potiuk commented on issue #52123: URL: https://github.com/apache/airflow/issues/52123#issuecomment-2999641525
> There currently is work on this https://github.com/apache/airflow/issues/52018 @potiuk Can probably give some more insight on this and whether it will also allow an upgrade of werkzeug for 2.10.5 No. you will have to upgrade to 2.11.1 when we complete the work and release it. We have no plans (nor need) to back-port it to 2.10. The Werkzeug vulnerabilities are likely not affecting Airflow (because they are in functionality at least airflow does not us) - but of course if you do find how to exploit it in airlfow - then follow our security process and report it to us responsibly. But other than that, except some security reports you run that show that **some** dependency is vulnerable, there is no indication this vulnerabilty affects airflow users. But - once we complete #52018 and we release 2.11.1 with it - you will be able to upgrade to 2.11.1 at your leisure. Also - you can also upgrade to Airflow 3.0.2 even today - without waiting, there Werkzeug limitation does not apply. You are also completely free to upgrade to it any time. Closing as invalid. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
