Product Research Enterprise Plans Docs

PyPi: Apache-Superset

CVE-2017-18869

Transitive

Safety vulnerability ID: 42732

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 15, 2020 Updated at Dec 05, 2024

Scan your Python projects for vulnerabilities →

Advisory

Apache-superset 0.36.0 updates its NPM dependency 'chownr' to v1.1.1 to include a security fix.
https://github.com/apache/superset/pull/9106/commits/788faad7f33e1b69afcee0f01c9fc7cdccb7f81f

Affected package

apache-superset

Latest version: 4.1.1

A modern, enterprise-ready business intelligence web application

Affected versions

Fixed versions

Vulnerability changelog

- [9436](https://github.com/apache/superset/pull/9436) Add check for SSL certificate and add form validators (#9436) (villebro)
- [9428](https://github.com/apache/superset/pull/9428) [fix]some translation not work better (#9428) (venter-zhu)
- [9425](https://github.com/apache/superset/pull/9425) fix pagination for list views (#9425) (nytai)
- [9401](https://github.com/apache/superset/pull/9401) [fix] dashboard filter indicator no showing single number value (#9401) (graceguo-supercat)
- [9408](https://github.com/apache/superset/pull/9408) [fix] allow force refresh for No Results chart (#9408) (graceguo-supercat)
- [9400](https://github.com/apache/superset/pull/9400) Build: fix hot reload for charts (#9400) (ktmud)
- [9417](https://github.com/apache/superset/pull/9417) [dashboards] Fix, API update slug uniqueness refusing empty string (#9417) (dpgaspar)
- [9411](https://github.com/apache/superset/pull/9411) [mypy] Enforcing typing for charts (#9411) (john-bodley)
- [9413](https://github.com/apache/superset/pull/9413) [dependency] Fix, Bump FAB to 2.3.1 (#9413) (dpgaspar)
- [9382](https://github.com/apache/superset/pull/9382) [fix] Fixing cache key inconsistencies (#9382) (john-bodley)
- [9396](https://github.com/apache/superset/pull/9396) feat: add SSL certificate validation for Druid (#9396) (villebro)
- [9385](https://github.com/apache/superset/pull/9385) Mirgrating unique Partition chart controls (#9385) (rusackas)
- [9397](https://github.com/apache/superset/pull/9397) [sip-15] fix messaging (#9397) (john-bodley)
- [9387](https://github.com/apache/superset/pull/9387) [charts] New, bulk delete API endpoint (#9387) (dpgaspar)
- [9367](https://github.com/apache/superset/pull/9367) [dataset] New, export API endpoint (#9367) (dpgaspar)
- [9373](https://github.com/apache/superset/pull/9373) migrating controls (#9373) (rusackas)
- [9333](https://github.com/apache/superset/pull/9333) build: use manifest hooks for dev server proxy and fix hot reload for charts (#9333) (ktmud)
- [9368](https://github.com/apache/superset/pull/9368) Migrating horizon controls (#9368) (rusackas)
- [9374](https://github.com/apache/superset/pull/9374) migrating unique controls (#9374) (rusackas)
- [9372](https://github.com/apache/superset/pull/9372) upgrade to react-bootstrap v0.33.1 (#9372) (suddjian)
- [9392](https://github.com/apache/superset/pull/9392) Migrating unique BoxPlot controls (#9392) (rusackas)
- [9388](https://github.com/apache/superset/pull/9388) Migrating unique Table controls (#9388) (rusackas)
- [9386](https://github.com/apache/superset/pull/9386) migrating controls 🎛 (#9386) (rusackas)
- [9375](https://github.com/apache/superset/pull/9375) [cache] Cleaning up viz/cache logic (#9375) (john-bodley)
- [9350](https://github.com/apache/superset/pull/9350) [dashboard] handle markdown error (#9350) (graceguo-supercat)
- [9391](https://github.com/apache/superset/pull/9391) Removing WordCloud controls from CONTRIBUTING.md (#9391) (rusackas)
- [9381](https://github.com/apache/superset/pull/9381) fix: [dashboard] add row padding (#9381) (nytai)
- [9261](https://github.com/apache/superset/pull/9261) Update MANIFEST.in (#9261) (amancevice)
- [9359](https://github.com/apache/superset/pull/9359) Migrating unique DirectedForce controls (#9359) (rusackas)
