You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2023/01/06 00:49:18 UTC

[GitHub] [airflow] AveraqeDev opened a new issue, #28761: CVE-2022-24439 & CVE-2022-23491

AveraqeDev opened a new issue, #28761:
URL: https://github.com/apache/airflow/issues/28761

   ### Apache Airflow version
   
   2.5.0
   
   ### What happened
   
   The constraints file is pointing to versions of `gitpython` and `certifi` that have CVEs attached to them.
   
   ### What you think should happen instead
   
   _No response_
   
   ### How to reproduce
   
   _No response_
   
   ### Operating System
   
   linux
   
   ### Versions of Apache Airflow Providers
   
   _No response_
   
   ### Deployment
   
   Official Apache Airflow Helm Chart
   
   ### Deployment details
   
   _No response_
   
   ### Anything else
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [X] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk closed issue #28761: CVE-2022-24439 & CVE-2022-23491

Posted by GitBox <gi...@apache.org>.

potiuk closed issue #28761: CVE-2022-24439 & CVE-2022-23491
URL: https://github.com/apache/airflow/issues/28761


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #28761: CVE-2022-24439 & CVE-2022-23491

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #28761:
URL: https://github.com/apache/airflow/issues/28761#issuecomment-1373225954

   We are not going to do anything about it for 2.5.0. This is not how Airflow constraints work.
   
   The constraints are frozen at the moment of release. If you wish to upgrade to new version of those dependencies, you are perfectly fine to do so. The constraint mechanism we have is only for initial installation of Airflow to be consistent, and our build and release process works in the way that we upgrade to latest versions automatically: for example https://github.com/apache/airflow/blob/constraints-main/constraints-3.7.txt are already pointed to latest versions of both gitpython and certifi and Airflow 2.5.1 will use those. 
   
   You are free to manually upgrade those dependencies if you are concerned about it (Airflow does not prevent you from doing so) or wait until Airflow 2.5.1 is released.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on issue #28761: CVE-2022-24439 & CVE-2022-23491

Posted by GitBox <gi...@apache.org>.

boring-cyborg[bot] commented on issue #28761:
URL: https://github.com/apache/airflow/issues/28761#issuecomment-1372989058

   Thanks for opening your first issue here! Be sure to follow the issue template!
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #28761: CVE-2022-24439 & CVE-2022-23491

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #28761:
URL: https://github.com/apache/airflow/issues/28761#issuecomment-1373283998

   BTW. I clarify the process for anyone who would have similar expectations as you had in this PR https://github.com/apache/airflow/pull/28762  - this will be merged and released in upcoming versions of  Airflow.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org