You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/04/28 11:20:17 UTC

[GitHub] [airflow] potiuk edited a comment on issue #15570: Gunicorn dependency request smuggling vulnerability

potiuk edited a comment on issue #15570:
URL: https://github.com/apache/airflow/issues/15570#issuecomment-828373745


   > That is an inaccuracy in the CVE - 20.0.1 is when the fix arrived: https://github.com/benoitc/gunicorn/releases/tag/20.0.2
   
   Not reallly. The CVE is correct. The fix has been backported to 19.10.0 : https://github.com/benoitc/gunicorn/commit/93220898f523fa1098f3ee467f6f48530c9f5fbe
   
   
   You can see it when you take a look at differences between 19.9.0 and 19.10.0
   
   https://github.com/benoitc/gunicorn/compare/19.9.0...19.10.0


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org