QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-12 19:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(rbac): show objects accessible by database access perm (#23118)

Browse Source 
(cherry picked from commit 89576f8a87)
This commit is contained in:
Ville Brofeldt
2023-02-24 10:45:16 +02:00
committed by Elizabeth Thompson
parent 9096e27794
commit ae6e2a00a0
8 changed files with 116 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
UPDATING.md
View File

@@ -43,6 +43,8 @@ assists people when migrating to a new version.
### Other
- [23118](https://github.com/apache/superset/pull/23118): Previously the "database access on <database>" permission granted access to all datasets on the underlying database, but they didn't show up on the list views. Now all dashboards, charts and datasets that are accessible via this permission will also show up on their respective list views.
## 2.0.1
- [21895](https://github.com/apache/superset/pull/21895): Markdown components had their security increased by adhering to the same sanitization process enforced by Github. This means that some HTML elements found in markdowns are not allowed anymore due to the security risks they impose. If you're deploying Superset in a trusted environment and wish to use some of the blocked elements, then you can use the HTML_SANITIZATION_SCHEMA_EXTENSIONS configuration to extend the default sanitization schema. There's also the option to disable HTML sanitization using the HTML_SANITIZATION configuration but we do not recommend this approach because of the security risks. Given the provided configurations, we don't view the improved sanitization as a breaking change but as a security patch.