html_url,id,node_id,tag_name,target_commitish,name,draft,author,prerelease,created_at,published_at,body,repo,reactions
https://github.com/simonw/datasette/releases/tag/0.57,44155601,MDc6UmVsZWFzZTQ0MTU1NjAx,0.57,main,0.57,0,9599,0,2021-06-05T22:06:55Z,2021-06-05T22:11:18Z,"**Warning**: This release fixes a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) security hole with the `?_trace=1` feature. You should upgrade to this version, or to Datasette 0.56.1, as soon as possible. ([#1360](https://github.com/simonw/datasette/issues/1360))

In addition to the security fix, this release includes `?_col=` and `?_nocol=` options for controlling which columns are displayed for a table, `?_facet_size=` for increasing the number of facet results returned, re-display of your SQL query should an error occur and numerous bug fixes.

### New features

-   If an error occurs while executing a user-provided SQL query, that query is now re-displayed in an editable form along with the error message. ([#619](https://github.com/simonw/datasette/issues/619))
-   New `?_col=` and `?_nocol=` parameters to show and hide columns in a table, plus an interface for hiding and showing columns in the column cog menu. ([#615](https://github.com/simonw/datasette/issues/615))
-   A new `?_facet_size=` parameter for customizing the number of facet results returned on a table or view page. ([#1332](https://github.com/simonw/datasette/issues/1332))
-   `?_facet_size=max` sets that to the maximum, which defaults to 1,000 and is controlled by the the [max_returned_rows](https://docs.datasette.io/en/stable/settings.html#setting-max-returned-rows) setting. If facet results are truncated the ... at the bottom of the facet list now links to this parameter. ([#1337](https://github.com/simonw/datasette/issues/1337))
-   `?_nofacet=1` option to disable all facet calculations on a page, used as a performance optimization for CSV exports and `?_shape=array/object`. ([#1349](https://github.com/simonw/datasette/issues/1349), [#263](https://github.com/simonw/datasette/issues/263))
-   `?_nocount=1` option to disable full query result counts. ([#1353](https://github.com/simonw/datasette/issues/1353))
-   `?_trace=1` debugging option is now controlled by the new [trace_debug](https://docs.datasette.io/en/stable/settings.html#setting-trace-debug) setting, which is turned off by default. ([#1359](https://github.com/simonw/datasette/issues/1359))

### Bug fixes and other improvements

-   [Custom pages](https://docs.datasette.io/en/stable/custom_templates.html#custom-pages) now work correctly when combined with the [base_url](https://docs.datasette.io/en/stable/settings.html#setting-base-url) setting. ([#1238](https://github.com/simonw/datasette/issues/1238))
-   Fixed intermittent error displaying the index page when the user did not have permission to access one of the tables. Thanks, Guy Freeman. ([#1305](https://github.com/simonw/datasette/issues/1305))
-   Columns with the name ""Link"" are no longer incorrectly displayed in bold. ([#1308](https://github.com/simonw/datasette/issues/1308))
-   Fixed error caused by tables with a single quote in their names. ([#1257](https://github.com/simonw/datasette/issues/1257))
-   Updated dependencies: `pytest-asyncio`, `Black`, `jinja2`, `aiofiles`, `click`, and `itsdangerous`.
-   The official Datasette Docker image now supports `apt-get install`. ([#1320](https://github.com/simonw/datasette/issues/1320))
-   The Heroku runtime used by `datasette publish heroku` is now `python-3.8.10`.",107914493,"{""url"": ""https://api.github.com/repos/simonw/datasette/releases/44155601/reactions"", ""total_count"": 1, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 1, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}"
https://github.com/simonw/datasette/releases/tag/0.56.1,44155459,MDc6UmVsZWFzZTQ0MTU1NDU5,0.56.1,0.56.x,0.56.1,0,9599,0,2021-06-05T21:54:47Z,2021-06-05T22:00:01Z,- Fix for a security hole: [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) in the `?_trace=1` feature. [#1360](https://github.com/simonw/datasette/issues/1360),107914493,