[jira] [Commented] (AIRFLOW-2592) Bump Bleach dependency to address CVE-2018-7753
[ https://issues.apache.org/jira/browse/AIRFLOW-2592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16601388#comment-16601388 ] Apache Spark commented on AIRFLOW-2592: --- User 'ctrebing' has created a pull request for this issue: https://github.com/apache/incubator-airflow/pull/3524 > Bump Bleach dependency to address CVE-2018-7753 > --- > > Key: AIRFLOW-2592 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2592 > Project: Apache Airflow > Issue Type: Task >Reporter: Jan >Assignee: Christian Trebing >Priority: Major > Fix For: 2.0.0 > > > CVE-2018-7753 was reported for bleach versions <= 2.1.2. > [https://nvd.nist.gov/vuln/detail/CVE-2018-7753] > CVE description: An issue was discovered in Bleach 2.1.x before 2.1.3. > Attributes that have URI values weren't properly sanitized if the values > contained character entities. Using character entities, it was possible to > construct a URI value with a scheme that was not allowed that would slide > through unsanitized. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRFLOW-2592) Bump Bleach dependency to address CVE-2018-7753
[ https://issues.apache.org/jira/browse/AIRFLOW-2592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16518436#comment-16518436 ] ASF subversion and git services commented on AIRFLOW-2592: -- Commit 8622046783d4fb5c938daeca4fc294cfe1540ff0 in incubator-airflow's branch refs/heads/master from [~ctrebing] [ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=8622046 ] [AIRFLOW-2592] Bump bleach dependency Bleach dependency is updated to 2.1.3 to address CVE-2018-7753 Closes #3524 from ctrebing/AIRFLOW-2592-bump- bleach-dependency > Bump Bleach dependency to address CVE-2018-7753 > --- > > Key: AIRFLOW-2592 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2592 > Project: Apache Airflow > Issue Type: Task >Reporter: Jan >Assignee: Christian Trebing >Priority: Major > Fix For: 2.0.0 > > > CVE-2018-7753 was reported for bleach versions <= 2.1.2. > [https://nvd.nist.gov/vuln/detail/CVE-2018-7753] > CVE description: An issue was discovered in Bleach 2.1.x before 2.1.3. > Attributes that have URI values weren't properly sanitized if the values > contained character entities. Using character entities, it was possible to > construct a URI value with a scheme that was not allowed that would slide > through unsanitized. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRFLOW-2592) Bump Bleach dependency to address CVE-2018-7753
[ https://issues.apache.org/jira/browse/AIRFLOW-2592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16518435#comment-16518435 ] ASF subversion and git services commented on AIRFLOW-2592: -- Commit 8622046783d4fb5c938daeca4fc294cfe1540ff0 in incubator-airflow's branch refs/heads/master from [~ctrebing] [ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=8622046 ] [AIRFLOW-2592] Bump bleach dependency Bleach dependency is updated to 2.1.3 to address CVE-2018-7753 Closes #3524 from ctrebing/AIRFLOW-2592-bump- bleach-dependency > Bump Bleach dependency to address CVE-2018-7753 > --- > > Key: AIRFLOW-2592 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2592 > Project: Apache Airflow > Issue Type: Task >Reporter: Jan >Assignee: Christian Trebing >Priority: Major > Fix For: 2.0.0 > > > CVE-2018-7753 was reported for bleach versions <= 2.1.2. > [https://nvd.nist.gov/vuln/detail/CVE-2018-7753] > CVE description: An issue was discovered in Bleach 2.1.x before 2.1.3. > Attributes that have URI values weren't properly sanitized if the values > contained character entities. Using character entities, it was possible to > construct a URI value with a scheme that was not allowed that would slide > through unsanitized. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRFLOW-2592) Bump Bleach dependency to address CVE-2018-7753
[ https://issues.apache.org/jira/browse/AIRFLOW-2592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16517965#comment-16517965 ] Christian Trebing commented on AIRFLOW-2592: Pull request is: [https://github.com/apache/incubator-airflow/pull/3524] > Bump Bleach dependency to address CVE-2018-7753 > --- > > Key: AIRFLOW-2592 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2592 > Project: Apache Airflow > Issue Type: Task >Reporter: Jan >Assignee: Christian Trebing >Priority: Major > > CVE-2018-7753 was reported for bleach versions <= 2.1.2. > [https://nvd.nist.gov/vuln/detail/CVE-2018-7753] > CVE description: An issue was discovered in Bleach 2.1.x before 2.1.3. > Attributes that have URI values weren't properly sanitized if the values > contained character entities. Using character entities, it was possible to > construct a URI value with a scheme that was not allowed that would slide > through unsanitized. -- This message was sent by Atlassian JIRA (v7.6.3#76005)