Update dependency apache-airflow to v3 [SECURITY] - autoclosed

[openverse-bot]

This PR contains the following updates:

Package	Update	Change
apache-airflow (changelog)	major	==2.10.4 -> ==3.1.7

GitHub Vulnerability Alerts

CVE-2026-24098

Impact

Exposure of Sensitive Information:

An information disclosure vulnerability exists in the Apache Airflow UI that allows authenticated users to view Import Errors for DAGs they are not authorized to access.

In affected versions, the Import Errors view does not correctly filter errors based on granular DAG permissions. This means a user with access to only DAG_A can view import errors generated by DAG_B, DAG_C, or system-level DAGs. These error logs often contain file paths, code snippets, or stack traces that reveal the internal structure and logic of restricted DAGs.

Patches

Users should upgrade to Apache Airflow 3.1.7 or later.
This version strictly enforces DAG-level permissions on the Import Errors view.

Workarounds

There are no known workarounds other than upgrading.

Resources

• CVE-2026-24098
• Pull Request #​60801
• Mailing List Announcement

CVE-2025-68675

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.

Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue.

CVE-2025-65995

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. 

The issue has been fixed in Airflow 3.1.5rc1 and 2.11.1, and users are strongly advised to upgrade to prevent potential disclosure of sensitive information.

CVE-2024-56373

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.

The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378

---

Release Notes

apache/airflow (apache-airflow)

v3.1.7

Compare Source

No significant changes.

Bug Fixes
^^^^^^^^^

• Fix JWT token generation with unset issuer/audience config (#​61331)
• Fix callback files losing priority during queue resort (#​61232) (#​61243)
• Fix Dag callback for versioned bundles in the processor (#​60734) (#​61230)
• Add 404 handling for non-existent Dag (#​61131) (#​61225)
• Add guardrail to handle Dag deserialization errors in scheduler (#​61162) (#​61210)
• Fix asset scheduling for stale Dags (#​59337) (#​60022) (#​61106)
• Fix unnecessary Dag version churn when Dag file paths change (#​60799)
• Fix missing warning when Bundle path may not be accessible to impersonated user (#​60278)
• Fix TriggerDagRunOperator deferring when wait_for_completion=False (#​60052)
• Fix NoneType error when updating serialized Dag (#​56422)
• Fix Pool API slots validation (#​61071) (#​61114)
• Fix DagBag parsing by adding bundle_path temporarily to sys.path (#​55894) (#​61053)
• Fix API to respect maximum page limit (#​60989) (#​61073)
• Prevent Triggerer from crashing when a trigger event isn't serializable (#​60152) (#​60981)
• Fix permissions on get_event_logs endpoint (#​60936) (#​60958)
• Fix Dag access control for dag_id in query param (#​60935) (#​60959)
• Fix root logger to use log_level instead of hardcoded INFO level (#​60784) (#​60970)
• Fix Dag processor OOM by Avoid loading all TaskInstances when checking DagVersion in write_dag (#​60937) (#​60962)
• Fix worker startup Dag load failures by rescheduling tasks instead of exiting (#​59604) (#​60926)
• Fix permissions check in import error APIs (#​60801) (#​60884)
• Fix refresh-token invalidation by logging out the user (#​60781) (#​60881)
• Fix connection test API to restore masked password/extra from existing connections (#​59643) (#​60873)
• Fix Dag processor overhead by applying gc.freeze (#​60505) (#​60845)
• Fix Dag processor crashing due to MySQL deadlock errors (#​60166) (#​60418)
• Ensure unique run_id across manually triggered Dags with schedules (#​59477) (#​60468)
• UI: Avoid gantt annotation error during resize (#​60877)
• UI: Fix react apps plugins router (#​61206)
• UI: Reset pagination on search in all pages (#​61169)
• UI: Explicitly set UI table ordering (#​60609) (#​61216)
• UI: Plugins pagination fix #​61055 (#​61059) (#​61129)
• UI: Fix ui get dags permission endpoint for user without Dag run permissions (#​60979) (#​60988)
• UI: Convert Tasks Table from card to table mode (#​60830) (#​60874)
• UI: Fix slow log scrolling for large task logs (#​60806) (#​60875)
• UI: Grey out trigger button on API 403 (#​60648) (#​60777)
• UI: Remove API error from disabling submit (#​60473) (#​60658)
• UI: Added toasters for permission denied (#​57966) (#​58016) (#​60646)
• UI: Move row count and display toggle into DataTable (#​57680) (#​60639)
• UI: Fix/backfill permission error handling (#​60582) (#​60587)
• UI: Improve Dags Filter UI (#​60346) (#​60547)
• UI: Update PoolBar to separate Scheduled and Deferred slots (#​59270) (#​60538)
• UI: Correct the access for the externalLogUrl (#​60412) (#​60479)
• UI: Fix gantt chart styling (#​60347) (#​60457)
• UI: Reset pagination on DagList search (#​60326) (#​60336)
• UI: Move dags list filters to buttongroups (#​60298) (#​60337)
• UI: Fix table filters resetting when deleting a Dag (#​60279) (#​60287)
• UI: Fix sidebar visibility issue when main content exceeds viewport height (#​59660) (#​60286)
• UI: Add virtualization to grid view (#​60241) (#​60285)

