Please find below the information about a vulnerability which has been
addressed in Apache Airflow 2.1.0.
Description: Allows for a non authenticated user to enumerate
existing accounts by timing the response time from the server when you
are logging in.
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The source release, as well as the binary releases for all Providers
are available here:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-sources
The Amazon
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
* apache-airflow-providers-amazon 2.5.0
* apache-airflow-providers-apache-druid 2.1.0
* apache-airflow-providers-apache-hdfs 2.2.0
* apache-airflow-providers-apache-hive 2.1.0
*
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
were just released (18 packages in total were released in this wave).
The source release, as well as the binary releases, are available here:
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
Those are cncf.kubernetes 3.0.1, sftp 2.4.1. It was an ad-hoc release
as follow-up from the December one.
The source release, as well as the binary releases, are available here:
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The source release, as well as the binary releases, are available here:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-sources
You can install the
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The source release, as well as the binary releases, are available here:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-sources
You can install the
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The source release, as well as the binary releases, are available here:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-sources
You can install the
I'm happy to announce that new versions of Airflow Providers packages
were just released.
Those are mostly released to rectify the problem with accidentally
adding gitpython and wheel as dependency for all providers (but there
are also a few bugfixes - notably cncf.kubernetes and elasticsearch
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The source release, as well as the binary releases, are available here:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-sources
You can install the
I'm happy to announce that new versions of Airflow Providers packages
were just released.
Those are mostly released to rectify the problem with accidentally
adding gitpython and wheel as dependency for all providers (but there
are also a few bugfixes - notably cncf.kubernetes and elasticsearch
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The source release, as well as the binary releases, are available here:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-sources
You can install the
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The mission of Apache Airflow is the creation and maintenance of software
related to workflow automation and scheduling that can be used to author and
manage data pipelines. Airflow
Severity: low
Affected versions:
- Apache Airflow 2.4.0 before 2.7.0
Description:
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.
Sensitive configuration information has been exposed to
Dear Community,
I'm happy to announce that new versions of Airflow Provider packages
were just released.
The mission of Apache Airflow is the creation and maintenance of software
related to workflow automation and scheduling that can be used to author and
manage data pipelines. Airflow Providers
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The mission of Apache Airflow is the creation and maintenance of software
related to workflow automation and scheduling that can be used to author and
manage data pipelines. Airflow
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
This is an ad-hoc release of an important bug-fix version of 8.1.0
google provider and linked 3.1.0 oracle provider only.
The source release, as well as the binary releases, are
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
The mission of Apache Airflow is the creation and maintenance of software
related to workflow automation and scheduling that can be used to author and
manage data pipelines. Airflow
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
This is an ad-hoc release of providers that were removed from previous
release due to bugs found:
https://pypi.org/project/apache-airflow-providers-tabular/1.0.1/
Dear Airflow community,
I 'm happy to announce that new versions of Airflow Providers packages
were just released.
This is more than a regular set of providers. We released 41 providers
in total this month. Additionally to regular providers we released
first version of Tabular provider and
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released:
* common-sql: 1.1.0
* databricks: 3.2.0
This a follow up release with fixes of bugs in the RC candidates of
those providers found during testing.
The source release, as well as the
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
Those are two providers (google, slack) released with bug-fixes
applied to problems found in the previous wave of packages.
The source release, as well as the binary releases, are
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released:
This is a regular release of a number of providers:
* new major backwards-incompatible release of "amazon"
* renamed jira provider to "atlassian-jira" (starting at 1.0.0
version).
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
This is a regular bugfix release of a number of providers but there
are few notable ones:
* new major backwards-incompatible releases of amazon, presto, trino,
exasol, hive packages
Severity: moderate
Description:
Improper Neutralization of Special Elements used in a Command ('Command
Injection') vulnerability in Apache Software Foundation Apache Airflow Hive
Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.
Credit:
id_No2015429 of 3H Security Team
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
This was an ad-hoc release of three providers with bug-fixes necessary
to release Airflow 2.5.0 (also released today): exasol (4.1.2),
snowflake(4.0.2) and zendesk (4.2.0).
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
This was a special release - this is the first wave of Airflow 2.3+
only providers - all subsequent release will only be compatible with
Airflow 2.3 and you need to update to Airflow
Dear Airflow community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
This is a follow-up release after the November release. Mostly it's
about fixing problems we found after release with common.sql provider
and its interaction with
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow
allows an attacker to read arbtrary files in the task execution context,
without write access to DAG files. This issue affects
Severity: moderate
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow
allows an attacker to control commands executed in the task execution context,
without write access to DAG
Severity: moderate
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows
an attacker to control commands executed in the task execution context, without
write access to DAG
Severity: moderate
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow
allows an attacker to execute arbtrary commands in the task execution context,
without write access to DAG
Just to add severity: moderate.
On Mon, Nov 21, 2022 at 9:41 PM Jarek Potiuk wrote:
>
> Description:
>
> Improper Neutralization of Special Elements used in an OS Command ('OS
> Command Injection') vulnerability in Apache Airflow Spark Provider, Apache
> Airflow allows a
Also we want to credit id_No2015429 of 3H Security Team for his
reports for the same issue.
J.
On Mon, Jan 23, 2023 at 12:25 PM Jarek Potiuk wrote:
>
> Also we want to credit id_No2015429 of 3H Security Team for his reports for
> the same issue.
