rowid,repo,release,date,body_markdown,published_at,topics
107914493,https://github.com/simonw/datasette,https://github.com/simonw/datasette/releases/tag/1.0a4,2023-08-22,"This alpha fixes a security issue with the `/-/api` API explorer. On authenticated Datasette instances (instances protected using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords)) the API explorer interface could reveal the names of databases and tables within the protected instance. The data stored in those tables was not revealed.

For more information and workarounds, read [the security advisory](https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq). The issue has been present in every previous alpha version of Datasette 1.0: versions 1.0a0, 1.0a1, 1.0a2 and 1.0a3.

Also in this alpha:

- The new `datasette plugins --requirements` option outputs a list of currently installed plugins in Python `requirements.txt` format, useful for duplicating that installation elsewhere. ([#2133](https://github.com/simonw/datasette/issues/2133))
- [Writable canned queries](https://docs.datasette.io/en/latest/sql_queries.html#canned-queries-writable) can now define a `on_success_message_sql` field in their configuration, containing a SQL query that should be executed upon successful completion of the write operation in order to generate a message to be shown to the user. ([#2138](https://github.com/simonw/datasette/issues/2138))
- The automatically generated border color for a database is now shown in more places around the application. ([#2119](https://github.com/simonw/datasette/issues/2119))
- Every instance of example shell script code in the documentation should now include a working copy button, free from additional syntax. ([#2140](https://github.com/simonw/datasette/issues/2140))",2023-08-22T17:13:26Z,"[""asgi"", ""automatic-api"", ""csv"", ""datasets"", ""datasette"", ""datasette-io"", ""docker"", ""json"", ""python"", ""sql"", ""sqlite""]"