Miscellaneous
^^^^^^^^^^^^^

• UI: Upgrade react-dom-router in Airflow UI (#​60316) (#​60456)
• Use bulk DELETE for XComModel.clear() instead of loading records (#​60955)
• Refactor Dag file queuing and fix redundant processing (#​60124)
• Optimized Dag processing queue order on bundle refresh (#​60003)
• Remove unused method is_default_pool in Pool model (#​61084) (#​61128)
• Translation fixes: Taiwaness Mandarin (#​61126), Catalan (#​61093), German (#​61097), Polish (#​61099),
  Arabic (#​60635 #​60782, (#​60635) (#​60782)), Spanish (#​60775 #​60785, (#​60775) (#​60785)),
  Hebrew (#​60633 #​60686, (#​60633) (#​60686))

Doc Only Changes
^^^^^^^^^^^^^^^^

• Fix minor display issue with migration to airflow 3 docs (#​60749)
• Fix airflow.utils.context.Context import path in Airflow 3 migration doc (#​59937)
• Add missing links to airflow.sdk classes and functions in public interface docs (#​61005) (#​61012)
• Clarify BaseSensorOperator parameters in Sensors guide (#​60275)
• Fix docstring for RuntimeTaskInstance.xcom_pull (#​60220) (#​60252)
• Fix broken syntax highlighting in AIR rules note section (#​59188)

v3.1.6

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

is_authorized_hitl_task() method now available in auth managers(#​59399).
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
This method is now available in auth managers to check whether a user is authorized to approve a HITL task

proxy and proxies added to DEFAULT_SENSITIVE_FIELDS (#​59688)
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
proxy and proxies have been added to DEFAULT_SENSITIVE_FIELDS in secrets_masker to treat proxy configurations as sensitive by default

Bug Fixes
^^^^^^^^^

• Protect against hanging thread in aiosqlite 0.22+ (#​60217) (#​60245)
• Fix log task instance sqlalchemy join query (#​59973) (#​60222)
• Fix invalid uri created when extras contains non string elements (#​59339) (#​60219)
• Fix operator template fields via callable serialization that causes unstable DAG serialization (#​60065) (#​60221)
• Fix real-time extra links updates for TriggerDagRunOperator (#​59507) (#​60225)
• Fix signal handling in triggerer job runner (#​60190) (#​60214)
• Added state validation to delete dag run endpoint (#​60195) (#​60207)
• Fix text overflow issue (#​60080)
• UI: Add toggle functionality to Dags state filters (#​59089)
• Fix deprecated_options entry for dag_file_processor_timeout (#​59181) (#​60162)
• Fix ApprovalOperator with SimpleAuthManager when all_admins=True (#​59399) (#​60116)
• Record missing ti_failure metrics for tasks (#​59731) (#​59964)
• Fix missing TaskInstanceHistory on scheduler TI resets (#​59639) (#​59752)
• Add proxy and proxies as sensitive fields in DEFAULT_SENSITIVE_FIELDS (#​59688) (#​59792)
• Fix compat deprecation handling for [webserver] base_url (#​59659) (#​59781)
• Fix Execution API refresh token (#​58782) (#​59713)
• Fix eager-loading DagRun asset relationships before creating DagRunContext (#​59714) (#​59732)
• Redact secrets in rendered templates properly when truncating it (#​59566) (#​59704)
• Add Content-Type to request headers in Task SDK calls when missing (#​59676) (#​59687)
• UI: Fix Expand+Collapse Translation Key (#​59672) (#​59674)
• Fix server context for connections (#​59624) (#​59652)
• Fix clear task instance dialog tasks states (#​59363) (#​59580)
• Add log record when listening dag is partitioned but run has no key (#​59375) (#​59582)
• Fix Dag Processor logging crash (#​59317) (#​59581)
• Flush session before processing Event Buffer in dag test (#​59314) (#​59559)
• Add task group ID filtering support to task instance query (#​58092) (#​59511)
• Fix message of _read_from_logs_server when status_code is 403 (#​59489) (#​59504)
• Fix import errors not cleared for files without Dags (#​58242) (#​59500)
• Fix backfill run_on_latest_version defaulting to False instead of True (#​59304) (#​59328)
• Add toaster notifications for Connection Test (#​59354) (#​59368)
• Fix .airflowignore negation not working in subfolders (#​58740) (#​59305)
• Fix XCom key handling when keys contain special characters like slash (#​58344) (#​59311)
• Fix an odd import of pendulum from sqlalchemy_utils instead of elsewhere. (#​59258) (#​59265)
• Fix links for DurationChart (#​59095) (#​59237)
• Fix misleading error message when GitHook creation fails (#​59236)
• Show asset extra in asset list (#​59195) (#​59201)
• Prevent dag processor crash on encountering excel files in the Dag directory (#​59069) (#​59170)
• Fix DagRun.queued_at not updating when clearing (#​59066) (#​59177)
• Fix Rendered Templates not showing dictionary items (#​58071) (#​59176)
• UI: Change task log source display to hidden by default (#​58749) (#​59045)
• Fix button to go back from FAB iframe (#​58997) (#​59007)
• Fix task instance and run tooltips in Grid view (#​58359) (#​59013)