- [9383](https://github.com/apache/superset/pull/9383) fix a typo in set prop value (#9383) (graceguo-supercat)
- [9345](https://github.com/apache/superset/pull/9345) [explore view] fix long query issue from Run in SQL LAB Button (#9345) (graceguo-supercat)
- [9377](https://github.com/apache/superset/pull/9377) [sip-15] Fixing typo in docstring (#9377) (john-bodley)
- [9351](https://github.com/apache/superset/pull/9351) fix: don't parseFloat when the *already numeric* value ends in a decimal point (#9351) (rusackas)
- [9360](https://github.com/apache/superset/pull/9360) Migrate unique Heatmap controls (#9360) (villebro)
- [9357](https://github.com/apache/superset/pull/9357) Adding requirements-local.txt support (#9357) (craig-rueda)
- [9268](https://github.com/apache/superset/pull/9268) [dataset] columns and metrics API (nested) (#9268) (dpgaspar)
- [9310](https://github.com/apache/superset/pull/9310) Add global install of webpack and webpack-cli to docker-compose (#9310) (willbarrett)
- [9329](https://github.com/apache/superset/pull/9329) [charts] Refactor API using SIP-35 (#9329) (dpgaspar)
- [9340](https://github.com/apache/superset/pull/9340) feat: [explore] don't save filters inherited from a dashboard (#9340) (mistercrunch)
- [9352](https://github.com/apache/superset/pull/9352) Treemap controls migration (#9352) (rusackas)
- [9358](https://github.com/apache/superset/pull/9358) migrating unique EventFlow controls (#9358) (rusackas)
- [9355](https://github.com/apache/superset/pull/9355) Cal heatmap controls migration (#9355) (rusackas)
- [9338](https://github.com/apache/superset/pull/9338) feat: [SQLLAB] add checkbox to control autocomplete (#9338) (nytai)
- [9339](https://github.com/apache/superset/pull/9339) [config] Fixing GET_FEATURE_FLAGS_FUNC example (#9339) (john-bodley)
- [9332](https://github.com/apache/superset/pull/9332) refactor: remove settooltip (#9332) (kristw)
- [9343](https://github.com/apache/superset/pull/9343) fix: suburst chart when secondary metric is defined (#9343) (villebro)
- [9331](https://github.com/apache/superset/pull/9331) [requirements] Telling Celery 4.4.1 it is not welcome here (#9331) (john-bodley)
- [9315](https://github.com/apache/superset/pull/9315) [dashboard] Refactor API using SIP-35 (#9315) (dpgaspar)
- [9325](https://github.com/apache/superset/pull/9325) feat: bump deckgl plugin version (#9325) (kristw)
- [9326](https://github.com/apache/superset/pull/9326) Build: optimize frontend build configs to improve superset-ui-plugin dev experience (#9326) (ktmud)
- [9330](https://github.com/apache/superset/pull/9330) [chart] fix, bulk delete endpoint and error message (#9330) (nytai)
- [9211](https://github.com/apache/superset/pull/9211) show edit modal on dashboards list view (#9211) (suddjian)
- [9277](https://github.com/apache/superset/pull/9277) Revert "[requirements] Bumpy Celery (#9277)" (9323) (etr2460)
- [9322](https://github.com/apache/superset/pull/9322) fix: handle list of lists from fetch_data (#9322) (villebro)
- [9319](https://github.com/apache/superset/pull/9319) fix: cannot assign to read only property exports of object (#9319) (kristw)
- [9311](https://github.com/apache/superset/pull/9311) [cache warm_up] warm_up slice with dashboard default_filters (#9311) (graceguo-supercat)
- [8940](https://github.com/apache/superset/pull/8940) Add Iran to Country Visualization (#8940) (ali-bahjati)
- [9296](https://github.com/apache/superset/pull/9296) chore: allow webpack-dev-server proxy to any destination (#9296) (ktmud)
- [9318](https://github.com/apache/superset/pull/9318) bump FAB to 2.3.0 (#9318) (nytai)
- [9316](https://github.com/apache/superset/pull/9316) fix: remove character set and collate column info by default (#9316) (villebro)
- [9314](https://github.com/apache/superset/pull/9314) fix: big number to handle NULL as it did in the past (#9314) (mistercrunch)
