[ https://issues.apache.org/jira/browse/AIRFLOW-1007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxime Beauchemin updated AIRFLOW-1007: --------------------------------------- Fix Version/s: (was: 1.9.0) 1.8.2 > Jinja sandbox is vulnerable to RCE > ---------------------------------- > > Key: AIRFLOW-1007 > URL: https://issues.apache.org/jira/browse/AIRFLOW-1007 > Project: Apache Airflow > Issue Type: Bug > Reporter: Alex Guziel > Assignee: Alex Guziel > Fix For: 1.8.2 > > > Right now, the jinja template functionality in chart_data takes arbitrary > strings and executes them. We should use the sandbox functionality to prevent > this. -- This message was sent by Atlassian JIRA (v6.3.15#6346)