potiuk commented on PR #59073: URL: https://github.com/apache/airflow/pull/59073#issuecomment-3633701405
> If you think otherwise, I suggest you contact our security team at [email protected] with a report. Including POC @tschroeder-zendesk Also @tschroeder-zendesk -> if you look at Security tab of our documentation, you will find SBOM - which is machine-readable, industry standard way how you can check which 3rd-party dependencies Airflow uses. Please use it next time when you want to see if particular component that you know is vulnerable. That will save a lot of time of maintainers that have to individually answer ssuch questions rather than users reading informatoin that is provided by maintainers so that they can use it. When you are getting software for free, I think good idea is not to demand more time from maintainers than needed - especially if they provide you all information you need (for free mind you) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