- [9312](https://github.com/apache/superset/pull/9312) [datasets] fix typo (#9312) (nytai)
- [9309](https://github.com/apache/superset/pull/9309) fix: add saved metrics to point size metric dropdown in deckgl scatterplot (#9309) (villebro)
- [9287](https://github.com/apache/superset/pull/9287) [sqllab] fix exception caused by casting string to int with psycopg2 (#9287) (nytai)
- [9305](https://github.com/apache/superset/pull/9305) Fixed two typos in the README (#9305) (mfharding)
- [9267](https://github.com/apache/superset/pull/9267) [Charts] Use the Edit Properties modal throughout React views (#9267) (suddjian)
- [9299](https://github.com/apache/superset/pull/9299) fix: bump click in setup.py and requirements.txt (#9299) (villebro)
- [9197](https://github.com/apache/superset/pull/9197) [datasets] new, listview (react) (#9197) (nytai)
- [9284](https://github.com/apache/superset/pull/9284) Reduce dashboard bootstrap payload (#9284) (etr2460)
- [9285](https://github.com/apache/superset/pull/9285) Docker-Compose Memory Issue Fix? (#9285) (craig-rueda)
- [9290](https://github.com/apache/superset/pull/9290) [SIP-36] Migrate RunQueryActionButton.jsx to RunQueryActionButton.tsx (#9290) (9291) (asif-ir)
- [9283](https://github.com/apache/superset/pull/9283) [api] Fix, related fields need to be explicitly defined (#9283) (dpgaspar)
- [9279](https://github.com/apache/superset/pull/9279) [dashboard][api] Fix, PUT publish/draft to not clean slug and owners (#9279) (dpgaspar)
- [9286](https://github.com/apache/superset/pull/9286) fix: bump legacy-table-chart to 0.11.20 (#9286) (ktmud)
- [9277](https://github.com/apache/superset/pull/9277) [requirements] Bumpy Celery (#9277) (john-bodley)
- [9275](https://github.com/apache/superset/pull/9275) fix(table-chart): bump legacy-table-chart to 0.11.18 (#9275) (ktmud)
- [9274](https://github.com/apache/superset/pull/9274) fix: remove duplicate metric from bullet chart (#9274) (villebro)
- [9272](https://github.com/apache/superset/pull/9272) fix: add connection testing params for snowflake (#9272) (villebro)
- [9271](https://github.com/apache/superset/pull/9271) [fix] copy filter_scopes with duplicate charts (#9271) (graceguo-supercat)
- [9107](https://github.com/apache/superset/pull/9107) feat: add rolling window support to 'Big Number with Trendline' viz (#9107) (mistercrunch)
- [9269](https://github.com/apache/superset/pull/9269) fix: upgrade legacy table chart to 0.11.17 (#9269) (ktmud)
- [9255](https://github.com/apache/superset/pull/9255) fix: change database save in DatasourceEditor (#9255) (mistercrunch)
- [9263](https://github.com/apache/superset/pull/9263) Adds default username and password created at installation to documentation (#9263) (willbarrett)
- [9264](https://github.com/apache/superset/pull/9264) removing safari "fix" for ACE editor font width jank. (#9264) (rusackas)
- [9259](https://github.com/apache/superset/pull/9259) New entry into superset user (#9259) (Better-Boy)
- [9243](https://github.com/apache/superset/pull/9243) [log] Add dashboard_id param to explore_json request (#9243) (graceguo-supercat)
- [9119](https://github.com/apache/superset/pull/9119) Update PyArrow to 0.16.0 (#9119) (robdiciuccio)
- [9250](https://github.com/apache/superset/pull/9250) [webpack] fix copying images when running dev server (#9250) (nytai)
- [9129](https://github.com/apache/superset/pull/9129) [datasets] new, API using command pattern (#9129) (dpgaspar)
- [9247](https://github.com/apache/superset/pull/9247) [chart] fix, datasource link in listview (#9247) (nytai)
- [9254](https://github.com/apache/superset/pull/9254) fix: update release testing FLASK_APP param (#9254) (villebro)
- [9252](https://github.com/apache/superset/pull/9252) Add PubNub to list of organizations that use Superset (#9252) (jzucker2)
