CVEs are announced on users mailing list <https://airflow.apache.org/community/> (not dev) as the action about the CVE is relevant to the users of Airflow not to the developers of Airflow. Example: https://lists.apache.org/thread/zdr8ovfttbh7kj0lydgcw88tbt2nmkcy We also announce them on Slack #announcements channel
On Tue, Feb 28, 2023 at 11:35 PM John Thomas <[email protected]> wrote: > Generally if there are CVEs sent out on the devlist I'll include them, but > there weren't any sent out recently. Is there a better source for them? > > On Tue, Feb 28, 2023 at 2:33 PM Jarek Potiuk <[email protected]> wrote: > >> One small proposal for the future: Should we also include the summary of >> security vulnerabilities announced and published including credits for >> those researchers that help to find them? Airflow has been marked as >> "important" OSS software and a number of security reports we get and as a >> result we make Airflow more and more secure and it would be nice to both - >> summarize in the newsletter to get people aware of those and to also give >> credits to all those security researchers who help to make Airflow secure? >> >> J. >> >> On Tue, Feb 28, 2023 at 10:16 PM John Thomas >> <[email protected]> wrote: >> >>> >>> View this email in your browser >>> <https://mailchi.mp/8323040454bf/apache-airflow-newsletter-february-2023?e=ece21dcc4d> >>> >>> As we come into the new year, events are picking up. Last month we had >>> airflow meetups in four cities worldwide, and another three coming in >>> March. Be sure to keep an eye out for any in your local area to spend an >>> afternoon with interesting talks and engaging company! >>> >>> >>> Also of note is the temporary removal of Airflow documentation for >>> versions older than 1.10.15. This was done as a stopgap measure, freeing up >>> space to ensure current versions can still build as we release new versions >>> of core and of the providers. Read more in the discussion on the devlist. >>> >>> >>> As always, thanks for reading, and we’ll see you next month! >>> >>> - >>> >>> February 28: Bay Area Apache Airflow Meetup >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=8aec804463&e=ece21dcc4d> >>> (TONIGHT), >>> San Francisco event >>> - >>> >>> March 1: Writing DAGs with Apache Airflow >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=3e8bd11ef7&e=ece21dcc4d>, >>> Workshop, San Francisco event >>> - >>> >>> March 1-2: Subsurface Live >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=16654dd38e&e=ece21dcc4d>, >>> Online Conference >>> - >>> >>> March 7: How to test your Airflow DAGs with dag.test() >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=3134cf3e11&e=ece21dcc4d>, >>> Webinar >>> - >>> >>> March 7: MLOps with Airflow >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=06c00a591a&e=ece21dcc4d>, >>> New York City event >>> - >>> >>> March 8-9: Big Data & AI World >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=6ac32a9a48&e=ece21dcc4d>, >>> London Conference >>> - >>> >>> March 13-14: FOSS Backstage >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=49be075f0d&e=ece21dcc4d>, >>> Berlin & Online Conference >>> - >>> >>> March 16: Tokyo Apache Airflow Meetup >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=de4ee925c0&e=ece21dcc4d>, >>> Tokyo event >>> - >>> >>> March 28-30: Data Council Austin >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=b8810d0db5&e=ece21dcc4d>, >>> Austin Conference >>> - >>> >>> March 28-30: Big Data Tech Warsaw Summit >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=a0674c0de1&e=ece21dcc4d>, >>> Warsaw & Online Conference >>> >>> >>> - >>> >>> February 7: The Airflow Templates VS Code Extension >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=9ee075e085&e=ece21dcc4d>, >>> Webinar >>> - >>> >>> February 7: DC Area Apache Airflow Meetup >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=b1921680dc&e=ece21dcc4d>, >>> DC event >>> - >>> >>> February 8: Portland Apache Airflow Meetup >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=88cc29ac16&e=ece21dcc4d>, >>> Portland event >>> - >>> >>> February 14: Simplified DAG Authoring with New Airflow Features >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=d4f859db79&e=ece21dcc4d>, >>> Webinar >>> - >>> >>> February 27: London Apache Airflow Meetup >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=a92ff58a10&e=ece21dcc4d>, >>> London event >>> - >>> >>> February 21: Paris Apache Airflow Meetup >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=c97f003a95&e=ece21dcc4d>, >>> Paris event >>> - >>> >>> February 21: How to Save Money using Airflow’s asynchronous Azure >>> operators >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=f6bdbec36c&e=ece21dcc4d>, >>> Webinar >>> >>> With (almost) Unanimous consensus, PR of the month goes to#27758 >>> >>> >>> @dstandish >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=800fcbfcc2&e=ece21dcc4d> >>> #27758 Enable trigger logging in webserver >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=e0b77e9445&e=ece21dcc4d> >>> >>> A long time coming, this allows triggers to write to the webserver logs, >>> making everyone’s life much easier >>> >>> (also a shoutout to Jed for nominating this PR using the #protm tag in >>> the PR comments!) >>> >>> - >>> >>> “Automating Salesforce ETL and Email Reports with Airflow >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=c62c550826&e=ece21dcc4d>,” >>> Juan Rosario >>> - >>> >>> “Airflow and SIGTERM >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=643837d772&e=ece21dcc4d>,” >>> Amit Rathore >>> - >>> >>> “Celery Executor on Airflow >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=6c3d23d121&e=ece21dcc4d>,” >>> Lucas Fonseca >>> - >>> >>> “Orchestrate Airflow DAGs to run PySpark on EMR Serverless >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=7f914810e8&e=ece21dcc4d>,” >>> Hasan >>> - >>> >>> “Managing Airflow Resources The IaC Way With Terraform >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=e4ec1bfb2e&e=ece21dcc4d>,” >>> Ilia Lazebnik >>> - >>> >>> “DAG-Dependency Patterns in Composer Multi-cluster environment >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=c042fbf720&e=ece21dcc4d>,” >>> Akanksha Khushboo and Bipin Upadhyaya >>> - >>> >>> “How to Put an ML Model into Production - Part 4: Developing, >>> Scheduling, and Monitoring Batch-Oriented Workflows with Apache Airflow >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=5bbd243688&e=ece21dcc4d>,” >>> H. Serdar Altan >>> >>> >>> - >>> >>> Votes: >>> - >>> >>> Release Airflow Python Client 2.5.1 from 2.5.1rc1 [accepted] >>> - >>> >>> Release Airflow Go Client 2.5.0 from 2.5.0rc1 [accepted] >>> - >>> >>> Release Apache Airflow Helm Chart 1.8.0 based on 1.8.0rc1 >>> [accepted] >>> - >>> >>> Release Airflow Providers prepared on February 08, 2023 [accepted] >>> - >>> >>> Finalising approach for displaying non-ascii characters in DAG >>> display name (Issue 22073) [inconclusive] >>> - >>> >>> AIP-53 OpenLineage in Airflow [accepted] >>> - >>> >>> Airflow Providers prepared on February 18, 2023 [accepted] >>> - >>> >>> Move K8S / Celery (and related) executors to respective providers >>> [accepted] >>> - >>> >>> Discussed: >>> - >>> >>> Deprecate auto cleanup RenderedTaskInstanceFields and decouple >>> k8s_pod_yaml >>> - >>> >>> Assessing what is a breaking change for Airflow (SemVer context) >>> [cont] [cont] >>> - >>> >>> Move K8S and Celery Executors (and related) to respective >>> providers? >>> - >>> >>> Set further policies for triaging issues >>> - >>> >>> Seeking Feedback for Airflow Multi-Tenant Model Proposal >>> - >>> >>> Announced: >>> - >>> >>> [Urgent] Remove old versions of Airflow docs (<1.10.15) as >>> stop-gap measure for doc builds >>> >>> >>> - >>> >>> Airflow Helm Chart 1.9.0 >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=a3f4450b3b&e=ece21dcc4d> >>> - >>> >>> Airflow 2.5.2 >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=a7990b5105&e=ece21dcc4d> >>> - >>> >>> Airflow 2.6.0 >>> >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=c0e6a66799&e=ece21dcc4d> >>> >>> Please subscribe to this newsletter to ensure you always receive the >>> latest issue: http://eepurl.com/hXUA3r >>> <https://apache.us14.list-manage.com/track/click?u=fe7ef7a8dbb32933f30a10466&id=75214d8c0e&e=ece21dcc4d> >>> . >>> >>> >>> Know of an upcoming event or publication the community should know >>> about? Let me know at [email protected]. >>> >>> >>>
