MisterMackey opened a new issue, #140: URL: https://github.com/apache/airflow-client-python/issues/140
Hi. Version 2.9.0 (and others) is currently impacted by the following CVE's in urllib3: [2025-66418](https://nvd.nist.gov/vuln/detail/CVE-2025-66418) [2025-66471](https://nvd.nist.gov/vuln/detail/CVE-2025-66471) This is solved in urllib3 v2.6.0 but that version removes a previously deprecated function in the urllib3.HTTPResponse class (getheaders()) I noticed that airflow-client 3.x uses urllib 2.x, but I'm not able to upgrade because we are not ready for airflow 3. In order to be able to deploy without our vulnerability scanner throwing a blocker I'd like to propose a 2.9.1 release that specifically updates urllib3. I'll supply the PR for this, it seems to be a two-line change. Please let me know if you are willing to merge this and cut a release for it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
