[ckan-dev] CKAN 2.1 plus patch versions for 2.0.x, 1.8.x and 1.7.x released

Joshua Tauberer tauberer+consulting at govtrack.us
Wed Aug 14 12:34:27 UTC 2013


On 08/13/2013 09:15 AM, Adrià Mercader wrote:
> there are new patch releases available for previous CKAN versions that fix bugs and security issues

Just on the security issues, what I see in 2.0.2 is:

* resource_search would return resources that were deleted or a part of 
deleted/private packages (not sure what private is)
* Users could be searched by email address.

A user_update method was also refactored. But as far as I can tell no 
logic was changed there? Or was there a vulnerability there?

https://github.com/okfn/ckan/compare/release-v2.0.1...release-v2.0.2

(Btw, the first and the third aren't listed in the 2.0.2 release notes.)

Have I understood those changes right? Thanks!

-- 
- Joshua Tauberer
- http://razor.occams.info

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20130814/03ea166f/attachment-0001.html>


More information about the ckan-dev mailing list