Security vulnerabilities with Helm chart version 8.7.1, Postgres version 11.16-patch.0, and pgbouncer version 1.18.0-patch.1

[danielheilig]

We are using Airflow 2.6.1-python3.8 and we would like to know if we can use postgres version 16, pgbouncer 1.19, and redis 7 with current Helm chart version 8.7.1?

[thesuperzapper]

@danielheilig Firstly, if your use case is important enough to care enough about security, it's important enough to use a production-ready database. You should be using an external database, not the embedded one.

However, I acknowledge that PgBouncer is still part of the chart, so you might want to build your own image based on our one, but I am not aware of any critical security issues that were patched between PgBouncer 1.18 and 1.19.

---

But if this is for purely intellectual reasons, in the end, the chart deploys Airflow and Airflow supports many versions of these dependencies, but if we are basing it on what the official Apache Airflow repo says, they provide the following table:

I do note that Redis is not listed here, so you would have to test it. But newer versions of celery (the tool which airflow uses Redis though) will probably work with any widely adopted Redis version.