airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rui Wang <rui.w...@airbnb.com.INVALID>
Subject Xcom related security issue
Date Sat, 18 Feb 2017 00:07:00 GMT
Hi,

I created an JIRA issue: https://issues.apache.org/jira/browse/AIRFLOW-855.


The JIRA task above gives pretty rich context. Briefly speaking, PickleType
gives the possible that run code/command on remote machines. This type can
serialize objects, which is a wide scope. I am wondering what kind of use
cases you have for using Xcom and its PickleType. If the use cases show the
possibility that replacing PickleType with JSON type, the probably this
security issue can be solved by using JSON type instead,


Thanks,
Rui Wang

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message