[
https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16999007#comment-16999007
]
ASF subversion and git services commented on AIRFLOW-5458:
----------------------------------------------------------
Commit 47facb405485895694917d8ae407b925a57624b8 in airflow's branch
refs/heads/master from Paul Vickers
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=47facb4 ]
[AIRFLOW-5458] Bump Flask-AppBuilder to 2.2.0 (#6607)
This might also fix AIRFLOW-5462 (OAuth login issue)
Same fix as was required for Superset
(https://github.com/apache/incubator-superset/issues/7739)
> Flask-AppBuilder shows critical security vulnerability
> ------------------------------------------------------
>
> Key: AIRFLOW-5458
> URL: https://issues.apache.org/jira/browse/AIRFLOW-5458
> Project: Apache Airflow
> Issue Type: Bug
> Components: dependencies
> Affects Versions: 1.10.5
> Reporter: Souvik Ghosh
> Priority: Major
> Fix For: 1.10.7
>
>
> Hello,
> our security team has detected a vulnerability for Flask-AppBuilder<2.0.0
> with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the
> setup.py of airflow with restrictions. I am wondering if it can be moved to
> 2.0.0 where no vulnerability is reported.
>
> Thanks for your help
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
