Critical severityNVD Advisory· Published Feb 24, 2023· Updated Mar 11, 2025

Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution

CVE-2023-25691

Description

Improper Input Validation vulnerability in the Apache Airflow Google Provider.

This issue affects Apache Airflow Google Provider versions before 8.10.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper input validation in Apache Airflow Google Provider before 8.10.0 allows attackers to supply an invalid Cloud SQL provider version, potentially leading to unintended binary downloads.

The vulnerability is an improper input validation flaw in the Apache Airflow Google Provider, specifically in the handling of Cloud SQL provider versions. The provider did not validate the version string before using it to download a binary, allowing an attacker to supply a non-existent or malicious version [1][3].

Exploitation requires the ability to specify a Cloud SQL provider version, likely through configuration or API calls. An attacker with network access to the Airflow instance could craft a version string that points to a non-existent binary or potentially a malicious one, leveraging the provider's download mechanism [3].

The impact includes the possibility of downloading unintended binaries, which could lead to denial of service (if the binary does not exist) or, in a worst-case scenario, arbitrary code execution if the attacker can control the downloaded content. The fix adds validation to ensure the version corresponds to a valid Cloud SQL provider release [2][3].

The vulnerability is fixed in Apache Airflow Google Provider version 8.10.0. Users are advised to upgrade to the latest version. No workarounds are documented [2].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
apache-airflow-providers-googlePyPI	< 8.10.0	8.10.0

Affected products

Apache/Airflow providers-googlellm-fuzzy2 versions
<8.10.0+ 1 more
- (no CPE)range: <8.10.0
- (no CPE)range: 0
ghsa-coords
pkg:pypi/apache-airflow-providers-google
Range: < 8.10.0

Patches

470fdaea2756

Prepare docs for 02 2023 midmonth wave of Providers (#29589)

https://github.com/apache/airfloweladkalFeb 18, 2023via osv

commit

44 files changed · +320 −42

airflow/providers/amazon/CHANGELOG.rst+18 −0 modified

@@ -24,6 +24,24 @@
 Changelog
 ---------
 
+7.2.1
+.....
+
+Bug Fixes
+~~~~~~~~~
+
+* ``Explicitly handle exceptions raised by config parsing in AWS provider (#29587)``
+
+Misc
+~~~~
+
+* ``Fix docstring for EcsRunTaskOperator region_name -> region (#29562)``
+
+.. Below changes are excluded from the changelog. Move them to
+   appropriate section above if needed. Do not delete the lines(!):
+   * ``Restore trigger logging (#29482)``
+   * ``Revert "Enable individual trigger logging (#27758)" (#29472)``
+
 7.2.0
 .....

airflow/providers/amazon/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
     Amazon integration (including `Amazon Web Services (AWS) <https://aws.amazon.com/>`__).
 
 versions:
+  - 7.2.1
   - 7.2.0
   - 7.1.0
   - 7.0.0

airflow/providers/apache/beam/CHANGELOG.rst+8 −0 modified

@@ -24,6 +24,14 @@
 Changelog
 ---------
 
+4.3.0
+.....
+
+Features
+~~~~~~~~
+
+* ``Get rid of state in Apache Beam provider hook (#29503)``
+
 4.2.0
 .....

airflow/providers/apache/beam/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
     `Apache Beam <https://beam.apache.org/>`__.
 
 versions:
+  - 4.3.0
   - 4.2.0
   - 4.1.1
   - 4.1.0

airflow/providers/apache/hive/CHANGELOG.rst+7 −0 modified

@@ -24,6 +24,13 @@
 Changelog
 ---------
 
+5.1.3
+.....
+
+Bug Fixes
+~~~~~~~~~
+* ``Validate Hive Beeline parameters (#29502)``
+
 5.1.2
 .....

airflow/providers/apache/hive/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
   `Apache Hive <https://hive.apache.org/>`__
 
 versions:
+  - 5.1.3
   - 5.1.2
   - 5.1.1
   - 5.1.0

airflow/providers/apache/sqoop/CHANGELOG.rst+7 −0 modified

@@ -24,6 +24,13 @@
 Changelog
 ---------
 
+3.1.1
+.....
+
+Bug Fixes
+~~~~~~~~~
+* ``Move libjars parameter in Sqoop Hook to Hook parameter (#29500)``
+
 3.1.0
 .....

airflow/providers/apache/sqoop/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
   `Apache Sqoop <https://sqoop.apache.org/>`__
 
 versions:
+  - 3.1.1
   - 3.1.0
   - 3.0.0
   - 2.1.3

airflow/providers/cncf/kubernetes/CHANGELOG.rst+8 −0 modified

@@ -24,6 +24,14 @@
 Changelog
 ---------
 
+5.2.1
+.....
+
+Bug Fixes
+~~~~~~~~~
+
+* ``Fix @task.kubernetes to receive input and send output (#28942)``
+
 5.2.0
 .....

airflow/providers/cncf/kubernetes/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
     `Kubernetes <https://kubernetes.io/>`__
 
 versions:
+  - 5.2.1
   - 5.2.0
   - 5.1.1
   - 5.1.0

airflow/providers/docker/CHANGELOG.rst+8 −0 modified

@@ -24,6 +24,14 @@
 Changelog
 ---------
 
+3.5.1
+.....
+
+Bug Fixes
+~~~~~~~~~
+
+* ``fix template_fields in the decorator 'task.docker' (#29586)``
+
 3.5.0
 .....

airflow/providers/docker/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
     `Docker <https://docs.docker.com/install/>`__
 
 versions:
+  - 3.5.1
   - 3.5.0
   - 3.4.0
   - 3.3.0

airflow/providers/google/CHANGELOG.rst+26 −0 modified

@@ -23,6 +23,32 @@
 Changelog
 ---------
 
+8.10.0
+......
+
+Features
+~~~~~~~~
+
+* ``Add defer mode to GKECreateClusterOperator and GKEDeleteClusterOperator (#28406)``
+
+Bug Fixes
+~~~~~~~~~
+* ``Move cloud_sql_binary_path from connection to Hook (#29499)``
+* ``Check that cloud sql provider version is valid (#29497)``
+* ``'GoogleDriveHook': Add folder_id param to upload_file (#29477)``
+
+Misc
+~~~~
+* ``Add documentation for BigQuery transfer operators (#29466)``
+
+.. Below changes are excluded from the changelog. Move them to
+   appropriate section above if needed. Do not delete the lines(!):
+   * ``Upgrade Mypy to 1.0 (#29468)``
+   * ``Restore trigger logging (#29482)``
+   * ``Revert "Enable individual trigger logging (#27758)" (#29472)``
+   * ``Revert "Upgrade mypy to 0.991 (#28926)" (#29470)``
+   * ``Upgrade mypy to 0.991 (#28926)``
+
 8.9.0
 .....

