We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.
Reserved 2023-02-08 | Published 2023-04-20 | Updated 2025-02-13 | Assigner apacheCWE-287 Improper Authentication
lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf
www.openwall.com/lists/oss-security/2023/04/20/10
Support options