github-actions[bot] opened a new pull request, #54100: URL: https://github.com/apache/airflow/pull/54100
The #53973 introduced a change in the model of handling of the sensitive connection data in the Airlfow UI. Previoiusly our agreed model included capability of reading sensitive data bu the users who have Connection Configuraiton role. However in 3.0.4 we changeed the model so that those users have "write-only" access - they can write the sensitive data, but they cannot read the data via API or the UI once it is written. WHile not a security vulnerability on it's own, it's a security improvement that allows to mitigate some scenarios, especially when connection editing user credentials are stolen. This PR clarifies the model and properly communicates it to the users clearly indicating the difference implemented in 3.0.4 and the model of our security and clearly explaining that before 3.0.4 that was a delibearate choice of the model that the connection editing users had access to the sensitive data. (cherry picked from commit f5a88d97eb791194a5bad66a1c5021abdd1fb775) Co-authored-by: Jarek Potiuk <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