airflow/providers/google/provider.yaml+1 −0 modified

@@ -29,6 +29,7 @@ description: |
       - `Google Workspace <https://workspace.google.com/>`__ (formerly Google Suite)
 
 versions:
+  - 8.10.0
   - 8.9.0
   - 8.8.0
   - 8.7.0

airflow/providers/http/CHANGELOG.rst+8 −0 modified

@@ -24,6 +24,14 @@
 Changelog
 ---------
 
+4.2.0
+.....
+
+Features
+~~~~~~~~
+
+* ``Add HttpHookAsync for deferrable implementation (#29038)``
+
 4.1.1
 .....

airflow/providers/http/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
     `Hypertext Transfer Protocol (HTTP) <https://www.w3.org/Protocols/>`__
 
 versions:
+  - 4.2.0
   - 4.1.1
   - 4.1.0
   - 4.0.0

airflow/providers/microsoft/azure/CHANGELOG.rst+13 −0 modified

@@ -24,6 +24,19 @@
 Changelog
 ---------
 
+5.2.1
+.....
+
+Bug Fixes
+~~~~~~~~~
+
+* ``Handle deleting more than 256 blobs using 'WasbHook.delete_file()' (#29565)``
+
+.. Below changes are excluded from the changelog. Move them to
+   appropriate section above if needed. Do not delete the lines(!):
+   * ``Restore trigger logging (#29482)``
+   * ``Revert "Enable individual trigger logging (#27758)" (#29472)``
+
 5.2.0
 .....

airflow/providers/microsoft/azure/provider.yaml+1 −0 modified

@@ -21,6 +21,7 @@ name: Microsoft Azure
 description: |
     `Microsoft Azure <https://azure.microsoft.com/>`__
 versions:
+  - 5.2.1
   - 5.2.0
   - 5.1.0
   - 5.0.2

airflow/providers/sftp/CHANGELOG.rst+8 −0 modified

@@ -24,6 +24,14 @@
 Changelog
 ---------
 
+4.2.3
+.....
+
+Bug Fixes
+~~~~~~~~~
+
+* ``Fix sftp sensor with pattern (#29467)``
+
 4.2.2
 .....

airflow/providers/sftp/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
     `SSH File Transfer Protocol (SFTP) <https://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/>`__
 
 versions:
+  - 4.2.3
   - 4.2.2
   - 4.2.1
   - 4.2.0

airflow/providers/snowflake/CHANGELOG.rst+8 −0 modified

@@ -24,6 +24,14 @@
 Changelog
 ---------
 
+4.0.4
+.....
+
+Bug Fixes
+~~~~~~~~~
+
+* ``Fix missing parens for files parameter (#29437)``
+
 4.0.3
 .....

airflow/providers/snowflake/provider.yaml+1 −0 modified

@@ -22,6 +22,7 @@ description: |
     `Snowflake <https://www.snowflake.com/>`__
 
 versions:
+  - 4.0.4
   - 4.0.3
   - 4.0.2
   - 4.0.1

docs/apache-airflow-providers-amazon/commits.rst+16 −1 modified

@@ -28,14 +28,29 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+7.2.1
+.....
+
+Latest change: 2023-02-17
+
+=================================================================================================  ===========  ==================================================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ==================================================================================
+`46d45e09cb <https://github.com/apache/airflow/commit/46d45e09cb5607ae583929f3eba1923a64631f48>`_  2023-02-17   ``Explicitly handle exceptions raised by config parsing in AWS provider (#29587)``
+`cadab59e8d <https://github.com/apache/airflow/commit/cadab59e8df90588b07cf8d9ee3ce13f9a79f656>`_  2023-02-15   ``Fix docstring for EcsRunTaskOperator region_name -> region (#29562)``
+`f9e9d23457 <https://github.com/apache/airflow/commit/f9e9d23457cba5d3e18b5bdb7b65ecc63735b65b>`_  2023-02-11   ``Restore trigger logging (#29482)``
+`60d4bcd1d1 <https://github.com/apache/airflow/commit/60d4bcd1d101bb56955081d14e3e138a0c960c5f>`_  2023-02-10   ``Revert "Enable individual trigger logging (#27758)" (#29472)``
+=================================================================================================  ===========  ==================================================================================
+
 7.2.0
 .....
 
-Latest change: 2023-02-03
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  ======================================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  ======================================================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `1b18a501fe <https://github.com/apache/airflow/commit/1b18a501fe818079e535838fa4f232b03365fc75>`_  2023-02-03   ``Enable individual trigger logging (#27758)``
 `cb0c90bd66 <https://github.com/apache/airflow/commit/cb0c90bd661fbd1519df8125f09c12b1d8dd0db0>`_  2023-02-02   ``Decrypt SecureString value obtained by SsmHook (#29142)``
 `efc8857d55 <https://github.com/apache/airflow/commit/efc8857d55b96f1fdb6cf4fd767276f5c541e038>`_  2023-02-01   ``log the observed status in redshift sensor (#29274)``

docs/apache-airflow-providers-amazon/index.rst+3 −3 modified

@@ -72,7 +72,7 @@ Package apache-airflow-providers-amazon
 Amazon integration (including `Amazon Web Services (AWS) <https://aws.amazon.com/>`__).
 
