You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Kaxil Naik (JIRA)" <ji...@apache.org> on 2018/09/29 08:55:00 UTC
[jira] [Updated] (AIRFLOW-2592) Bump Bleach dependency to address
CVE-2018-7753
[ https://issues.apache.org/jira/browse/AIRFLOW-2592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kaxil Naik updated AIRFLOW-2592:
--------------------------------
Fix Version/s: (was: 2.0.0)
1.10.1
> Bump Bleach dependency to address CVE-2018-7753
> -----------------------------------------------
>
> Key: AIRFLOW-2592
> URL: https://issues.apache.org/jira/browse/AIRFLOW-2592
> Project: Apache Airflow
> Issue Type: Task
> Reporter: Jan
> Assignee: Christian Trebing
> Priority: Major
> Fix For: 1.10.1
>
>
> CVE-2018-7753 was reported for bleach versions <= 2.1.2.
> [https://nvd.nist.gov/vuln/detail/CVE-2018-7753]
> CVE description: An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)