You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/06/05 15:29:55 UTC

[GitHub] [airflow] potiuk commented on pull request #24201: Airflow UI fix vulnerabilities - Prototype Pollution

potiuk commented on PR #24201:
URL: https://github.com/apache/airflow/pull/24201#issuecomment-1146834476

   BTW. If there are serious vulnerabilities the pointers to them should not be disclosed publickly. We have the ASF security Policy and unless the vulnerabilities are public they should be announced in Private. Please DON't explain it here @chethanuk-plutoflume  if this is an undisclosed vulnerability (and in the future avoid to mention vulnerability in the PR description). This makes it easier for bad actors to exploit the vulnerabilities and we do not want to make it easier for them.
   
   If this is a public vulnerability - as of recently we have Depebdabot enabled for those and it should be raising an automated PR to fix them.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org