Miscellaneous
^^^^^^^^^^^^^

• Don't depend upon FastAPI inside Task-SDK client (#​59250) (#​59257)
• Align the term Dag in all translations (#​59155)

Doc Only Changes
^^^^^^^^^^^^^^^^

• Bump Sphinx Airflow theme to 0.3.0 (#​59538)
• Translations updates [French: (#​60157) (#​60167), German: (#​59673), PL: (#​59675) (#​59251) (#​59256), Japanese: (#​59557),(#​59313),
  Taiwanese Mandarin (#​59513) (#​59515), Hebrew: (#​59133) (#​59255), Ca: (#​59216) (#​60199), TR: (#​59169) (#​60191)]
• Update webserver probe health check doc (#​59942) (#​59982)
• Update API auth. instructions in Docker running docs (#​59830) (#​59832)
• Improve CLI date argument help text documentation (#​59797) (#​59810)
• Add fast client-side search to Airflow documentation (#​59658)
• Fix broken permalink icon (#​58763)
• Add Refresh Token logic to auth manager docs (#​54196) (#​59482)
• Update json to JSON for consistency in translations (#​59323) (#​59333)
• Fix outdated dependency documentation (#​58970) (#​59219)
• Add UI/API performance tips (#​59004) (#​59052)
• Provide a clear naming and description for the attribute caching get_template_context (#​59023) (#​59036)
• Update the documentation for the LocalExecutor (#​58990) (#​59022)

v3.1.5

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

No significant changes.

