Commit Graph

1202 Commits

Author SHA1 Message Date
Harshit-Tiwary
36781fbf47 fix(i18n): wrap table access error message with gettext for translation (#38489)
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 20:28:05 -07:00
Shaitan
215b207ae4 fix(sql): detect set operations and nested selects in subquery check (#38452)
Co-authored-by: sha174n <pedro.sousa@preset.io>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 20:27:32 -07:00
Vitor Avila
3b46a5f121 fix(chart API): Consider time grain filters with the filters_dashboard_id param (#41290) 2026-06-22 20:01:24 -03:00
Hans Yu
c49391ab08 refactor: update Connection.execute() to use queries with text() (#40277) 2026-06-22 15:36:15 -07:00
Antonio Pio Volgarino
e34b7c2daf fix(gsheets): pass service_account_info via adapter_kwargs (#38443)
Co-authored-by: Antonio Pio Volgarino <avolgarino@zanichelli.it>
Co-authored-by: Joe Li <joe@preset.io>
Co-authored-by: Evan Rusackas <evan@preset.io>
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-06-22 11:34:08 -07:00
Daniel Vaz Gaspar
27a65257ee perf(screenshots): reuse Playwright browser across tasks instead of launching per-task (#41243)
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-06-22 11:32:30 -07:00
Pham Quang Binh
36632c20eb fix(databases): apply IMPERSONATE_WITH_EMAIL_PREFIX to StarRocks engine (#37984) 2026-06-22 23:45:05 +07:00
Ujjwal Jain
449bd69802 fix(logging): safely render database URIs in startup warnings (#38229) 2026-06-22 09:05:16 -07:00
Evan Rusackas
b8aeecfc44 fix(export): dashboard export must not leak env-local chartIds (#32972) (#40588)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-22 03:50:29 -07:00
Jean Dupuis
b2e5f80db2 fix(sql): preserve multi-arg DISTINCT in sanitize_clause and format (#39340) 2026-06-19 13:02:50 -07:00
Vitor Avila
334b13c3d9 fix(chart API): apply dashboard filters by live scope, not stale chartsInScope (#41214) 2026-06-19 15:22:54 -03:00
Vitor Avila
9e130e5927 fix(chart): preserve SQL_QUERY_MUTATOR line comments structure (#41215) 2026-06-19 15:07:24 -03:00
André Meyer
141f045104 test: add unit tests for get_current_user (superset/tasks/utils.py) (#40878)
Co-authored-by: Evan Rusackas <evan@preset.io>
2026-06-19 10:09:53 -07:00
dependabot[bot]
919bd35028 chore(deps): bump marshmallow from 3.26.2 to 4.3.0 (#39751)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
2026-06-19 10:02:35 -07:00
Amin Ghadersohi
1467006427 fix(mcp): generate durable explore permalink URL instead of ephemeral form_data_key (#40773) 2026-06-19 08:50:11 -07:00
Furkan Emre Güngör
9d3efb0aab fix(csv): apply CSV_EXPORT encoding explicitly, Werkzeug 3 removed Response.charset (#40801) 2026-06-19 08:49:27 -07:00
Elizabeth Thompson
0c9ece65bb fix(reports): require user in get_screenshot, simplify Selenium lifecycle, and fail on tiled screenshot error (#41080)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-18 15:46:17 -07:00
Elizabeth Thompson
7040388ad1 fix(query_object_factory): normalize deprecated query fields before constructing QueryObject (#41204) 2026-06-18 15:02:07 -07:00
Abdul Rehman
76e2418f1e fix(mcp): add safeguards to ensure all MCP tools are wrapped with mcp_auth_hook (#40412)
Co-authored-by: Evan Rusackas <evan@preset.io>
2026-06-18 10:27:53 -07:00
Vitor Avila
b4e3452bfd fix(chart API): Do not duplicate Jinja-applied filters with filters_dashboard_id (#41131) 2026-06-18 14:25:54 -03:00
Durgaprasad M L
7e98410743 fix(theme): embedded method overrides dashboard level config (#40777)
Co-authored-by: Mehmet Salih Yavuz <salih.yavuz@proton.me>
2026-06-17 18:33:04 -07:00
Hans Yu
883b7a286d refactor: update SQLAlchemy select() syntax to 2.0 (#40276) 2026-06-17 17:50:32 -07:00
jesperct
ef82da8458 fix(charts): apply datetime format to unaggregated temporal columns (#41060) 2026-06-17 14:56:09 -07:00
Shaitan
6a1091d576 fix(sql): broaden mutating-statement detection in SQL Lab parser (#40421)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: sha174n <pedro.sousa@preset.io>
2026-06-16 15:07:34 -07:00
Elizabeth Thompson
f1ae683923 fix(deps): replace deprecated np.NaN with np.nan (#41118)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-16 14:19:08 -07:00
Bob Jo
257dafeec5 fix(query): don't mutate ad-hoc ORDER BY expressions when building queries (#40993)
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-06-16 13:03:39 -04:00
Alexandru Soare
6d08e79259 feat(security): Add extension hooks for custom access control, ownership, and asset lifecycle (#40707) 2026-06-16 15:25:03 +03:00
Amin Ghadersohi
7cb4990403 feat(mcp): add create_dataset tool to register physical tables as datasets (#40340)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-15 23:25:29 -04:00
