You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Ash Berlin-Taylor (Jira)" <ji...@apache.org> on 2019/12/18 10:09:00 UTC
[jira] [Resolved] (AIRFLOW-5458) Flask-AppBuilder shows critical
security vulnerability
[ https://issues.apache.org/jira/browse/AIRFLOW-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ash Berlin-Taylor resolved AIRFLOW-5458.
----------------------------------------
Resolution: Fixed
> Flask-AppBuilder shows critical security vulnerability
> ------------------------------------------------------
>
> Key: AIRFLOW-5458
> URL: https://issues.apache.org/jira/browse/AIRFLOW-5458
> Project: Apache Airflow
> Issue Type: Bug
> Components: dependencies
> Affects Versions: 1.10.5
> Reporter: Souvik Ghosh
> Priority: Major
> Fix For: 1.10.7
>
>
> Hello,
> our security team has detected a vulnerability for Flask-AppBuilder<2.0.0 with a CVE 9.8 and recommend us to move the version > 2.0. Since it is in the setup.py of airflow with restrictions. I am wondering if it can be moved to 2.0.0 where no vulnerability is reported.
>
> Thanks for your help
--
This message was sent by Atlassian Jira
(v8.3.4#803005)