[ https://issues.apache.org/jira/browse/AIRFLOW-1007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arthur Wiedmer resolved AIRFLOW-1007. ------------------------------------- Resolution: Fixed Fix Version/s: 1.9.0 Issue resolved by pull request #2184 [https://github.com/apache/incubator-airflow/pull/2184] > Jinja sandbox is vulnerable to RCE > ---------------------------------- > > Key: AIRFLOW-1007 > URL: https://issues.apache.org/jira/browse/AIRFLOW-1007 > Project: Apache Airflow > Issue Type: Bug > Reporter: Alex Guziel > Assignee: Alex Guziel > Fix For: 1.9.0 > > > Right now, the jinja template functionality in chart_data takes arbitrary > strings and executes them. We should use the sandbox functionality to prevent > this. -- This message was sent by Atlassian JIRA (v6.3.15#6346)