 
-Release: 7.2.0
+Release: 7.2.1
 
 Provider package
 ----------------
@@ -139,7 +139,7 @@ Downloading official packages
 You can download officially released packages and verify their checksums and signatures from the
 `Official Apache Download site <https://downloads.apache.org/airflow/providers/>`_
 
-* `The apache-airflow-providers-amazon 7.2.0 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-amazon-7.2.0.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-amazon-7.2.0.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-amazon-7.2.0.tar.gz.sha512>`__)
-* `The apache-airflow-providers-amazon 7.2.0 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_amazon-7.2.0-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_amazon-7.2.0-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_amazon-7.2.0-py3-none-any.whl.sha512>`__)
+* `The apache-airflow-providers-amazon 7.2.1 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-amazon-7.2.1.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-amazon-7.2.1.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-amazon-7.2.1.tar.gz.sha512>`__)
+* `The apache-airflow-providers-amazon 7.2.1 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_amazon-7.2.1-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_amazon-7.2.1-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_amazon-7.2.1-py3-none-any.whl.sha512>`__)
 
 .. include:: ../../airflow/providers/amazon/CHANGELOG.rst

docs/apache-airflow-providers-apache-beam/commits.rst+13 −1 modified

@@ -28,14 +28,26 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+4.3.0
+.....
+
+Latest change: 2023-02-17
+
+=================================================================================================  ===========  ==========================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ==========================================================
+`7ba27e7881 <https://github.com/apache/airflow/commit/7ba27e78812b890f0c7642d78a986fe325ff61c4>`_  2023-02-17   ``Get rid of state in Apache Beam provider hook (#29503)``
+=================================================================================================  ===========  ==========================================================
+
 4.2.0
 .....
 
-Latest change: 2023-01-23
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  =================================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  =================================================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `3374fdfcbd <https://github.com/apache/airflow/commit/3374fdfcbddb630b4fc70ceedd5aed673e6c0a0d>`_  2023-01-23   ``Deprecate 'delegate_to' param in GCP operators and update docs (#29088)``
 `8c4303e1ac <https://github.com/apache/airflow/commit/8c4303e1ace0774244b556a8d86a19058af2b16d>`_  2023-01-18   ``Add support for running a Beam Go pipeline with an executable binary (#28764)``
 =================================================================================================  ===========  =================================================================================

docs/apache-airflow-providers-apache-beam/index.rst+3 −3 modified

@@ -63,7 +63,7 @@ Package apache-airflow-providers-apache-beam
 `Apache Beam <https://beam.apache.org/>`__.
 
 
-Release: 4.2.0
+Release: 4.3.0
 
 Provider package
 ----------------
@@ -113,7 +113,7 @@ Downloading official packages
 You can download officially released packages and verify their checksums and signatures from the
 `Official Apache Download site <https://downloads.apache.org/airflow/providers/>`_
 
-* `The apache-airflow-providers-apache-beam 4.2.0 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-beam-4.2.0.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-beam-4.2.0.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-beam-4.2.0.tar.gz.sha512>`__)
-* `The apache-airflow-providers-apache-beam 4.2.0 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_beam-4.2.0-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_beam-4.2.0-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_beam-4.2.0-py3-none-any.whl.sha512>`__)
+* `The apache-airflow-providers-apache-beam 4.3.0 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-beam-4.3.0.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-beam-4.3.0.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-beam-4.3.0.tar.gz.sha512>`__)
+* `The apache-airflow-providers-apache-beam 4.3.0 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_beam-4.3.0-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_beam-4.3.0-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_beam-4.3.0-py3-none-any.whl.sha512>`__)
 
 .. include:: ../../airflow/providers/apache/beam/CHANGELOG.rst

docs/apache-airflow-providers-apache-hive/commits.rst+13 −1 modified

@@ -28,14 +28,26 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+5.1.3
+.....
+
+Latest change: 2023-02-15
+
+=================================================================================================  ===========  =============================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  =============================================
+`1cb127b9fd <https://github.com/apache/airflow/commit/1cb127b9fd22a7dc8e0b82cab8acb7cd4c317c9c>`_  2023-02-15   ``Validate Hive Beeline parameters (#29502)``
+=================================================================================================  ===========  =============================================
+
 5.1.2
 .....
 
-Latest change: 2023-01-18
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  =======================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  =======================================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `23da4daaa0 <https://github.com/apache/airflow/commit/23da4daaa018e72b39b977afcde85deaf2224f1e>`_  2023-01-18   ``Revert "Remove conn.close() ignores (#29005)" (#29010)``
 `85f8df7b8a <https://github.com/apache/airflow/commit/85f8df7b8a18e1147c7e014a7af7fc4e66aaa8be>`_  2023-01-18   ``Remove conn.close() ignores (#29005)``
 `aa97474020 <https://github.com/apache/airflow/commit/aa97474020712d3f450ab169a5a054580e7b7d28>`_  2023-01-18   ``Fixed MyPy errors introduced by new mysql-connector-python (#28995)``

docs/apache-airflow-providers-apache-hive/index.rst+3 −3 modified

@@ -66,7 +66,7 @@ Package apache-airflow-providers-apache-hive
 `Apache Hive <https://hive.apache.org/>`__
 
 
-Release: 5.1.2
+Release: 5.1.3
 
 Provider package
 ----------------
@@ -127,7 +127,7 @@ Downloading official packages
 You can download officially released packages and verify their checksums and signatures from the
 `Official Apache Download site <https://downloads.apache.org/airflow/providers/>`_
 
-* `The apache-airflow-providers-apache-hive 5.1.2 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-hive-5.1.2.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-hive-5.1.2.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-hive-5.1.2.tar.gz.sha512>`__)
-* `The apache-airflow-providers-apache-hive 5.1.2 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_hive-5.1.2-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_hive-5.1.2-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_hive-5.1.2-py3-none-any.whl.sha512>`__)
+* `The apache-airflow-providers-apache-hive 5.1.3 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-hive-5.1.3.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-hive-5.1.3.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-apache-hive-5.1.3.tar.gz.sha512>`__)
+* `The apache-airflow-providers-apache-hive 5.1.3 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_hive-5.1.3-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_hive-5.1.3-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_apache_hive-5.1.3-py3-none-any.whl.sha512>`__)
 
 .. include:: ../../airflow/providers/apache/hive/CHANGELOG.rst

docs/apache-airflow-providers-apache-sqoop/commits.rst+13 −1 modified

@@ -28,14 +28,26 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+3.1.1
+.....
+
+Latest change: 2023-02-16
+
+=================================================================================================  ===========  ===================================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ===================================================================
+`655ffb835e <https://github.com/apache/airflow/commit/655ffb835eb4c5343c3f2b4d37b352248f2768ef>`_  2023-02-16   ``Move libjars parameter in Sqoop Hook to Hook parameter (#29500)``
+=================================================================================================  ===========  ===================================================================
+
 3.1.0
 .....
 