>
> On Sat, Jan 21, 2023 a
Severity: important
Description:
Improper Neutralization of Special Elements used in a Command ('Command
Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache
Software Foundation Apache Airflow MySQL Provider.This issue affects Apache
Airflow: before 2.5.1; Apache
Severity: low
Description:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI
access who can trigger DAGs, to execute arbitrary commands via manually
provided run_id parameter. This issue affects Apache Airflow Apache Airflow
versions prior to 2.4.0.
Mitigation:
Severity: low
Description:
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked
secrets in rendered template values for tasks which were not executed (for
example when they were depending on past and previous instances of the task
failed). This issue affects Apache
Additional info:
Credit:
Apache Airflow PMC would like to thank James Srinivasan for reporting it.
On Mon, Nov 14, 2022 at 12:50 AM Jarek Potiuk wrote:
>
> Severity: low
>
> Description:
>
> A vulnerability in UI of Apache Airflow allows an attacker to view unmasked
>
Severity: low
Description:
Generation of Error Message Containing Sensitive Information vulnerability in
Apache Software Foundation Apache Airflow.This issue affects Apache Airflow:
before 2.5.2.
Credit:
kuteminh11 (finder)
References:
https://github.com/apache/airflow/pull/29501
Also we would like to credit Xie Jianming of Caiji Sec Team (finder of
the issue)
On Thu, Feb 23, 2023 at 6:16 PM Jarek Potiuk wrote:
>
> Severity: moderate
>
> Description:
>
> Improper Input Validation vulnerability in Apache Software Foundation Apache
> Airflow Googl
Severity: low
Description:
Improper Input Validation vulnerability in the Apache Airflow Google Provider.
This issue affects Apache Airflow Google Provider versions before 8.10.0.
Credit:
Xie Jianming of Caiji Sec Team (finder)
References:
https://github.com/apache/airflow/pull/29499
Severity: moderate
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache
Airflow Google Provider.This issue affects Apache Airflow Google Provider:
before 8.10.0.
References:
https://github.com/apache/airflow/pull/29497
https://airflow.apache.org/
Severity: moderate
Description:
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
Credit:
L3yx of Syclover Security Team (finder)
References:
https://github.com/apache/airflow/pull/29500
Severity: moderate
Description:
Improper Input Validation vulnerability in the Apache Airflow Hive Provider.
This issue affects Apache Airflow Hive Provider versions before 5.1.3.
Credit:
id_No2015429 of 3H Secruity Team (finder)
References:
https://github.com/apache/airflow/pull/29502
Severity: moderate
Description:
Generation of Error Message Containing Sensitive Information vulnerability in
the Apache Airflow AWS Provider.
This issue affects Apache Airflow AWS Provider versions before 7.2.1.
Credit:
Son Tran from VNPT - VCI (finder)
References:
Severity: low
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in
Apache Software Foundation Apache Airflow Hive Provider.This issue affects
Apache Airflow Hive Provider: before 6.0.0.
Credit:
sw0rd1ight of Caiji Sec Team and 4ra1n of Chaitin Tech (finder)
Severity: low
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache
Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before
4.0.1.
Credit:
Xie Jianming of Nsfocus (finder)
References:
https://github.com/apache/airflow/pull/30223
Severity: low
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache
Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before
2.3.2.
Credit:
Kai Zhao of 3H Secruity Team (finder)
References:
Severity: moderate
Affected versions:
- Apache Airflow before 2.6.0
Description:
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to
an Unauthorized Actor vulnerability in Apache Software Foundation Apache
Airflow.The "Run Task" feature enables authenticated user to
Severity: moderate
Affected versions:
- Apache Airflow before 2.6.0
Description:
Privilege Context Switching Error vulnerability in Apache Software Foundation
Apache Airflow.This issue affects Apache Airflow: before 2.6.0.
Credit:
ksw9...@naver.com (finder)
References:
Dear Community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
https://pypi.org/project/apache-airflow-providers-odbc/4.3.0/
https://pypi.org/project/apache-airflow-providers-docker/3.9.0/
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
prepared on 28th of December 2023 were just released. Full list of
PyPI packages released is added at the end of the message.
The source release, as well as the binary releases, are available here:
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
prepared on December 31, 2023
were just released. Full list of PyPI packages released is added at
the end of the message.
The source release, as well as the binary releases, are available here:
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
were just released.
There are 49 provider packages released this time. The full list
follows at the end.
The source release, as well as the binary releases, are available here:
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
prepared on January 26, 2024 were just released. Full list of PyPI
packages released is added at the end of the message.
The source release, as well as the binary releases, are available here:
CVE-2024-25128: Vulnerability in custom, long deprecated OpenID (NOT
OIDC) authentication method in Flask AppBuilder
Severity: moderate
Affected versions:
- Apache Airflow before 2.8.2
Description:
When Flask-AppBuilder configuration is set to ``AUTH_TYPE`` set to
``AUTH_OID``, it allows an
Severity: important
Affected versions:
- Apache Airflow 2.8.2 through 2.8.3
Description:
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue
affects Apache Airflow from 2.8.2 through 2.8.3.
Airflow's local file task handler in Airflow incorrectly set permissions
Dear community,
I'm happy to announce that new versions of Airflow Providers packages
prepared on March 25. 2024
were just released. Full list of PyPI packages released is added at
the end of the message.
The source release, as well as the binary releases, are available here:
58 matches
Mail list logo