Bug Fixes
^^^^^^^^^

• Handle invalid token in JWTRefreshMiddleware (#​56904)
• Fix inconsistent Dag hashes when template fields contain unordered dicts (#​59091) (#​59175)
• Fix assets used only as inlets being incorrectly orphaned (#​58986)
• Fix exception when logging stdout with a custom %-format string (#​58963)
• Fix backfill max_active_runs race condition with concurrent schedulers (#​58935)
• Fix LocalExecutor memory spike by applying gc.freeze (#​58934)
• Fix string to datetime pydantic conversion (#​58916)
• Fix deadlines being incorrectly pruned for DAG runs with the same run_id (#​58910)
• Fix handling of pre-AIP-39 DAG runs (#​58773)
• Mask secrets properly when using deprecated import path (#​58726)
• Preserve Asset.extra when using AssetAlias (#​58712)
• Fix timeout_after in run_trigger method of TriggerRunner (#​58703)
• Fix connection retrieval from secrets backend without conn_type (#​58664)
• Fix task retry logic to respect retries for all exit codes (#​58478)
• Respect default_args in DAG when set to a "falsy" value (#​58396)
• Fix airflow config list output for multi-line values (#​58378)
• Fix TriggerDagRunOperator stuck in deferred state with reset_dag_run=True (#​58333)
• Fix HITLTrigger params serialization (#​58297)
• Fix atomicity issue in SerializedDagModel.write_dag preventing orphaned DAG versions (#​58281)
• Mask kwargs when illegal arguments are passed (#​58283)
• Fix supervisor communications not reconnecting when using dag.test() (#​58266)
• Fix supervisor communications and logs not reconnecting in task subprocesses (#​58263)
• Make pool description optional when patching pools (#​58169)
• Fix check_files.py script after source tarball was renamed (#​58192)
• Fix db cleanup logging behavior and docstrings (#​58523)
• Fix Asset URI normalization for user info without password (#​58485)
• UI: Fix object rendering in Human-in-the-Loop (HITL) interface (#​58611)
• UI: Fix "Consuming Tasks" section not in asset header (#​58060)
• UI: Fix timezone string parsing to use dayjs correctly (#​57880)
• UI: Ensure task instance endDate is not null (#​58435)
• UI: Fix trigger parameter field showing as dict when param.value is null (#​58899)
• UI: Remove unnecessary refresh state consumption for DAG header (#​58692)
• UI: Fix mobile responsiveness of Dashboard sections (#​58853)
• UI: Fix incorrect backfill duration calculation in Grid view (#​58816)
• UI: Redact secrets in rendered templates to not expose them in UI (#​58772)
• UI: Add fallback value of 1 for number of DAG runs in Grid view (#​58735)
• UI: Update refresh token flow (#​58649)
• UI: Fix 404 handling with fallback route for invalid URLs (#​58629)
• UI: Fix excessive database queries in UI grid endpoint by adding query count guard (#​57977, #​58632)
• UI: Fix DAG documentation markdown display issue (#​58627)
• UI: Fix duration chart duration format (#​58564)
• UI: Fix TaskGroup nodes not being properly highlighted when selected in Graph view (#​58559)
• UI: Fix tag filter with special characters (#​58558)
• UI: Fix group task instance tab memory leak (#​58557)
• UI: Fix popup automatically closing when DAG run completes (#​58538)
• UI: Fix operator extra links not appearing on failed tasks (#​58508)
• UI: Fix TypeError in parseStreamingLogContent for non-string data (#​58399)
• UI: Fix Dag tag order (#​58904)

Miscellaneous
^^^^^^^^^^^^^

• Do not remove .pyc and .pyo files after building Python (#​58947)
• Improve cross-distribution dependency management (#​58472)
• Bump glob from 10.4.5 to 10.5.0 in simple auth manager UI (#​58463)
• Bump glob in React core UI (#​58461)

Doc Only Changes
^^^^^^^^^^^^^^^^

• Fix Chinese (Traditional) translations for trigger-related terminology (#​58989)
• Close translation gaps in German (#​58971)
• Add missing Polish translations (#​58939)
• Clarify that Connection extra JSON masking is keyword-dependent (#​58587)
• Add migration guide for Airflow 2 users accessing database in tasks (#​57479)
• Update UIAlert import path and usage for v3 (#​58891)
• Add clarifying documentation for TaskGroup parameters (#​58880)
• Enhance asset extra field documentation (#​58830)
• Update mask_secret documentation to use the latest import path (#​58534)
• Improve disable_bundle_versioning configuration documentation (#​58405)
• Fix documentation for installing from sources (#​58373)
• Fix broken link on installing-from-sources page (#​58324)
• Add missing DAG run table translations (#​58572)

v3.1.4

Compare Source

v3.1.3

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

Fix Connection & Variable access in API server contexts (plugins, log handlers)(#​56583)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Previously, hooks used in API server contexts (plugins, middlewares, log handlers) would fail with an ImportError
for SUPERVISOR_COMMS, because SUPERVISOR_COMMS only exists in task runner child processes.

This has been fixed by implementing automatic context detection with three separate secrets backend chains:

Context Detection:

1. Client contexts (task runner in worker): Detected via SUPERVISOR_COMMS presence
2. Server contexts (API server, scheduler): Explicitly marked with _AIRFLOW_PROCESS_CONTEXT=server environment variable
3. Fallback contexts (supervisor, unknown contexts): Neither marker present, uses minimal safe chain

Backend Chains:

• Client: EnvironmentVariablesBackend → ExecutionAPISecretsBackend (routes to Execution API via SUPERVISOR_COMMS)
• Server: EnvironmentVariablesBackend → MetastoreBackend (direct database access)
• Fallback: EnvironmentVariablesBackend only (+ external backends from config like AWS Secrets Manager, Vault)

The fallback chain is crucial for supervisor processes (worker-side, before task runner starts) which need to access
external secrets for remote logging setup but should not use MetastoreBackend (to maintain worker isolation).

