airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (AIRFLOW-3295) Potential Security Issue in DaskExecutor
Date Sat, 03 Nov 2018 07:37:00 GMT


ASF GitHub Bot commented on AIRFLOW-3295:

msumit closed pull request #4128: [AIRFLOW-3295] Fix potential security issue in DaskExecutor

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/airflow/executors/ b/airflow/executors/
index 23c0b636b6..80527a2512 100644
--- a/airflow/executors/
+++ b/airflow/executors/
@@ -49,6 +49,7 @@ def start(self):
+                require_encryption=True,
             security = None


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

> Potential Security Issue in DaskExecutor
> ----------------------------------------
>                 Key: AIRFLOW-3295
>                 URL:
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: executor
>    Affects Versions: 1.10.0
>            Reporter: Xiaodong DENG
>            Assignee: Xiaodong DENG
>            Priority: Critical
> When user decide to use SSL encryption for DaskExecutor communications, `Distributed.Security`
object will be created.
> However, one argument (`require_encryption`) is missed to be set to `True` (its default
value is `False`). This may fail the SSL encryption setting-up.
> Current implementation: []
> Related Documentation:

This message was sent by Atlassian JIRA

View raw message