You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@airflow.apache.org by Jed Cunningham <je...@apache.org> on 2022/09/20 19:07:45 UTC
CVE fixes in Airflow 2.4.0 and Airflow 2.3.4
Hello everyone,
Airflow 2.4.0 and 2.3.4 contain fixes for the following CVEs (more details
on the dev list links).
Airflow 2.4.0:
CVE-2022-40754: Open Redirect
https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm
CVE-2022-40604: Format String Vulnerability
https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t
Airflow 2.3.4 (fixes are also in Airflow 2.4.0):
CVE-2022-38054: Session Fixation
https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb
CVE-2022-38170: Overly permissive umask for daemons
https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv
Thanks,
Jed