Architecture Benefits:

• Workers (supervisor + task runner) never use MetastoreBackend, maintaining strict isolation
• External secrets backends (AWS Secrets Manager, Vault, etc.) work in all three contexts
• Supervisor falls back to Execution API client for connections not found in external backends
• API server and scheduler have direct database access for optimal performance

Impact:

• Hooks like GCSHook, S3Hook now work correctly in log handlers and plugins
• No code changes required for existing plugins or hooks
• Workers remain isolated from direct database access (network-level DB blocking fully supported)
• External secrets work everywhere (workers, supervisor, API server)
• Robust handling of unknown contexts with safe minimal chain

See: #&#8203;56120 <https://github.com/apache/airflow/issues/56120>, #&#8203;56583 <https://github.com/apache/airflow/issues/56583>, #&#8203;51816 <https://github.com/apache/airflow/issues/51816>__

Remove insecure dag reports API endpoint that executed user code in API server (#​56609)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

The /api/v2/dagReports endpoint has been removed because it loaded user DAG files directly in the API server process,
violating Airflow's security architecture. This endpoint was not used in the UI and had no known consumers.
Use the airflow dags report CLI command instead for DAG loading reports.

Bug Fixes
^^^^^^^^^

• Fix HITL tasks not properly validating params (#​57547) (#​58144)
• Fix secrets being exposed in Jinja template rendering error messages (#​57467) (#​57962)
• UI: Fix slow loading on next run assets page (#​58052) (#​58064)
• Fix logout not working in airflow-core (#​57990) (#​58043)
• Fix slow loading on UI [(#​57820) (#​57856), (#​57956) (#​57973), (#​57957) (#​57972),(#​57869) (#​57882), (#​57868) (#​57918),(#​57624) (#​57757)]
• UI: Fix log download to include .txt file extension (#​57991) (#​58040)
• Fix scheduler using incorrect max_active_runs value from cached DAG (#​57619) (#​57959)
• Fix database migration failures when XCom contains NaN values (#​57866) (#​57893)
• Fix incorrect task context in trigger rule scenarios (#​57884) (#​57892)
• UI: Fix test connection not working (#​57811) (#​57852)
• Fix worker healthcheck timeout not respecting worker-timeout CLI option (#​57731) (#​57854)
• Fix provider hooks not loading when FAB provider is not installed (#​57717) (#​57830)
• Fix slow API responses for task instances list [(#​57645) (#​57794), (#​57646) (#​57664),(#​57500) (#​57735), (#​57549) (#​57738), (#​57450) (#​57736),(#​57647) (#​57732)]
• Fix task instance errors when tasks are triggered by trigger rules (#​57474) (#​57786)
• Fix type consistency for extra field in Asset, AssetAlias, and AssetEvent (#​57352) (#​57728)
• Fix upgrade failures when XCom contains NaN in string values (#​57614)

Miscellaneous
^^^^^^^^^^^^^

• UI: Add resize functionality to DAG run and task instance notes (#​57897) (#​58068)
• Add Taiwan translation for UI (#​58121)
• UI: Shorten German translation of Asset in navigation (#​57671) (#​57690)
• Fix code formatting via ruff preview (#​57641) (#​57670)
• Remove remnants from unlimited parallelism in local executor (#​57579) (#​57644)

Doc Only Changes
^^^^^^^^^^^^^^^^

• Add learning from Airflow 3 migration guide (#​57989) (#​58083)
• Fix duplicate mention of 'DAGs' and 'tasks' in overview documentation (#​57524) (#​57793)
• Document asset event extra storage behavior (#​57727) (#​57734)

v3.1.2

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

No significant changes.

