[ANNOUNCE] Apache Airflow Providers prepared on May 12, 2024 are released

/10.1.0/ https://pypi.org/project/apache-airflow-providers-tabular/1.5.1/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on May 01, 2024 are released

/ https://pypi.org/project/apache-airflow-providers-vertica/3.8.0/ https://pypi.org/project/apache-airflow-providers-weaviate/1.4.0/ https://pypi.org/project/apache-airflow-providers-yandex/3.11.0/ https://pypi.org/project/apache-airflow-providers-zendesk/4.7.0/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on April 16, 2024 are released

list of released PyPI packages: https://pypi.org/project/apache-airflow-providers-cncf-kubernetes/8.1.1/ https://pypi.org/project/apache-airflow-providers-databricks/6.3.0/ https://pypi.org/project/apache-airflow-providers-fab/1.0.4/ Cheers, Elad Kalif

CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context

Severity: low Affected versions: - Apache Airflow FTP Provider before 3.7.0 Description: Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing

[ANNOUNCE] Apache Airflow Providers prepared on April 13, 2024 are released

list of released PyPI packages: https://pypi.org/project/apache-airflow-providers-yandex/3.10.0/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on April 10, 2024 are released

/apache-airflow-providers-sftp/4.9.1/ https://pypi.org/project/apache-airflow-providers-slack/8.6.2/ https://pypi.org/project/apache-airflow-providers-snowflake/5.4.0/ https://pypi.org/project/apache-airflow-providers-weaviate/1.3.4/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on March 04, 2024 are released

/project/apache-airflow-providers-trino/5.6.3/ https://pypi.org/project/apache-airflow-providers-weaviate/1.3.3/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on February 23, 2024 are released

. Full list of released PyPI packages: https://pypi.org/project/apache-airflow-providers-teradata/2.0.0/ Cheers, Elad Kalif

CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo

Severity: low Affected versions: - Apache Airflow Mongo Provider 1.0.0 before 4.0.0 Description: When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to

[ANNOUNCE] Apache Airflow Providers prepared on February 19, 2024 are released

. Full list of released PyPI packages: https://pypi.org/project/apache-airflow-providers-cncf-kubernetes/8.0.0/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on February 17, 2024 are released

. Full list of released PyPI packages: https://pypi.org/project/apache-airflow-providers-amazon/8.18.0/ https://pypi.org/project/apache-airflow-providers-common-sql/1.11.0/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on February 12, 2024 are released

/project/apache-airflow-providers-weaviate/1.3.2/ https://pypi.org/project/apache-airflow-providers-yandex/3.9.0/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on January 30, 2024 are released

. Full list of released PyPI packages: https://pypi.org/project/apache-airflow-providers-microsoft-azure/9.0.0/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on January 07, 2024 are released

/project/apache-airflow-providers-opsgenie/5.5.0/ https://pypi.org/project/apache-airflow-providers-pagerduty/3.6.0/ https://pypi.org/project/apache-airflow-providers-redis/3.6.0/ https://pypi.org/project/apache-airflow-providers-samba/4.5.0/ Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on December 08, 2023 are released

. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on November 24, 2023 are released

/apache-airflow-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on November 08, 2023 are released

the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on November 08, 2023 are released

/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on October 28, 2023 are released

/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-46215: Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Severity: moderate Affected versions: - Apache Airflow Celery provider 3.3.0 through 3.4.0 - Apache Airflow 1.10.0 before 2.7.0 Description: Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear

[ANNOUNCE] Apache Airflow Providers prepared on October 18, 2023 are released

can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on October 13, 2023 are released

-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on September 14, 2023 are released

The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on September 12, 2023 are released

-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-41267: Apache HDFS Provider error message suggested installation of incorrect pip package

Severity: low Affected versions: - Apache Airflow HDFS Provider before 4.1.1 Description: In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation  info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could

[ANNOUNCE] Apache Airflow Providers prepared on September 08, 2023 are released

The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on August 29, 2023 are released

://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on August 26, 2023 are released

PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE

Severity: moderate Affected versions: - Apache Airflow Spark Provider before 4.1.3 Description: Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark

CVE-2023-27604: Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability

Severity: moderate Affected versions: - Apache Airflow Sqoop Provider before 4.0.0 Description: Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks

CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC

Severity: moderate Affected versions: - Apache Airflow Spark Provider before 4.1.3 Description: Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to

Re: CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability

Also want to credit id_No2015429 of 3H Security Team for this report of the same issue. On 2023/08/11 04:57:45 Elad Kalif wrote: > Severity: moderate > > Affected versions: > > - Apache Airflow Drill Provider before 2.4.3 > > Description: > > Improper Input Validat

[ANNOUNCE] Apache Airflow Providers prepared on August 11, 2023 are released

://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability

Severity: moderate Affected versions: - Apache Airflow Drill Provider before 2.4.3 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass

[ANNOUNCE] Apache Airflow Providers prepared on August 09, 2023 are released

-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on August 08, 2023 are released

-airflow-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on are released

/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on July 29, 2023 are released

/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on July 17, 2023 are released

-airflow-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on July 12, 2023 are released

://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-37415: Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user

Severity: moderate Affected versions: - Apache Airflow Apache Hive Provider before 6.1.2 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also

[ANNOUNCE] Airflow Providers prepared on July 09, 2023 are released

-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on July 06, 2023 are released

-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-35797: Apache Airflow Hive Provider Beeline RCE with Principal

Severity: moderate Affected versions: - Apache Airflow Apache Hive Provider before 6.1.1 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1

CVE-2023-35798: Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability

Severity: low Affected versions: - Apache Airflow ODBC Provider before 4.0.0 - Apache Airflow MSSQL Provider before 3.4.1 Description: Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This 

CVE-2023-22886: Apache Airflow JDBC Provider: RCE Vulnerability

Severity: low Affected versions: - Apache Airflow JDBC Provider before 4.0.0 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it

CVE-2023-34395: Apache Airflow ODBC Provider: Remote code execution vulnerability

Severity: moderate Affected versions: - Apache Airflow ODBC Provider before 4.0.0 Description: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation

[ANNOUNCE] Airflow Providers prepared on June 20, 2023 are released

/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-35005: Apache Airflow: Information disclosure on configuration view

Severity: low Affected versions: - Apache Airflow 2.5.0 before 2.6.2 Description: In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only

[ANNOUNCE] Apache Airflow 2.6.2 Released

here for more details: https://airflow.apache.org/docs/apache-airflow/2.6.2/release_notes.html Container images are published at: https://hub.docker.com/r/apache/airflow/tags/?page=1=2.6.2 Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on May 24, 2023 are released

://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Severity: low Affected versions: - Apache Airflow CNCF Kubernetes Provider 5.0.0 through 6.1.0 Description: Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit

[ANNOUNCE] Airflow Providers prepared on May 19, 2023 are released

/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on April 21, 2023 are released

://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on April 12, 2023 are released

from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on April 09, 2023 are released

The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on April 02, 2023 are ready

-airflow-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on March 07, 2023 are released

-providers/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on March 03, 2023 released

can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on February 18, 2023 are ready

/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Apache Airflow Providers prepared on February 08, 2023 released

://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers prepared on January 23, 2023 are ready

The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers released on January 14, 2023 are ready

-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers released on Janurary 02, 2023 released

/installing-from-sources You can install the providers via PyPI: https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif

[ANNOUNCE] Airflow Providers released on December 14, 2022 are ready

-pypi The documentation is available at https://airflow.apache.org/docs/ and linked from the PyPI packages. Cheers, Elad Kalif