The GitHub Actions job "Tests (ARM)" on airflow.git/v3-2-test has failed. Run started by GitHub user vatsrahul1001 (triggered by vatsrahul1001).
Head commit for run: 5e2fcf36f57e1a101f25099b6d034051483b40e3 / github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> [v3-2-test] Tighten deserialization allowlist regex to require full-string match (#66499) (#67096) * Tighten deserialization allowlist regex to use full-string match The ``allowed_deserialization_classes_regexp`` allowlist used ``re.match()``, which only anchors at the start of the string. A pattern like ``airflow\.models\.Variable`` therefore also admitted classnames such as ``airflow.models.Variable_Malicious``. Switch to ``re.fullmatch()`` so the admin's pattern matches the entire classname; document the semantics in the config description so operators know to use ``.*`` for prefix-style allowances. * Add newsfragment for #66499 --------- (cherry picked from commit 80f1ab4d5a0f8b83873ce31f32b89d341f667b6f) Co-authored-by: Jarek Potiuk <[email protected]> Co-authored-by: Rahul Vats <[email protected]> Report URL: https://github.com/apache/airflow/actions/runs/26032011841 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
