Skip to content

Use pyarrow-hotfix to mitigate CVE-2023-47248 #35650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
potiuk merged 2 commits into from
Nov 15, 2023
Merged

Use pyarrow-hotfix to mitigate CVE-2023-47248 #35650

potiuk merged 2 commits into from
Nov 15, 2023

Conversation

@ephraimbuddy
Copy link
Contributor

@ephraimbuddy ephraimbuddy commented Nov 15, 2023

This is a temporary measure and we will remove it once Apache Beam allows us to upgrade to pyarrow 14.0.1

@ephraimbuddy
Use pyarrow-hotfix to mitigate CVE-2023-47248
bd2b3d6 
This is a temporary measure and we will remove it once
Apache Beam allows us to upgrade to pyarrow 14.0.1
potiuk
potiuk reviewed Nov 15, 2023
View reviewed changes
potiuk
potiuk requested changes Nov 15, 2023
View reviewed changes
@ephraimbuddy @potiuk
Update dev/breeze/README.md
58f3e53 
Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
@ephraimbuddy ephraimbuddy requested a review from potiuk November 15, 2023 10:01
@potiuk potiuk merged commit 2afbb0a into apache:main Nov 15, 2023
@ephraimbuddy ephraimbuddy added the type:misc/internal Changelog: Misc changes that should appear in change log label Nov 20, 2023
@ephraimbuddy ephraimbuddy added this to the Airflow 2.8.0 milestone Nov 20, 2023
potiuk added a commit to potiuk/airflow that referenced this pull request Jan 9, 2024
@potiuk
Get rid of pyarrow-hotfix fora CVE-2023-47248
b84a94d 
The apache#35650 introduced a hotfix for Pyarrow CVE-2023-47248. So far
we have been blocked from removing it by Apache Beam that limited
Airflow from bumping pyarrow to a version that was not vulnerable.

This is now possible since Apache Beam relesed 2.53.0 version on
4th of January 2023 that allows to use non-vulnerable pyarrow.

We are now bumping both Pyarrow and Beam minimum versions to
reflect that and remove pyarrow hotfix.
@potiuk potiuk mentioned this pull request Jan 9, 2024
Closed
potiuk added a commit to potiuk/airflow that referenced this pull request Jan 9, 2024
@potiuk
Get rid of pyarrow-hotfix for CVE-2023-47248
a928bef 
The apache#35650 introduced a hotfix for Pyarrow CVE-2023-47248. So far
we have been blocked from removing it by Apache Beam that limited
Airflow from bumping pyarrow to a version that was not vulnerable.

This is now possible since Apache Beam relesed 2.53.0 version on
4th of January 2023 that allows to use non-vulnerable pyarrow.

We are now bumping both Pyarrow and Beam minimum versions to
reflect that and remove pyarrow hotfix.
@potiuk potiuk mentioned this pull request Jan 9, 2024
Merged
potiuk added a commit that referenced this pull request Jan 9, 2024
@potiuk
Get rid of pyarrow-hotfix for CVE-2023-47248 (#36697)
d105c71 
The #35650 introduced a hotfix for Pyarrow CVE-2023-47248. So far
we have been blocked from removing it by Apache Beam that limited
Airflow from bumping pyarrow to a version that was not vulnerable.

This is now possible since Apache Beam relesed 2.53.0 version on
4th of January 2023 that allows to use non-vulnerable pyarrow.

We are now bumping both Pyarrow and Beam minimum versions to
reflect that and remove pyarrow hotfix.
ephraimbuddy pushed a commit that referenced this pull request Jan 11, 2024
@potiuk @ephraimbuddy
Get rid of pyarrow-hotfix for CVE-2023-47248 (#36697)
975ddce 
The #35650 introduced a hotfix for Pyarrow CVE-2023-47248. So far
we have been blocked from removing it by Apache Beam that limited
Airflow from bumping pyarrow to a version that was not vulnerable.

This is now possible since Apache Beam relesed 2.53.0 version on
4th of January 2023 that allows to use non-vulnerable pyarrow.

We are now bumping both Pyarrow and Beam minimum versions to
reflect that and remove pyarrow hotfix.

(cherry picked from commit d105c71)
potiuk added a commit that referenced this pull request Jan 13, 2024
@potiuk
Get rid of pyarrow-hotfix for CVE-2023-47248 (#36697)
5690c0d 
The #35650 introduced a hotfix for Pyarrow CVE-2023-47248. So far
we have been blocked from removing it by Apache Beam that limited
Airflow from bumping pyarrow to a version that was not vulnerable.

This is now possible since Apache Beam relesed 2.53.0 version on
4th of January 2023 that allows to use non-vulnerable pyarrow.

We are now bumping both Pyarrow and Beam minimum versions to
reflect that and remove pyarrow hotfix.

(cherry picked from commit d105c71)
ephraimbuddy pushed a commit that referenced this pull request Jan 15, 2024
@potiuk @ephraimbuddy
Get rid of pyarrow-hotfix for CVE-2023-47248 (#36697)
8bb9e79 
The #35650 introduced a hotfix for Pyarrow CVE-2023-47248. So far
we have been blocked from removing it by Apache Beam that limited
Airflow from bumping pyarrow to a version that was not vulnerable.

This is now possible since Apache Beam relesed 2.53.0 version on
4th of January 2023 that allows to use non-vulnerable pyarrow.

We are now bumping both Pyarrow and Beam minimum versions to
reflect that and remove pyarrow hotfix.

(cherry picked from commit d105c71)
@ephraimbuddy ephraimbuddy mentioned this pull request Jan 16, 2024
Closed
68 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk approved these changes

@ashb ashb Awaiting requested review from ashb

@jedcunningham jedcunningham Awaiting requested review from jedcunningham

Assignees

No one assigned

Labels

area:dev-tools type:misc/internal Changelog: Misc changes that should appear in change log

Projects

None yet

Milestone

Airflow 2.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@ephraimbuddy @potiuk