-Latest change: 2022-10-24
+Latest change: 2022-11-15
 
 =================================================================================================  ===========  ====================================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  ====================================================================================
+`12c3c39d1a <https://github.com/apache/airflow/commit/12c3c39d1a816c99c626fe4c650e88cf7b1cc1bc>`_  2022-11-15   ``pRepare docs for November 2022 wave of Providers (#27613)``
 `78b8ea2f22 <https://github.com/apache/airflow/commit/78b8ea2f22239db3ef9976301234a66e50b47a94>`_  2022-10-24   ``Move min airflow version to 2.3.0 for all providers (#27196)``
 `2a34dc9e84 <https://github.com/apache/airflow/commit/2a34dc9e8470285b0ed2db71109ef4265e29688b>`_  2022-10-23   ``Enable string normalization in python formatting - providers (#27205)``
 `f8db64c35c <https://github.com/apache/airflow/commit/f8db64c35c8589840591021a48901577cff39c07>`_  2022-09-28   ``Update docs for September Provider's release (#26731)``

docs/apache-airflow-providers-apache-sqoop/index.rst+1 −1 modified

@@ -51,7 +51,7 @@ Package apache-airflow-providers-apache-sqoop
 `Apache Sqoop <https://sqoop.apache.org/>`__
 
 
-Release: 3.1.0
+Release: 3.1.1
 
 Provider package
 ----------------

docs/apache-airflow-providers-cncf-kubernetes/commits.rst+13 −1 modified

@@ -28,14 +28,26 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+5.2.1
+.....
+
+Latest change: 2023-02-18
+
+=================================================================================================  ===========  ==================================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ==================================================================
+`9a5c3e0ac0 <https://github.com/apache/airflow/commit/9a5c3e0ac0b682d7f2c51727a56e06d68bc9f6be>`_  2023-02-18   ``Fix @task.kubernetes to receive input and send output (#28942)``
+=================================================================================================  ===========  ==================================================================
+
 5.2.0
 .....
 
-Latest change: 2023-02-01
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  ==================================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  ==================================================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `d26dc22391 <https://github.com/apache/airflow/commit/d26dc223915c50ff58252a709bb7b33f5417dfce>`_  2023-02-01   ``Patch only single label when marking KPO checked (#29279)``
 `246d778e6b <https://github.com/apache/airflow/commit/246d778e6b8042850ef8510bd25c52b1198030f1>`_  2023-01-30   ``Add deferrable mode to ''KubernetesPodOperator'' (#29017)``
 `70b84b51a5 <https://github.com/apache/airflow/commit/70b84b51a5802b72dc7a8fb9bf8133699adcc79c>`_  2023-01-23   ``Allow setting the name for the base container within K8s Pod Operator (#28808)``

docs/apache-airflow-providers-cncf-kubernetes/index.rst+1 −1 modified

@@ -65,7 +65,7 @@ Package apache-airflow-providers-cncf-kubernetes
 `Kubernetes <https://kubernetes.io/>`__
 
 
-Release: 5.2.0
+Release: 5.2.1
 
 Provider package
 ----------------

docs/apache-airflow-providers-docker/commits.rst+16 −4 modified

@@ -28,20 +28,32 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+3.5.1
+.....
+
+Latest change: 2023-02-17
+
+=================================================================================================  ===========  ===============================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ===============================================================
+`7bd87e75de <https://github.com/apache/airflow/commit/7bd87e75def1855d8f5b91e9ab1ffbbf416709ec>`_  2023-02-17   ``fix template_fields in the decorator 'task.docker' (#29586)``
+=================================================================================================  ===========  ===============================================================
+
 3.5.0
 .....
 
-Latest change: 2023-01-18
+Latest change: 2023-01-23
 
-=================================================================================================  ===========  ==========================================================================
+=================================================================================================  ===========  =============================================================================
 Commit                                                                                             Committed    Subject
-=================================================================================================  ===========  ==========================================================================
+=================================================================================================  ===========  =============================================================================
+`dd6cef7889 <https://github.com/apache/airflow/commit/dd6cef7889884bd15d4caca8aae61f3b73c29b1e>`_  2023-01-23   ``Prepare ad hoc provider release for Docker, Cassandra, Papermill (#28999)``
 `3a7bfce601 <https://github.com/apache/airflow/commit/3a7bfce6017207218889b66976dbee1ed84292dc>`_  2023-01-18   ``Skip DockerOperator task when it returns a provided exit code (#28996)``
 `cd637c223f <https://github.com/apache/airflow/commit/cd637c223f93c4306743921e85777d2eff7ae54b>`_  2023-01-16   ``Fix label name for 'reauth' field in Docker Connection (#28974)``
 `911b708ffd <https://github.com/apache/airflow/commit/911b708ffddd4e7cb6aaeac84048291891eb0f1f>`_  2023-01-14   ``Prepare docs for Jan 2023 mid-month wave of Providers (#28929)``
 `af2c22a00a <https://github.com/apache/airflow/commit/af2c22a00afdd9302cbcda1de63fc1804b2cd2e5>`_  2023-01-03   ``Add correct widgets in Docker Hook (#28700)``
 `57a889de35 <https://github.com/apache/airflow/commit/57a889de357b269ae104b721e2a4bb78b929cea9>`_  2023-01-03   ``Make docker operators always use 'DockerHook' for API calls (#28363)``
-=================================================================================================  ===========  ==========================================================================
+=================================================================================================  ===========  =============================================================================
 
 3.4.0
 .....

docs/apache-airflow-providers-docker/index.rst+1 −1 modified

@@ -59,7 +59,7 @@ Package apache-airflow-providers-docker
 `Docker <https://docs.docker.com/install/>`__
 
