#57884) (#57892)
+- UI: Fix test connection not working (#57811) (#57852)
+- Fix worker ``healthcheck`` timeout not respecting worker-timeout CLI option
(#57731) (#57854)
+- Fix provider hooks not loading when FAB provider is not installed (#57717)
(#57830)
+- Fix slow API responses for task instances list [(#57645) (#57794), (#57646)
(#57664),(#57500) (#57735), (#57549) (#57738), (#57450) (#57736),(#57647)
(#57732)]
+- Fix task instance errors when tasks are triggered by trigger rules (#57474)
(#57786)
+- Fix type consistency for extra field in Asset, AssetAlias, and AssetEvent
(#57352) (#57728)
+- Fix upgrade failures when XCom contains NaN in string values (#57614)
+
+Miscellaneous
+^^^^^^^^^^^^^
+
+- UI: Add resize functionality to DAG run and task instance notes (#57897)
(#58068)
+- Add Taiwan translation for UI (#58121)
+- UI: Shorten German translation of Asset in navigation (#57671) (#57690)
+- Fix code formatting via ruff preview (#57641) (#57670)
+- Remove remnants from unlimited parallelism in local executor (#57579)
(#57644)
+
+Doc Only Changes
+^^^^^^^^^^^^^^^^
+
+- Add learning from Airflow 3 migration guide (#57989) (#58083)
+- Fix duplicate mention of 'DAGs' and 'tasks' in overview documentation
(#57524) (#57793)
+- Document asset event extra storage behavior (#57727) (#57734)
+
+
Airflow 3.1.2 (2025-11-05)
--------------------------
diff --git a/airflow-core/docs/installation/supported-versions.rst
b/airflow-core/docs/installation/supported-versions.rst
index 5d4ccb3c2b9..77480fbf570 100644
--- a/airflow-core/docs/installation/supported-versions.rst
+++ b/airflow-core/docs/installation/supported-versions.rst
@@ -29,7 +29,7 @@ Apache Airflow® version life cycle:
========= ===================== ========= ===============
===================== ================
Version Current Patch/Minor State First Release Limited
Maintenance EOL/Terminated
========= ===================== ========= ===============
===================== ================
-3 3.1.2 Supported Apr 22, 2025 TBD
TBD
+3 3.1.3 Supported Apr 22, 2025 TBD
TBD
2 2.11.0 Supported Dec 17, 2020 Oct 22, 2025
Apr 22, 2026
1.10 1.10.15 EOL Aug 27, 2018 Dec 17, 2020
June 17, 2021
1.9 1.9.0 EOL Jan 03, 2018 Aug 27, 2018
Aug 27, 2018
diff --git a/airflow-core/newsfragments/56583.significant.rst
b/airflow-core/newsfragments/56583.significant.rst
deleted file mode 100644
index 3e80bfe0cbb..00000000000
--- a/airflow-core/newsfragments/56583.significant.rst
+++ /dev/null
@@ -1,49 +0,0 @@
-Fix Connection & Variable access in API server contexts (plugins, log handlers)
-
-Previously, hooks used in API server contexts (plugins, middlewares, log
handlers) would fail with an ``ImportError``
-for ``SUPERVISOR_COMMS``, because ``SUPERVISOR_COMMS`` only exists in task
runner child processes.
-
-This has been fixed by implementing automatic context detection with three
separate secrets backend chains:
-
-**Context Detection:**
-
-1. **Client contexts** (task runner in worker): Detected via
``SUPERVISOR_COMMS`` presence
-2. **Server contexts** (API server, scheduler): Explicitly marked with
``_AIRFLOW_PROCESS_CONTEXT=server`` environment variable
-3. **Fallback contexts** (supervisor, unknown contexts): Neither marker
present, uses minimal safe chain
-
-**Backend Chains:**
-
-- **Client**: ``EnvironmentVariablesBackend`` → ``ExecutionAPISecretsBackend``
(routes to Execution API via SUPERVISOR_COMMS)
-- **Server**: ``EnvironmentVariablesBackend`` → ``MetastoreBackend`` (direct
database access)
-- **Fallback**: ``EnvironmentVariablesBackend`` only (+ external backends from
config like AWS Secrets Manager, Vault)
-
-The fallback chain is crucial for supervisor processes (worker-side, before
task runner starts) which need to access
-external secrets for remote logging setup but should not use
``MetastoreBackend`` (to maintain worker isolation).
