I hoped so :) On Wed, Sep 16, 2020 at 4:09 PM Kaxil Naik <[email protected]> wrote: > > Correction the issue only affects < 1.10.12 (not <= 1.10.12) > > On Wed, Sep 16, 2020, 12:27 Kaxil Naik <[email protected]> wrote: > > > Versions Affected: <= 1.10.12 > > Description: > > The "origin" parameter passed to some of the endpoints like '/trigger' was > > vulnerable to XSS exploit. > > > > Credit: > > The issue was independently discovered and reported by Ali Al-Habsi of > > Accellion & Everardo Padilla Saca. > > > > Thanks, > > Kaxil, > > on behalf of Apache Airflow PMC > >
-- Jarek Potiuk Polidea | Principal Software Engineer M: +48 660 796 129