- [9235](https://github.com/apache/superset/pull/9235) [fix] use filter_scopes in dashboard warmup strategy (#9235) (graceguo-supercat)
- [9248](https://github.com/apache/superset/pull/9248) Bump node from v10 to v12 in release Dockerfiles (#9248) (kristw)
- [9241](https://github.com/apache/superset/pull/9241) [build] Bump superset-ui packages and update build (#9241) (etr2460)
- [9246](https://github.com/apache/superset/pull/9246) [UPDATING] Adding notes regarding #8867 (9246) (villebro)
- [9238](https://github.com/apache/superset/pull/9238) Add option to specify type specific date truncation functions (#9238) (villebro)
- [9207](https://github.com/apache/superset/pull/9207) Introducing Inter UI & Fira typefaces (#9207) (etr2460)
- [9215](https://github.com/apache/superset/pull/9215) fix: choose language link for local dev (#9215) (etr2460)
- [9240](https://github.com/apache/superset/pull/9240) fix: Oracle fetch_query and datetime conversion (#9240) (villebro)
- [9161](https://github.com/apache/superset/pull/9161) fix: share column type matching between model and result set (#9161) (villebro)
- [9232](https://github.com/apache/superset/pull/9232) [security] Fix, let admin's be able to reset user passwords on AUTH_DB (#9232) (dpgaspar)
- [8867](https://github.com/apache/superset/pull/8867) Make schema name for the CTA queries and limit configurable (#8867) (bkyryliuk)
- [9205](https://github.com/apache/superset/pull/9205) [api] enable CSRF by default (#9205) (dpgaspar)
- [9220](https://github.com/apache/superset/pull/9220) [SQL Lab] Implement refetch results button properly (#9220) (etr2460)
- [9218](https://github.com/apache/superset/pull/9218) Prevent database connections to sqlite (#9218) (suddjian)
- [9224](https://github.com/apache/superset/pull/9224) refactor copy filter_scopes and add tests (#9224) (graceguo-supercat)
- [9219](https://github.com/apache/superset/pull/9219) [fix] Adding SIP-15 support for the query context (#9219) (john-bodley)
- [9212](https://github.com/apache/superset/pull/9212) [dashboard, chart] fix ordering and filtering in listviews (#9212) (nytai)
- [9213](https://github.com/apache/superset/pull/9213) [fix] remove chart id from filter_scopes metadata if chart is not in dash anymore (#9213) (graceguo-supercat)
- [9196](https://github.com/apache/superset/pull/9196) [Bug Fix] Returning timeseries_limit_metric in table viz get_data (#9196) (michellethomas)
- [9203](https://github.com/apache/superset/pull/9203) [annotation] upgrade chart plugin version (#9203) (graceguo-supercat)
- [9202](https://github.com/apache/superset/pull/9202) [dashboard perf logging] add dashboard url anchor component id (#9202) (graceguo-supercat)
- [9106](https://github.com/apache/superset/pull/9106) chore: run 'npm audit fix' to fix 2 vulnerabilities (#9106) (mistercrunch)
- [9063](https://github.com/apache/superset/pull/9063) Removing (unused?) Victory theme file (#9063) (rusackas)
- [9189](https://github.com/apache/superset/pull/9189) Upgrade typescript to 3.8.2 (#9189) (ktmud)
- [9133](https://github.com/apache/superset/pull/9133) [config] Disable FAB's permission and view menus views (#9133) (dpgaspar)
- [9185](https://github.com/apache/superset/pull/9185) docs: update CONTRIBUTING with TypeScript details from [SIP-36] (#9185) (etr2460)
- [9180](https://github.com/apache/superset/pull/9180) [SIP-36] Migrate setupApp.js to setupApp.ts (#9180) (etr2460)
- [9188](https://github.com/apache/superset/pull/9188) [dashboard] fix filter_scopes when copy dashboard with duplicate_slices (#9188) (graceguo-supercat)
- [9165](https://github.com/apache/superset/pull/9165) Bump FAB to 2.2.4 (#9165) (dpgaspar)
- [9086](https://github.com/apache/superset/pull/9086) adds FAB style filter types (#9086) (nytai)
- [9183](https://github.com/apache/superset/pull/9183) forcing fixed width fonts on ace editor (fixes #9095) (9183) (rusackas)
