William Ashe

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 3.1.6 **Description** When rendered template fields in a Dag exceed `max templated field length`, sensitive values could be exposed in cleartext in the Rendered Templates UI. This is due to the serialization of these fields using a secrets masker instance that did not include user-registered `mask secret()` patterns, resulting in unreliable masking of secrets before truncation and display. **Recommendations** Upgrade to version 3.1.6 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 3.1.4 **Description** A flaw exists in Apache Airflow where authenticated users of the user interface could view secret values within rendered templates. This occurred because secrets were not properly redacted, potentially granting unauthorized access to sensitive information. **Recommendations** Upgrade to version 3.1.4 to resolve this issue.