Ville Brofeldt
|
2112fbd379
|
feat(subjects): add read-only Subject REST API and DAO (#41897)
|
2026-07-10 04:29:34 -07:00 |
|
Gabriel Torres Ruiz
|
1fd43ffe52
|
feat(mcp): scope embedded-guest data reads to the token's dashboards (#41753)
|
2026-07-09 14:58:01 -03:00 |
|
Ville Brofeldt
|
33f0fc93ed
|
feat: introduce Subject model and entity editors/viewers (#38831)
|
2026-07-08 11:00:03 -07:00 |
|
Mike Bridge
|
04f8b700d7
|
feat(datasets): soft-delete and restore (#40130)
Co-authored-by: Mike Bridge <michael.bridge@ext.preset.io>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
|
2026-07-07 08:57:08 -07:00 |
|
Yuriy Krasilnikov
|
ab0e77c1cb
|
fix(embedded): allow guest users to sort by visible columns (#37371)
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
|
2026-07-02 15:50:56 -07:00 |
|
Evan Rusackas
|
adc03ce525
|
refactor: make import/expression layer SQLAlchemy 2.0-compatible (#41179)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-29 11:38:59 -07:00 |
|
Evan Rusackas
|
0fd244b5c6
|
fix(security): reject unknown fields on guest-token RLS rules (#41217)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-24 16:16:43 -07:00 |
|
Evan Rusackas
|
386893f9f2
|
feat(security): record audit metadata on guest token issuance (#41305)
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
|
2026-06-23 11:25:44 -07:00 |
|
Evan Rusackas
|
1d3daf2ac8
|
fix(security): return generic error and log internally in RoleRestAPI.get_list (#41295)
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
|
2026-06-23 11:24:26 -07:00 |
|
Evan Rusackas
|
5e8a0c0244
|
fix(embedded): allow guest users to sort table columns in embedded dashboards (#41218)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-23 10:10:55 -07:00 |
|
Harshit-Tiwary
|
36781fbf47
|
fix(i18n): wrap table access error message with gettext for translation (#38489)
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
2026-06-22 20:28:05 -07:00 |
|
Alexandru Soare
|
6d08e79259
|
feat(security): Add extension hooks for custom access control, ownership, and asset lifecycle (#40707)
|
2026-06-16 15:25:03 +03:00 |
|
Evan Rusackas
|
e16bb29faf
|
fix(embedded): allow guests to apply a Time Grain native filter (#32768) (#41017)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
|
2026-06-15 15:22:21 -07:00 |
|
Evan Rusackas
|
d120b1c250
|
feat(security): enforce password complexity policy (min length + common-password blocklist) (#40670)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-13 16:31:23 -07:00 |
|
Shaitan
|
aa3d2b9e81
|
fix(dashboard): validate native-filter data requests against filter targets (#40979)
Co-authored-by: sha174n <pedro.sousa@preset.io>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
2026-06-13 19:02:28 +01:00 |
|
Evan Rusackas
|
814b72c6f9
|
feat(security): force password change on first use (opt-in) (#40669)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-11 22:23:10 -07:00 |
|
Evan Rusackas
|
663b47aa75
|
feat: support guest-token revocation per embedded dashboard (#40676)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-11 19:37:22 -07:00 |
|
Evan Rusackas
|
9938ee273f
|
feat: terminate active sessions when an account is disabled (#40695)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
2026-06-11 19:37:13 -07:00 |
|
Evan Rusackas
|
5a0e3f15ca
|
feat(embedded): add guest token revocation support (#40671)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-10 09:17:30 -07:00 |
|
Amin Ghadersohi
|
7d69f76127
|
fix(mcp): API key authentication for MCP — transport, validation, and RBAC (#39604)
|
2026-06-04 15:04:43 -04:00 |
|
Evan Rusackas
|
aa547da960
|
fix: remove registration_hash in the registrations API (#40643)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-04 09:43:03 -07:00 |
|
Shaitan
|
faa76f6741
|
fix(embedding): add optional dataset allowlist to guest tokens (#39302)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-03 12:55:09 +01:00 |
|
Shaitan
|
6eaee211aa
|
fix(sqllab): require dataset match for raw query access (#40409)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-06-02 21:50:27 +01:00 |
|
Michael Gerber
|
