Headline
CVE-2023-28706: Move auth parameter from extra to Hook parameter by potiuk · Pull Request #30212 · apache/airflow
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.
For consistency, we are moving hive auth parameter to the Hook.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.
Related news
Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code.