Apache Apache-Airflow-Providers-Fab vulnerabilities

CVE-2024-45033 [HIGH] CVE-2024-45033: Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Ap Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password

CVE-2024-42447 [CRITICAL] CWE-613 CVE-2024-42447: Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects A Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. * FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of A