 
-Release: 3.5.0
+Release: 3.5.1
 
 Provider package
 ----------------

docs/apache-airflow-providers-google/commits.rst+22 −1 modified

@@ -35,14 +35,35 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+8.10.0
+......
+
+Latest change: 2023-02-18
+
+=================================================================================================  ===========  ====================================================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ====================================================================================
+`f37772adfd <https://github.com/apache/airflow/commit/f37772adfdfdee8763147e0563897e4d5d5657c8>`_  2023-02-18   ``'GoogleDriveHook': Add folder_id param to upload_file (#29477)``
+`28126c12fb <https://github.com/apache/airflow/commit/28126c12fbdd2cac84e0fbcf2212154085aa5ed9>`_  2023-02-14   ``Add defer mode to GKECreateClusterOperator and GKEDeleteClusterOperator (#28406)``
+`32c571e592 <https://github.com/apache/airflow/commit/32c571e5926983903ac8b9017c36f14137a797a5>`_  2023-02-14   ``Move cloud_sql_binary_path from connection to Hook (#29499)``
+`41fade2d21 <https://github.com/apache/airflow/commit/41fade2d219c1841fafa439cc5dbb036f34ee32a>`_  2023-02-13   ``Upgrade Mypy to 1.0 (#29468)``
+`5e6f8eb4d5 <https://github.com/apache/airflow/commit/5e6f8eb4d5fdcaa713022ee46b1ca9bd2e3ab44e>`_  2023-02-13   ``Check that cloud sql provider version is valid (#29497)``
+`f9e9d23457 <https://github.com/apache/airflow/commit/f9e9d23457cba5d3e18b5bdb7b65ecc63735b65b>`_  2023-02-11   ``Restore trigger logging (#29482)``
+`7ee1a56244 <https://github.com/apache/airflow/commit/7ee1a5624497fc457af239e93e4c1af94972bbe6>`_  2023-02-11   ``Add documentation for BigQuery transfer operators (#29466)``
+`60d4bcd1d1 <https://github.com/apache/airflow/commit/60d4bcd1d101bb56955081d14e3e138a0c960c5f>`_  2023-02-10   ``Revert "Enable individual trigger logging (#27758)" (#29472)``
+`6c1eeb5839 <https://github.com/apache/airflow/commit/6c1eeb58393173895944d5414793b38abdc7510d>`_  2023-02-11   ``Revert "Upgrade mypy to 0.991 (#28926)" (#29470)``
+`6ae0a80cba <https://github.com/apache/airflow/commit/6ae0a80cbaf1d33343b763c7f82612b4522afc40>`_  2023-02-11   ``Upgrade mypy to 0.991 (#28926)``
+=================================================================================================  ===========  ====================================================================================
+
 8.9.0
 .....
 
-Latest change: 2023-02-03
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  ===================================================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  ===================================================================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `1b18a501fe <https://github.com/apache/airflow/commit/1b18a501fe818079e535838fa4f232b03365fc75>`_  2023-02-03   ``Enable individual trigger logging (#27758)``
 `872df121e2 <https://github.com/apache/airflow/commit/872df121e2ae24520eeb29fe606183a566e35dd8>`_  2023-02-03   ``Add deferrable capability to existing ''DataprocDeleteClusterOperator'' (#29349)``
 `094d6bf01b <https://github.com/apache/airflow/commit/094d6bf01b9d8b1a5d358dc10fd561cf3a04c51b>`_  2023-01-30   ``Add deferrable mode to dataflow operators (#27776)``

docs/apache-airflow-providers-google/index.rst+3 −3 modified

@@ -76,7 +76,7 @@ Google services including:
   - `Google Workspace <https://workspace.google.com/>`__ (formerly Google Suite)
 
 
-Release: 8.9.0
+Release: 8.10.0
 
 Provider package
 ----------------
@@ -193,7 +193,7 @@ Downloading official packages
 You can download officially released packages and verify their checksums and signatures from the
 `Official Apache Download site <https://downloads.apache.org/airflow/providers/>`_
 
-* `The apache-airflow-providers-google 8.9.0 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-google-8.9.0.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-google-8.9.0.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-google-8.9.0.tar.gz.sha512>`__)
-* `The apache-airflow-providers-google 8.9.0 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_google-8.9.0-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_google-8.9.0-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_google-8.9.0-py3-none-any.whl.sha512>`__)
+* `The apache-airflow-providers-google 8.10.0 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-google-8.10.0.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-google-8.10.0.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-google-8.10.0.tar.gz.sha512>`__)
+* `The apache-airflow-providers-google 8.10.0 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_google-8.10.0-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_google-8.10.0-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_google-8.10.0-py3-none-any.whl.sha512>`__)
 
 .. include:: ../../airflow/providers/google/CHANGELOG.rst

docs/apache-airflow-providers-http/commits.rst+16 −4 modified

@@ -28,16 +28,28 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+4.2.0
+.....
+
+Latest change: 2023-02-14
+
+=================================================================================================  ===========  ============================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ============================================================
+`47edfe9a22 <https://github.com/apache/airflow/commit/47edfe9a22d1c521e49de3bed87bc332a48c0a80>`_  2023-02-14   ``Add HttpHookAsync for deferrable implementation (#29038)``
+=================================================================================================  ===========  ============================================================
+
 4.1.1
 .....
 
-Latest change: 2023-01-13
+Latest change: 2023-01-14
 
-=================================================================================================  ===========  =================================================
+=================================================================================================  ===========  ==================================================================
 Commit                                                                                             Committed    Subject
-=================================================================================================  ===========  =================================================
+=================================================================================================  ===========  ==================================================================
+`911b708ffd <https://github.com/apache/airflow/commit/911b708ffddd4e7cb6aaeac84048291891eb0f1f>`_  2023-01-14   ``Prepare docs for Jan 2023 mid-month wave of Providers (#28929)``
 `a9d5471c66 <https://github.com/apache/airflow/commit/a9d5471c66c788d8469ca65556e5820f1e96afc1>`_  2023-01-13   ``Change logging for HttpHook to debug (#28911)``
-=================================================================================================  ===========  =================================================
+=================================================================================================  ===========  ==================================================================
 
 4.1.0
 .....

docs/apache-airflow-providers-http/index.rst+3 −1 modified

@@ -65,7 +65,7 @@ Package apache-airflow-providers-http
 `Hypertext Transfer Protocol (HTTP) <https://www.w3.org/Protocols/>`__
 
 
-Release: 4.1.1
+Release: 4.2.0
 
 Provider package
 ----------------
@@ -88,6 +88,8 @@ PIP package            Version required
 =====================  ==================
 ``requests``           ``>=2.26.0``
 ``requests_toolbelt``
+``aiohttp``
+``asgiref``
 =====================  ==================
 
 .. include:: ../../airflow/providers/http/CHANGELOG.rst

docs/apache-airflow-providers-microsoft-azure/commits.rst+15 −1 modified

@@ -28,14 +28,28 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+5.2.1
+.....
+
+Latest change: 2023-02-16
+
+=================================================================================================  ===========  ===============================================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ===============================================================================
+`ce28775397 <https://github.com/apache/airflow/commit/ce28775397627a750514c904577703ecaa331d2b>`_  2023-02-16   ``Handle deleting more than 256 blobs using 'WasbHook.delete_file()' (#29565)``
+`f9e9d23457 <https://github.com/apache/airflow/commit/f9e9d23457cba5d3e18b5bdb7b65ecc63735b65b>`_  2023-02-11   ``Restore trigger logging (#29482)``
+`60d4bcd1d1 <https://github.com/apache/airflow/commit/60d4bcd1d101bb56955081d14e3e138a0c960c5f>`_  2023-02-10   ``Revert "Enable individual trigger logging (#27758)" (#29472)``
+=================================================================================================  ===========  ===============================================================================
+
 5.2.0
 .....
 
