Hi Airflow community, Please find below the information about a vulnerability which has been addressed in Apache Airflow v1.10.13. Airflow 1.10.13 contains a bug so I would recommend users to upgrade to Airflow 1.10.14 (released yesterday):
*CVE-2020-17511: Apache Airflow Airflow admin password gets logged in plain text* *Description*: In Airflow < 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field. *Credit*: Ali Al-Habsi of Accellion Thanks. Kaxil @ Airflow PMC