kaxil commented on code in PR #51639:
URL: https://github.com/apache/airflow/pull/51639#discussion_r2143025828


##########
RELEASE_NOTES.rst:
##########
@@ -3136,17 +3136,6 @@ 
https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.ht
 It is strongly advised to **not** enable the feature until you make sure that 
only
 highly trusted UI/API users have "edit connection" permissions.
 
-The ``xcomEntries`` API disables support for the ``deserialize`` flag by 
default (#32176)
-"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-For security reasons, the ``/dags/*/dagRuns/*/taskInstances/*/xcomEntries/*``
-API endpoint now disables the ``deserialize`` option to deserialize arbitrary
-XCom values in the webserver. For backward compatibility, server admins may set
-the ``[api] enable_xcom_deserialize_support`` config to *True* to enable the
-flag and restore backward compatibility.
-
-However, it is strongly advised to **not** enable the feature, and perform
-deserialization at the client side instead.
-

Review Comment:
   We should revert the change to release notes



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to