- [9167](https://github.com/apache/superset/pull/9167) [log] Set detailed query info to log debug level (#9167) (dpgaspar)
- [9178](https://github.com/apache/superset/pull/9178) [core] Fix, sanitize errors returned from testconn (#9178) (dpgaspar)
- [9184](https://github.com/apache/superset/pull/9184) docs: remove focus on Druid in README.md (#9184) (mistercrunch)
- [9191](https://github.com/apache/superset/pull/9191) Make JSX Menu links open in new tab (#9191) (etr2460)
- [8699](https://github.com/apache/superset/pull/8699) [SIP-29] Add support for row-level security (#8699) (altef)
- [9181](https://github.com/apache/superset/pull/9181) Infer SQL_LAB QuerySource from referrer (#9181) (etr2460)
- [9173](https://github.com/apache/superset/pull/9173) [fix] SQL query source (#9173) (john-bodley)
- [9172](https://github.com/apache/superset/pull/9172) deprecate tslint and configure eslint for typescript (#9172) (nytai)
- [9144](https://github.com/apache/superset/pull/9144) [database] Fix, tables API endpoint (#9144) (dpgaspar)
- [9146](https://github.com/apache/superset/pull/9146) [dashboard] clean up usage for old filter immune metadata (#9146) (graceguo-supercat)
- [9120](https://github.com/apache/superset/pull/9120) Add feature flags to control query sharing, KV exposure (#9120) (willbarrett)
- [9145](https://github.com/apache/superset/pull/9145) [dashboard] use filter_scopes metadata when import old dashboard (#9145) (graceguo-supercat)
- [9162](https://github.com/apache/superset/pull/9162) [SIP-36] Migrate Link.jsx to Link.tsx (#9162) (etr2460)
- [9163](https://github.com/apache/superset/pull/9163) filter out markdown containing XSS (#9163) (nytai)
- [9138](https://github.com/apache/superset/pull/9138) [mypy] Enforcing typing for db_engine_specs (#9138) (john-bodley)
- [8925](https://github.com/apache/superset/pull/8925) Add release refinements from 0.35.2 release (#8925) (villebro)
- [9142](https://github.com/apache/superset/pull/9142) Support human readable datetime type for PinotDB (#9142) (fx19880617)
- [9139](https://github.com/apache/superset/pull/9139) Catch TypeError on PyArrow array instantiation (#9139) (robdiciuccio)
- [9122](https://github.com/apache/superset/pull/9122) [fix] Fix table viz column order (#9122) (john-bodley)
- [9150](https://github.com/apache/superset/pull/9150) [mypy] Disallowing implicit optional (#9150) (john-bodley)
- [9149](https://github.com/apache/superset/pull/9149) fix adhoc metric bug in chord diagram (#9149) (villebro)
- [9102](https://github.com/apache/superset/pull/9102) [sqllab] fix: return pandas records in execute_sql_statements (#9102) (nytai)
- [8658](https://github.com/apache/superset/pull/8658) fix: handle duplicate groupby keys (#8658) (mistercrunch)
- [9109](https://github.com/apache/superset/pull/9109) [migration] metadata for dashboard filters (#9109) (graceguo-supercat)
- [9140](https://github.com/apache/superset/pull/9140) [dashboard] remove loading spinner in missing chart holder (#9140) (graceguo-supercat)
- [9054](https://github.com/apache/superset/pull/9054) [database] new, select star API migration (#9054) (dpgaspar)
- [9134](https://github.com/apache/superset/pull/9134) [charts] Fix, double registration of charts API (#9134) (dpgaspar)
- [9114](https://github.com/apache/superset/pull/9114) [docker] fix, Dockerfile for frontend builds (#9114) (suddjian)
- [9117](https://github.com/apache/superset/pull/9117) Bump FAB to 2.2.3 (#9117) (dpgaspar)
- [9121](https://github.com/apache/superset/pull/9121) [logging] Add data_age for cached chart (#9121) (graceguo-supercat)
- [9098](https://github.com/apache/superset/pull/9098) SIP-32: Moving frontend code to the base of the repo (#9098) (suddjian)
- [9043](https://github.com/apache/superset/pull/9043) Add support for Cockroach DB (#9043) (derari)
- [9099](https://github.com/apache/superset/pull/9099) Moving away from using the root logger everywhere (#9099) (craig-rueda)
