From fcd7beca76bdde78d337d2314a0be0d6c5a4f28c Mon Sep 17 00:00:00 2001 From: amercader Date: Wed, 13 Mar 2024 12:56:11 +0100 Subject: [PATCH] Update master changelog with previous patch releases --- CHANGELOG.rst | 203 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 202 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 73253de6a0a..9451c0eb4df 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,7 +8,169 @@ Changelog --------- .. towncrier release notes start - + +v.2.10.4 2024-03-13 +=================== + +Migration notes +--------------- + +- The default format for accepted uploads for user, groups and organization + images is now limited to PNG, GIF anf JPG. If you need to add additional + foramts you can use the :ref:`ckan.upload.user.mimetypes` and + :ref:`ckan.upload.group.mimetypes`) (`#7028 + `_) +- Public user registration is disabled by default, ie users can not create + new accounts from the UI. With this default value, new users can be created + by being invited by an organization admin, being created directly by a + sysadmin in the ``/user/register`` endpoint or being created in the CLI + using ``ckan user add``. To allow public registration see + :ref:`ckan.auth.create_user_via_web`, but it's strongly encouraged to put + some measures in place to avoid spam. (`#7028 + `_) (`#7208 + `_) + +Minor changes +------------- +- Define allowed alternative Solr query parsers via the :ref:`ckan.search.solr_allowed_query_parsers` + config option (`#8053 `_) + +Bugfixes +-------- +- `CVE-2024-27097 `_: fixed + potential log injection in reset user endpoint. +- use custom group type from the activity object if it's not supplied, eg on + user activity streams (`#7980 `_) +- Removes extra <<`_) +- CKAN does not start without ``beaker.session.validate_key`` option introduced + in v2.10.3 (`#8023 `_) +- Editing of resources unavailable from package view page. (`#8025 + `_) +- Pass custom package types through to the 'new resource' activity item (`#8034 + `_) +- Fix Last Modified sort parameter for bulk-process page (`#8048 + `_) +- Detect XLSX mimetypes correctly in uploader (`#8088 + `_) +- Remove nginx cache as configuration from documentation (`#8031 + `_) +- Fix `clean_db` fixtures breaking when tables are missing (`#8054 + `_) +- Fix JS error in flash message when adding a Member (`#8104 + `_) + + +v.2.10.3 2023-12-13 +=================== + + +Minor changes +------------- +- New sites now default to cookie-based sessions (the default value for ``beaker.session.type`` + is now ``cookie``. The ``beaker.session.samesite`` configuration option has been introduced, + allowing you to specify the ``SameSite`` attribute for session cookies. This attribute determines + how cookies are sent in cross-origin requests, enhancing security and privacy. + + .. note:: When using cookie-based sessions, it is now required to + set ``beaker.session.validate_key`` appropriately. + +- Skip interactive mode of ``ckan user setpass`` using ``-p``/``--password`` + option. (`#7530 `_) +- Added support for Solr 9. Users of the `official Docker images + `_ can use the + ``ckan/ckan-solr:2.10-solr9`` tag. (`#7693 + `_) +- Update requirements to support more Python versions (`#7935 + `_) +- Add tooltips when links are truncated, to show the full text. (`#7743 + `_) +- Added pages to confirm User delete and Dataset Collaborator delete. + Fixed cancellation of Group Member delete. (`#7813 + `_) +- The ``validators`` attribute of a declared config option makes tries to parse + arguments to validators as python literals. If **all** arguments can be + parsed, they are passed to a validator factory with original types. If at least one + argument is not a valid Python literal, all values are passed as a string + (this was the previous behavior). Space characters are still not allowed inside + arguments, use the ``\\x20`` symbol if you need a space in a literal (`#7615 + `_):: + + # Not changed + `validators: v(xxx)` # v("xxx") + `validators: v("xxx",yyy)` # v("xxx", "yyy") + `validators: v(1,2,none)` # v("1", "2", "none") + `validators: v("hello\\x20world")` # v("hello world") + + # Changed + `validators: v("xxx")` # v("xxx") + `validators: v("xxx",1)` # v("xxx", 1) + `validators: v(1,2,None)` # v(1, 2, None) + +- Automatically add the ``not_empty`` validator to any config option declared + with ``required: true`` (`#7658 `_) + + +Bugfixes +-------- +- `CVE-2023-50248 `_: fix potential + out of memory error when submitting the dataset form with a specially-crafted field. +- Fix ``deprecated`` decorator (`#7939 + `_) +- Fix for missing Tag facets on Home page (`#7520 + `_) +- Fix errors when running the `ckan db upgrade` command (`#7681 + `_) +- Fix datastore_search + downloading datastore resources as json with null + values (`#6713 `_) +- ``CONFIG_FROM_ENV_VARS`` takes precedence over config file and extensions but + those settings are not normalized. (`#7502 + `_) +- Fixed server not recognizing SSL settings in configuration .ini file + (`#7758 `_) +- Fix error when indexing a full ISO date with timezone info (`#7775 + `_) +- Aligned `member_create` with `group_member_save` to prevent possible member + duplication. (`#7804 `_) +- datastore-only resources now have a visible download button on the resource + page (`#7806 `_) +- update resource ``datastore_active`` with a single statement on + ``datastore_create/delete`` (`#7832 `_) +- Fixed Octet Streaming for Datastore Dump requests. (`#7839 + `_) +- Fixed restricting anonymous users in actions to check user in context. + (`#7871 `_) +- Empty string in ``beaker.session.timeout`` produces an error instead of + never-expiring session (`#7881 `_) +- Updated Bootstrap alert-error class to alert-danger (`#7901 + `_) +- Changed dataset query to check for ``+state:`` in the ``fq_list`` as well as the + `fq` parameter before forcing ``state:active`` (`#7905 + `_) +- View modules use pluggable ``ckan.plugins.toolkit.h`` instead of + `ckan.lib.helpers` (`#7923 `_) +- Fix HTML5 validation failing on resource uploads (`#7925 + `_) +- Fixed issues with the ``ckan views create`` CLI sub-command. (`#7944 + `_) +- Improve handling of date fields in Solr (`#7775 + `_) +- Fix URL validator does not support ":" for specifying ports (`#7891 + `_) +- Fix user_show for ``ckan.auth.public_user_details`` (`#7866 + `_) +- Add missing translations to aria-label attributes (`#7947 + `_) +- Catch AttributeErrors in license retrieval (`#7931 + `_) +- Fix downloading datastore resources as json with null values in json columns + (`#7545 `_) + +v.2.10.2 +======== + +Unreleased + v.2.10.1 2023-05-24 =================== @@ -570,6 +732,45 @@ Removals and deprecations - ``ckan.route_after_login`` renamed to ``ckan.auth.route_after_login`` (`#7350 `_) +v.2.9.11 2024-03-13 +=================== + +Minor changes +------------- +- Define allowed alternative Solr query parsers via the :ref:`ckan.search.solr_allowed_query_parsers` + config option (`#8053 `_). Note that the 2.9 version of this + patch does not use pyparsing to parse the local parameters string, so some limitations are in place, + mainly that no quotes are allowed in the local paramaters definition. +- Get default formats for DataStore views from config (`#8095 `_) + +Bugfixes +-------- +- `CVE-2024-27097 `_: fixed + potential log injection in reset user endpoint. +- Fixed Octet Streaming for Datastore Dump requests. (`#7899 `_) +- Fix Password Reset Keys with multiple accounts (`#8079 `_) +- Detect XLSX mimetypes correctly in uploader (`#8088 `_) + + +v.2.9.10 2023-12-13 +=================== + +Bugfixes +-------- + +- `CVE-2023-50248 `_: fix potential + out of memory error when submitting the dataset form with a specially-crafted field. +- Update resource datastore_active with a single statement (`#7833 `_) +- Fix downloading datastore resources as json with null values in json columns + (`#7545 `_) +- Fix errors when running the `ckan db upgrade` command (`#7681 + `_) +- Fix ``deprecated`` decorator (`#7939 + `_) +- Changed dataset query to check for ``+state:`` in the ``fq_list`` as well as the + `fq` parameter before forcing ``state:active`` (`#7905 + `_) + v.2.9.9 2023-05-24 ==================