releases: 118245443

This data as json

html_url id node_id tag_name target_commitish name draft author prerelease created_at published_at body repo reactions
https://github.com/simonw/datasette/releases/tag/1.0a4 118245443 RE_kwDOBm6k_c4HDEhD 1.0a4 main 1.0a4 0 9599 1 2023-08-22T17:10:01Z 2023-08-22T17:13:26Z

This alpha fixes a security issue with the /-/api API explorer. On authenticated Datasette instances (instances protected using plugins such as datasette-auth-passwords) the API explorer interface could reveal the names of databases and tables within the protected instance. The data stored in those tables was not revealed.

For more information and workarounds, read the security advisory. The issue has been present in every previous alpha version of Datasette 1.0: versions 1.0a0, 1.0a1, 1.0a2 and 1.0a3.

Also in this alpha:

  • The new datasette plugins --requirements option outputs a list of currently installed plugins in Python requirements.txt format, useful for duplicating that installation elsewhere. (#2133)
  • Writable canned queries can now define a on_success_message_sql field in their configuration, containing a SQL query that should be executed upon successful completion of the write operation in order to generate a message to be shown to the user. (#2138)
  • The automatically generated border color for a database is now shown in more places around the application. (#2119)
  • Every instance of example shell script code in the documentation should now include a working copy button, free from additional syntax. (#2140)
 107914493 
{
    "url": "https://api.github.com/repos/simonw/datasette/releases/118245443/reactions",
    "total_count": 3,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 2,
    "confused": 0,
    "heart": 1,
    "rocket": 0,
    "eyes": 0
}

Links from other tables