[jira] [Updated] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Souvik Ghosh updated AIRFLOW-5458: -- Issue Type: Bug (was: Wish) > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Bug > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.6 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16928023#comment-16928023 ] Souvik Ghosh commented on AIRFLOW-5458: --- wow :O > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Wish > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.6 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Created] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
Souvik Ghosh created AIRFLOW-5458: - Summary: Flask-AppBuilder shows critical security vulnerability Key: AIRFLOW-5458 URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 Project: Apache Airflow Issue Type: Wish Components: dependencies Affects Versions: 1.10.5 Reporter: Souvik Ghosh Fix For: 1.10.6 Hello, our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the setup.py of airflow with restrictions. I am wondering if it can be moved to 2.0.0 where no vulnerability is reported. Thanks for your help -- This message was sent by Atlassian Jira (v8.3.2#803003)