[ckan-dev] CKAN 2.1 plus patch versions for 2.0.x, 1.8.x and 1.7.x released
Fawcett, David (MNIT)
David.Fawcett at state.mn.us
Wed Aug 14 14:12:21 UTC 2013
I am curious about a potential issue that I saw in the API at 2.0.1.
When you do an action/group_entity_get, you can get the API key for the users associated with that group in addition to all of the other details about that user (sysadmin status, email, reset_key, etc.)
Was this addressed in the updated API versions?
David.
From: ckan-dev-bounces at lists.okfn.org [mailto:ckan-dev-bounces at lists.okfn.org] On Behalf Of Joshua Tauberer
Sent: Wednesday, August 14, 2013 7:34 AM
To: CKAN Development Discussions
Subject: Re: [ckan-dev] CKAN 2.1 plus patch versions for 2.0.x, 1.8.x and 1.7.x released
On 08/13/2013 09:15 AM, Adrià Mercader wrote:
there are new patch releases available for previous CKAN versions that fix bugs and security issues
Just on the security issues, what I see in 2.0.2 is:
* resource_search would return resources that were deleted or a part of deleted/private packages (not sure what private is)
* Users could be searched by email address.
A user_update method was also refactored. But as far as I can tell no logic was changed there? Or was there a vulnerability there?
https://github.com/okfn/ckan/compare/release-v2.0.1...release-v2.0.2
(Btw, the first and the third aren't listed in the 2.0.2 release notes.)
Have I understood those changes right? Thanks!
--
- Joshua Tauberer
- http://razor.occams.info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20130814/e42151a0/attachment-0001.html>
More information about the ckan-dev
mailing list