rowid,repo,release,date,body_markdown,published_at,topics 107914493,https://github.com/simonw/datasette,https://github.com/simonw/datasette/releases/tag/0.57,2021-06-05,"**Warning**: This release fixes a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) security hole with the `?_trace=1` feature. You should upgrade to this version, or to Datasette 0.56.1, as soon as possible. ([#1360](https://github.com/simonw/datasette/issues/1360)) In addition to the security fix, this release includes `?_col=` and `?_nocol=` options for controlling which columns are displayed for a table, `?_facet_size=` for increasing the number of facet results returned, re-display of your SQL query should an error occur and numerous bug fixes. ### New features - If an error occurs while executing a user-provided SQL query, that query is now re-displayed in an editable form along with the error message. ([#619](https://github.com/simonw/datasette/issues/619)) - New `?_col=` and `?_nocol=` parameters to show and hide columns in a table, plus an interface for hiding and showing columns in the column cog menu. ([#615](https://github.com/simonw/datasette/issues/615)) - A new `?_facet_size=` parameter for customizing the number of facet results returned on a table or view page. ([#1332](https://github.com/simonw/datasette/issues/1332)) - `?_facet_size=max` sets that to the maximum, which defaults to 1,000 and is controlled by the the [max_returned_rows](https://docs.datasette.io/en/stable/settings.html#setting-max-returned-rows) setting. If facet results are truncated the ... at the bottom of the facet list now links to this parameter. ([#1337](https://github.com/simonw/datasette/issues/1337)) - `?_nofacet=1` option to disable all facet calculations on a page, used as a performance optimization for CSV exports and `?_shape=array/object`. ([#1349](https://github.com/simonw/datasette/issues/1349), [#263](https://github.com/simonw/datasette/issues/263)) - `?_nocount=1` option to disable full query result counts. ([#1353](https://github.com/simonw/datasette/issues/1353)) - `?_trace=1` debugging option is now controlled by the new [trace_debug](https://docs.datasette.io/en/stable/settings.html#setting-trace-debug) setting, which is turned off by default. ([#1359](https://github.com/simonw/datasette/issues/1359)) ### Bug fixes and other improvements - [Custom pages](https://docs.datasette.io/en/stable/custom_templates.html#custom-pages) now work correctly when combined with the [base_url](https://docs.datasette.io/en/stable/settings.html#setting-base-url) setting. ([#1238](https://github.com/simonw/datasette/issues/1238)) - Fixed intermittent error displaying the index page when the user did not have permission to access one of the tables. Thanks, Guy Freeman. ([#1305](https://github.com/simonw/datasette/issues/1305)) - Columns with the name ""Link"" are no longer incorrectly displayed in bold. ([#1308](https://github.com/simonw/datasette/issues/1308)) - Fixed error caused by tables with a single quote in their names. ([#1257](https://github.com/simonw/datasette/issues/1257)) - Updated dependencies: `pytest-asyncio`, `Black`, `jinja2`, `aiofiles`, `click`, and `itsdangerous`. - The official Datasette Docker image now supports `apt-get install`. ([#1320](https://github.com/simonw/datasette/issues/1320)) - The Heroku runtime used by `datasette publish heroku` is now `python-3.8.10`.",2021-06-05T22:11:18Z,"[""asgi"", ""automatic-api"", ""csv"", ""datasets"", ""datasette"", ""datasette-io"", ""docker"", ""json"", ""python"", ""sql"", ""sqlite""]" 107914493,https://github.com/simonw/datasette,https://github.com/simonw/datasette/releases/tag/0.56.1,2021-06-05,- Fix for a security hole: [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) in the `?_trace=1` feature. [#1360](https://github.com/simonw/datasette/issues/1360),2021-06-05T22:00:01Z,"[""asgi"", ""automatic-api"", ""csv"", ""datasets"", ""datasette"", ""datasette-io"", ""docker"", ""json"", ""python"", ""sql"", ""sqlite""]"