Amin Ghadersohi
c1b5d05f83 fix(bigquery): set default dataset from schema in adjust_engine_params (#40776) 2026-06-15 18:37:06 -04:00
Evan Rusackas
e16bb29faf fix(embedded): allow guests to apply a Time Grain native filter (#32768) (#41017)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-06-15 15:22:21 -07:00
Elizabeth Thompson
09b4bc51a3 fix(charts): rename deprecated query object fields in schema before QueryObject construction (#41056) 2026-06-15 14:45:41 -07:00
Evan Rusackas
379435b7eb feat(ssh_tunnel): add opt-in server host key verification (#40673)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-15 12:17:14 -07:00
Amin Ghadersohi
4b96b91b53 feat(mcp): add aggregation field to BigNumberChartConfig for Big Number with Trendline (#40775)
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-15 14:40:37 -04:00
Minh Vu
bf5daf0a1e fix(mcp): redirect stdio click echo without recursion (#40814) 2026-06-15 10:10:40 -07:00
Joe Li
b656b1d477 fix(reports): escape LIKE wildcards in text filter and preserve typed screenshot width (#40980)
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 09:59:40 -07:00
Amin Ghadersohi
820e3d18d3 fix(mcp): make search_tools query optional to fix null content on tool discovery (#40906) 2026-06-15 11:32:40 -04:00
Evan Rusackas
9d2f625e55 feat(encrypt): selectable encryption engine + AES-GCM re-encryption migrator (#40654)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-15 08:10:08 -07:00
Kim Jeong Ju
9ec9c8658b fix(query_context_processor): apply CSV encoding to follow the encoding settings of 'CSV_EXPORT' (#34806)
Co-authored-by: Jeong Ju, Kim <haje01@webzen.com>
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-14 08:55:25 -07:00
Evan Rusackas
9f81565625 feat(uploads): add optional max file size for data uploads (#40860) 2026-06-14 19:46:48 +07:00
Nitish Agarwal
c934498696 fix(dashboard): do not add importer as owner when overwriting existing dashboard (#38615)
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-14 05:10:03 -07:00
Evan Rusackas
d120b1c250 feat(security): enforce password complexity policy (min length + common-password blocklist) (#40670)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-13 16:31:23 -07:00
Yuvraj Singh Chauhan
3c6239363b fix(db): preserve percent encoding in database passwords (#36783)
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 13:52:00 -07:00
Shaitan
5fb13f102a fix(network): validate target hostname in outbound requests (#39301)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Evan Rusackas <evan@preset.io>
Co-authored-by: Arpit Jain <3242828+arpitjain099@users.noreply.github.com>
Co-authored-by: Mafi <matt.fitzgerald@gmail.com>
Co-authored-by: Matt Fitzgerald <matt.fitzgerald@preset.io>
Co-authored-by: Richard Fogaca Nienkotter <63572350+richardfogaca@users.noreply.github.com>
Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sadpandajoe <jcli38@gmail.com>
Co-authored-by: JUST.in DO IT <justin.park@airbnb.com>
Co-authored-by: Michael S. Molina <70410625+michael-s-molina@users.noreply.github.com>
Co-authored-by: sha174n <pedro.sousa@preset.io>
2026-06-13 20:26:58 +01:00
Shaitan
aa3d2b9e81 fix(dashboard): validate native-filter data requests against filter targets (#40979)
Co-authored-by: sha174n <pedro.sousa@preset.io>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 19:02:28 +01:00
Shaitan
e5986b32ff fix(charts): evaluate access before rendering query filters; isolate macro env (#40982)
Co-authored-by: sha174n <pedro.sousa@preset.io>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 19:01:54 +01:00
Shaitan
a41869ec7d fix(dashboard): build example-export sample data through the dataset query path (#40976)
Co-authored-by: sha174n <pedro.sousa@preset.io>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 19:01:35 +01:00
Cole Murray
6487cf03c5 fix(security): Add input validation to cancel_query_id to prevent injection (#36722)
Signed-off-by: ColeMurray <cole@waclaude.com>
Co-authored-by: Evan Rusackas <evan@preset.io>
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-13 10:56:14 -07:00
Evan Rusackas
b05fe4857e fix(chart): require chart access for query_context-only updates (#40648)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-13 04:16:29 -07:00
Amin Ghadersohi
2f008afca9 fix(mcp): add dataset_id to update_chart to support rebinding chart datasource (#40853)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-12 10:42:53 -04:00
Evan Rusackas
814b72c6f9 feat(security): force password change on first use (opt-in) (#40669)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-11 22:23:10 -07:00