-
|
The most vulnerabilities of airflow are about webserver, but some people just use scheduler and they must fix the webserver vulnerabilities for security. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
I guess we can just run only the scheduler even for now, if it's the case? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, you are right. But the vulnerabilities files still in the product environment, so it is still considered risky in some case. |
Beta Was this translation helpful? Give feedback.
-
|
No plans for now. But some of the changes we are implementing as part of AIP-1 https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-1%3A+Improve+Airflow+Security and future plans abot splting airflow into separate repositories, might result in something like that eventually. This is how we Watch the devlist for discussions about that in the coming months (and even if we will do something about that, this will take a year or so to implement so do not count on it any time soon. |
Beta Was this translation helpful? Give feedback.
No plans for now. But some of the changes we are implementing as part of AIP-1 https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-1%3A+Improve+Airflow+Security and future plans abot splting airflow into separate repositories, might result in something like that eventually. This is how we
thinkabout airflow now that "Scheduler" is what really makes Airflow "core". The webserver on the other hand is thought as "add-on" indeed.Watch the devlist for discussions about that in the coming months (and even if we will do something about that, this will take a year or so to implement so do not count on it any time soon.