Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart 1.13.1
The source release, as well as the "binary" Helm Chart release, are available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.13.1/installing-helm-chart-from-sources.html
Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart 1.11.0
The source release, as well as the "binary" Helm Chart release, are available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.11.0/installing-helm-chart-from-sources.html
Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart 1.10.0
The source release, as well as the "binary" Helm Chart release, are available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.10.0/installing-helm-chart-from-sources.html
Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart 1.9.0
The source release, as well as the "binary" Helm Chart release, are available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.9.0/installing-helm-chart-from-sources.html
Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart 1.8.0
The source release, as well as the "binary" Helm Chart release, are available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.8.0/installing-helm-chart-from-sources.html
Description:
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the
webserver's `/login` endpoint.
Credit:
The Apache Airflow PMC would like to thank Bugra Eskici for reporting this
issue.
References:
https://github.com/apache/airflow/pull/27576
Description:
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the
webserver's `/confirm` endpoint.
Credit:
The Apache Airflow PMC would like to thank Axel Chong (@Haxatron)
[https://hackerone.com/haxatron1] for reporting this issue.
References:
Description:
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen
was susceptible to XSS attacks via the `origin` query argument.
Credit:
The Apache Airflow PMC would like to thank id_No2015429 of 3H Security Team for
reporting this issue.
References:
Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart
1.7.0
The source release, as well as the "binary" Helm Chart release, are
available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.7.0/installing-helm-chart-from-sources.html
Description:
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent
an already authenticated user from being able to continue using the UI or API.
Credit:
The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) for reporting
this issue.
References:
Dear community,
I'm happy to announce that Airflow 2.4.1 was just released.
The released sources and packages can be downloaded via
https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-sources.html
Other installation methods are described in
Description:
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the
webserver's `/confirm` endpoint.
Credit:
The Apache Airflow PMC would like to thank Konstantin Weddige (Lutra Security)
for reporting this issue.
References:
https://github.com/apache/airflow/pull/26409
Description:
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily
formatted, allowing for possible information extraction.
Credit:
The Apache Airflow PMC would like to thank L3yx of Syclover Security Team for
reporting this issue.
References:
Description:
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous
Airflow components when running with the `--deamon` flag which could result in
a race condition giving world-writable files in the Airflow home directory and
allowing local users to expose arbitrary
Description:
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver
session backend was susceptible to session fixation.
Credit:
The Apache Airflow PMC would like to thank Kai Zhao for reporting this issue.
Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart 1.6.0
The source release, as well as the "binary" Helm Chart release, are available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.6.0/installing-helm-chart-from-sources.html
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages were just
released.
https://pypi.org/project/apache-airflow-providers-cncf-kubernetes/4.0.1/
The source release, as well as the binary releases, are available here:
Dear community,
I'm happy to announce that Airflow 2.2.4 was just released.
The released sources and packages can be downloaded via
https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-sources.html
Other installation methods are described in
Severity: high
Description:
It was discovered that the "Trigger DAG with config" screen was susceptible to
XSS attacks via the `origin` query argument.
This issue affects Apache Airflow versions 2.2.3 and below.
Credit:
The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the
Severity: high
Description:
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly
sanitize user-provided params, making them susceptible to OS Command Injection
from the web UI.
Mitigation:
This can be mitigated by ensuring `[core] load_examples` is set to `False`.
Dear community,
I am pleased to announce that we have released Apache Airflow Helm chart 1.4.0
The source release, as well as the "binary" Helm Chart release, are available:
Official Sources:
https://airflow.apache.org/docs/helm-chart/1.4.0/installing-helm-chart-from-sources.html
Dear community,
I'm happy to announce that Airflow 2.2.3 was just released.
The released sources and packages can be downloaded via
https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-sources.html
Other installation methods are described in
Dear community,
I'm happy to announce that Airflow 2.2.1 was just released.
The released sources and packages can be downloaded via
https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-sources.html
Other installation methods are described in
23 matches
Mail list logo