- [9081](https://github.com/apache/superset/pull/9081) [dashboard] Fix for dashboard edit modal, loading user list (#9081) (suddjian)
- [9091](https://github.com/apache/superset/pull/9091) [datasources] Fix, Prevent gamma user's from accessing save datasources (#9091) (dpgaspar)
- [9096](https://github.com/apache/superset/pull/9096) SQL Lab: Use numpy structured arrays, fallback to JSON serialization (#9096) (robdiciuccio)
- [9097](https://github.com/apache/superset/pull/9097) [tox] Allowing running of specific tests (#9097) (john-bodley)
- [9044](https://github.com/apache/superset/pull/9044) [table] [columns] remove generic checkbox API (#9044) (dpgaspar)
- [9088](https://github.com/apache/superset/pull/9088) [dashboard] Fix metadata state (#9088) (suddjian)
- [9093](https://github.com/apache/superset/pull/9093) [fix] Temporary filename for CSV upload to Hive (#9093) (john-bodley)
- [8999](https://github.com/apache/superset/pull/8999) [chart] new, list view (react) (#8999) (nytai)
- [9087](https://github.com/apache/superset/pull/9087) [fix] Add Auto Refresh Dashboard user event into dashboard logging (#9087) (graceguo-supercat)
- [9078](https://github.com/apache/superset/pull/9078) Wrap tagging endpoints in a feature flag (disabled by default) (#9078) (willbarrett)
- [9046](https://github.com/apache/superset/pull/9046) [query] deprecate can_only_access_owned_queries (#9046) (dpgaspar)
- [9056](https://github.com/apache/superset/pull/9056) Do not show stacktraces on some intentionally-thrown errors (#9056) (willbarrett)
- [9082](https://github.com/apache/superset/pull/9082) [fix] Issue with previously defined SQL configuration (#9082) (john-bodley)
- [9047](https://github.com/apache/superset/pull/9047) [csv upload] Use python's named temp file (#9047) (dpgaspar)
- [9051](https://github.com/apache/superset/pull/9051) [explore] Modal to edit chart properties (#9051) (suddjian)
- [9069](https://github.com/apache/superset/pull/9069) [docs] add a link to versioned docs in the docs (#9069) (mistercrunch)
- [9076](https://github.com/apache/superset/pull/9076) Add Preset, Inc. to companies using Superset (#9076) (willbarrett)
- [9070](https://github.com/apache/superset/pull/9070) [logging] Add flag for document visibility (#9070) (graceguo-supercat)
- [9060](https://github.com/apache/superset/pull/9060) [domain sharding] Freeup main domain when domain sharding is enabled (#9060) (graceguo-supercat)
- [9017](https://github.com/apache/superset/pull/9017) [sip-15] Enabling SIP-15 by default (#9017) (john-bodley)
- [9075](https://github.com/apache/superset/pull/9075) add Dragonpass Com. Ltd. (#9075) (zhxjdwh)
- [9065](https://github.com/apache/superset/pull/9065) [sqla] Fixing ORDER BY logic (#9065) (john-bodley)
- [9068](https://github.com/apache/superset/pull/9068) update organisation name from WPSemantix to timbr.ai (#9068) (semantiDan)
- [9064](https://github.com/apache/superset/pull/9064) [SQL Lab] Improve autocomplete performance (#9064) (etr2460)
- [9062](https://github.com/apache/superset/pull/9062) [fix] Ensure that is_adhoc_metric returns a boolean (#9062) (john-bodley)
- [9023](https://github.com/apache/superset/pull/9023) LESS is more (#9023) (rusackas)
- [9058](https://github.com/apache/superset/pull/9058) [Viz/Query] Improve logging around cache hits (#9058) (etr2460)
- [9059](https://github.com/apache/superset/pull/9059) [SQL Lab] Remove space after schema autocomplete (#9059) (etr2460)
- [9052](https://github.com/apache/superset/pull/9052) [docs] update README.md Peak AI (#9052) (azhar22k)
- [9050](https://github.com/apache/superset/pull/9050) [UPDATING] Add metadata cache changes to 0.29.0 (#9050) (john-bodley)
- [9018](https://github.com/apache/superset/pull/9018) Add revert guidelines to CONTRIBUTING.md (#9018) (willbarrett)
- [9041](https://github.com/apache/superset/pull/9041) [sqllab] Showing schema length only when schema selected (#9041) (john-bodley)
