You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Souvik Ghosh (Jira)" <ji...@apache.org> on 2019/09/11 14:36:00 UTC

[jira] [Created] (AIRFLOW-5458) Flask-AppBuilder shows critical security vulnerability

Souvik Ghosh created AIRFLOW-5458:
-------------------------------------

             Summary: Flask-AppBuilder shows critical security vulnerability
                 Key: AIRFLOW-5458
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-5458
             Project: Apache Airflow
          Issue Type: Wish
          Components: dependencies
    Affects Versions: 1.10.5
            Reporter: Souvik Ghosh
             Fix For: 1.10.6


Hello,

our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the setup.py of airflow with restrictions. I am wondering if it can be moved to 2.0.0 where no vulnerability is reported.

 

Thanks for your help



--
This message was sent by Atlassian Jira
(v8.3.2#803003)