From 965e76d9ed00ef354a834739ac46f24068630951 Mon Sep 17 00:00:00 2001
From: Jarek Potiuk <jarek@potiuk.com>
Date: Mon, 13 Feb 2023 10:24:09 +0100
Subject: [PATCH] Do not show version/node in UI traceback for unauthenticated
 user (#29501)

The traceback contains information that might be useful for a potential
attacker to better target their attack (Python/Airflow version, node
name). This information should not be shown if traceback is shown to
unauthenticated user.

(cherry picked from commit cf814550275bd04326f095cc28f93663daf3404b)
---
 airflow/www/views.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/airflow/www/views.py b/airflow/www/views.py
index 86c3a6fa3a37c..4794a8c8a19e9 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -527,13 +527,13 @@ def show_traceback(error):
     return (
         render_template(
             "airflow/traceback.html",
-            python_version=sys.version.split(" ")[0],
-            airflow_version=version,
+            python_version=sys.version.split(" ")[0] if g.user.is_authenticated else "redact",
+            airflow_version=version if g.user.is_authenticated else "redact",
             hostname=get_hostname()
-            if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
+            if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True) and g.user.is_authenticated
             else "redact",
             info=traceback.format_exc()
-            if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True)
+            if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True) and g.user.is_authenticated
             else "Error! Please contact server admin.",
         ),
         500,