Re: [VOTE] Release Airflow 2.0.0 from 2.0.0rc1

Unfortunately, -1 from me. Here is the issue: https://github.com/apache/airflow/issues/13027 We miss a schema file in sdist package. That causes airflow commands to fail if Airflow is installed using sdist package (.tar.gz) rather than .whl. We've tested everything with .whl files installation a

Re: [VOTE] Approach for supported python versions

A bit late, but here is to announce that the vote has passed with 4 binding +1s and 1 non-binding : Binding votes: - Jarek Potiuk - Tomasz Urbaszek - Deng Xiaodong - Kaxil Naik Non-binding votes: - Darren Weber I will proceed with updating the docs and clarifying the rule.

Re: [VOTE] Release apache-airflow-upgrade-check from 1.1.0rc1

+1 (non-binding) Tested with regular checks and with the --config option to ignore certain rules. Vikram On Fri, Dec 11, 2020 at 6:15 AM Tomasz Urbaszek wrote: > +1 binding > > On Fri, Dec 11, 2020 at 3:05 PM Ash Berlin-Taylor wrote: > >> Hey all, >> >> This calls for the release of a new di

CVE-2020-17513: Apache Airflow Server-Side Request Forgery (SSRF) in Charts & Query View

Hi Airflow community, Please find below the information about a vulnerability which has been addressed in Apache Airflow v1.10.13. Airflow 1.10.13 contains a bug so I would recommend users to upgrade to Airflow 1.10.14 (released yesterday): *CVE-2020-17513: Apache Airflow Server-Side Request Forg

Re: [VOTE] Release apache-airflow-upgrade-check from 1.1.0rc1

+1 binding On Fri, Dec 11, 2020 at 3:05 PM Ash Berlin-Taylor wrote: > Hey all, > > This calls for the release of a new dist: apache-airflow-upgrade-check, > version 1.1.0. This represents the contents of the airflow/upgrade/ > tree (plus a few supporting files) as a separate dist This code is ba

[VOTE] Release apache-airflow-upgrade-check from 1.1.0rc1

Hey all, This calls for the release of a new dist: apache-airflow-upgrade-check, version 1.1.0. This represents the contents of the airflow/upgrade/ tree (plus a few supporting files) as a separate dist. This code is based off the v1-10-stable branch, the git tag is

CVE-2020-17511: Apache Airflow Airflow admin password gets logged in plain text

Hi Airflow community, Please find below the information about a vulnerability which has been addressed in Apache Airflow v1.10.13. Airflow 1.10.13 contains a bug so I would recommend users to upgrade to Airflow 1.10.14 (released yesterday): *CVE-2020-17511: Apache Airflow Airflow admin password g

Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515

Hi Airflow community, Please find below the information about vulnerability which has been addressed in Apache Airflow v1.10.13. Airflow 1.10.13 contains a bug so I would recommend users to upgrade to Airflow 1.10.14 (released yesterday): *CVE-2020-17515: Apache Airflow Reflected XSS via Origin P