airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "t oo (Jira)" <j...@apache.org>
Subject [jira] [Commented] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability
Date Wed, 11 Sep 2019 21:31:00 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16928014#comment-16928014
] 

t oo commented on AIRFLOW-5458:
-------------------------------

wait till they see:
|{color:#000000}AIRFLOW-4180{color}|
|{color:#000000}AIRFLOW-4065{color}|
|{color:#000000}AIRFLOW-4183{color}|
|{color:#000000}AIRFLOW-4178{color}|
|{color:#000000}AIRFLOW-4181{color}|
|{color:#000000}AIRFLOW-4186{color}|
|{color:#000000}AIRFLOW-4445{color}|
|{color:#000000}AIRFLOW-4185{color}|
|{color:#000000}AIRFLOW-5454{color}|
|{color:#000000}AIRFLOW-4176{color}|
|{color:#000000}AIRFLOW-4179{color}|

> Flask-AppBuilder shows critical security vulnerability
> ------------------------------------------------------
>
>                 Key: AIRFLOW-5458
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-5458
>             Project: Apache Airflow
>          Issue Type: Wish
>          Components: dependencies
>    Affects Versions: 1.10.5
>            Reporter: Souvik Ghosh
>            Priority: Major
>             Fix For: 1.10.6
>
>
> Hello,
> our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 with a CVE
9.8 and recommend us to move the version > 2.0. Since it is in the setup.py of airflow
with restrictions. I am wondering if it can be moved to 2.0.0 where no vulnerability is reported.
>  
> Thanks for your help



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message