-Latest change: 2023-02-03
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  ===========================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  ===========================================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `1b18a501fe <https://github.com/apache/airflow/commit/1b18a501fe818079e535838fa4f232b03365fc75>`_  2023-02-03   ``Enable individual trigger logging (#27758)``
 `3374fdfcbd <https://github.com/apache/airflow/commit/3374fdfcbddb630b4fc70ceedd5aed673e6c0a0d>`_  2023-01-23   ``Deprecate 'delegate_to' param in GCP operators and update docs (#29088)``
 `6c50a691a8 <https://github.com/apache/airflow/commit/6c50a691a813a306133228740fedbb4c59a0e56c>`_  2023-01-19   ``Fix params rendering in AzureSynapseHook Python API docs (#29041)``

docs/apache-airflow-providers-microsoft-azure/index.rst+3 −3 modified

@@ -67,7 +67,7 @@ Package apache-airflow-providers-microsoft-azure
 `Microsoft Azure <https://azure.microsoft.com/>`__
 
 
-Release: 5.2.0
+Release: 5.2.1
 
 Provider package
 ----------------
@@ -135,7 +135,7 @@ Downloading official packages
 You can download officially released packages and verify their checksums and signatures from the
 `Official Apache Download site <https://downloads.apache.org/airflow/providers/>`_
 
-* `The apache-airflow-providers-microsoft-azure 5.2.0 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-microsoft-azure-5.2.0.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-microsoft-azure-5.2.0.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-microsoft-azure-5.2.0.tar.gz.sha512>`__)
-* `The apache-airflow-providers-microsoft-azure 5.2.0 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_microsoft_azure-5.2.0-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_microsoft_azure-5.2.0-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_microsoft_azure-5.2.0-py3-none-any.whl.sha512>`__)
+* `The apache-airflow-providers-microsoft-azure 5.2.1 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-microsoft-azure-5.2.1.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-microsoft-azure-5.2.1.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-microsoft-azure-5.2.1.tar.gz.sha512>`__)
+* `The apache-airflow-providers-microsoft-azure 5.2.1 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_microsoft_azure-5.2.1-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_microsoft_azure-5.2.1-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_microsoft_azure-5.2.1-py3-none-any.whl.sha512>`__)
 
 .. include:: ../../airflow/providers/microsoft/azure/CHANGELOG.rst

docs/apache-airflow-providers-sftp/commits.rst+13 −1 modified

@@ -28,14 +28,26 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+4.2.3
+.....
+
+Latest change: 2023-02-13
+
+=================================================================================================  ===========  =========================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  =========================================
+`8e24387d6d <https://github.com/apache/airflow/commit/8e24387d6db177c662342245bb183bfd73fb9ee8>`_  2023-02-13   ``Fix sftp sensor with pattern (#29467)``
+=================================================================================================  ===========  =========================================
+
 4.2.2
 .....
 
-Latest change: 2023-01-21
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  ===========================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  ===========================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `2b7071c600 <https://github.com/apache/airflow/commit/2b7071c60022b3c483406839d3c0ef734db5daad>`_  2023-01-21   ``FTP operator has logic in __init__ (#29073)``
 `bac7b3027d <https://github.com/apache/airflow/commit/bac7b3027d57d2a31acb9a2d078c6af4dc777162>`_  2023-01-20   ``Fix SFTP operator's template fields processing (#29068)``
 =================================================================================================  ===========  ===========================================================

docs/apache-airflow-providers-sftp/index.rst+3 −3 modified

@@ -52,7 +52,7 @@ Package apache-airflow-providers-sftp
 `SSH File Transfer Protocol (SFTP) <https://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/>`__
 
 
-Release: 4.2.2
+Release: 4.2.3
 
 Provider package
 ----------------
@@ -102,7 +102,7 @@ Downloading official packages
 You can download officially released packages and verify their checksums and signatures from the
 `Official Apache Download site <https://downloads.apache.org/airflow/providers/>`_
 
-* `The apache-airflow-providers-sftp 4.2.2 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-sftp-4.2.2.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-sftp-4.2.2.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-sftp-4.2.2.tar.gz.sha512>`__)
-* `The apache-airflow-providers-sftp 4.2.2 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_sftp-4.2.2-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_sftp-4.2.2-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_sftp-4.2.2-py3-none-any.whl.sha512>`__)
+* `The apache-airflow-providers-sftp 4.2.3 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-sftp-4.2.3.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-sftp-4.2.3.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-sftp-4.2.3.tar.gz.sha512>`__)
+* `The apache-airflow-providers-sftp 4.2.3 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_sftp-4.2.3-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_sftp-4.2.3-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_sftp-4.2.3-py3-none-any.whl.sha512>`__)
 
 .. include:: ../../airflow/providers/sftp/CHANGELOG.rst

docs/apache-airflow-providers-snowflake/commits.rst+13 −1 modified

@@ -28,14 +28,26 @@ For high-level changelog, see :doc:`package information including changelog <ind
 
 
 
+4.0.4
+.....
+
+Latest change: 2023-02-10
+
+=================================================================================================  ===========  ===================================================
+Commit                                                                                             Committed    Subject
+=================================================================================================  ===========  ===================================================
+`0fd4fc7f35 <https://github.com/apache/airflow/commit/0fd4fc7f35f0e12bef2c9615acf9651e9f2cec72>`_  2023-02-10   ``Fix missing parens for files parameter (#29437)``
+=================================================================================================  ===========  ===================================================
+
 4.0.3
 .....
 
