There were two vulnerabilities fixed in release of Apache Airflow 1103 affecting the `airflow webserver` service:
CVE-2019-0216: Stored XSS
Versions Affected: <= 1102
Description:
A malicious admin user could edit the state of objects in the Airflow
metadata database to execute arbitrary javascript on certain page views
Cred ...