[ckan-dev] CKAN 2.1 plus patch versions for 2.0.x, 1.8.x and 1.7.x released
Joshua Tauberer
tauberer+consulting at govtrack.us
Wed Aug 14 12:34:27 UTC 2013
On 08/13/2013 09:15 AM, Adrià Mercader wrote:
> there are new patch releases available for previous CKAN versions that fix bugs and security issues
Just on the security issues, what I see in 2.0.2 is:
* resource_search would return resources that were deleted or a part of
deleted/private packages (not sure what private is)
* Users could be searched by email address.
A user_update method was also refactored. But as far as I can tell no
logic was changed there? Or was there a vulnerability there?
https://github.com/okfn/ckan/compare/release-v2.0.1...release-v2.0.2
(Btw, the first and the third aren't listed in the 2.0.2 release notes.)
Have I understood those changes right? Thanks!
--
- Joshua Tauberer
- http://razor.occams.info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20130814/03ea166f/attachment-0001.html>
More information about the ckan-dev
mailing list