NVD - cve-2019-17495 (nist.gov) <https://nvd.nist.gov/vuln/detail/cve-2019-17495>.
This issue is flagged by Twistlock scan of Airflow 2.5.1 Docker image. Some questions: 1. As suggested here: flask - Disable/Hide/Remove Docs menu in Apache Airflow GUI - Stack Overflow <https://stackoverflow.com/questions/69365178/disable-hide-remove-docs-menu-in-apache-airflow-gui>, if I just disable the "Docs" menu for all roles, is that sufficient for fixing this problem? 2. Is it possible to make a deep change in the code somewhere to disable all access to Swagger UI? We are building our own Docker image, so this would be the preferred approach. However, I am ignorant of Airflow code structure and could not find the appropriate place to make the change. Any help would be appreciated. Thanks. Sahib Aulakh.
