vatsrahul1001 commented on code in PR #67233: URL: https://github.com/apache/airflow/pull/67233#discussion_r3274977649
########## RELEASE_NOTES.rst: ########## @@ -24,6 +24,225 @@ .. towncrier release notes start +Airflow 3.2.2 (2026-05-26) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- OTel timer and timing metrics now use Histogram instead of Gauge, preserving count, sum, and bucket distribution across recordings. (#64207) +- The SMTP STARTTLS upgrade performed by ``airflow.utils.email.send_email`` now validates the SMTP server's certificate against the system's trusted CA bundle by default. Previously the ``starttls()`` call was made without an SSL context, so any certificate was accepted. + Deployments that intentionally point Airflow at an SMTP server with a self-signed or otherwise non-validating certificate and need to preserve the previous behaviour must set ``email.ssl_context = "none"`` in ``airflow.cfg``. The ``"default"`` value (now also the default when the option is unset) uses :func:`ssl.create_default_context`. Previously this option applied only to the ``SMTP_SSL`` path; it now applies to the STARTTLS path as well. (#65346) +- In #64963, the Airflow UI switched from full-match ``*_pattern`` REST API query parameters to the new index-friendly ``*_prefix_pattern`` parameters on list endpoints. This is a behavioral change for search-as-you-type filters in the UI: matches are prefix-based (``LIKE 'term%'`` via a range scan) instead of substring-based (``ILIKE '%term%'``), which means the database can use B-tree indexes and search stays fast on large deployments. The REST API itself keeps both forms: existing ``*_pattern`` parameters still behave exactly as before. + In #66015, a per-search-bar "Match anywhere" toggle was added so users who relied on the previous substring behavior can opt back into it from the UI. Each search input and each text filter pill now has a small regex-icon toggle next to the value; flipping it on switches that input from ``*_prefix_pattern`` to ``*_pattern``. (#66015) +- Fix triggerer race condition and deadlock that caused deferred tasks to stall indefinitely + + Triggers that call synchronous SDK methods (e.g. ``get_task_states`` used by + ``safe_to_cancel`` in several Google provider operators) could crash the triggerer's + internal subprocess. The triggerer would then continue to heartbeat normally — + appearing healthy to the scheduler — while silently processing zero triggers, causing + every deferred task to time out. This was first reported in issue #64620; a + partial fix shipped in Airflow 3.2.1 (#64882) but introduced a new deadlock + with the same visible symptom under load. + + Both issues are fixed by replacing the lock-based serialization with response + multiplexing: each request now carries a unique ID and the response is routed back to + the correct caller, so concurrent requests from trigger threads no longer contend or + deadlock regardless of how many triggers are running or what SDK methods they call. + + **New: triggerer subprocess watchdog** + + Even with the race fixed, a trigger that blocks the event loop (e.g. by calling + ``time.sleep()`` or performing blocking I/O directly in ``async def run()``) would + previously leave the triggerer appearing healthy indefinitely. + + A new ``[triggerer] runner_health_check_threshold`` config option (default: 30 seconds) + adds a watchdog: if the triggerer subprocess goes silent for longer than the threshold, + the parent process stops updating the heartbeat so the scheduler can detect the hang and + reassign triggers rather than waiting for them to individually time out. Set the option + to ``0`` to disable the watchdog. (#66412) + + +- Tighten ``[core] allowed_deserialization_classes_regexp`` to require full-string matches Review Comment: Discussed with @potiuk we do not have any CVE for this -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