-
-**Architecture Benefits:**
-
-- Workers (supervisor + task runner) never use ``MetastoreBackend``,
maintaining strict isolation
-- External secrets backends (AWS Secrets Manager, Vault, etc.) work in all
three contexts
-- Supervisor falls back to Execution API client for connections not found in
external backends
-- API server and scheduler have direct database access for optimal performance
-
-**Impact:**
-
-- Hooks like ``GCSHook``, ``S3Hook`` now work correctly in log handlers and
plugins
-- No code changes required for existing plugins or hooks
-- Workers remain isolated from direct database access (network-level DB
blocking fully supported)
-- External secrets work everywhere (workers, supervisor, API server)
-- Robust handling of unknown contexts with safe minimal chain
-
-See: `#56120 <https://github.com/apache/airflow/issues/56120>`__, `#56583
<https://github.com/apache/airflow/issues/56583>`__, `#51816
<https://github.com/apache/airflow/issues/51816>`__
-
-* Types of change
-
- * [ ] Dag changes
- * [ ] Config changes
- * [ ] API changes
- * [ ] CLI changes
- * [ ] Behaviour changes
- * [ ] Plugin changes
- * [ ] Dependency changes
- * [ ] Code interface changes
diff --git a/airflow-core/newsfragments/56609.significant.rst
b/airflow-core/newsfragments/56609.significant.rst
deleted file mode 100644
index b32e4c96116..00000000000
--- a/airflow-core/newsfragments/56609.significant.rst
+++ /dev/null
@@ -1,14 +0,0 @@
-Remove insecure dagReports API endpoint that executed user code in API server
-
-The ``/api/v2/dagReports`` endpoint has been removed because it loaded user
DAG files directly in the API server process, violating Airflow's security
architecture. This endpoint was not used in the UI and had no known consumers.
Use the ``airflow dags report`` CLI command instead for DAG loading reports.
-
-* Types of change
-
- * [ ] Dag changes
- * [ ] Config changes
- * [x] API changes
- * [ ] CLI changes
- * [ ] Behaviour changes
- * [ ] Plugin changes
- * [ ] Dependency changes
- * [ ] Code interface changes
diff --git a/generated/PYPI_README.md b/generated/PYPI_README.md
index 846d7e24081..91a92ec4fcd 100644
--- a/generated/PYPI_README.md
+++ b/generated/PYPI_README.md
@@ -56,7 +56,7 @@ Use Airflow to author workflows (Dags) that orchestrate
tasks. The Airflow sched
Apache Airflow is tested with:
-| | Main version (dev) | Stable version (3.1.2) |
+| | Main version (dev) | Stable version (3.1.3) |
|------------|------------------------------|------------------------|
| Python | 3.10, 3.11, 3.12, 3.13 | 3.10, 3.11, 3.12, 3.13 |
| Platform | AMD64/ARM64(\*) | AMD64/ARM64(\*) |
@@ -125,15 +125,15 @@ them to the appropriate format and workflow that your
tool requires.
```bash
-pip install 'apache-airflow==3.1.2' \
- --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.2/constraints-3.10.txt";
+pip install 'apache-airflow==3.1.3' \
+ --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.3/constraints-3.10.txt";
```
2. Installing with extras (i.e., postgres, google)
```bash
-pip install 'apache-airflow[postgres,google]==3.1.2' \
- --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.2/constraints-3.10.txt";
+pip install 'apache-airflow[postgres,google]==3.1.3' \
+ --constraint
"https://raw.githubusercontent.com/apache/airflow/constraints-3.1.3/constraints-3.10.txt";
```
For information on installing provider distributions, check
diff --git a/reproducible_build.yaml b/reproducible_build.yaml
index 9c9133e19e7..0ae31893c08 100644
--- a/reproducible_build.yaml
+++ b/reproducible_build.yaml
@@ -1,2 +1,2 @@
-release-notes-hash: 4d7e4f79582208bd018ba94735462a41
-source-date-epoch: 1762633053
+release-notes-hash: c75fd3d515f4f98b2bfe7e7de34dd4c6
+source-date-epoch: 1763195195
diff --git a/scripts/ci/prek/supported_versions.py
b/scripts/ci/prek/supported_versions.py
index d7f07c7e3ea..cce0254ae74 100755
--- a/scripts/ci/prek/supported_versions.py
+++ b/scripts/ci/prek/supported_versions.py
@@ -39,7 +39,7 @@ HEADERS = (
)
SUPPORTED_VERSIONS = (
- ("3", "3.1.2", "Supported", "Apr 22, 2025", "TBD", "TBD"),
+ ("3", "3.1.3", "Supported", "Apr 22, 2025", "TBD", "TBD"),
("2", "2.11.0", "Supported", "Dec 17, 2020", "Oct 22, 2025", "Apr 22,
2026"),
("1.10", "1.10.15", "EOL", "Aug 27, 2018", "Dec 17, 2020", "June 17,
2021"),
("1.9", "1.9.0", "EOL", "Jan 03, 2018", "Aug 27, 2018", "Aug 27, 2018"),
