| Changes | Show detailsMigration notes
- Going forward, if both
ckan.upload.[type].mimetypes and
ckan.upload.[type].types are empty, no uploads will be allowed
for this object type (e.g. user or group). It previoulsy
meant that all file types were allowed. To keep the old behaviour use
the string * as value in both options (this is dangerous and
not recommended).
Minor changes
- Adapt login failure message if reCAPTCHA is enabled (
#8627
<https://github.com/ckan/ckan/pull/8627>_)
- Update release process docs (
#8586
<https://github.com/ckan/ckan/pull/8586>_)
Bugfixes
CVE-2025-24372 <https://github.com/ckan/ckan/security/advisories/GHSA-7pq5-qcp6-mcww>_: Fix potential
XSS vector through user and group/organization images.- Invalidate cached pages and load fresh ones if cookies change (
#6955
<https://github.com/ckan/ckan/pull/6955>_)
- Fix
check_access order for resource create view (#8588
<https://github.com/ckan/ckan/pull/8588>_)
- Fix CSV export error by ensuring BOM is written correctly as a string for
Excel compatibility. (
#8635 <https://github.com/ckan/ckan/pull/8635>_)
- Fix auth check for datastore data dictionary view (
#8639
<https://github.com/ckan/ckan/pull/8639>_)
|
|---|