Skip to content

1.0a4

Pre-release
Pre-release
Compare
Choose a tag to compare
@simonw simonw released this 22 Aug 17:13
· 246 commits to main since this release
1.0a4
01e0558
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This alpha fixes a security issue with the /-/api API explorer. On authenticated Datasette instances (instances protected using plugins such as datasette-auth-passwords) the API explorer interface could reveal the names of databases and tables within the protected instance. The data stored in those tables was not revealed.

For more information and workarounds, read the security advisory. The issue has been present in every previous alpha version of Datasette 1.0: versions 1.0a0, 1.0a1, 1.0a2 and 1.0a3.

Also in this alpha:

  • The new datasette plugins --requirements option outputs a list of currently installed plugins in Python requirements.txt format, useful for duplicating that installation elsewhere. (#2133)
  • Writable canned queries can now define a on_success_message_sql field in their configuration, containing a SQL query that should be executed upon successful completion of the write operation in order to generate a message to be shown to the user. (#2138)
  • The automatically generated border color for a database is now shown in more places around the application. (#2119)
  • Every instance of example shell script code in the documentation should now include a working copy button, free from additional syntax. (#2140)
Assets 2
Loading