Re: [I] CVE-2024-49767 [airflow]

2024-12-11 Thread via GitHub


eladkal closed issue #44844: CVE-2024-49767
URL: https://github.com/apache/airflow/issues/44844


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [I] CVE-2024-49767 [airflow]

2024-12-11 Thread via GitHub


eladkal commented on issue #44844:
URL: https://github.com/apache/airflow/issues/44844#issuecomment-2537929787

   > Do you really want everyone that runs a scan on Airflow to contact the 
security email address to ask this question?
   
   Our policy states that we do not accept reports of automated scans. If you 
believe Airflow is affected by any security issue you should report to the 
security email address with clear explnation of what the risk is and how it can 
be exploited. If you can't specify how it can be exploited the report will be 
automatically rejected. There are dozens of automated tools that generated many 
false report and there are many people who reports thoughts/concerns/questions 
we as open source project that is consistent mostly with volunteers can not 
triage and handle such traffic volume so we expect the reporter to do the extra 
mile and verify that the problem being reported is real.
   
   You are also very welcome to raise your thoughts on the poicy itself with 
the same email if you believe it should change and can offer reasoning for it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [I] CVE-2024-49767 [airflow]

2024-12-11 Thread via GitHub


lewijw commented on issue #44844:
URL: https://github.com/apache/airflow/issues/44844#issuecomment-2536576623

   The CVE is public.  Do you really want everyone that runs a scan on Airflow 
to contact the security email address to ask this question?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



Re: [I] CVE-2024-49767 [airflow]

2024-12-11 Thread via GitHub


amoghrajesh commented on issue #44844:
URL: https://github.com/apache/airflow/issues/44844#issuecomment-2536551039

   Please use the security policy to report CVEs and any security related 
issues: https://github.com/apache/airflow?tab=security-ov-file#readme


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org