CVE-2024-42447

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.<br /> <br /> This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out.  <br /> <br /> * FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected)<br /> <br /> * FAB provider 1.2.0 affected all versions of Airflow.<br /> <br /> Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.<br /> <br /> Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.<br /> <br /> Also upgrading Apache Airflow to latest version available is recommended.<br /> <br /> Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images. <br /> <br /> Users are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.