[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17000369#comment-17000369 ] ASF subversion and git services commented on AIRFLOW-5458: -- Commit 923a03c90fc093d5ac7025d9378565999d793ceb in airflow's branch refs/heads/v1-10-test from Kaxil Naik [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=923a03c ] [AIRFLOW-5458] Pin Flask-AppBuilder < 2.0 for Py2 (#6607) > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Bug > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.7 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17000367#comment-17000367 ] ASF subversion and git services commented on AIRFLOW-5458: -- Commit 923a03c90fc093d5ac7025d9378565999d793ceb in airflow's branch refs/heads/v1-10-stable from Kaxil Naik [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=923a03c ] [AIRFLOW-5458] Pin Flask-AppBuilder < 2.0 for Py2 (#6607) > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Bug > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.7 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17000366#comment-17000366 ] ASF subversion and git services commented on AIRFLOW-5458: -- Commit 98308243e6912b675d186ffc67dd375bb5567334 in airflow's branch refs/heads/v1-10-stable from Kaxil Naik [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=9830824 ] [AIRFLOW-5458] Bump Flask-AppBuilder to 2.2.0 only for Python3 (#6607) > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Bug > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.7 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16999329#comment-16999329 ] ASF subversion and git services commented on AIRFLOW-5458: -- Commit e995313761c1be2fd0ad3101d66b28b005fcee57 in airflow's branch refs/heads/v1-10-test from Ash Berlin-Taylor [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=e995313 ] fixup! [AIRFLOW-5458] Bump Flask-AppBuilder to 2.2.0 (#6607) > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Bug > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.7 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16999007#comment-16999007 ] ASF subversion and git services commented on AIRFLOW-5458: -- Commit 47facb405485895694917d8ae407b925a57624b8 in airflow's branch refs/heads/master from Paul Vickers [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=47facb4 ] [AIRFLOW-5458] Bump Flask-AppBuilder to 2.2.0 (#6607) This might also fix AIRFLOW-5462 (OAuth login issue) Same fix as was required for Superset (https://github.com/apache/incubator-superset/issues/7739) > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Bug > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.7 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16991877#comment-16991877 ] jack commented on AIRFLOW-5458: --- I think there is open PR for this [https://github.com/apache/airflow/pull/6607] > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Bug > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.7 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16928023#comment-16928023 ] Souvik Ghosh commented on AIRFLOW-5458: --- wow :O > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Wish > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.6 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16928014#comment-16928014 ] t oo commented on AIRFLOW-5458: --- wait till they see: |{color:#00}AIRFLOW-4180{color}| |{color:#00}AIRFLOW-4065{color}| |{color:#00}AIRFLOW-4183{color}| |{color:#00}AIRFLOW-4178{color}| |{color:#00}AIRFLOW-4181{color}| |{color:#00}AIRFLOW-4186{color}| |{color:#00}AIRFLOW-4445{color}| |{color:#00}AIRFLOW-4185{color}| |{color:#00}AIRFLOW-5454{color}| |{color:#00}AIRFLOW-4176{color}| |{color:#00}AIRFLOW-4179{color}| > Flask-AppBuilder shows critical security vulnerability > -- > > Key: AIRFLOW-5458 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5458 > Project: Apache Airflow > Issue Type: Wish > Components: dependencies >Affects Versions: 1.10.5 >Reporter: Souvik Ghosh >Priority: Major > Fix For: 1.10.6 > > > Hello, > our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 > with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the > setup.py of airflow with restrictions. I am wondering if it can be moved to > 2.0.0 where no vulnerability is reported. > > Thanks for your help -- This message was sent by Atlassian Jira (v8.3.2#803003)