diff --git a/CHANGELOG.md b/CHANGELOG.md index f5b8a48191f4f..32db24bbb294a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,32 @@ under the License. ## Change Log +### 1.5.3 (Thu Jan 5 15:05:44 2023 -0500) + +**Database Migrations** + +**Features** + +**Fixes** + +- [#21895](https://github.com/apache/superset/pull/21895) fix: Improves SafeMarkdown HTML sanitization (@michael-s-molina) +- [#21874](https://github.com/apache/superset/pull/21874) fix: Adds a Content Security Policy (CSP) check for production environments (@michael-s-molina) +- [#21853](https://github.com/apache/superset/pull/21853) fix: Disables HTML rendering in Toast by default (@michael-s-molina) +- [#22591](https://github.com/apache/superset/pull/22591) fix: Talisman configuration (@michael-s-molina) +- [#22196](https://github.com/apache/superset/pull/22196) fix(reports): force data generation in csv reports (@mayurnewase) +- [#22038](https://github.com/apache/superset/pull/22038) fix: datasource save, improve data validation (@dpgaspar) +- [#22022](https://github.com/apache/superset/pull/22022) fix: deprecate approve and request_access endpoint (@dpgaspar) +- [#21964](https://github.com/apache/superset/pull/21964) fix: dashboard api cache decorator (@dpgaspar) +- [#21875](https://github.com/apache/superset/pull/21875) fix: check that imports are ZIPs (@betodealmeida) +- [#21761](https://github.com/apache/superset/pull/21761) fix: flash message on database data upload forms (@dpgaspar) +- [#21759](https://github.com/apache/superset/pull/21759) fix: database schema selector on import data (@dpgaspar) +- [#21729](https://github.com/apache/superset/pull/21729) fix: allow adhoc columns in non-aggregate query (@mayurnewase) +- [#21216](https://github.com/apache/superset/pull/21216) fix(database-list): hide upload file button if no permission (@stephenLYZ) + +**Others** + +- [#21811](https://github.com/apache/superset/pull/21811) chore(sqla): refactor query utils (@villebro) + ### 1.5.2 (Wed Sep 14 17:11:51 2022 +0530) **Database Migrations** diff --git a/UPDATING.md b/UPDATING.md index cbba76216bc6d..1814185435791 100644 --- a/UPDATING.md +++ b/UPDATING.md @@ -22,7 +22,9 @@ under the License. This file documents any backwards-incompatible changes in Superset and assists people when migrating to a new version. -## Next +## 1.5.3 + +### Other - [22022](https://github.com/apache/superset/pull/22022): HTTP API endpoints `/superset/approve` and `/superset/request_access` have been deprecated and their HTTP methods were changed from GET to POST - [21895](https://github.com/apache/superset/pull/21895): Markdown components had their security increased by adhering to the same sanitization process enforced by Github. This means that some HTML elements found in markdowns are not allowed anymore due to the security risks they impose. If you're deploying Superset in a trusted environment and wish to use some of the blocked elements, then you can use the HTML_SANITIZATION_SCHEMA_EXTENSIONS configuration to extend the default sanitization schema. There's also the option to disable HTML sanitization using the HTML_SANITIZATION configuration but we do not recommend this approach because of the security risks. Given the provided configurations, we don't view the improved sanitization as a breaking change but as a security patch. diff --git a/superset-frontend/package.json b/superset-frontend/package.json index ae2238fdd4f0f..4c3e8e104d7ff 100644 --- a/superset-frontend/package.json +++ b/superset-frontend/package.json @@ -1,6 +1,6 @@ { "name": "superset", - "version": "1.5.2", + "version": "1.5.3", "description": "Superset is a data exploration platform designed to be visual, intuitive, and interactive.", "keywords": [ "big",