3 matches found
GHSA-W9R4-94FJ-XP69 Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case the variables were retrieved by the user the secrets stored as nested fields were not masked. If developers do not store variables with sensitive values in JSON form, their projects are not affected. Otherwise...
BIT-AIRFLOW-2026-31987 Apache Airflow: JWT token appearing in logs
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...
PYSEC-2026-18
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...