-Latest change: 2023-01-29
+Latest change: 2023-02-08
 
 =================================================================================================  ===========  ====================================================================
 Commit                                                                                             Committed    Subject
 =================================================================================================  ===========  ====================================================================
+`ce6ae2457e <https://github.com/apache/airflow/commit/ce6ae2457ef3d9f44f0086b58026909170bbf22a>`_  2023-02-08   ``Prepare docs for Feb 2023 wave of Providers (#29379)``
 `9b073119d4 <https://github.com/apache/airflow/commit/9b073119d401594b3575c6f7dc4a14520d8ed1d3>`_  2023-01-29   ``provide missing connection to the parent class operator (#29211)``
 `eff677c418 <https://github.com/apache/airflow/commit/eff677c418f09690f7e89302368dbff54e7fce75>`_  2023-01-28   ``Snowflake Provider - hide host from UI (#29208)``
 =================================================================================================  ===========  ====================================================================

docs/apache-airflow-providers-snowflake/index.rst+3 −3 modified

@@ -65,7 +65,7 @@ Package apache-airflow-providers-snowflake
 `Snowflake <https://www.snowflake.com/>`__
 
 
-Release: 4.0.3
+Release: 4.0.4
 
 Provider package
 ----------------
@@ -118,7 +118,7 @@ Downloading official packages
 You can download officially released packages and verify their checksums and signatures from the
 `Official Apache Download site <https://downloads.apache.org/airflow/providers/>`_
 
-* `The apache-airflow-providers-snowflake 4.0.3 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-snowflake-4.0.3.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-snowflake-4.0.3.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-snowflake-4.0.3.tar.gz.sha512>`__)
-* `The apache-airflow-providers-snowflake 4.0.3 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_snowflake-4.0.3-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_snowflake-4.0.3-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_snowflake-4.0.3-py3-none-any.whl.sha512>`__)
+* `The apache-airflow-providers-snowflake 4.0.4 sdist package <https://downloads.apache.org/airflow/providers/apache-airflow-providers-snowflake-4.0.4.tar.gz>`_ (`asc <https://downloads.apache.org/airflow/providers/apache-airflow-providers-snowflake-4.0.4.tar.gz.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache-airflow-providers-snowflake-4.0.4.tar.gz.sha512>`__)
+* `The apache-airflow-providers-snowflake 4.0.4 wheel package <https://downloads.apache.org/airflow/providers/apache_airflow_providers_snowflake-4.0.4-py3-none-any.whl>`_ (`asc <https://downloads.apache.org/airflow/providers/apache_airflow_providers_snowflake-4.0.4-py3-none-any.whl.asc>`__, `sha512 <https://downloads.apache.org/airflow/providers/apache_airflow_providers_snowflake-4.0.4-py3-none-any.whl.sha512>`__)
 
 .. include:: ../../airflow/providers/snowflake/CHANGELOG.rst

5e6f8eb4d5fd

Check that cloud sql provider version is valid (#29497)

https://github.com/apache/airflowJarek PotiukFeb 13, 2023via ghsa-ref

commit PR #29497

2 files changed · +91 −15

airflow/providers/google/cloud/hooks/cloud_sql.py+21 −10 modified

@@ -59,6 +59,8 @@
 # Time to sleep between active checks of the operation results
 TIME_TO_SLEEP_IN_SECONDS = 20
 
+CLOUD_SQL_PROXY_VERSION_REGEX = re.compile(r"^v?(\d+\.\d+\.\d+)(-\w*.?\d?)?$")
+
 
 class CloudSqlOperationStatus:
     """Helper class with operation statuses."""
@@ -449,16 +451,7 @@ def _download_sql_proxy_if_needed(self) -> None:
         if os.path.isfile(self.sql_proxy_path):
             self.log.info("cloud-sql-proxy is already present")
             return
-        system = platform.system().lower()
-        processor = os.uname().machine
-        if processor == "x86_64":
-            processor = "amd64"
-        if not self.sql_proxy_version:
-            download_url = CLOUD_SQL_PROXY_DOWNLOAD_URL.format(system, processor)
-        else:
-            download_url = CLOUD_SQL_PROXY_VERSION_DOWNLOAD_URL.format(
-                self.sql_proxy_version, system, processor
-            )
+        download_url = self._get_sql_proxy_download_url()
         proxy_path_tmp = self.sql_proxy_path + ".tmp"
         self.log.info("Downloading cloud_sql_proxy from %s to %s", download_url, proxy_path_tmp)
         # httpx has a breaking API change (follow_redirects vs allow_redirects)
@@ -482,6 +475,24 @@ def _download_sql_proxy_if_needed(self) -> None:
         os.chmod(self.sql_proxy_path, 0o744)  # Set executable bit
         self.sql_proxy_was_downloaded = True
 
+    def _get_sql_proxy_download_url(self):
+        system = platform.system().lower()
+        processor = os.uname().machine
+        if processor == "x86_64":
+            processor = "amd64"
+        if not self.sql_proxy_version:
+            download_url = CLOUD_SQL_PROXY_DOWNLOAD_URL.format(system, processor)
+        else:
+            if not CLOUD_SQL_PROXY_VERSION_REGEX.match(self.sql_proxy_version):
+                raise ValueError(
+                    "The sql_proxy_version should match the regular expression "
+                    f"{CLOUD_SQL_PROXY_VERSION_REGEX.pattern}"
+                )
+            download_url = CLOUD_SQL_PROXY_VERSION_DOWNLOAD_URL.format(
+                self.sql_proxy_version, system, processor
+            )
+        return download_url
+
     def _get_credential_parameters(self) -> list[str]:
         extras = GoogleBaseHook.get_connection(conn_id=self.gcp_conn_id).extra_dejson
         key_path = get_field(extras, "key_path")

tests/providers/google/cloud/hooks/test_cloud_sql.py+70 −5 modified

@@ -18,6 +18,9 @@
 from __future__ import annotations
 
 import json
+import os
+import platform
+import tempfile
 from unittest import mock
 from unittest.mock import PropertyMock
 
@@ -27,7 +30,11 @@
 
 from airflow.exceptions import AirflowException
 from airflow.models import Connection
-from airflow.providers.google.cloud.hooks.cloud_sql import CloudSQLDatabaseHook, CloudSQLHook
+from airflow.providers.google.cloud.hooks.cloud_sql import (
+    CloudSQLDatabaseHook,
+    CloudSQLHook,
+    CloudSqlProxyRunner,
+)
 from tests.providers.google.cloud.utils.base_gcp_mock import (
     mock_base_gcp_hook_default_project_id,
     mock_base_gcp_hook_no_default_project_id,
@@ -847,8 +854,12 @@ def test_cloudsql_database_hook_validate_ssl_certs_with_ssl_files_not_readable(
         err = ctx.value
         assert "must be a readable file" in str(err)
 
