ddworken-sc opened a new pull request #4390: Fix 4 security vulnerabilities URL: https://github.com/apache/incubator-superset/pull/4390 As discussed with @mistercrunch privately, here are patches for 4 different security vulnerabilities. The fixed vulnerabilities are: 1. Code execution via yaml.load (fixed in 7e949ee) 2. Clickjacking to SQL execution in SQLLab (fixed in f113d2b) 3. XSS via chart descriptions (fixed in b6fcc22) 4. XSS via javascript link handler in markown (fixed in b6fcc22)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
