nigzak commented on PR #34693: URL: https://github.com/apache/superset/pull/34693#issuecomment-3213815603
Hi together @phillipleblanc @sadpandajoe @drummerwolli With this downgrade a critical CVE will come back to superset with CVSS V3 CISA-ADP score 9.8 It should be may be considered to update to the fixed version V17.0.0 (or newer) and not again downgrade to an affected version? Hint: I expecially don't name the CVE details here, all actual scanner find them in all current superset versions 4.x ( I did not check V5 yet) AWS ECR scan marks this a critical finding JFROG marks it as critical finding (like this is a well-known finding in pyarrow version < 17.0.0) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
