Regular Expression Denial of Service (ReDoS) Vulnerability before 2.6.3

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. POC: Go to URL``` http://192.168.73.128:8080/dags/dataset_consumes_1/gantt?root=(((((((.*)*)*)*)*)*)*)!``` twice, valure of `root` param pass into the application will trigger Redos vulnand service will hang for a while. #Here is an email comfirm from Airflow team. ████ ## Impact Denial of service: The attacker can effectively crash the web application or server, preventing legitimate users from accessing