This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new ef695fa9217 Update health endpoint in security docs (#66701)
ef695fa9217 is described below
commit ef695fa9217a48c30963a5502c051ba6341dc021
Author: Kyu Park <[email protected]>
AuthorDate: Tue May 12 01:42:33 2026 +0200
Update health endpoint in security docs (#66701)
Airflow 3 serves webserver health status at /api/v2/monitor/health, so
update the security model documentation to avoid pointing readers at the legacy
/health path.
Closes #49683
---
airflow-core/docs/security/security_model.rst | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/airflow-core/docs/security/security_model.rst
b/airflow-core/docs/security/security_model.rst
index 46bf7ab8b62..e7a95d44db7 100644
--- a/airflow-core/docs/security/security_model.rst
+++ b/airflow-core/docs/security/security_model.rst
@@ -92,9 +92,9 @@ Non-authenticated UI users
Airflow doesn't support unauthenticated users by default. If allowed,
potential vulnerabilities
must be assessed and addressed by the Deployment Manager. However, there are
exceptions to this.
-The ``/health`` endpoint responsible to get health check updates should be
publicly accessible.
-This is because other systems would want to retrieve that information. Another
exception is the
-``/login`` endpoint, as the users are expected to be unauthenticated to use it.
+The ``/api/v2/monitor/health`` endpoint responsible for health check updates
should be publicly
+accessible. This is because other systems would want to retrieve that
information. Another exception
+is the ``/login`` endpoint, as the users are expected to be unauthenticated to
use it.
Capabilities of authenticated UI users
--------------------------------------