+    @mock.patch("airflow.providers.google.cloud.hooks.cloud_sql.gettempdir")
     @mock.patch("airflow.providers.google.cloud.hooks.cloud_sql.CloudSQLDatabaseHook.get_connection")
-    def test_cloudsql_database_hook_validate_socket_path_length_too_long(self, get_connection):
+    def test_cloudsql_database_hook_validate_socket_path_length_too_long(
+        self, get_connection, gettempdir_mock
+    ):
+        gettempdir_mock.return_value = "/tmp"
         connection = Connection()
         connection.set_extra(
             json.dumps(
@@ -870,8 +881,12 @@ def test_cloudsql_database_hook_validate_socket_path_length_too_long(self, get_c
         err = ctx.value
         assert "The UNIX socket path length cannot exceed" in str(err)
 
+    @mock.patch("airflow.providers.google.cloud.hooks.cloud_sql.gettempdir")
     @mock.patch("airflow.providers.google.cloud.hooks.cloud_sql.CloudSQLDatabaseHook.get_connection")
-    def test_cloudsql_database_hook_validate_socket_path_length_not_too_long(self, get_connection):
+    def test_cloudsql_database_hook_validate_socket_path_length_not_too_long(
+        self, get_connection, gettempdir_mock
+    ):
+        gettempdir_mock.return_value = "/tmp"
         connection = Connection()
         connection.set_extra(
             json.dumps(
@@ -1093,7 +1108,7 @@ def test_hook_with_correct_parameters_postgres_proxy_socket(self, get_connection
         hook = CloudSQLDatabaseHook()
         connection = hook.create_connection()
         assert "postgres" == connection.conn_type
-        assert "/tmp" in connection.host
+        assert tempfile.gettempdir() in connection.host
         assert "example-project:europe-west1:testdb" in connection.host
         assert connection.port is None
         assert "testdb" == connection.schema
@@ -1166,7 +1181,7 @@ def test_hook_with_correct_parameters_mysql_proxy_socket(self, get_connection):
         connection = hook.create_connection()
         assert "mysql" == connection.conn_type
         assert "localhost" == connection.host
-        assert "/tmp" in connection.extra_dejson["unix_socket"]
+        assert tempfile.gettempdir() in connection.extra_dejson["unix_socket"]
         assert "example-project:europe-west1:testdb" in connection.extra_dejson["unix_socket"]
         assert connection.port is None
         assert "testdb" == connection.schema
@@ -1185,3 +1200,53 @@ def test_hook_with_correct_parameters_mysql_tcp(self, get_connection):
         assert "127.0.0.1" == connection.host
         assert 3200 != connection.port
         assert "testdb" == connection.schema
+
+
+def get_processor():
+    processor = os.uname().machine
+    if processor == "x86_64":
+        processor = "amd64"
+    return processor
+
+
+class TestCloudSqlProxyRunner:
+    @pytest.mark.parametrize(
+        ["version", "download_url"],
+        [
+            (
+                "v1.23.0",
+                "https://storage.googleapis.com/cloudsql-proxy/v1.23.0/cloud_sql_proxy."
+                f"{platform.system().lower()}.{get_processor()}",
+            ),
+            (
+                "v1.23.0-preview.1",
+                "https://storage.googleapis.com/cloudsql-proxy/v1.23.0-preview.1/cloud_sql_proxy."
+                f"{platform.system().lower()}.{get_processor()}",
+            ),
+        ],
+    )
+    def test_cloud_sql_proxy_runner_version_ok(self, version, download_url):
+        runner = CloudSqlProxyRunner(
+            path_prefix="12345678",
+            instance_specification="project:us-east-1:instance",
+            sql_proxy_version=version,
+        )
+        assert runner._get_sql_proxy_download_url() == download_url
+
+    @pytest.mark.parametrize(
+        "version",
+        [
+            "v1.23.",
+            "v1.23.0..",
+            "v1.23.0\\",
+            "\\",
+        ],
+    )
+    def test_cloud_sql_proxy_runner_version_nok(self, version):
+        runner = CloudSqlProxyRunner(
+            path_prefix="12345678",
+            instance_specification="project:us-east-1:instance",
+            sql_proxy_version=version,
+        )
+        with pytest.raises(ValueError, match="The sql_proxy_version should match the regular expression"):
+            runner._get_sql_proxy_download_url()

Vulnerability mechanics

Root cause

"Missing input validation on the `sql_proxy_version` parameter allows an attacker to supply an arbitrary version string, which is used to construct a download URL for the Cloud SQL proxy binary without verification."

Attack vector

An attacker who can control the `sql_proxy_version` parameter in a Cloud SQL hook configuration (e.g., via a DAG definition or connection extra) can supply a crafted version string that does not conform to the expected version format. Before the fix, the version string was passed directly into the download URL template without validation, enabling the attacker to potentially point the download at an arbitrary URL. The vulnerability is triggered when `CloudSqlProxyRunner._download_sql_proxy_if_needed()` is called and `sql_proxy_version` is set to a non-empty value [patch_id=1641033].

Affected code

The vulnerability exists in `airflow/providers/google/cloud/hooks/cloud_sql.py` in the `CloudSqlProxyRunner` class, specifically in the `_download_sql_proxy_if_needed()` method which constructed the download URL from `self.sql_proxy_version` without validation. The fix adds a new `_get_sql_proxy_download_url()` method and a `CLOUD_SQL_PROXY_VERSION_REGEX` constant to validate the version string [patch_id=1641033].

What the fix does

The patch introduces a regular expression constant `CLOUD_SQL_PROXY_VERSION_REGEX` that validates the `sql_proxy_version` string must match the pattern `^v?(\d+\.\d+\.\d+)(-\w*.?\d?)?$` [patch_id=1641033]. The validation is performed in the new `_get_sql_proxy_download_url()` method; if the version does not match, a `ValueError` is raised before any download attempt. This ensures only properly formatted version strings (e.g., `v1.23.0` or `v1.23.0-preview.1`) are accepted, preventing injection of arbitrary path components into the download URL.

Preconditions

inputAttacker must be able to set the sql_proxy_version parameter on a CloudSqlProxyRunner instance (e.g., via DAG definition or connection configuration).
configThe sql_proxy_version parameter must be set to a non-empty, non-conforming value.

Generated on May 23, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/apache/airflow/pull/29497ghsapatchWEB
github.com/advisories/GHSA-8g23-2q5p-8866ghsaADVISORY
lists.apache.org/thread/zdr8ovfttbh7kj0lydgcw88tbt2nmkcyghsavendor-advisoryWEB
nvd.nist.gov/vuln/detail/CVE-2023-25691ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000