[GH] (airflow/fix-ldap-injection-v001): Workflow run "Tests (AMD)" failed!

GitBox Fri, 29 May 2026 11:31:53 -0700


The GitHub Actions job "Tests (AMD)" on airflow.git/fix-ldap-injection-v001 has 
failed.
Run started by GitHub user orbisai0security (triggered by orbisai0security).


Head commit for run:
241238762eabaa4406f673722f48215371a92d04 / OrbisAI Security 
<[email protected]>
Add defensive validation for LDAP search filter configuration

Add input validation for AUTH_LDAP_SEARCH_FILTER to catch
misconfigurations early. In deployments where LDAP configuration
is generated from Helm values, environment variables, or config
management systems, filter validation helps fail fast on malformed
filters and makes debugging easier.

Changes:
- Validate AUTH_LDAP_SEARCH_FILTER has balanced parentheses
- Escape username input using ldap.filter.escape_filter_chars()
- Escape user DN in nested groups lookup
- Add focused tests for filter construction and validation

This is defensive hardening, not a vulnerability fix.
AUTH_LDAP_SEARCH_FILTER is controlled by Airflow administrators,
not end users or attackers.

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

Report URL: https://github.com/apache/airflow/actions/runs/26653212943

With regards,
GitHub Actions via GitBox


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GH] (airflow/fix-ldap-injection-v001): Workflow run "Tests (AMD)" failed!

Reply via email to