Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not show version/node in UI traceback for unauthenticated user #29501

Merged
merged 1 commit into from
Feb 13, 2023
Merged

Do not show version/node in UI traceback for unauthenticated user #29501

merged 1 commit into from
Feb 13, 2023

Conversation

potiuk
Copy link
Member

@potiuk potiuk commented Feb 13, 2023

The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

^ Add meaningful description above

Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

@potiuk
Do not show version/node in UI traceback for unauthenticated user
56f8d60 
The traceback contains information that might be useful for a potential
attacker to better target their attack (Python/Airflow version, node
name). This information should not be shown if traceback is shown to
unauthenticated user.
@boring-cyborg boring-cyborg bot added the area:webserver Webserver related Issues label Feb 13, 2023
@potiuk potiuk added this to the Airflow 2.5.2 milestone Feb 13, 2023
@potiuk potiuk merged commit cf81455 into apache:main Feb 13, 2023
@potiuk potiuk deleted the redact-version-node-information-for-non-authenticated-users branch February 13, 2023 09:24
@pierrejeambrun pierrejeambrun added the type:bug-fix Changelog: Bug Fixes label Feb 27, 2023
pierrejeambrun pushed a commit that referenced this pull request Mar 7, 2023
@potiuk @pierrejeambrun
Do not show version/node in UI traceback for unauthenticated user (#2…
2a2929b 
…9501)

The traceback contains information that might be useful for a potential
attacker to better target their attack (Python/Airflow version, node
name). This information should not be shown if traceback is shown to
unauthenticated user.

(cherry picked from commit cf81455)
pierrejeambrun pushed a commit that referenced this pull request Mar 8, 2023
@potiuk @pierrejeambrun
Do not show version/node in UI traceback for unauthenticated user (#2…
965e76d 
…9501)

The traceback contains information that might be useful for a potential
attacker to better target their attack (Python/Airflow version, node
name). This information should not be shown if traceback is shown to
unauthenticated user.

(cherry picked from commit cf81455)
@pierrejeambrun pierrejeambrun mentioned this pull request Mar 10, 2023
Closed
64 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ephraimbuddy ephraimbuddy ephraimbuddy approved these changes

@ryanahamilton ryanahamilton Awaiting requested review from ryanahamilton ryanahamilton is a code owner

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@bbovenzi bbovenzi Awaiting requested review from bbovenzi bbovenzi is a code owner

@turbaszek turbaszek Awaiting requested review from turbaszek

@dstandish dstandish Awaiting requested review from dstandish

@jedcunningham jedcunningham Awaiting requested review from jedcunningham

Assignees
No one assigned
Labels
area:webserver Webserver related Issues type:bug-fix Changelog: Bug Fixes
Projects
None yet
Milestone
Airflow 2.5.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@potiuk @ephraimbuddy @pierrejeambrun