Bug Fixes
^^^^^^^^^

• Fix import error when upgrading structlog to 25.5.0+ (#​57335)
• Fix connection retrieval in DagProcessorManager for bundle initialization (#​57459)
• Fix incorrect task instance counts displayed in task group headers (#​55670)
• Fix task retry execution after tasks are killed by external signals (#​55767)
• Fix triggerer errors after Airflow 2 to 3 migration (#​55884)
• Fix tasks unable to access triggering_user_name context variable (#​56193)
• Fix outlet event extra data being empty in task instance success listener callbacks (#​57031)
• UI: Fix panel button spacing and alignment issues (#​57062)
• UI: Fix broken grid view links for tasks with retries (#​57097)
• Fix DAG processor crash when renaming DAG tag case on MySQL (#​57113)
• Fix iteration errors when using ObjectStoragePath (#​57156)
• Fix auto-refresh not working on Required Actions page (#​57207)
• Fix DAG processor crash by ignoring callbacks from other bundles (#​57330)
• Fix asset name text overflow in DAG list view (#​57363)
• Fix memory leak caused by repeated SSL context creation in API client (#​57374)
• Fix performance issues loading DAG list page with many DAGs (#​57444)
• Fix text selection jumping unexpectedly in log viewer (#​57453)
• Fix DAG documentation pane not scroll-able when content is too long (#​57518)
• Fix incorrect macro listings in template reference documentation (#​57529)
• Fix Human-In-The-Loop operators failing when using notifiers (#​57551)
• Fix n+1 query issues in XCom API endpoints (#​57554)
• Fix n+1 query issues in Event Logs API endpoint (#​57558)
• Fix n+1 query to fetch tags in the dags list page (#​57570)
• Optimize database query to prevent "Out of sort memory" errors with many DAG versions (#​57042)
• Optimize DAG list query for users with limited access (#​57460)
• Optimize dynamic DAG updates to avoid loading large serialized DAGs (#​57592)
• Reduce serialized DAG size by optimizing callback serialization in default_args (#​57397)

Miscellaneous
^^^^^^^^^^^^^

• UI: Improve global navigation visual design, interaction, and accessibility (#​57565)
• UI: Add button to download all task logs at once (#​56771)
• UI: Add timestamp column to XCom viewer and standardize task instance columns (#​57447)
• UI: Improve highlighting of selected task instances and edges in grid view (#​57560)
• Improve retry logic by migrating from retryhttp to tenacity library (#​56762)
• Improve exception logging for task instance heartbeat failures (#​57179)
• Add Content-Type header to Task SDK API requests (#​57386)
• Log execution API server URL at task startup (#​57409)
• Reduce log noise by changing "Connection not found" from error to debug level (#​57548)
• Add task_display_name alias in event log API responses (#​57609)
• Improve Pydantic model validation strictness in serialization (#​57616)
• Fix systemd service files issues (#​57231)

Doc Only Changes
^^^^^^^^^^^^^^^^

• Improve plugin system documentation for clarity and completeness (#​57068)
• Improve clarity on api workers recommendation in docs (#​57404)
• Fix instance_name in UI docs (#​57523)
• Fix airflow macros list in template document (#​57529)

v3.1.1

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

No significant changes.

Bug Fixes
^^^^^^^^^

• Fix execution failures with NULL dag_run.conf during upgrades from earlier versions (#​56729)
• Fix memory leak in remote logging connection cache (#​56695)
• Fix DAG processor crash with pre-import module optimization enabled (#​56779)
• Fix scheduler crash with email notifications (#​56431)
• Fix scheduler crash during 3.0 to 3.1 migration when retry_delay is None (#​56236)
• Fix task retries executing wrong method after deferred state (#​56737)
• Fix retry callbacks not executing for externally killed tasks (#​56607)
• Fix custom timetable generate_run_id not called for manual triggers (#​56699)
• Fix KeyError when accessing retry_delay on MappedOperator without explicit value (#​56605)
• Fix task-sdk connection error handling to match airflow-core behavior (#​56653)
• Fix topological sort for Grid View (#​56963)
• Fix get_ti_count and get_task_states access in callback requests (#​56860)
• Fix Connection or Variable access in Server context (#​56602)
• Fix .airflowignore order precedence (#​56832)
• Fix migration errors for Pydantic 2.12.0 compatibility (#​56581)
• Fix: Correctly parse JSON for --dag_run_conf in airflow dags backfill CLI (#​56599)
• UI: Fix note modal does not change markdown text after change (#​56092)
• UI: Fix Grid for cleared runs when tasks were removed (#​56297)
• UI: Fix log text selection contrast in light mode (#​56893)
• UI: Fix Advanced Search button overlap in DAG List View (#​56777)
• UI: Fix view for many DAG tags (#​55604)
• UI: Fix asset name text overflow in DAGs list view ([#​55914](https://redirect.github.com/apache

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.