Jan created AIRFLOW-2592:
----------------------------
Summary: Bump Bleach dependency to address CVE-2018-7753
Key: AIRFLOW-2592
URL: https://issues.apache.org/jira/browse/AIRFLOW-2592
Project: Apache Airflow
Issue Type: Task
Reporter: Jan
CVE-2018-7753 was reported for bleach versions <= 2.1.2.
[https://nvd.nist.gov/vuln/detail/CVE-2018-7753]
CVE description: An issue was discovered in Bleach 2.1.x before 2.1.3.
Attributes that have URI values weren't properly sanitized if the values
contained character entities. Using character entities, it was possible to
construct a URI value with a scheme that was not allowed that would slide
through unsanitized.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