041ecbc248
|
fix(embedded): resolve guest user permissions in user_view_menu_names (#39197)
Co-authored-by: Evan Rusackas <evan@preset.io>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-01 10:30:05 -07:00 |
|
Shaitan
|
afc4f3c9b3
|
fix(database): extend URI blocklist to cover duckdb dialect (#40402)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-05-30 13:26:38 -07:00 |
|
Mike Bridge
|
b2320820b4
|
feat(core): SoftDeleteMixin and restore infrastructure (#39977)
Co-authored-by: Mike Bridge <michael.bridge@ext.preset.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
2026-05-29 13:08:10 -07:00 |
|
Shaitan
|
f663f47628
|
fix(embedding): require non-default JWT secret when embedded dashboards are enabled (#39999)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-05-28 14:26:40 -07:00 |
|
Shaitan
|
407321e394
|
fix(database): extend shillelagh URI pattern to cover all driver variants (#39995)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-05-15 12:04:34 +01:00 |
|
Beto Dealmeida
|
cb53745d43
|
feat: semantic layer extension (#37815)
|
2026-05-05 12:07:46 -04:00 |
|
Beto Dealmeida
|
edf4d03218
|
chore: bump rison to 2.0.0 (#39529)
|
2026-04-24 15:52:42 -04:00 |
|
Daniel Vaz Gaspar
|
f6c5219e89
|
fix(security): add UserSAMLModelView to USER_MODEL_VIEWS (#39568)
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
2026-04-22 17:47:41 +01:00 |
|
Vitor Avila
|
c7955a38ef
|
fix: Drill to Detail for Embedded (#39214)
Co-authored-by: Maxime Beauchemin <maximebeauchemin@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-04-09 17:01:48 -03:00 |
|
Daniel Vaz Gaspar
|
5815665cc6
|
feat: role/user CRUD events and login/logout tracking in the action log (#39121)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-04-09 15:55:25 +01:00 |
|
Ville Brofeldt
|
e56f8cc4fb
|
fix(security_manager): custom auth_view issue (#39098)
|
2026-04-06 09:04:59 -07:00 |
|
Mehmet Salih Yavuz
|
95f61bd223
|
fix: add parent_slice_id for multilayer charts to embed (#38243)
|
2026-03-12 21:21:43 +03:00 |
|
Enzo Martellucci
|
a17f38a4e2
|
fix(embedded): add CurrentUserRestApi read permission to Public role defaults (#38474)
|
2026-03-10 00:08:37 +01:00 |
|
Hugh A. Miles II
|
61fbfda501
|
feat(security): add granular export controls (Phase 1) (#38361)
|
2026-03-09 16:44:56 -04:00 |
|
Kamil Gabryjelski
|
3e3c9686de
|
perf(dashboard): Batch RLS filter lookups for dashboard digest computation (#37941)
|
2026-02-16 21:35:55 +01:00 |
|
Jonathan Alberth Quispe Fuentes
|
88ce1425e2
|
fix(roles): optimize user fetching and resolve N+1 query issue (#37235)
|
2026-02-12 09:32:19 -08:00 |
|
Alexandru Soare
|
9ea5ded988
|
fix(dashboard): Prevent fatal error when database connection is unavailable (#37576)
|
2026-02-06 20:52:17 -08:00 |
|
Martyn Gigg
|
e4f649e49c
|
fix(superset-frontend): Fixes for broken functionality when an application root is defined (#36058)
|
2026-01-23 14:13:48 -08:00 |
|
Sam Firke
|
2c1a33fd32
|
fix(roles): allow Public role to read themes (#37295)
|
2026-01-21 10:52:42 -08:00 |
|
Evan Rusackas
|
5909e90081
|
feat(security): add built-in Public role for anonymous dashboard access (#36548)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-05 10:27:10 -08:00 |
|
Beto Dealmeida
|
ecb4e483df
|
fix: apply EXCLUDE_USERS_FROM_LISTS to /api/v1/security/users/ (#36742)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
|
2025-12-23 15:18:34 -08:00 |
|
Vitor Avila
|
737a5162e4
|
fix: Use is_active for guest users (#36716)
|
2025-12-17 17:23:22 -03:00 |
|
Shunki
|
440cbc4c1f
|
fix(roles): Add missing SQLLab permissions for estimate and format (#36263)
|
2025-12-08 14:40:38 -08:00 |
|
Beto Dealmeida
|
16e6452b8c
|
feat: Explorable protocol (#36245)
|
2025-12-04 13:18:34 -05:00 |
|
Amin Ghadersohi
|
92d8139136
|
fix(security): enable AUTH_RATE_LIMITED to work correctly (#36195)
Co-authored-by: Joe Li <joe@preset.io>
|
2025-11-20 10:23:49 -08:00 |
|
Ville Brofeldt
|
c2baba50f9
|
chore: abstract models and daos into superset-core (#35259)
|
2025-11-14 17:00:44 -08:00 |
|
Beto Dealmeida
|
f3e620cd0f
|
fix: RLS in virtual datasets (#36061)
|
2025-11-14 14:21:09 -05:00 |
|