CVE fixes in Airflow 2.4.0 and Airflow 2.3.4

Tue, 20 Sep 2022 12:08:04 -0700 

Hello everyone,

Airflow 2.4.0 and 2.3.4 contain fixes for the following CVEs (more details
on the dev list links).

Airflow 2.4.0:

CVE-2022-40754: Open Redirect
https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm

CVE-2022-40604: Format String Vulnerability
https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t

Airflow 2.3.4 (fixes are also in Airflow 2.4.0):

CVE-2022-38054: Session Fixation
https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb

CVE-2022-38170: Overly permissive umask for daemons
https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv

Thanks,
Jed

Reply via email to