[ckan-dev] CKAN 2.1 plus patch versions for 2.0.x, 1.8.x and 1.7.x released
David Raznick
david.raznick at okfn.org
Wed Aug 14 14:33:19 UTC 2013
On 14 August 2013 15:12, Fawcett, David (MNIT) <David.Fawcett at state.mn.us>wrote:
> I am curious about a potential issue that I saw in the API at 2.0.1.****
>
> ** **
>
> When you do an action/group_entity_get, you can get the API key for the
> users associated with that group in addition to all of the other details
> about that user (sysadmin status, email, reset_key, etc.)****
>
> **
>
You can only get this detail when you are a sysadmin or for your own user.
I do not think this logic has changed for a while.
>
>
> **
>
> Was this addressed in the updated API versions?****
>
> ** **
>
> David.
>
Thanks
David
> ****
>
> ** **
>
> *From:* ckan-dev-bounces at lists.okfn.org [mailto:
> ckan-dev-bounces at lists.okfn.org] *On Behalf Of *Joshua Tauberer
> *Sent:* Wednesday, August 14, 2013 7:34 AM
> *To:* CKAN Development Discussions
>
> *Subject:* Re: [ckan-dev] CKAN 2.1 plus patch versions for 2.0.x, 1.8.x
> and 1.7.x released****
>
> ** **
>
> On 08/13/2013 09:15 AM, Adrià Mercader wrote:****
>
> there are new patch releases available for previous CKAN versions that fix bugs and security issues****
>
>
> Just on the security issues, what I see in 2.0.2 is:
>
> * resource_search would return resources that were deleted or a part of
> deleted/private packages (not sure what private is)
> * Users could be searched by email address.
>
> A user_update method was also refactored. But as far as I can tell no
> logic was changed there? Or was there a vulnerability there?
>
> https://github.com/okfn/ckan/compare/release-v2.0.1...release-v2.0.2
>
> (Btw, the first and the third aren't listed in the 2.0.2 release notes.)
>
> Have I understood those changes right? Thanks!
>
> ****
>
> -- ****
>
> - Joshua Tauberer****
>
> - http://razor.occams.info****
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20130814/5a2eedb4/attachment-0001.html>
More information about the ckan-dev
mailing list