Workflow

Udata

Latest version: v8.0.0

Safety actively analyzes 630094 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 10 of 25

2.4.1

Not secure
- Escaping XML's forbidden characters [2562](https://github.com/opendatateam/udata/pull/2562)
- Ignore pattern feature for linkchecker [2564](https://github.com/opendatateam/udata/pull/2564)
- Fix TypeError when creating a superuser with an incorrect password [2567](https://github.com/opendatateam/udata/pull/2567)

2.4.0

Not secure
- :warning: Resources and community resources creation API change [2545](https://github.com/opendatateam/udata/pull/2545):
- Remove the RESOURCES_FILE_ALLOWED_DOMAINS setting and mechanism.
- The community resource's/resource's url could be set from the client side, even in the case of a hosted one, which is illogical.
A hosted community resource's/resource's url should only be the sole responsibility of the backend.
- Consequently, the POST endpoint of the community resources/resources API is only meant for the remote ones and the PUT endpoint of the community resources/resources API will take the existing resource's url to override the one sent by the client.
- Community resources changes [2546](https://github.com/opendatateam/udata/pull/2546):
- Dataset is now correctly set at community resource creation
- Remove now useless job 'purge-orphan-community-resources'
- Using the fs_filename logic when uploading a new resource on the data catalog.[2547](https://github.com/opendatateam/udata/pull/2547)
- Remove old file when updating resources and community resources from API [2548](https://github.com/opendatateam/udata/pull/2548)
- Sortable.js upgrade to fix an issue in udata's editorial page when reordering featured datasets [2550](https://github.com/opendatateam/udata/pull/2550)
- Password rotation mechanism [2551](https://github.com/opendatateam/udata/pull/2551):
- Datetime fields `password_rotation_demanded` and `password_rotation_performed` added to user model.
- Override Flask-Security's login and reset password forms to implement the password rotation checks.
- Password complexity settings hardening [2554](https://github.com/opendatateam/udata/pull/2554)
- Migrate ODS datasets urls [2559](https://github.com/opendatateam/udata/pull/2559)

2.3.0

Not secure
- Plugin's translations are now correctly loaded [2529](https://github.com/opendatateam/udata/pull/2529)
- Vine version is now pinned in requirements [2532](https://github.com/opendatateam/udata/pull/2532)
- Fix reuses metrics [2531](https://github.com/opendatateam/udata/pull/2531):
- Reuses "datasets" metrics are now triggered correctly
- New job to update the datasets "reuses" metrics: `update-datasets-reuses-metrics` to be scheduled
- Add a migration to set the reuses datasets metrics to the correct value [2540](https://github.com/opendatateam/udata/pull/2540)
- Add a specific dataset's method for resource removal [2534](https://github.com/opendatateam/udata/pull/2534)
- Flask-Security update [2535](https://github.com/opendatateam/udata/pull/2535):
- Switch to fork Flask-Security-Too
- New settings to set the required password length and complexity
- Fix Flask-security sendmail overriding [2536](https://github.com/opendatateam/udata/pull/2536)
- Add a custom password complexity checker to Flask-Security [2537](https://github.com/opendatateam/udata/pull/2537)
- Change too short password error message [2538](https://github.com/opendatateam/udata/pull/2538)

2.2.1

Not secure
- Some fixes for the static files deletion [2526](https://github.com/opendatateam/udata/pull/2526):
- New static files migration replacing the older one:
- The migration now uses FS_URL.
- Fixed the fs_filename string formating.
- Now checks the community ressource's URLs too.
- Removing the deletion script link in the CHANGELOG previous entry.
- Add a schema facet to the dataset search 🚧 requires datasets reindexation [2523](https://github.com/opendatateam/udata/pull/2523)

2.2.0

Not secure
- CORS are now handled by Flask-CORS instead of Flask-RestPlus[2485](https://github.com/opendatateam/udata/pull/2485)
- Oauth changes [2510](https://github.com/opendatateam/udata/pull/2510):
- Authorization code Grant now support PKCE flow
- New command to create an OAuth client
- :warning: Implicit grant is no longer supported
- :warning: Deletion workflow changes [2488](https://github.com/opendatateam/udata/pull/2488):
- Deleting a resource now triggers the deletion of the corresponding static file
- Deleting a dataset now triggers the deletion of the corresponding resources (including community resources) and their static files
- Adding a celery job `purge-orphan-community-resources` to remove community resources not linked to a dataset. This should be scheduled regularly.
- Adding a migration file to populate resources fs_filename new field. Deleting the orphaned files is pretty deployment specific.
A custom script should be writen in order to find and delete those files.
- Show traceback for migration errors [2513](https://github.com/opendatateam/udata/pull/2513)
- Add `schema` field to ressources. This field can be filled based on an external schema catalog [2512](https://github.com/opendatateam/udata/pull/2512)
- Add 2 new template hooks: `base.modals` (base template) and `dataset.resource.card.extra-buttons` (dataset resource card) [2514](https://github.com/opendatateam/udata/pull/2514)

2.1.4

- Pin influx docker image version to prevent usign Influx v2 [239](https://github.com/opendatateam/udata-piwik/pull/239)

Page 10 of 25

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.