You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/09/26 21:00:59 UTC
[GitHub] [airflow] montgomery-marcus-solute opened a new issue, #26686: swagger-ui version causes security findings
montgomery-marcus-solute opened a new issue, #26686:
URL: https://github.com/apache/airflow/issues/26686
### Apache Airflow version
2.4.0
### What happened
My organization scanned a container running airflow 2.4.0 and found the following vulnerabilities, all related to swagger-ui, fixed in the swagger-ui version next to the link for the vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2019-17495 >= 3.23.11
https://nvd.nist.gov/vuln/detail/CVE-2018-25031 >= 4.1.3
https://github.com/advisories/GHSA-388g-jwpg-x6j4 >= 3.0.13
https://github.com/advisories/GHSA-x9p2-fxq6-2m5f >= 3.18.0
https://github.com/advisories/GHSA-4f9m-pxwh-68hg >= 3.20.9
https://github.com/advisories/GHSA-qrmm-w75w-3wpx >= 4.1.3
### What you think should happen instead
If possible, please update the swagger-ui version used in airflow to the latest or at least version 4.1.3 or greater.
### How to reproduce
_No response_
### Operating System
ubi8
### Versions of Apache Airflow Providers
_No response_
### Deployment
Other Docker-based deployment
### Deployment details
_No response_
### Anything else
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on issue #26686: swagger-ui version causes security findings
Posted by GitBox <gi...@apache.org>.
uranusjr commented on issue #26686:
URL: https://github.com/apache/airflow/issues/26686#issuecomment-1259060645
This sounds like an important issue to you. Do you want to submit a pull request?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #26686: swagger-ui version causes security findings
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #26686:
URL: https://github.com/apache/airflow/issues/26686#issuecomment-1258626966
Thanks for opening your first issue here! Be sure to follow the issue template!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk closed issue #26686: swagger-ui version causes security findings
Posted by GitBox <gi...@apache.org>.
potiuk closed issue #26686: swagger-ui version causes security findings
URL: https://github.com/apache/airflow/issues/26686
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org