Replies: 1 comment
-
|
Unfortunately not. Starlette is limited with fastapi version we are using in 3.1 version - and upgrading fastapi to later version required significant changes that are difficult and risky to backport, so you will have to wait for 3.2* to use later starlette version. However it's likely we are not impacted by it as this issue is only on File serving endpoints that we do not have in Airflow, and quite certainly such endpoints are not exposed to non-authenticated users. While this is not something that we can say with 100% certainty, I would not loose your sleep on that CVE. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I noticed that the main branch already uses the latest version addressing CVE-2025-62727.
Would it be possible to include this fix in the next release, 3.1.7?
Beta Was this translation helpful? Give feedback.
All reactions