- [9031](https://github.com/apache/superset/pull/9031) [fix] Pivot table metric ordering (#9031) (john-bodley)
- [8527](https://github.com/apache/superset/pull/8527) Avoid fetch fav dashboard stat not logged in (#8527) (aspedrosa)
- [9049](https://github.com/apache/superset/pull/9049) Remove endpoints allowing arbitrary cache access (#9049) (willbarrett)
- [9002](https://github.com/apache/superset/pull/9002) [database] new, API table metadata (#9002) (dpgaspar)
- [8982](https://github.com/apache/superset/pull/8982) [api] fix, set default columns to just id when not defined (#8982) (dpgaspar)
- [9038](https://github.com/apache/superset/pull/9038) Remove redirect endpoint /superset/explorev2 (#9038) (willbarrett)
- [9040](https://github.com/apache/superset/pull/9040) [fix] Adding show to FAB CRUD set (#9040) (john-bodley)
- [9007](https://github.com/apache/superset/pull/9007) Serialize nested columns as JSON strings (#9007) (robdiciuccio)
- [9036](https://github.com/apache/superset/pull/9036) [routes] Re-adding FAB API routes for TableColumnInlineView (#9036) (john-bodley)
- [9035](https://github.com/apache/superset/pull/9035) [routes] Re-adding FAB API routes for SqlMetricInlineView and TableModelView (#9035) (john-bodley)
- [9030](https://github.com/apache/superset/pull/9030) [fix] Reverting metic logic from #8901 (9030) (john-bodley)
- [9025](https://github.com/apache/superset/pull/9025) [dashboard] fix, add config to optionally enable react replacement fo… (#9025) (nytai)
- [8979](https://github.com/apache/superset/pull/8979) [dashboard] new, bulk actions for delete & export (#8979) (nytai)
- [9026](https://github.com/apache/superset/pull/9026) [refactor] Centralizing custom Python types (#9026) (john-bodley)
- [8993](https://github.com/apache/superset/pull/8993) [log] fix, log model view permissions (#8993) (dpgaspar)
- [9020](https://github.com/apache/superset/pull/9020) [Caching] Ensure cache is always created (#9020) (etr2460)
- [9015](https://github.com/apache/superset/pull/9015) [dashboard] fix, enable info endpoint (#9015) (nytai)
- [9019](https://github.com/apache/superset/pull/9019) [SQL Lab] Cache function names query (#9019) (etr2460)
- [9010](https://github.com/apache/superset/pull/9010) [i18n] enable spanish (#9010) (serenajiang)
- [9011](https://github.com/apache/superset/pull/9011) [fix] Ensure sunburst column ordering adheres to hierarchy (#9011) (john-bodley)
- [9012](https://github.com/apache/superset/pull/9012) [SQL Lab] Add function names to autocomplete (#9012) (etr2460)
- [8984](https://github.com/apache/superset/pull/8984) Z index registry / clean-up (#8984) (rusackas)
- [9009](https://github.com/apache/superset/pull/9009) [perf_logging] Add is_cached status when chart has error (#9009) (graceguo-supercat)
- [9008](https://github.com/apache/superset/pull/9008) [SQL Lab] Disable autocomplete when typing numbers (#9008) (etr2460)
- [9006](https://github.com/apache/superset/pull/9006) [fix] pydruid export_pandas (#9006) (john-bodley)
- [8998](https://github.com/apache/superset/pull/8998) docs: remove reference to Panoramix and Caravel (#8998) (mistercrunch)
- [9004](https://github.com/apache/superset/pull/9004) Bump FAB to 2.2.2 (#9004) (dpgaspar)
- [8960](https://github.com/apache/superset/pull/8960) fix: shut off unneeded endpoints (#8960) (mistercrunch)
- [8988](https://github.com/apache/superset/pull/8988) Timing and radii (#8988) (rusackas)
- [8992](https://github.com/apache/superset/pull/8992) Bump requirements.txt to what setup.py would pull in (#8992) (villebro)
- [8995](https://github.com/apache/superset/pull/8995) [druid] Making scaning/refreshing Druid datasource view items optional (#8995) (john-bodley)
- [8997](https://github.com/apache/superset/pull/8997) [SQL Lab] Open request access link in a new tab (#8997) (etr2460)
- [8996](https://github.com/apache/superset/pull/8996) [druid] make cluster_name editable (#8996) (serenajiang)
- [8985](https://github.com/apache/superset/pull/8985) Bump pandas to 0.25.3 (#8985) (villebro)
- [8972](https://github.com/apache/superset/pull/8972) [dashboards] New, API for Bulk delete (#8972) (dpgaspar)
- [8917](https://github.com/apache/superset/pull/8917) [charts] New, REST API (#8917) (dpgaspar)
- [8817](https://github.com/apache/superset/pull/8817) [sip-15] Displaying endpoints for all start/end time ranges (#8817) (john-bodley)
- [8901](https://github.com/apache/superset/pull/8901) fix: add datasource.changed_on to cache_key (#8901) (villebro)
- [8958](https://github.com/apache/superset/pull/8958) [docs] Fix CORS section in installation (#8958) (graceguo-supercat)
- [8845](https://github.com/apache/superset/pull/8845) [dashboard] New, list view (react) (#8845) (nytai)
- [8974](https://github.com/apache/superset/pull/8974) fix empty slug breaking url (#8974) (suddjian)
- [8967](https://github.com/apache/superset/pull/8967) Refactor sql editor autocomplete (#8967) (etr2460)
- [8941](https://github.com/apache/superset/pull/8941) [dashboards] New, export api (#8941) (dpgaspar)
- [8971](https://github.com/apache/superset/pull/8971) Add changelog for 0.35.2 (#8971) (villebro)
- [8969](https://github.com/apache/superset/pull/8969) docs: fix bad extras_require reference (#8969) (mistercrunch)
- [8964](https://github.com/apache/superset/pull/8964) Fixing RewardGateway URL (https://rewardgateway.com/ gave a cert error) (#8964) (craig-rueda)
- [8966](https://github.com/apache/superset/pull/8966) fix: lighten CSS border for data preview table (#8966) (mistercrunch)
- [8876](https://github.com/apache/superset/pull/8876) [dashboard] Modal for editing dashboard properties & metadata (#8876) (suddjian)
- [8949](https://github.com/apache/superset/pull/8949) [filter_box] Fix ; separated filter_box default values (#8949) (graceguo-supercat)
- [8950](https://github.com/apache/superset/pull/8950) docs: add Reward Gateway to README (#8950) (mistercrunch)
- [8576](https://github.com/apache/superset/pull/8576) [db migration] change datasources-clusters foreign key to cluster_id (#8576) (serenajiang)
- [8781](https://github.com/apache/superset/pull/8781) [css] Bringing Bootswatch in line with external variables, and other CSS tweaks (#8781) (rusackas)
- [8948](https://github.com/apache/superset/pull/8948) [fix] Enforce the QueryResult.df to be a pandas.DataFrame (Phase II) (#8948) (john-bodley)
- [8946](https://github.com/apache/superset/pull/8946) Ensure proper JSON serialization of numpy.ndarray (#8946) (robdiciuccio)
- [8945](https://github.com/apache/superset/pull/8945) [app] Fix, manage menu should be before charts (#8945) (dpgaspar)
- [8939](https://github.com/apache/superset/pull/8939) Add support for Dremio as a new source (#8939) (narendrans)
- [8914](https://github.com/apache/superset/pull/8914) [dashboard] Deprecate superset published API (#8914) (dpgaspar)
- [8942](https://github.com/apache/superset/pull/8942) [dashboards] Fix, missing mulexport permission (#8942) (dpgaspar)
- [8935](https://github.com/apache/superset/pull/8935) [fix] Enforce the query result to contain a data-frame (#8935) (john-bodley)
- [8912](https://github.com/apache/superset/pull/8912) Moving appbuilder.xxx out of view files and into app.py (#8912) (craig-rueda)
- [8931](https://github.com/apache/superset/pull/8931) Fix docstrings in superset/config.py (#8931) (moshthepitt)
- [8598](https://github.com/apache/superset/pull/8598) Revert "Make select_star work with SQL Lab views (#8598)" (8930) (graceguo-supercat)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

LOW 2.5

CVSS v3 Details

LOW 2.5

Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): LOW
Availability Availability (A): NONE

CVSS v2 Details

LOW 1.9

Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE