tocdepth: | 1 |
---|
- CKAN 2.11 supports Python 3.9 to 3.12
- This version requires a requirements upgrade on source installations
- This version requires a database upgrade. The minimum version required is PostgreSQL 12.
- This version does not require a Solr schema upgrade if you are already using the 2.10 schema,
but it is recommended to upgrade to the 2.11 Solr schema. Users of the official Docker images can use the
ckan/ckan-solr:2.11-solr9
tag. - Make sure to check the :ref:`migration-notes-2.11`
Added support for Python 3.11 and 3.12 (#8357)
Table Designer is a form-builder for CKAN DataStore tables with enforced data validation. Use the :doc:`maintaining/table-designer` on the resource url/upload control for (#6118):
- automatic creation of DataTable view for new Table Designer resources
- add/delete columns and edit schema via Data Dictionary page
- primary keys and required columns fully supported
- add individual rows with an auto-generated form based on the schema
- data validation enforced by PostgreSQL triggers, rendered as friendly errors in forms
- extended DataTables view with "edit row" and "delete rows" buttons for managing data
- automatic API documentation for create/upsert/delete with examples from real data when available
Increased performance:
:py:class:`~ckanext.datastore.interfaces.IDataDictionaryForm` interface for extending and validating new keys in the
fields
dicts of the DataStore API actions. Unlike theinfo
free-form dict, these new keys are possible to tightly control with a schema. The schema is built by combining schemas from from all plugins implementing this interface so plugins implementing different features may all contribute to the same schema.The underlying storage for data dictionary fields has changed. Use:
ckan datastore upgrade
after upgrading to this release. (#7971)Start using htmx (htmx.org) to modernize the CKAN frontend. For more information check :doc:`theming/htmx`. (#7685)
Enabled saving of activities on private datasets. Added filtering of dataset activities based on user permission labels. (#5772)
Added user, group, and organization view functions and templates to make organization/group membership more public.
Group and Organization lists now show the number of members.
Group and Organization lists on a user's profile and dashboard now display the role for the group.
Refactor: renamed
<group|organization>.members
to<group|organization>.manage_members
.<group|organization>.members
is no longer an admin page.New:
read_groups
andread_organization
view functions and templates for users. Adds group and organization tabs to a user profile to list the groups they belong to.New:
member_dump
view function. Downloads group/organization members into a CSV file with headers [Username,Email,Name,Role] (#7007):py:class:`~ckan.plugins.toolkit.BaseModel` class for declarative SQLAlchemy models added to :py:mod:`ckan.plugins.toolkit`. Models extending
BaseModel
class are attached to the SQLAlchemy's metadata object automatically (#7351):from ckan.plugins import toolkit class ExtModel(toolkit.BaseModel): __tablename__ = "ext_model" id = Column(String(50), primary_key=True) ...
The PyUtilib dependency has been removed. All the primitives for the plugin system are now defined in CKAN. (#7976)
Allow sysadmins to change usernames of other accounts (#4193)
date_str_to_datetime
helper accepts values with timezone information. (#8305)follow_*
andunfollow_*
APIs will no longer return an error if the user is already following or not following the entity. (#7685)JS translations are no longer generated on each server restart. The are built when starting the development server with ckan run or explicitly with ckan translations js (#8219)
Added support for :ref:`ckan.download_proxy` to the resourceproxy plugin (#8354)
The
datastore_rw_resource_url_types
helper can be overridden to define additional resource url_type values that can be modified without force=True (#7617)datastore_create
now allows removing fields when passing a new list offields
anddelete_fields=True
(#7622) (#7919)New
reset_redis
andclean_redis
test fixtures for removing data from Redis. (#7630)ckan generate fake-data
accepts--user
option that is used ascontext["user"]
. Some factories(api-token
for example), have a special meaning for theuser
parameter and do not pass it to context. (#7635)Add tooltips when links are truncated, to show the full text. (#7742)
datastore_create
,datastore_upsert
now include arecords_row
number when an error occurs while inserting, upserting or updating records (#7748)Added processing and pre-processing indicators to Datatables Views. (#7900)
Adds button to delete a Resource's datastore table in ckanext-datapusher (#7902)
datastore_create
: Add adelete_fields
flag that must be set to True to delete any existing fields not passed in the fields listIntroducing a new parameter to the
user_create
actionwith_apitoken
. When set, this parameter triggers the creation of an API token for the user. (#7932)ckan db upgrade
CLI command automatically applies migrations from plugins. Useckan db upgrade --skip-plugins
if this behavior does not fit into your deployment process. (#7961)Added
bytes
property to the test CKANResponse class which returns bytes from the response data. (#7982)Activity plugin now tracks new, changed, and deleted resource views. (#8043)
datastore_records_delete
action now calls thedatastore_delete
action via the toolkit for better frameworking. (#8101)Use a definition list for the Data Dictionary view on resource pages to allow extra information for each field. Update
example_idatadictionaryform
plugin to display extra information. (#8110)Add reCAPTCHA protection on login and password reset (#8121)
Resource view list items now have an additional
view-item
class. (#8154)Add
ckan.logic.schema.validator_args
andckan.logic.validate
decorators to toolkit. (#8215)fix profile cli, add
--cold
and--best-of
options. By default cli profile will now run the request once (cold), then give the best of the next 3 (hot) runs. Use--cold --best-of=1
for the old cli profile behavior. (#8223)Sysadmins can now search by
email
in theuser_autocomplete
component. (#8228)add
ckan generate migration --autogenerate
option, sync models with migrations (#8238)Integrate flask-multistatic extension into the CKAN code base and remove it from requirements. (#7244)
Added
--disable-debugger
option to CKAN clirun
command. (#7278)Added new
datastore_records_delete
action.Functions the same as
datastore_delete
action, but will never drop the database table. (#7341)datastore_search
sort
parameters now supportnulls first
andnulls last
(#7356)datastore_upsert
: Treat empty strings as null for non-text types (#7358)Add a new optional parameter to the
datastore_dictionary
helper that filters the columns returned and fix a datatablesview show-columns bug with it (#7387)update documenatation for CKAN SHELL command. (#7402)
Improve CKAN Data API dialog with syntax highlighting, multiple client languages and jinja2 blocks for expansion (#7573)
Added
ckan.datatables.null_label
config option andh.datatablesview_null_label
helper. Datatables Views will now show blank cells for NoneType field values by default. (#7574)faster navigation between dataset and resource edit pages (#7586)
user_logged_in
anduser_logged_out
signals added to theckan
namespace (#7608)Store JS translation files in the storage folder rather than the source, to avoid permission problems (#7585)
Hide full helpers dict to tidy flask debug template listing (#7668)
Because of a new version of Sphinx, the command to rebuild the documentation is now
sphinx-build doc build/sphinx
(#7808)Hide Add new resource button in the resource list while viewing activity history. (#7814)
Serve i18n js faster with LazyJSONObject. Generate compact json instead of pretty-printed json to send less data (#7852)
Show existing resource navigation on new resource page (#7889)
Use object-group icon for Embed button (#7890)
Note that md5 use in tracking is not a security context (#7906)
Remove mentions of username change in documentation (#8000)
Fix an old remainder in the documentation about permanent deletion of organizations and groups (#8022)
Allow preventing users from changing their passwords by hidding the
password1
andpassword2
fields in the user edit form. (#8208)ckan db init
is now alias ofckan db upgrade
, which provides better support for includuing plugin migrations (#8339)Use case sensitive email unique validator (#7934)
It is now possible to extend interface classes directly when implementing plugins, which provides better integration with development tools, e.g. (#7976):
class Plugin(p.SingletonPlugin, IClick): pass This is equivalent to:: class Plugin(p.SingletonPlugin): p.implements(p.IClick, inherit=True)
New
ckan config docs
command, support for config options Markdown documentation (#8397)
- CVE-2024-43371: SSRF prevention mechanisms. Added support for the :ref:`ckan.download_proxy` setting in the Resource Proxy plugin.
- CVE-2024-41674: fixed
Solr credentials leak via error message in
package_search
action. - CVE-2024-41675: fixed XSS vector in DataTables view.
- Add support for custom resource_view auth in view templates (#5909)
- datastore_search_sql returns correct numeric data (#5753)
- Use
resource_delete
auth function inviews.resource.DeleteView
. (#7131) - Fix
member_list
action to exclude deleted user(when state deleted is not updated in member table) (#7170) - Fixes a bug causing
ckan.datasets_per_page
config not being used.limit
parameter in group/organization view has been removed in favor of the config. (#7254) - Create user using one line command. (#7343)
- Fixes
datastore_active
flagging during thedatastore_delete
action when an emptyfilters
dict is passed. (#7345) - Fix 500 error caused from passing null to a field using the
ckanext.datastore.logic.schema.json_validator
in its schema (#7346) - Create user reference added in Installing CKAN from source (#7366)
- Fixed links and labels on dashboard/organization page. (#7432)
- Fix exception in
license_list
action (#7454) - In tests, templates from
ckan.plugins
set by the config file are used even if these plugins are disabled for the test viapytest.mark.ckan_config("ckan.plugins", "")
(#7483) - Fix usage of
defer_commit
in context in create actions for users, datasets, organizations and groups.model.Dashboard.get()
no longer creates a dashboard object under the hood if it does not exist in the database (#7487) - "Groups" link in the header is not translated. (#7500)
- Remove unnecessary use of add_public_directory from core extensions. Standardize on assets directory as the convention for extension web assets. (#7504)
- Redirect dashboard news feed to login page if not logged in (#7507)
- Fixed context in
set_datastore_active_flag
to solve possible solr errors duringindex_package
(#7571) ckan generate fake-data --factory-class x.y.z:Factory
does not accept field values. (#7607)- Source files for webassets with identical names loaded from the wrong path. (#7610)
- Context requires type-casting when
model
passed explicitly. (#7611) - POST request to GET-only endpoint causes 500 error (#7616)
- Plugins randomly change their order during test session and somethimes they
work even without
with_plugins
fixture. (#7638) - datastore_upsert method=insert: prevent 500 on invalid data datastore_create datastore_create: invalid data errors now reported against records value (not "message") (#7683)
- Don't rely on stable ordering from unstable
model.Package.resources list
(#7749) - Updated the
ckan.plugins.toolkit.check_ckan_version()
to use packaging.version for version comparison/testing, Removeckan.plugins.toolkit._version_str_2_list()
method because of no use. (#7777) - Use current CKAN version in cookiecutter tests runner template (#7938)
- URLs in activities always points to
/organization/*
but custom org types requeres/custom-organization/*
URLs. This fixes those links. (#7943) - Fixed issues with the
ckan views create
CLI sub-command. (#7944) - Add missing translations to aria-label attributes (#7945)
- libmagic error when CKAN 2.10.3 is installed from source (#7986)
- Populate email notification checkbox from the profile it's on, not from the logged-in user (#8124)
use_default_schema
inpackage_show
is now evaluated as boolean. (#8130)- Allow using
.
in Solr local parser parameters (#8138) - Hide invite user form if the user can't create users (#8141)
- Add error notification when rebuilding the search index via the cli when the requested package can't be found. (#8148)
- Correct package_patch docstring re: updating resources (#8179)
- Fix exception in
group_list
/organization_list
when passing thegroups
/organizations
parameters (#8210) - Set license model od_conformance and osd_conformance attributes' default values to False to prevent errors. (#8268)
- Prevent exception in Datatables view when the size field is missing (#8284)
- Remove mutable global state usage in group blueprint (#8359)
- Added back
header_extra
andbody_extra
template blocks (#8264)
Starting from CKAN 2.11, the :ref:`SECRET_KEY` configuration option is required to start CKAN. This is the secret token that is used by security related tasks by CKAN and its extensions. Previous CKAN versions relied on the
beaker.session.secret
config option for this. Theckan generate config
command generates a unique value for this option each time it generates a config file. Alternatively, you can generate one manually with the following command:python -c "import secrets; print(secrets.token_urlsafe(20))"
Note that all the following secret configuration options will fallback to the
SECRET_KEY
value if not defined in your ini file (#7781):The sessions handling has been refactored, dropping the Beaker library in favour of Flask-Session. Note that the default session backend for new sites remains the client-side browser cookie based. See :ref:`SESSION_TYPE` for alternative backends available. The following configuration options need to be updated (#7893) :
Old configuration key
New configuration key
beaker.session.type
beaker.session.key
beaker.session.cookie_expires
:ref:`SESSION_PERMANENT` (with opposite value)
beaker.session.timeout
beaker.session.cookie_domain
beaker.session.secure
beaker.session.httponly
beaker.session.samesite
When parsing the configuration file, the default behaviour starting from CKAN 2.11 is the old
strict
mode, where CKAN will not start unless all config options are valid according to the validators defined in the :ref:`configuration declaration <declare-config-options>`. For every invalid config option, an error will be printed to the output stream. (#7776)If using the DataStore, the underlying storage for data dictionary fields has changed. Use
ckan datastore upgrade
after upgrading to this release to migrate it (#7971)When the
activity
plugin is enabled, every action that creates an activity recored(i.e.package_create
,package_update
,package_delete
,group_*
,organization_*
,user_*
,bulk_update_*
) requires acontext['user']
and raisesValidationError
if it's missing or empty. (#7627)The configuration option to customize the authorization header name has been renamed to :ref:`apitoken_header_name` from
apikey_header_name
.Only sysadmins can now set the
id
field of Datasets, Groups, Organizations, Users, Resource Views and Extras (#8069)If provided, the value of the
id
field needs to be a valid UUID string. Sites using custom ids that are not UUIDs can extend the relevant schema or validate methods to override the validation on theid
field, but are strongly encouraged to use a separate custom field to store the custom id instead. (#8069)The
form_to_db_*
anddb_to_form_*
methods of theIGroupForm
interface are now deprecated, and have been replaced by``create_group_schema()``,update_group_schema()
andshow_group_schema()
. (#8069)Tests performing requests using the test client should authenticate users sending the default
Authorization
header with a valid token, as opposed to sending the user name inenviron_overrides
(or the olderextra_environ
) (#7841)Before:
def test_dataset_new(app): user = factories.User() app.get(url_for("dataset.new"), environ_overrides={"REMOTE_USER": user["name"]})
After:
def test_dataset_new(app): user = factories.UserWithToken() app.get(url_for("dataset.new"), headers={"Authorization": user["token"]})
Only sysadmins can now set the
id
field of Datasets, Groups, Organizations, Users, Resource Views and ExtrasIf provided, the value of the
id
field needs to be a valid UUID v4 string. Sites using custom ids that are not UUIDs can extend the relevant schema or validate methods to override the validation on theid
field, but are strongly encouraged to use a separate custom field to store the custom id instead.The following interfaces are iterated in reverse order when using :py:class:`~ckan.plugins.core.PluginImplementations(interface)` (#7609):
IConfigDeclaration
IConfigurer
ITranslation
IValidators
:py:meth:`~ckanext.datastore.interfaces.IDatastore.datastore_search` of :py:class:`~ckanext.datastore.interfaces.IDatastore` interface is not completely compatible with old version.
where
key of thequery_dict
returned from this method has a different format. Before it was a collection of tuples with an SQL where-clause with positional/named%
-style placeholders on the first position, followed by arbitrary number of parameters:return { ..., "where": [('"age" BETWEEN %s AND %s', param1, param2, ...), ...] }
Now every element of collection must be a tuple that contains SQL where-clause with named
:
-style placeholders and a dict with the values for all the placeholders:return { ..., "where": [( '"age" BETWEEN :my_ext_min AND :my_ext_max', {"my_ext_min": age_between[0], "my_ext_max": age_between[1]}, )] }
In order to avoid name conflicts with placeholders from different plugin, don't use simple names, i.e.
val
,min
,name
, and add unique prefix to all the placeholders. (#7583)snippet/organization.html
has been moved toorganization/snippets/info.html
for consistency with Groups/Packages/Users. (#7685)Tracking feature has been moved to its own core extension. Therefore,
ckan.tracking_enabled
configuration option should be changed to addingtracking
to CKAN's plugins list.g.tracking_enabled
attribute no longer exist.tracking_summary
info will be returned if the extension is enabled.include_tracking
parameter is no longer required. (#7772)
PackageExtra
andGroupExtra
models will be removed in the next release and replaced byPackage.extras
andGroup.extras
JSONB fields. Code that accesses these models directly will need to be updated to use thePackage.extras
andGroup.extras
dicts for updating and JSON queries likequery(Package, Package.extras['name'] == '"value"')
. (#8288)All revision tables will be removed from the database in the next release. If you are upgrading from a ckan older than 2.9 and want to keep the history of changes this release is the last chance to run the
migrate_package_activity.py
script as described in the 2.9.0 :ref:`migration-notes-2.9`. (#8320)The
form_to_db_*
anddb_to_form_*
methods of theIGroupForm
interface are now deprecated, and have been replaced by``create_group_schema()``,update_group_schema()
andshow_group_schema()
. (#8069)Removes
dataset-form
anddataset-resource-form
classes from our HTML templates since they do not exist in our CSS files. (#7164)The
resource
blueprint will be removed in the future. The blueprint<package_type>_resource
is preferred. E.g. usedataset_resource.read
instead ofresource.read
(#7373)Removes all calls and references to the deprecated
check_data_dict
method. (#7420)The
site_read
authz function has been removed since it always returned True. (#7544)SQLAlchemy's
Metadata
object (:py:attr:`ckan.model.meta.metadata`) is no longer bound the the DB engine. A number of operations such astable.exists()
,table.create()
,metadata.create_all()
,metadata.reflect()
, now produce an :py:class:`sqlalchemy.exc.UnboundExecutionError` error (#7583) .Depending on the situation, the following changes may be required:
- Instead of creating tables via custom CLI command or during application startup, use Alembic migrations
- If there is no other way, change
table.create()
/table.exists()
totable.create(engine)
/table.exists()
. Getengine
by calling :py:func:`~ckan.model.ensure_engine`.
The Boostrap 3 based templates have been removed. (#7637)
template_head_end
andtemplate_footer_end
config options have been removed. You can achieve the same effect by extending thebase.html
template. (#7672)ckan.dumps_url
andckan.dumps_format
config options have been removed. You can achieve the same effect by extendingpackage/search.html
. (#7673)The
build_extra_admin_nav
helper andckan.admin_tabs
config have been removed. To achieve the same result it is possible to add a nav icon by extending thecontent_primary_nav
block inckan/templates/admin/base.html
(#7674){% ckan_extends %} {% block content_primary_nav %} {{ super() }} {{ h.build_nav_icon('example_extension.endpoint', _('My Cool Feature'), icon='trophy') }} {% endblock %}
The
ckan.homepage_style
configuration options and thehomepage_style
variable have been removed.layout1.html
code has been moved intohome/index.html
, as it will be the only layout available. (#7677)The Recline-based view plugins (
recline_view
,recline_grid_view
,recline_map_view
, etc) have been removed and are no longer available. Users are encouraged to use the DataTables-based view (datatables_view
) or some of the community maintained alternatives #7918)Move datastore-specific download logic from
ckan/templates/package/resource_read.html
tockanext/datastore/templates/package/resource_read.html
(#7927)The deprecated methods with the form
after_<action>
andbefore_<action>
of the :py:class:`~ckan.plugins.interfaces.IPackageController` and :py:class:`~ckan.plugins.interfaces.IResourceController` interfaces have been removed. The formafter_<type>_<action>
must be used from now on. E.g.after_create()
->after_dataset_create()
orafter_resource_create()
. (#7976)All plugins need to be instances of p.SingletonPlugin, they can't inherit from a base class that is an instance itself. For example, you need to move from this (#7976)
class FirstPlugin(p.SingletonPlugin): p.implements(ISomething) def some_method(self): pass class SecondPlugin(FirstPlugin): p.implements(IAnything)
To this:
class BasePlugin(): def some_method(self): pass class FirstPlugin(p.SingletonPlugin, BasePlugin): p.implements(ISomething) class SecondPlugin(p.SingletonPlugin, BasePlutin): p.implements(IAnything)
- This version requires a requirements upgrade on source installations
- The minimum Python version for this version is Python 3.8. It has been tested up to Python 3.11
- Support for Python 3.11 (#8171)
- Upgrade requirements to address security vulnerabilities (#8349)
- Added :ref:`ckan.datatables.null_label` config option. Datatables views will now show blank cells for NoneType field values by default. (#7574)
- CVE-2024-43371: SSRF prevention mechanisms. Added support for the :ref:`ckan.download_proxy` setting in the Resource Proxy plugin.
- CVE-2024-41674: fixed
Solr credentials leak via error message in
package_search
action. - CVE-2024-41675: fixed XSS vector in DataTables view.
- Allow using
.
in Solr local parser parameters (#8138) - Fix misplaced CSRF token in the BS3 collaborator_new.html. (#8204)
- Prevent exception in Datatables view when the size field is missing (#8284)
- The default format for accepted uploads for user, groups and organization images is now limited to PNG, GIF anf JPG. If you need to add additional foramts you can use the :ref:`ckan.upload.user.mimetypes` and :ref:`ckan.upload.group.mimetypes`) (#7028)
- Public user registration is disabled by default, ie users can not create
new accounts from the UI. With this default value, new users can be created
by being invited by an organization admin, being created directly by a
sysadmin in the
/user/register
endpoint or being created in the CLI usingckan user add
. To allow public registration see :ref:`ckan.auth.create_user_via_web`, but it's strongly encouraged to put some measures in place to avoid spam. (#7028) (#7208)
- Define allowed alternative Solr query parsers via the :ref:`ckan.search.solr_allowed_query_parsers` config option (#8053)
- CVE-2024-27097: fixed potential log injection in reset user endpoint.
- use custom group type from the activity object if it's not supplied, eg on user activity streams (#7980)
- Removes extra <<<HEAD from resources list template (#7998)
- CKAN does not start without
beaker.session.validate_key
option introduced in v2.10.3 (#8023) - Editing of resources unavailable from package view page. (#8025)
- Pass custom package types through to the 'new resource' activity item (#8034)
- Fix Last Modified sort parameter for bulk-process page (#8048)
- Detect XLSX mimetypes correctly in uploader (#8088)
- Remove nginx cache as configuration from documentation (#8031)
- Fix clean_db fixtures breaking when tables are missing (#8054)
- Fix JS error in flash message when adding a Member (#8104)
New sites now default to cookie-based sessions (the default value for
beaker.session.type
is nowcookie
. Thebeaker.session.samesite
configuration option has been introduced, allowing you to specify theSameSite
attribute for session cookies. This attribute determines how cookies are sent in cross-origin requests, enhancing security and privacy.Note
When using cookie-based sessions, it is now required to set
beaker.session.validate_key
appropriately.Skip interactive mode of
ckan user setpass
using-p
/--password
option. (#7530)Added support for Solr 9. Users of the official Docker images can use the
ckan/ckan-solr:2.10-solr9
tag. (#7693)Update requirements to support more Python versions (#7935)
Add tooltips when links are truncated, to show the full text. (#7743)
Added pages to confirm User delete and Dataset Collaborator delete. Fixed cancellation of Group Member delete. (#7813)
The
validators
attribute of a declared config option makes tries to parse arguments to validators as python literals. If all arguments can be parsed, they are passed to a validator factory with original types. If at least one argument is not a valid Python literal, all values are passed as a string (this was the previous behavior). Space characters are still not allowed inside arguments, use the\\x20
symbol if you need a space in a literal (#7615):# Not changed `validators: v(xxx)` # v("xxx") `validators: v("xxx",yyy)` # v("xxx", "yyy") `validators: v(1,2,none)` # v("1", "2", "none") `validators: v("hello\\x20world")` # v("hello world") # Changed `validators: v("xxx")` # v("xxx") `validators: v("xxx",1)` # v("xxx", 1) `validators: v(1,2,None)` # v(1, 2, None)
Automatically add the
not_empty
validator to any config option declared withrequired: true
(#7658)
- CVE-2023-50248: fix potential out of memory error when submitting the dataset form with a specially-crafted field.
- Fix
deprecated
decorator (#7939) - Fix for missing Tag facets on Home page (#7520)
- Fix errors when running the ckan db upgrade command (#7681)
- Fix datastore_search + downloading datastore resources as json with null values (#6713)
CONFIG_FROM_ENV_VARS
takes precedence over config file and extensions but those settings are not normalized. (#7502)- Fixed server not recognizing SSL settings in configuration .ini file (#7758)
- Fix error when indexing a full ISO date with timezone info (#7775)
- Aligned member_create with group_member_save to prevent possible member duplication. (#7804)
- datastore-only resources now have a visible download button on the resource page (#7806)
- update resource
datastore_active
with a single statement ondatastore_create/delete
(#7832) - Fixed Octet Streaming for Datastore Dump requests. (#7839)
- Fixed restricting anonymous users in actions to check user in context. (#7871)
- Empty string in
beaker.session.timeout
produces an error instead of never-expiring session (#7881) - Updated Bootstrap alert-error class to alert-danger (#7901)
- Changed dataset query to check for
+state:
in thefq_list
as well as the fq parameter before forcingstate:active
(#7905) - View modules use pluggable
ckan.plugins.toolkit.h
instead of ckan.lib.helpers (#7923) - Fix HTML5 validation failing on resource uploads (#7925)
- Fixed issues with the
ckan views create
CLI sub-command. (#7944) - Improve handling of date fields in Solr (#7775)
- Fix URL validator does not support ":" for specifying ports (#7891)
- Fix user_show for
ckan.auth.public_user_details
(#7866) - Add missing translations to aria-label attributes (#7947)
- Catch AttributeErrors in license retrieval (#7931)
- Fix downloading datastore resources as json with null values in json columns (#7545)
Unreleased
- CVE-2023-32321: fix potential path traversal, remote code execution, information disclosure and DOS vulnerabilities via crafted resource ids.
- Redirect on password reset form error now maintains root_path and locale (#7006)
- Fix display of Popular snippet (#7205)
- Fixes missing CSRF token when trying to remove a group from a package. (#7417)
IMiddleware
implementations produce an error mentioning missingapp.after_request
attribute. (#7426)- Application hangs during startup when using config chains. (#7427)
- Fix exception in
license_list
action (#7454) - In tests, templates from
ckan.plugins
set by the config file are used even if these plugins are disabled for the test viapytest.mark.ckan_config("ckan.plugins", "")
(#7483) - Fix usage of
defer_commit
in context in create actions for users, datasets, organizations and groups. model.Dashboard.get()
no longer creates a dashboard object under the hood if it does not exist in the database (#7487)- "Groups" link in the header is not translated. (#7500)
- Names are now quoted in From and To addresses in emails, meaning that site titles with commas no longer break email clients. (#7508)
- Pagination widget is not styled in Bootstrap 5 templates. (#7528)
- Fix missing resource URL on update resource with uploaded file (#7449)
- Fix custom macro styles (#7461)
- Fix mobile layout styles (#7467)
- Fix fontawesome icons, replace unavailable FA v3 icons (#7474)
- Fix promote sysadmin layout (#7476)
- Fix markdown macros regression (#7485)
- Set session scope for migrate_db_for fixture (#7563)
The default storage backend for the session data used by the Beaker library uses the Python
pickle
module, which is considered unsafe. While there is no direct known vulnerability using this vector, a safer alternative is to store the session data in the client-side cookie. This will probably be the default behaviour in future CKAN versions:# ckan.ini beaker.session.type = cookie beaker.session.data_serializer = json # Use a long, random string for this setting beaker.session.validate_key = CHANGE_ME beaker.session.httponly = True beaker.session.secure = True beaker.session.samesite = Lax # or Strict, depending on your setup
Note
You might need to install an additional library that can provide AES encryption, e.g.
pip install cryptography
- CKAN 2.10 supports Python 3.7 to 3.10
- This version requires a requirements upgrade on source installations
- This version requires a database upgrade
- This version does not require a Solr schema upgrade if you are already using the 2.9 schema, but it is recommended to upgrade to the 2.10 Solr schema.
- Make sure to check the :ref:`migration-notes-2.10`
Added CSRF protection to the frontend forms to protect against Cross-Site Request Forgery attacks. This feature is enabled by default in CKAN core, extensions are excluded from the CSRF protection to give time to update them, but CSRF protection will be enforced in the future. To enforce the CSRF protection in extensions you can use the :ref:`ckan.csrf_protection.ignore_extensions` setting. See the :ref:`CSRF section <csrf_best_practices>` in the extension best practices for more information on how to enable it. (#6920)
Refactored the Authentication logic to use Flask-login instead of repoze.who. This has implications on how login sessions are managed (e.g. when and why users might be logged out) and will affect all plugins that modify the standard authentication process. Please check the Migration notes section below to learn more (#6560).
Configuration declaration: declare configuration options to ensure validation and default values. All declared CKAN configuration options are validated and converted to the expected type during the application startup. See the Migration notes section below to understand the changes involved and check the :ref:`documentation <declare-config-options>`. (#6467)
Add Signals support to allow subscriptor-based features in extensions. See :doc:`extensions/signals` (#5359)
Add Blanket implementations: decorators providing common implementations of simple interfaces to reduce boilerplate in plugins. See the
blanket()
method in the :doc:`/extensions/plugins-toolkit` (#5169)Add CLI commands for API Token management (#5868)
The CKAN source code is fully typed now (#5924)
Add extensible snippet for resource uploads (#6226)
Migrated to Bootstrap 5 from v3 for the default CKAN theme. Bootstrap v3 templates are still available for use by specifying the base template folder in the configuration (#6307):
ckan.base_public_folder=public-bs3 ckan.base_templates_folder=templates-bs3
Removed the Docker related files from the main CKAN repository. A brand new official Docker setup can be found at the ckan/ckan-docker repository. (#7370)
Added new command
ckan shell
that opens an interactive python shell with the Flask's application context preloaded (among other useful objects). (#6919)Added new sub-commands to the
search-index
command (#7044 and #7175):list-orphans
lists all public package IDs which exist in the solr index, but do not exist in the database.clear-orphans
clears the search index for all the public orphaned packages.list-unindexed
lists all ununindexed packages
Add new group command:
clean
. Addclean users
command to delete users containing images with formats not supported inckan.upload.user.mimetypes
config option. (#7241)Activities now receive the full dict of the object they refer to in their
data
section. This allows greater flexibility when creating custom activities from plugins. (#6557)Site maintainers can choose to completely ignore cookie based by using
ckan.auth.enable_cookie_auth_in_api
. When set to False, all API requests must use :ref:`API Tokens <api authentication>`. Note that this is likely to break some existing JS modules from the frontend that perform API calls, so it should be used with caution. (#7088)CKAN now records the last time a user was active on the site. The minimum interval between records can be controlled with the :ref:`ckan.user.last_active_interval` config option. (#6466)
:py:class:`~ckan.plugins.toolkit.BaseModel` class for declarative SQLAlchemy models added to :py:mod:`ckan.plugins.toolkit`. Models extending
BaseModel
class are attached to the SQLAlchemy's metadata object automatically:from ckan.plugins import toolkit class ExtModel(toolkit.BaseModel): __tablename__ = "ext_model" id = Column(String(50), primary_key=True) ... (`#7351 <https://github.com/ckan/ckan/pull/7351>`_)
Add dev containers / GitHub Codespaces config (See the documentation
- Test factories extends SQLAlchemy factory, are available via fixtures and produce more random entities using faker library. (#6335)
- Migrated preprocessor from LESS to SCSS for preliminary work for Bootstrap upgrade. (#6175)
- Add
ckan.plugins.core.plugin_loaded
to the core helpers asplugin_loaded
(#7011) - Make HTTP response returned on a private dataset if not authorized configurable (#6641)
- Allow
_id
fordatastore_upsert
unique key (#6793) - Add functionality to
user_show
to fetch own details when logged in without passing id (#5490) datastore_info
now returns more detailed info. It returns database-level metadata in addition to rowcount (aliases, id, size, index_size, db_size and table_type), and the data dictionary with database-level schemata (native_type, index_name, is_index, notnull & uniquekey). See the documentation at :py:func:`~ckanext.datastore.logic.action.datastore_info` (#5831)datastore_info
now works with aliases, and can be used to dereference aliases. (#5832)- Document new
ckan.download_proxy
config value for extensions that download external URLs (#xloader-127) - Add organization_followee_count to the get api (#2628)
- Environment variables prefixed with CKAN_ can be used as variables inside
config file via
option = %(CKAN_***)s
(#6192) - CLI command
less
is now renamed tosass
as the preprocessor was changed in #6175. (#6287) - Support including file attachments when sending emails (#6535)
- Reworked the JavaScript for the view filters to allow for special characters
as well as colons and pipes, which previously caused errors. Added a new
helper (
decode_view_request_filters()
) to easily decode the new flattened filter string. (#6747) - Add an index on column resource_id in table resource_view. (#7134)
- Non-sysadmin users are no longer able to change their own state (#6956)
- The "rank" field is no longer returned in datastore_search results unless explicitly defined in the fields parameter (#6961)
- Upgrade requirements to the latest version whenever possible (#7064)
- Create a
fresh_context()
function to allow cleaning thecontext
dict preserving some common values (user
,model
, etc) (#7112) - Add
--quiet
option tockan user token add
command to mak easier to integrate with automated scripts (#7217) - Updated and documented input param for
api_token_list
fromuser
touser_id
.user
is still supported for backwards compatibility but it might be removed in the future. (#7344)
Stable default ordering when consuming resource content from datastore (#2317)
Fix missing activities from UI when internal processes are run by ignored users (#5699)
Fix the datapusher trigger in case of resource_update via API (#5727)
package_revise now returns some errors in normal keys instead of under 'message' (#5888)
Allow multi-level config inheritance (#6000)
Fix Chinese locales. Note that the URLs for the zh_CN and zh_TW locales have changed but there are redirects in place, eg http://localhost:5000/zh_CN/dataset -> http://localhost:5000/zh_Hans_CN/dataset (#6008)
Fix performance bottleneck in activity queries (#6028)
Keep repeatable facets inside pagination links (#6084)
Consistent CLI behavior when when no command provided and when using --help options (#6120)
Variables from extended config files (
use = config:...
) have lower precedence. In the following example:;; a.ini output = %(var)s ;; b.ini use = config:a.ini var = B ;; c.ini use = config:b.ini var = C
final value of the
output
config option will beC
. (#6192)Restore error traceback for search-index rebuild -i CLI command (#6329)
Prevent Traceback to logged for HTTP Exception until debug is true Add the HTTP status Code in logging for HTTP requests (#6340)
Improve rendering data types in resource view (#6356)
Snippet names rendered into HTML as comments in non-debug mode. (#6406)
h.remove_url_param fail with minimal set of params (#6414)
Type of uploads for group and user image can be restricted via the ckan.upload.{object_type}.types and ckan.upload.{object_type}.mimetypes config options (eg ckan.upload.group.types, ckan.upload.user.mimetypes) (#6477)
*_patch
actions call their*_update
equivalents viaget_action
allowing plugins to override them consistently (#6519)Fixed and simplified organization and group forms breadcrumb inheritance (#6637)
Ensure that locale exists on i18n JS API (#6698)
Configuration options that were used to specify a CSS file with a base theme have been removed. Use the altenatives below in order to specify an _asset_ (see :doc:`theming/webassets`) with a base theme for application (#6817): *
ckan.main_css
replaced by :ref:`ckan.theme` *ckan.i18n.rtl_css
replaced by :ref:`ckan.i18n.rtl_theme`prepare_dataset_blueprint: support dataset type (#7031)
Changed default sort key for group and user lists from ASCII Alphebitized to new strxfrm helper, resulting in human-readable alphebitization. (#7039)
Fix resource file size not updating with resource_patch (#7075)
Revert Flask requirement from 2.2.2 to 2.0.3. (#7082)
restore original plugin template directory order after update_config order change (#7085)
Fix urls containing unicode encoded in hex (#7107)
Fix a bug that causes CKAN to only register the first blueprint of plugins. (#7108)
remove old deleted resources on package_update so that performance is consistent over time (no longer degrading) (#7119)
Beaker session config variables need to be initialised in a newly generated ckan config file (#7133)
Fixed broken organization delete form (#7150)
Fix the current year reference for CKAN documentation (#7153)
Fix bootstrap 3 webassets files to point to valid assets. (#7161)
Fix the display of the License select element in the Dataset form. (#7162)
Build CSS files with latest updates. (#7163)
Fix activity stream icon on Boostrap 5. Migrate activity CSS classes to the extension folder. (#7169)
Fix 404 error when selecting the same date in the changes view (#7191)
Fix display of Popular snippet. Removes old ckan-icon scss class. (#7205)
Fix icons and alignment in resource datastore tab. (#7247)
Make heading semantic in bug report template (#7186)
Add title attribute to iframe (#7187)
Fix color contrast in dashboard buttons for web accesibility (#7193)
Make skip to content visible for keyboard-only user (#7194)
Fix color contrast issue in add dataset page (#7195)
Fix color contrast of delete button in user edit page for web accesibility (#7199)
Changes in the authenticated users management (logged in users): The old
auth_tkt
cookie created by repoze.who does not exist anymore. Flask-login stores the logged-in user identifier in the Flask session. CKAN uses Beaker to manage the session, and the default session backend stores this session information as files on the server (on/tmp
). This means that if the session data is deleted in the server, all users will be logged out of the site. This can happen for instance:- if the CKAN container is redeployed in a Docker / cloud setup and the session directory is not persisted
- if the sessions are periodically cleaned by an external script
Here's a summary of the behaviour changes between CKAN versions:
Action
CKAN < 2.10
CKAN >= 2.10
Clear cookies
User logged out
User logged out (If
remember_me
cookie is deleted)Clear server sessions
User still logged in
User logged out
The way to keep the old behaviour with the Beaker backend is to store the session data in the cookie itself (note that this stores all session data, not just the user identifier). This will probably be the default behaviour in future CKAN versions:
# ckan.ini beaker.session.type = cookie beaker.session.validate_key = CHANGE_ME beaker.session.httponly = True beaker.session.secure = True beaker.session.samesite = Lax # or Strict
Alternatively you can configure another persistent backend for the sessions in the server, like an SQL Database or Redis (see the Beaker configuration for details).
It is recommended that you review the :ref:`session-settings` and :ref:`flask-login-remember-me-cookie-settings` to make sure they cover your security requirements.
Due to the newly introduced :ref:`declare-config-options`, all declared CKAN configuration options are validated and converted to the expected type during the application startup:
debug = config.get("debug") # CKAN <= v2.9 assert type(debug) is str assert debug == "false" # or any value that is specified in the config file # CKAN >= v2.10 assert type(debug) is bool assert debug is False # or ``True``
The
aslist
,asbool
,asint
converters fromckan.plugins.toolkit
will keep the current behaviour:# produces the same result in v2.9 and v2.10 assert tk.asbool(config.get("debug")) is False assert tk.asint(config.get("ckan.devserver.port")) == 5000 assert tk.aslist(config.get("ckan.plugins")) == ["stats"]
If you are using custom logic, the code requires a review. For example, the following code will produce an
AttributeError
exception, becauseckan.plugins
is converted into a list during the application's startup:# AttributeError plugins = config.get("ckan.plugins").split()
Depending on the desired backward compatibility, one of the following expressions can be used instead:
# if both v2.9 and v2.10 are supported plugins = tk.aslist(config.get("ckan.plugins")) # if only v2.10 is supported plugins = config.get("ckan.plugins")
The second major change affects default values for configuration options. Starting from CKAN 2.10, the majority of the config options have a declared default value. It means that whenever you invoke
config.get
method, the declared default value is returned instead ofNone
. Example:# CKAN v2.9 assert config.get("search.facets.limit") is None # CKAN v2.10 assert config.get("search.facets.limit") == 10
The second argument to
config.get
should be only used to get the value of a missing undeclared option:assert config.get("not.declared.and.missing.from.config", 1) == 1
The above is the same for any extension that declares its config options using
IConfigDeclaration
interface orconfig_declarations
blanket. (#6467)Public registration of users has been disabled by default (#7210)
User and group/org image upload formats have been restricted by default (#7210)
The activites feature has been extracted into a separate
activity
plugin. To keep showing the activities in the UI and enable the activity related API actions you need to add theactivity
plugin to the :ref:`ckan.plugins` config option. This change doesn't affect activities already stored in the DB. They are still available once the plugin is enabled. Note that some imports have changed (#6790):`ckan.model.Activity` -> `ckanext.activity.model.Activity`
Users of the Xloader or DataPusher need to provide a valid API Token in their configurations using the
ckanext.xloader.api_token
orckan.datapusher.api_token
keys respectively. (#7139)Only user-defined functions can be used as validators. An attempt to use a mock-object, built-in function or class will cause a
TypeError
. (#6048)The language code for the Norwegian language has been updated from
no
tonb_NO
. There are redirects in place from the old code to the new one for localized URLs, but please update your links. If you were using the oldno
code in a config option likeckan.default_locale
orckan.locales_offered
you will need to update the value tonb_NO
. (#6746)toolkit.aslist now converts any iterable other than
list
and tuple into alist
:list(value)
. Before, such values were just wrapped into a list, i.e:[value]
(#7257).Short overview of changes Expresion
Before
After
aslist([1,2])
[1, 2]
[1, 2]
aslist({1,2})
[{1, 2}]
[1, 2]
aslist({1: "one", 2: "two"})
[{1: "one", 2: "two"}]
[1, 2]
aslist(range(1,3))
[range(1, 3)]
[1, 2]
Legacy API keys are no longer supported for Authentication and have been removed from the UI. API Tokens should be used instead. See :ref:`api authentication` for more details (#6247)
build_nav_main()
,build_nav_icon()
andbuild_nav()
helpers no longer support Pylons route syntax. eg usedataset.search
instead ofcontroller=dataset, action=search
. (#6263)The following old helper functions have been removed and are no longer available:
submit()
,radio()
,icon_url()
,icon_html()
,icon()
,resource_icon()
,format_icon()
,button_attr()
,activity_div()
(#6272)The following methods are deprecated and should be replaced with their respective new versions in the plugin interfaces:
- ckan.plugins.interfaces.IResourceController:
- change
before_create
tobefore_resource_create
- change
after_create
toafter_resource_create
- change
before_update
tobefore_resource_update
- change
after_update
toafter_resource_update
- change
before_delete
tobefore_resource_delete
- change
after_delete
toafter_resource_delete
- change
before_show
tobefore_resource_show
- change
- ckan.plugins.interfaces.IPackageController:
- change
after_create
toafter_dataset_create
- change
after_update
toafter_dataset_update
- change
after_delete
toafter_dataset_delete
- change
after_show
toafter_dataset_show
- change
before_search
tobefore_dataset_search
- change
after_search
toafter_dataset_search
- change
before_index
tobefore_dataset_index
- change
(#6501)- ckan.plugins.interfaces.IResourceController:
The
ckan seed
command has been removed in favour ofckan generate fake-data
for generating test entities in the database. Refer tockan generate fake-data --help
for some usage examples. (#6504)The
IRoutes
interface has been removed since it was part of the old Pylons architecture. (#6594)Remove
ckan.cache_validated_datasets
config (#6628)Remove
ckan.search.automatic_indexing
config (#6639)The
PluginMapperExtension
has been removed since it was no longer used in core and it had a deprecated dependency. (#6648)Remove deprecated
fields
parameter inresource_search
method. (#6687)The
ISession
interface has been removed from CKAN. To extend SQLAlchemy use event listeners instead. (#6699)unselected_facet_items
helper has been removed. You can useget_facet_items_dict
withexclude_active=True
instead. (#6765)The Recline-based view plugins (
recline_view
,recline_grid_view
,recline_graph_view
andrecline_map_view
) are deprecated and will be removed in future versions. Check :doc:`maintaining/data-viewer` for alternatives. (#7078)The requirement-setuptools.txt file has been removed (#7271)
ckan.route_after_login
renamed tockan.auth.route_after_login
(#7350)
- Define allowed alternative Solr query parsers via the :ref:`ckan.search.solr_allowed_query_parsers` config option (#8053). Note that the 2.9 version of this patch does not use pyparsing to parse the local parameters string, so some limitations are in place, mainly that no quotes are allowed in the local paramaters definition.
- Get default formats for DataStore views from config (#8095)
- CVE-2024-27097: fixed potential log injection in reset user endpoint.
- Fixed Octet Streaming for Datastore Dump requests. (#7899)
- Fix Password Reset Keys with multiple accounts (#8079)
- Detect XLSX mimetypes correctly in uploader (#8088)
- CVE-2023-50248: fix potential out of memory error when submitting the dataset form with a specially-crafted field.
- Update resource datastore_active with a single statement (#7833)
- Fix downloading datastore resources as json with null values in json columns (#7545)
- Fix errors when running the ckan db upgrade command (#7681)
- Fix
deprecated
decorator (#7939) - Changed dataset query to check for
+state:
in thefq_list
as well as the fq parameter before forcingstate:active
(#7905)
- CVE-2023-32321: fix potential path traversal, remote code execution, information disclosure and DOS vulnerabilities via crafted resource ids.
- Names are now quoted in From and To addresses in emails, meaning that site titles with commas no longer break email clients. (#7508)
The default storage backend for the session data used by the Beaker library uses the Python
pickle
module, which is considered unsafe. While there is no direct known vulnerability using this vector, a safer alternative is to store the session data in the client-side cookie. This will probably be the default behaviour in future CKAN versions:# ckan.ini beaker.session.type = cookie beaker.session.data_serializer = json beaker.session.validate_key = CHANGE_ME beaker.session.httponly = True beaker.session.secure = True beaker.session.samesite = Lax # or Strict, depending on your setup
- Disable public registration of users by default (#7210)
- Restrict user and group/org image upload formats by default (#7210)
- Add dev containers / GitHub Codespaces config for CKAN 2.9 (See the documentation
- Add new group command:
clean
. Addclean users
command to delete users containing images with formats not supported inckan.upload.user.mimetypes
config option (#7241) - Set the
resource
blueprint to not auto register. (#7374) prepare_dataset_blueprint
: support dataset type (#7031)- Add
--quiet
option tockan user token add
command to mak easier to integrate with automated scripts (#7217)
- Fix
package_update
performance (#7219) - Fix
_()
function override (#7232) - Fix 404 when selecting the same date in the changes view (#7192)
- Enable DateTime to be returned through Actions, allowing
datapusher_status
to be accessed through the API. (#7110) - Fixed broken organization delete form (#7150)
- CVE-2022-43685: fix potential user account takeover via user create
- Fix Datatables view download format selector (#7147)
- Revert deletions included in 2.9.6 as part of #6187 (#7118)
Note: This release includes requirements upgrades to address security issues
- Fixes incorrectly encoded url current_url (#6685)
- Check if locale exists on i18n JS API (#6698)
- Add
csrf_input()
helper for cross-CKAN version compatibilty (#7016) - Fix not empty validator (#6658)
- Use
get_action()
in patch actions to allow custom logic (#6519) - Allow to extend organization_facets (#6682)
- Expose check_ckan_version to templates (#6741)
- Allow get_translated helper to fall back to base version of a language (#6815)
- Fix server error in tag autocomplete when vocabulary does not exist (#6820)
- Check if locale exists on i18n JS API (#6698)
- Fix updating a non-existing resource causes an internal sever error (#6928)
- Remove extra comma (#6774)
- Fix test data creation issues (#6805)
- Fix for updating non-existing resource
- Avoid storing the session on each request (#6954)
- Return zero results instead of raising NotFound when vocabulary does not exist
- Fix the datapusher trigger in case of resource_update via API (#5727)
- Consistent CLI behavior when when no command provided and when using --help options (#6120)
- Fix regression when validating resource subfields (#6546)
- Fix resource file size not updating with resource_patch (#7075)
- Prevent non-sysadmin users to change their own state (#6956)
- Use user id in auth cookie rather than name
- Reorder resource view button: allow translation (#6089)
- Optmize temp dir creation on uploads (#6578)
- Exclude site_user from user_listi (#6618)
- Fix race condition in creating the default site user (#6638)
- gettext not for metadata fields (#6660)
- Include root_path in activity email notifications (#6743)
- Extract translations from emails (#5857)
- Use the headers Reply-to value if its set in the extensions (#6838)
- Improve error when downloading resource (#6832)
ckan_config
test mark works with request context (#6868)- Fix caching logic on logged in users (#6864)
- Fix member delete (#6892)
- Concurrent-safe resource updates (#6439)
- Fix error when listing tokens in the CLI in py2 (#6789)
- The
ckan.main_css
andckan.i18.rtl_css
settings, which were not working, have been replaced by :ref:`ckan.theme` and :ref:`ckan.i18n.rtl_theme` respectively. Both expect the name of an asset with a base theme for the application (#6817) - The type of uploads for group and user image can be restricted via the ckan.upload.{object_type}.types and ckan.upload.{object_type}.mimetypes config options (eg :ref:`ckan.upload.group.types`, :ref:`ckan.upload.user.mimetypes`) (#6477)
- Allow to use PDB and IDE debuggers (#6798)
- Unpin pytz, upgrade zope.interface (#6665)
- Update sqlparse version
- Bump markdown requirement to support Python 3.9
- Update psycopg2 to support PostgreSQL 12
- Add auth functions for 17 actions that didn't have them before (#7045)
- Add no-op
csrf_input()
helper to help extensions with cross-CKAN version suport (#7030)
- Solr 8 support. Starting from version 2.9.5, CKAN supports Solr versions 6 and 8. Support for Solr 6 will be dropped in the next
CKAN minor version (2.10). Note that if you want to use Solr 8 you need to use the
ckan/config/solr/schema.solr8.xml
file, or alternatively you can use theckan/ckan-solr:2.9-solr8
Docker image which comes pre-configured. (#6530)
- Consistent CLI behavior when no command is provided and when using --help (#6120)
- Fix regression when validating resource subfields (#6546)
- Fix user create/edit email validators (#6399)
- Error opening JS translations on Python 2 (#6531)
- Set logging level to error in error mail handler (#6577)
- Add RootPathMiddleware to flask stack to support non-root installs running on python 3 (#6556)
- Use correct auth function when editing organizations (#6622)
- Fix invite user with existing email error (#5880)
- Accept empty string in one of validator (#6612)
- Add timeouts to requests calls (see ckan.requests.timeout) (#6408)
- Types of file uploads for group and user imags can be restricted via the ckan.upload.{object_type}.types and ckan.upload.{object_type}.mimetypes config options (eg :ref:`ckan.upload.group.types`, :ref:`ckan.upload.user.mimetypes`) (#6477)
- Allow children elements on select2 lists (#6503)
- Enable
minimumInputLength
and fix loading message in select2 (#6554)
Note: This release includes requirements upgrades to address security issues
- Don't show snippet names in non-debug mode (#6406)
- Show job title on job start/finish log messages (#6387)
- Fix unpriviledged users being able to access bulk process (#6290)
- Allow UTF-8 in JS translations (#6051)
- Handle Traceback Exception for HTTP and HTTP status Code in logging (#6340)
- Fix object list validation output (#6149)
- Coerce query string keys/values before passing to quote() (#6099)
- Fix datetime formatting when listing user tokens on py2. (#6319)
- Fix Solr HTTP basic auth cred handling (#6286)
- Remove not accessed user object in resource_update (#6220)
- Fix for g.__timer (#6207)
- Fix guard clause on has_more_facets, #6190 (#6190)
- Fix page render errors when search facets are not defined (#6181)
- Fix exception when using solr_user and solr_password on Py3 (#6179)
- Fix pagination links for custom org types (#6162)
- Fixture for plugin DB migrations (#6139)
- Render activity timestamps with title= attribute (#6109)
- Fix db init error in alembic (#5998)
- Fix user email validator when using name as id parameter (#6113)
- Fix DataPusher error during resource_update (#5597)
- render_datetime helper does not respect ckan.display_timezone configuration (#6252)
- Fix SQLAlchemy configuration for DataStore (#6087)
- Don't cache license translations across requests (#5586)
- Fix tracking.js module preventing links to be opened in new tabs (#6386)
- Fix deleted org/group feeds (#6368)
- Fix runaway preview height (#6284)
- Stable default ordering when consuming resource content from datastore (#2317)
- Several documentation fixes and improvements
- Fix Chinese locales. Note that the URLs for the zh_CN and zh_TW locales have changed but there are redirects in place, eg http://localhost:5000/zh_CN/dataset -> http://localhost:5000/zh_Hans_CN/dataset (#6008)
- Fix performance bottleneck in activity queries (#6028)
- Keep repeatable facets inside pagination links (#6084)
- Ensure order of plugins in PluginImplementations (#5965)
- Fix for Datastore file dump extension (#5593)
- Allow package activity migration on py3 (#5930)
- Fix TemplateSyntaxError in snippets/changes/license.html (#5972)
- Remove hardcoded logging level (#5941)
- Include extra files into ckanext distribution (#5995)
- Fix db init in docker as the directory is not empty (#6027)
- Fix sqlalchemy configuration, add doc (#5932)
- Fix issue with purging custom entity types (#5859)
- Only load view filters on templates that need them
- Sanitize user image url
- Allow installation of requirements without any additional actions using pip (#5408)
- Include requirements files in Manifest (#5726)
- Dockerfile: pin pip version (#5929)
- Allow uploaders to only override asset / resource uploading (#6088)
- Catch TypeError from invalid thrown by dateutils (#6085)
- Display proper message when sysadmin password is incorect (#5911)
- Use external library to parse view filter params
- Fix auth error when deleting a group/org (#6006)
- Fix datastore_search language parameter (#5974)
- make SQL function whitelist case-insensitive unless quoted (#5969)
- Fix Explore button not working (#3720)
- remove unused var in task_status_update (#5861)
- Prevent guessing format and mimetype from resource urls without path (#5852)
- Multiple documentation improvements
- Support for setting host and port on the ini file (#5939)
- Allow to set path to INI file in the WSGI script (#5987)
- Allow multi-level config inheritance (#6000)
- General notes:
- Note: To use PostgreSQL 12 on CKAN 2.9 you need to upgrade psycopg2 to at least 2.8.4 (more details in #5796)
- Add CLI commands for API Token management (#5868)
- Persist attributes in chained functions (#5751)
- Fix install documentation (#5618)
- Fix exception when passing limit to organization (#5789)
- Fix for adding directories from plugins if partially string matches existing values (#5836)
- Fix upload log activity sorting (#5827)
- Textview: escape text formats (#5814)
- Add allow_partial_update to fix losing users (#5734)
- Set default group_type to group in group_create (#5693)
- Use user performing the action on activity context on user_update (#5743)
- New block in nav links in user dashboard (#5804)
- Update references to DataPusher documentation
- Fix JavaScript error on Edge (#5782)
- Fix error when deleting resource with missing datastore table (#5757)
- ensure HTTP_HOST is bytes under python2 (#5714)
- Don't set old_filename when updating groups (#5707)
- Filter activities from user at the database level (#5698)
- Fix user_list ordering (#5667)
- Allowlist for functions in datastore_search_sql (see :ref:`ckan.datastore.sqlsearch.allowed_functions_file`)
- Fix docker install (#5381)
- Fix Click requirement conflict (#5539)
- Return content-type header on downloads if mimetype is (#5670)
- Fix missing activities from UI when internal processes are run by ignored users (#5699)
- Replace 'paster' occurrences with 'ckan' in docs (#5700)
- Include requirements files in Manifest (#5726)
- Fix order which plugins are returned by PluginImplementations changing (#5731)
- Raise NotFound when creating a non-existing collaborator (#5759)
- Restore member edit page (#5767)
- Don't add --ckan-ini pytest option if already added (by pytest-ckan) (#5774)
- Update organization_show package limit docs (#5784)
- Solve encoding errors in changes templates (#5785)
- Add aria attribute and accessible screen reader text to the mobile nav button. (#5555)
- Remove jinja2 blocks from robots.txt (#5648)
- Allow to run the development server using SSL (#5825)
- Update extension template, migrate tests to GitHub Actions (#5797)
- General notes:
- Note: This version requires a database upgrade with
ckan db upgrade
(You should always backup your database first)
- Note: This version requires a database upgrade with
- Restore stats extension with reduced functionality (#5215)
- Allow IAuthenticator methods to return responses (#5259)
- Emit activities when updating datasets in bulk (#5479)
- Catch IndexError from date parsing during dataset indexation (#5535)
- Remove foreign keys relationships in revision tables to avoid purge errors (#5542)
- Fix fullscreen for resource webpageview (#5552)
- Fix skip to content link hiding on screen readers (#5556)
- Fix KeyErrors in change list detection (#5562)
- Fix instantiation of smtp on python 3.8 (#5595)
- Fix unflatten function and DataDictionary/package extras update bug (#5611)
- Fix managing resources by collaborators (#5620)
- package_revise: allow use by normal users (#5637)
- Fix reloader option on ckan run command (#5639)
- Allow config-tool to be used with an incomplete config file (#5647)
- Add aria attribute and accessible screen reader text to the mobile nav button. (#5555)
- Remove jinja2 blocks from robots.txt (#5648)
This version does require a requirements upgrade on source installations
This version does require a database upgrade
This version does not require a Solr schema upgrade if you are already using the 2.8 schema, but it is recommended to upgrade to the 2.9 Solr schema.
This version requires changes to the
who.ini
configuration file. If your setup doesn't use the one bundled with this repo, you will have to manually change the following lines:use = ckan.lib.auth_tkt:make_plugin
to:
use = ckan.lib.repoze_plugins.auth_tkt:make_plugin
And also:
use = repoze.who.plugins.friendlyform:FriendlyFormPlugin
to:
use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin
Otherwise, if you are using symbolinc link to
who.ini
under vcs, no changes required. (#4796)All the static CSS/JS files must be bundled via a webassets.yml file, as opposed to the previously used, optional resource.config file. Check the Assets documentation for more details. (#4614)
When
ckan.cache_enabled
is set toFalse
(default) all requests include theCache-control: private
header. Ifckan.cache_enabled
is set toTrue
, when the user is not logged in and there is no session data, aCache-Control: public
header will be added. For all other requests theCache-control: private
header will be added. Note that you will also need to set theckan.cache_expires
config option to allow caching of requests. (#4781)A full history of dataset changes is now displayed in the Activity Stream to admins, and optionally to the public. By default this is enabled for new installs, but disabled for sites which upgrade (just in case the history is sensitive). When upgrading, open data CKANs are encouraged to make this history open to the public, by setting this in production.ini:
ckan.auth.public_activity_stream_detail = true
(#3972)When upgrading from previous CKAN versions, the Activity Stream needs a migrate_package_activity.py running for displaying the history of dataset changes. This can be performed while CKAN is running or stopped (whereas the standard paster db upgrade migrations need CKAN to be stopped). Ideally it is run before CKAN is upgraded, but it can be run afterwards. If running previous versions or this version of CKAN, download and run migrate_package_activity.py like this:
cd /usr/lib/ckan/default/src/ckan/ wget https://raw.githubusercontent.com/ckan/ckan/2.9/ckan/migration/migrate_package_activity.py wget https://raw.githubusercontent.com/ckan/ckan/2.9/ckan/migration/revision_legacy_code.py python migrate_package_activity.py -c /etc/ckan/production.ini
Future versions of CKAN are likely to need a slightly different procedure. Full info about this migration is found here: https://github.com/ckan/ckan/wiki/Migrate-package-activity (#4784)
The :ref:`config_file` default name has been changed to
ckan.ini
across the documentation regardless of the environment. You can use any name including the legacydevelopment.ini
andproduction.ini
but to keep in sync with the documentation is recommended to update the name.The old paster CLI has been removed in favour of the new ckan command. In most cases the commands and subcommands syntax is the same, but the
-c
or--config
parameter to point to the ini file needs to provided immediately after the ckan command, eg:ckan -c /etc/ckan/default/ckan.ini sysadmin
The minimum PostgreSQL version required starting from this version is 9.5 (#5458)
- Python 3 support. CKAN nows supports Python 3.6, 3.7 and 3.8 (Overview). Check this page for support on how to migrate existing extensions to Python 3.
- Dataset collaborators: In addition to traditional organization-based permissions, CKAN instances can also enable the dataset collaborators feature, which allows dataset-level authorization. This provides more granular control over who can access and modify datasets that belong to an organization, or allows authorization setups not based on organizations. It works by allowing users with appropriate permissions to give permissions to other users over individual datasets, regardless of what organization they belong to. To learn more about how to enable it and the different configuration options available, check the documentation on :ref:`dataset_collaborators`. (#5346)
- API Tokens: an alternative to API keys. Tokens can be created and removed on demand (check :ref:`api authentication`) and there is no restriction on the maximum number of tokens per user. Consider using tokens instead of API keys and create a separate token for each use-case instead of sharing the same token between multiple clients. By default API Tokens are JWT, but alternative formats can be implemented using ckan.plugins.interfaces.IApiToken interface. (#5146)
- Safe dataset updates with
package_revise
: This is a new API action for safe concurrent changes to datasets and resources.package_revise
allows assertions about current package metadata, selective update and removal of fields at any level, and multiple file uploads in a single call. See the documentation at :py:func:`~ckan.logic.action.update.package_revise` (#4618) - Refactor frontend assets management to use webassets, including support for :ref:`x-sendfile` (#4614)
- Users can now upload or link to custom profile pictures. By default, if a
user picture is not provided it will fall back to gravatar. Alternatively,
gravatar can be completely disabled by setting
ckan.gravatar_default = disabled
. In that case a placeholder image is shown instead, which can be customized by overriding thetemplates/user/snippets/placeholder.html
template. (#5272) - Add plugin_extras field allowing extending User object for internal use (#5382)
- New command for running database migrations from extensions. See :ref:`extensions db migrations` for details, (#5150)
- For navl schemas, the 'default' validator no longer applies the default when the value is False, 0, [] or {} (#4448)
- Use alembic instead of sqlalchemy-migrate for managing database migrations (#4450)
- If you've customized the schema for package_search, you'll need to add to it
the limiting of
row
, as per default_package_search_schema now does. (#4484) - Several logic functions now have new upper limits to how many items can be
returned, notably
group_list
,organization_list
whenall_fields=true
,datastore_search
anddatastore_search_sql
. These are all configurable. (#4562) - Give users the option to define which page they want to be redirected to after logging in via ckan.route_after_login config variable. (#4770)
- Add cache control headers to flask (#4781)
- Create recline_view on ods files by default (#4936)
- Replase nosetests with pytest (#4996)
- Make creating new tags in autocomplete module optional (#5012)
- Allow reply to emails (#5024)
- Improve and reorder resource_formats.json (#5034)
- Email unique validator (#5100)
- Preview for multimedia files (#5103)
- Allow extensions to define Click commands (#5112)
- Add organization and group purge (#5127)
- HTML emails (#5132)
- Unified workflow for creating/applying DB migrations from extensions (#5150)
- Use current package_type for urls (#5189)
- Werkzeug dev server improvements (#5195)
- Allow passing arguments to the RQ enqueue_call function (#5208)
- Add option to configure labels of next/prev page button and pager format. (#5223)
- DevServer: threaded mode and extra files (#5303)
- Make default sorting configurable (#5314)
- Allow initial values in group form (#5345)
- Make ckan more accessible (#5360)
- Update date formatters (#5376)
- Allow multiple ext_* params in search views (#5398)
- Always 404 on non-existing user lookup (#5464)
- 500 error when calling resource_search by last_modified (#4130)
- Action function "datastore_search" would calculate the total, even if you set
include_total=False
. (#4448) - Emails not sent from flask routes (#4711)
- Admin of organization can add himself as a member/editor to the organization and lose admin rights (#4821)
- Error when posting empty array with type json using datastore_create (#4826)
- ValueError when you configure exception emails (#4831)
- Dataset counts incorrect on Groups listing (#4987)
- Fix broken layout in organization bulk_process (#5147)
- Index template with template path instead of numeric index (#5172)
- Add metadata_modified field to resource (#5236)
- Send the right URL of CKAN to datapusher (#5281)
- Multiline translation strings not translated (#5339)
- Allow repeaded params in h.add_url_param (#5373)
- Accept timestamps with seconds having less than 6 decimals (#5417)
- RTL css fixes (#5420)
- Prevent account presence exposure when ckan.auth.public_user_details = false (#5432)
- ckan.i18n_directory config option ignored in Flask app. (#5436)
- Allow lists in resource extras (#5453)
Revision and History UI is removed: /revision/* & /dataset/{id}/history in favour of /dataset/changes/ visible in the Activity Stream.
model.ActivityDetail
is no longer used and will be removed in the next CKAN release. (#3972)c.action
andc.controller
variables should be avoided.ckan.plugins.toolkit.get_endpoint
can be used instead. This function returns tuple of two items(depending on request handler): 1. Flask blueprint name / Pylons controller name 2. Flask view name / Pylons action name In some cases, Flask blueprints have names that are differs from their Pylons equivalents. For example, 'package' controller is divided between 'dataset' and 'resource' blueprints. For such cases you may need to perform additional check of returned value:>>> if toolkit.get_endpoint()[0] in ['dataset', 'package']: >>> do_something()
In this code snippet, will be called if current request is handled via Flask's dataset blueprint in CKAN>=2.9, and, in the same time, it's still working for Pylons package controller in CKAN<2.9 (#4319)
The following logic functions have been removed (#4627): *
dashboard_activity_list_html
*organization_activity_list_html
*user_activity_list_html
*package_activity_list_html
*group_activity_list_html
*organization_activity_list_html
*recently_changed_packages_activity_list_html
*dashboard_activity_list_html
*activity_detail_list
Remove Bootstrap 2 templates (#4779)
Extensions that add CLI commands should note the deprecation of
ckan.lib.cli.CkanCommand
and all other helpers in ckan.lib.cli. Extensions should instead implement CLIs using the new IClick interface. (#5112)Remove paster CLI (#5264)
- CVE-2022-43685: fix potential user account takeover via user create
Fixes:
- Fixes incorrectly encoded url current_url (#6685)
- Check if locale exists on i18n JS API (#6698)
- Add
csrf_input()
helper for cross-CKAN version compatibilty (#7016) - Fix not empty validator (#6658)
- Use
get_action()
in patch actions to allow custom logic (#6519) - Allow to extend organization_facets (#6682)
- Expose check_ckan_version to templates (#6741)
- Allow get_translated helper to fall back to base version of a language (#6815)
- Fix server error in tag autocomplete when vocabulary does not exist (#6820)
- Check if locale exists on i18n JS API (#6698)
- Fix updating a non-existing resource causes an internal sever error (#6928)
Fixes:
- Add timeouts to requests calls (see ckan.requests.timeout) (#6408)
- Fix user create/edit email validators (#6399)
- Allow children elements on select2 lists (#6503)
Fixes:
- render_datetime helper does not respect ckan.display_timezone configuration (#6252)
- Fix SQLAlchemy configuration for DataStore (#6087)
- Don't cache license translations across requests (#5586)
- Fix tracking.js module preventing links to be opened in new tabs (#6386)
- Fix deleted org/group feeds (#6368)
- Fix runaway preview height (#6284)
- Fix unreliable ordering of DataStore results (#2317)
- Fix Chinese locales (#4413)
- Allow installation of requirements without any additional actions using pip (#5408)
- Include requirements files in Manifest (#5726)
- Dockerfile: pin pip version (#5929)
- Allow uploaders to only override asset / resource uploading (#6088)
- Catch TypeError from invalid thrown by dateutils (#6085)
- Display proper message when sysadmin password is incorect (#5911)
- Use external library to parse view filter params
- Fix auth error when deleting a group/org (#6006)
- Fix datastore_search language parameter (#5974)
- make SQL function whitelist case-insensitive unless quoted (#5969)
- Fix Explore button not working (#3720)
- remove unused var in task_status_update (#5861)
- Prevent guessing format and mimetype from resource urls without path (#5852)
General notes: * Note: To use PostgreSQL 12 on CKAN 2.8 you need to upgrade SQLAlchemy to 1.2.17 and vdm to 0.15 (more details in #5796)
Fixes:
- Persist attributes in chained functions (#5751)
- Fix install documentation (#5618)
- Fix exception when passing limit to organization (#5789)
- Fix for adding directories from plugins if partially string matches existing values (#5836)
- Fix upload log activity sorting (#5827)
- Textview: escape text formats (#5814)
- Add allow_partial_update to fix losing users (#5734)
- Set default group_type to group in group_create (#5693)
- Use user performing the action on activity context on user_update (#5743)
- New block in nav links in user dashboard (#5804)
- Update references to DataPusher documentation
- Fix JavaScript error on Edge (#5782)
- Fix error when deleting resource with missing datastore table (#5757)
- ensure HTTP_HOST is bytes under python2 (#5714)
- Don't set old_filename when updating groups (#5707)
- Filter activities from user at the database level (#5698)
- Fix user_list ordering (#5667)
- Allowlist for functions in datastore_search_sql (see :ref:`ckan.datastore.sqlsearch.allowed_functions_file`)
Fixes: * Allow IAuthenticator methods to return responses (#5259) * Fix skip to content link hiding on screen readers (#5556) * Fix unflattening of dataset extras (#5602) * Fix minified JS files in 2.7 (#5557) * Send the right URL of CKAN to datapusher (#5281) * Fix fullscreen for resource webpageview (#5552) * PackageSearchIndex.index_package(): catch IndexError from date parsing (#5535) * Fix collapsible menu in mobile view (#5448) * Refactor query string parsing module
Fixes:
- Add RTL support (#5413)
- Fix UnicodeDecodeError on abort fucntion (#4829)
- Improve and reorder resource_formats.json (#5034)
- Allow passing arguments to the RQ enqueue_call function (#5208)
- Fix dashboard follower filter (#5412)
- Update dictionary.html for bs2 version (#5365)
- Prevent password reset exposing account presence (#5431)
- Add class dropdown to 'New view' menu (#5470)
- Update jQuery to 3.5.0 (#5364)
- Fix dashboard activity filter (#5424)
- Prevent account presence exposure when ckan.auth.public_user_details = false (#5432)
- Fix resource upload filename fetching in IE (#5438)
- Unflatten: allow nesting >1 level (#5444)
- Allow lists in resource extras (#5453)
- Only add error to tag_errors if not empty (#5454)
- Fix order_by param in user_list action (#5342)
- Fix for Resources validation errors display (#5335)
- General notes:
- Note: This version does not requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
- Note: This version includes changes in the way the
SameSite
flag is set on theauth_tkt
authorization cookie. The new default setting for it isSameSite=Lax
, which aligns with the behaviour of all major browsers. If for some reason you need a different value, you can set it via the who.samesite configuration option. You can find more information on theSameSite
attribute here.
Fixes:
- Fix for number of datasets displayed on the My organizations tab (#3580)
- Allow chaining of core actions (#4509)
- Password reset request - generally tighten it up (#4636)
- Fix start option in data_dict (#4920)
- Add missing get_action calls in activity actions (#4967)
- Fix datetime comparison in resource_dict_save (#5033)
- Fix wrong _ function reference in user blueprint (#5046)
- Allow vocabulary_id in /api/2/util/tag/autocomplete (#5071)
- Fetch less data for get_all_entity_ids (#5201)
- Show error in text view if xhr failed (#5271)
- Fix code injection in autocomplete module (#5064)
- Check for the existence of tracking summary data before attempting to load it (#5030)
- Disable streaming for pylons requests (#4431)
- Filter revisions shown according to dataset permissions
- Fix wrong resource URL after ValidationErrors (#5152)
- Update JS vendor libraries
- Samesite support in auth cookie (#5255)
- Handle missing resources in case we have a race condition with the DataPusher (#3980)
- Add the g object to toolkit
- Use returned facets in group controller (#2713)
- Updated translations
- Fix broken translation in image view placeholder (#5099)
- General notes:
- Note: This version does not requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
Fixes:
- Fix include_total in datastore_search (#4446)
- Fix problem with reindex-fast (#4352)
- Fix ValueError in url_validator (#4629)
- Strip local path when uploading file in IE (#4608)
- Increase size of h1 headings to 1.8em (#4665)
- Fix broken div nesting in the user/read_base.html (#4672)
- package_search parameter fl accepts list-like values (#4464)
- Use chained_auth_function with core auth functions (#4491)
- Allow translation of custom licenses (#4594)
- Fix delete button links (#4598)
- Fix hardcoded root paths (#4662)
- Fix reCaptcha (#4732)
- Fix incremented follower-counter (#4767)
- Fix breadcrumb on /datasets (#4405)
- Fix root_path when using mod_wsgi (#4452)
- Correctly insert root_path for urls generated with _external flag (#4722)
- Make reorder resources button translatable (#4838)
- Fix feeds urls generation (#4854)
- More robust auth functions for resource_view_show (#4827)
- Allow to customize the DataProxy URL (#4874)
- Allow custom CKAN callback URL for the DataPusher (#4878)
- Add psycopg>=2.8 support (#4841)
- General notes:
- This version requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
Fixes:
- Strip full URL on uploaded resources before saving to DB (#4382)
- Fix user not being defined in check_access function (#4574)
- Remove html5 shim from stats extension (#4236)
- Fix for datastore_search distinct=true option (#4236)
- Fix edit slug button (#4379)
- Don't re-register plugin helpers on flask_app (#4414)
- Fix for Resouce View Re-order (#4416)
- autocomplete.js: fix handling of comma key codes (#4421)
- Flask patch update (#4426)
- Allow plugins to define multiple blueprints (#4495)
- Fix i18n API encoding (#4505)
- Allow to defined legacy route mappings as a dict in config (#4521)
- group_patch does not reset packages (#4557)
- General notes:
- Note: This version does not requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
Fixes:
- "Add Filter" Performance Issue (#4162)
- Error handler update (#4257)
- "New view" button does not work (#4260)
- Upload logo is not working (#4262)
- Unable to pip install ckan (#4271)
- The "License" Icon in 2.8 is wrong (#4272)
- Search - input- border color is overly specific in CSS (#4273)
- Site logo image does not scale down when very large (#4283)
- Validation Error on datastore_search when sorting timestamp fields (#4288)
- Undocumented changes breaking error_document_template (#4303)
- Internal server error when viewing /dashboard when logged out (#4305)
- Missing c.action attribute in 2.8.0 templates (#4310)
- [multilingual] AttributeError: '_Globals' object has no attribute 'fields' (#4338)
- search legacy route missing (#4346)
- General notes:
This version requires a requirements upgrade on source installations
This version requires a database upgrade
This version requires a Solr schema upgrade
This version requires re-running the
datastore set-permissions
command (assuming you are using the DataStore). See: :ref:`datastore-set-permissions`Otherwise new and updated datasets will not be searchable in DataStore and the logs will contain this error:
ProgrammingError: (psycopg2.ProgrammingError) function populate_full_text_trigger() does not exist
CKAN developers should also re-run set-permissions on the test database: :ref:`datastore-test-set-permissions`
There are several old features being officially deprecated starting from this version. Check the Deprecations section to be prepared.
- Major changes:
- New revamped frontend templates based on Bootstrap 3, see "Changes and deprecations" (#3547)
- Allow datastore_search_sql on private datasets (#2562)
- New Flask blueprints migrated from old Pylons controllers: user, dashboard, feeds, admin and home (#3927, #3870, #3775, #3762)
- Improved support for custom groups and organization types (#4032)
- Hide user details to anonymous users (#3915)
- Minor changes:
- Allow chaining of authentication functions (#3679)
- Show custom dataset types in search pages (#3807)
- Overriding datastore authorization system (#3679)
- Standardize on url_for (#3831)
- Deprecate notify_after_commit (#3633)
- _mail_recipient header override (#3781)
- Restrict access to member forms (#3684)
- Clean up template rendering code (#3923)
- Permission labels are indexed by type text in SOLR (#3863)
- CLI commands require a Flask test request context (#3760)
- Allow IValidator to override existing validators (#3865)
- Shrink datastore_create response size (#3810)
- Stable version URLs CKAN for documentation (#4209)
- API Documentation update (#4136)
- Documentation of Data Dictionary (#3989)
- Remove datastore legacy mode (#4041)
- Map old Pylons routes to Flask ones (#4066)
- Bug fixes:
- File uploads don't work on new Flask based API (#3869)
- {% ckan_extends %} not working on templates served by Flask (#4044)
- Problems in background workers with non-core database relations (#3606)
- Render_datetime can't handle dates before year 1900 (#2228)
- DatapusherPlugin implementation of notify() can call 'datapusher_submit' multiple times (#2334)
- Dataset creation page generates incorrect URLs with Chrome autocomplete (#2501)
- Search buttons need accessible labels (#2550)
- Column name length limit for datastore upload (#2804)
- #2373: Do not validate packages or resources from database to views (#3016)
- Creation of dataset - different behaviour between Web API & CKAN Interface functionality (#3528)
- Redirecting to same page in non-root hosted ckan adds extra root_path to url (#3499)
- Beaker 1.8.0 exception when the code is served from OSX via Vagrant (#3512)
- Add "Add Dataset" button to user's and group's page (#2794)
- Some links in CKAN is not reachable (#2898)
- Exception when specifying a directory in the ckan.i18n_directory option (#3539)
- Resource view filter user filters JS error (#3590)
- Recaptcha v1 will stop working 2018-3-31 (#4061)
- "Testing coding standards" page in docs is missing code snippets (#3635)
- Followers count not updated immediately on UI (#3639)
- Increase jQuery version (#3665)
- Search icon on many pages is not properly vertically aligned (#3654)
- Datatables view can't be used as a default view (#3669)
- Resource URL is not validated on create/update (#3660)
- Upload to Datastore tab shows incorrect time at Upload Log (#3588)
- Filter results button is not working (#3593)
- Broken link in "Upgrading CKAN’s dependencies" doc page (#3637)
- Default logo image not properly saved (#3656)
- Activity test relies on datetime.now() (#3644)
- Info block text for Format field not properly aligned in resource form page (#3663)
- Issue upon creating new organization/group through UI form (#3661)
- In API docs "package_create" lists "owner_org" as optional (#3647)
- Embed modal window not working (#3731)
- Frontent build command does not work on master (#3688)
- Loading image duplicated (#3716)
- Datastore set-up error - logging getting in the way (#3694)
- Registering a new account redirects to an unprefixed url (#3834)
- Exception in search page when not authorized (#4081)
- Datastore full-text-search column is populated by postgres trigger rather than python (#3785)
- Datastore dump results are not the same as data in database (#4150)
- Adding filter at resoruce preview doesn't work while site is setup with ckan.root_path param (#4140)
- No such file or directory: '/usr/lib/ckan/default/src/ckan/requirement-setuptools.txt' during installation from source (#3641)
- Register user form missing required field indicators (#3658)
- Datastore full-text-search column is populated by postgres trigger rather than python (#3786)
- Add missing major changes to change log (#3799)
- Paster/CLI config-tool requires _get_test_app which in turn requires a dev-only dependency (#3806)
- Change log doesn't mention necessary Solr scheme upgrade (#3851)
- TypeError: expected byte string object, value of type unicode found (#3921)
- CKAN's state table clashes with PostGIS generated TIGER state table (#3929)
- [Docker] entrypoint initdb.d sql files copied to root (#3939)
- DataStore status page throws TypeError - Bleach upgrade regression (#3968)
- Source install error with who.ini (#4020)
- making a JSONP call to the CKAN API returns the wrong mime type (#4022)
- Deleting a resource sets datastore_active=False to all resources and overrides their extras (#4042)
- Deleting first Group and Organization custom field is not possible (#4094)
- Changes and deprecations:
The default templates included in CKAN core have been updated to use Bootstrap 3. Extensions implementing custom themes are encouraged to update their templates, but they can still make CKAN load the old Bootstrap 2 templates during the transition using the following configuration options:
ckan.base_public_folder = public-bs2 ckan.base_templates_folder = templates-bs2
The API versions 1 and 2 (also known as the REST API), ie
/api/rest/*
have been completely removed in favour of the version 3 (action API,/api/action/*
).The old Celery based background jobs have been removed in CKAN 2.8 in favour of the new RQ based jobs (http://docs.ckan.org/en/latest/maintaining/background-tasks.html). Extensions can still of course use Celery but they will need to handle the management themselves.
After introducing dataset blueprint, h.get_facet_items_dict takes search_facets as second argument. This change is aimed to reduce usage of global variables in context. For a while, it has default value of None, in which case, c.search_facets will be used. But all template designers are strongly advised to specify this argument explicitly, as in future it'll become required.
The
ckan.recaptcha.version
config option is now removed, since v2 is the only valid version now (#4061)
Fixes:
- Fix tracking.js module preventing links to be opened in new tabs (#6384)
- Fix deleted org/group feeds (#6367)
- Fix runaway preview height (#6283)
- Fix unreliable ordering of DataStore results (#2317)
Fixes:
- Allow uploaders to only override asset / resource uploading (#6088)
- Catch TypeError from invalid thrown by dateutils (#6085)
- Use external library to parse view filter params
- Fix auth error when deleting a group/org (#6006)
- Fix datastore_search language parameter (#5974)
- make SQL function whitelist case-insensitive unless quoted (#5969)
- Fix Explore button not working (#3720)
- "New view" button fix (#4260)
- remove unused var in task_status_update (#5861)
- Prevent guessing format and mimetype from resource urls without path (#5852)
Fixes:
- Fix install documentation (#5618)
- Fix exception when passing limit to organization (#5789)
- Fix for adding directories from plugins if partially string matches existing values (#5836)
- Fix upload log activity sorting (#5827)
- Textview: escape text formats (#5814)
- Add allow_partial_update to fix losing users (#5734)
- Set default group_type to group in group_create (#5693)
- Use user performing the action on activity context on user_update (#5743)
- New block in nav links in user dashboard (#5804)
- Update references to DataPusher documentation
- Fix JavaScript error on Edge (#5782)
- Fix error when deleting resource with missing datastore table (#5757)
- ensure HTTP_HOST is bytes under python2 (#5714)
- Don't set old_filename when updating groups (#5707)
- Filter activities from user at the database level (#5698)
- Fix user_list ordering (#5667)
- Allow list for functions in datastore_search_sql (see :ref:`ckan.datastore.sqlsearch.allowed_functions_file`)
Fixes:
- Fix unflattening of dataset extras (#5602)
- Fix minified JS files in 2.7 (#5557)
- Send the right URL of CKAN to datapusher (#5281)
- Fix fullscreen for resource webpageview (#5552)
- PackageSearchIndex.index_package(): catch IndexError from date parsing (#5535)
- Fix collapsible menu in mobile view (#5448)
- Refactor query string parsing module
Fixes:
- Fix UnicodeDecodeError on abort fucntion (#4829)
- Improve and reorder resource_formats.json (#5034)
- Allow passing arguments to the RQ enqueue_call function (#5208)
- Fix dashboard follower filter (#5412)
- Update dictionary.html for bs2 version (#5365)
- Prevent password reset exposing account presence (#5431)
- Add class dropdown to 'New view' menu (#5470)
- Update jQuery to 3.5.0 (#5364)
- Fix dashboard activity filter (#5424)
- Prevent account presence exposure when ckan.auth.public_user_details = false (#5432)
- Fix resource upload filename fetching in IE (#5438)
- Unflatten: allow nesting >1 level (#5444)
- Allow lists in resource extras (#5453)
- Only add error to tag_errors if not empty (#5454)
- Fix order_by param in user_list action (#5342)
- Fix for Resources validation errors display (#5335)
- General notes:
- Note: This version does not requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
- Note: This version includes changes in the way the
SameSite
flag is set on theauth_tkt
authorization cookie. The new default setting for it isSameSite=Lax
, which aligns with the behaviour of all major browsers. If for some reason you need a different value, you can set it via the who.samesite configuration option. You can find more information on theSameSite
attribute here.
Fixes:
- Fix for number of datasets displayed on the My organizations tab (#3580)
- Password reset request - generally tighten it up (#4636)
- Add missing get_action calls in activity actions (#4967)
- Fix datetime comparison in resource_dict_save (#5033)
- Allow vocabulary_id in /api/2/util/tag/autocomplete (#5071)
- Fetch less data for get_all_entity_ids (#5201)
- Show error in text view if xhr failed (#5271)
- Fix code injection in autocomplete module (#5064)
- Check for the existence of tracking summary data before attempting to load it (#5030)
- Fix broken translation in image view placeholder (#5099)
- Filter revisions shown according to dataset permissions
- Update JS vendor libraries
- Use returned facets in group controller (#2713)
- Samesite support in auth cookie (#5255)
- Handle missing resources in case we have a race condition with the DataPusher (#3980)
- Add the g object to toolkit
- General notes:
- Note: This version does not requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
Fixes:
- Fix problem with reindex-fast (#4352)
- Fix include_total in datastore_search (#4446)
- Fix ValueError in url_validator (#4629)
- Strip local path when uploading file in IE (#4608)
- Increase size of h1 headings to 1.8em (#4665)
- Fix broken div nesting in the user/read_base.html (#4672)
- Use get_action to call activity actions (#4684)
- Make reorder resources button translatable (#4838)
- More robust auth functions for resource_view_show (#4827)
- Allow to customize the DataProxy URL (#4874)
- Allow custom CKAN callback URL for the DataPusher (#4878)
- Strip full URL on uploaded resources before saving to DB (#4382)
- Fix for datastore_search distinct=true option (#4236)
- Fix edit slug button (#4379)
- Don't re-register plugin helpers on flask_app (#4414)
- Fix for Resouce View Re-order (#4416)
- autocomplete.js: fix handling of comma key codes (#4421)
- Flask patch update (#4426)
- Allow plugins to define multiple blueprints (#4495)
- Fix i18n API encoding (#4505)
- Allow to defined legacy route mappings as a dict in config (#4521)
- group_patch does not reset packages (#4557)
- Adding filter at resoruce preview doesn't work while site is setup with ckan.root_path param (#4140)
- Datastore dump results are not the same as data in database (#4150)
- General notes:
As with all patch releases this one does not include requirement changes. However in some scenarios you might encounter the following error while installing or upgrading this version of CKAN:
Error: could not determine PostgreSQL version from '10.2'
This is due to a bug in the psycopg2 version pinned to the release. To solve it, upgrade psycopg2 with the following command:
pip install --upgrade psycopg2==2.8.2
This release does not require a Solr schema upgrade, but if you are having the issues described in #3863 (datasets wrongly indexed in multilingual setups), you can upgrade the Solr schema and reindex to solve them.
#3422 (implemented in #3425) introduced a major bug where if a resource was deleted and the DataStore was active extras from all resources on the site where changed. This is now fixed as part of this release but if your database is already affected you will need to run a script to restore the extras to their previous state. Remember, you only need to run the script if all the following are true:
- You are currently running CKAN 2.7.0 or 2.7.2, and
- You have enabled the DataStore, and
- One or more resources with data on the DataStore have been deleted (or you suspect they might have been)
If all these are true you can run the following script to restore the extras to their previous state:
https://github.com/ckan/ckan/blob/dev-v2.7/scripts/4042_fix_resource_extras.py
This issue is described in #4042
- Fixes:
- Fix toggle bars header icon (#3880)
- Change CORS header keys and values to string instead of unicode (#3855)
- Fix cors header when all origins are allowed (#3898)
- Update SOLR schema.xml reference in Dockerfile
- Build local SOLR container by default
- Create datastore indexes only if they are not exist
- Properly close file responses
- Use javascript content-type for jsonp responses (#4022)
- Add Data Dictionary documentation (#3989)
- Fix SOLR index delete_package implementation
- Add second half of DataStore set-permissions command(Docs)
- Fix extras overriding for removed resources (#4042)
- Return a 403 if not authorized on the search page (#4081)
- Add support for user/pass for Solr as ENV var
- Change permission_labels type to string in schema.xml (#3863)
- Disallow solr local parameters
- Improve text view rendering
- Update Orgs/Groups logic for custom fields delete and update (#4094)
- Upgrade Solr Docker image
- Include missing minified JavaScript files
- add field_name to image_upload macro when uploading resources (#3766)
- Add some missing major changes to change log. (#3799)
- _mail_recipient header override (#3781)
- skip url parsing in redirect (#3499)
- Fix multiple errors in i18n of JS modules (#3590)
- Standardize on url_for on popup (#3831)
- General notes:
- Starting from this version, CKAN requires at least Postgres 9.3
- Starting from this version, CKAN requires a Redis database. Please refer to the new ckan.redis.url configuration option.
- This version requires a requirements upgrade on source installations
- This version requires a database upgrade
- This version requires a Solr schema upgrade
- There are several old features being officially deprecated starting from this version. Check the Deprecations section to be prepared.
- Major changes:
- New datatables_view resource view plugin for tabular data (#3444)
- IDataStoreBackend plugins for replacing the default DataStore Postgres backend (#3437)
- datastore_search new result formats and performance improvements (#3523)
- PL/PGSQL triggers for DataStore tables (#3428)
- DataStore dump CLI commands (#3384)
- Wrap/override actions defined in other plugins (#3494)
- DataStore table data dictionary stored as postgres comments (#3414)
- Common session object for Flask and Pylons (#3208)
- Rename deleted datasets when they conflict with new ones (#3370)
- DataStore dump more formats: CSV, TSV, XML, JSON; BOM option (#3390)
- Common requests code for Flask and Pylons so you can use Flask views via the new IBlueprint interface (#3212)
- Generate complete datastore dump files (#3344)
- A new system for asynchronous background jobs (#3165)
- Chaining of action functions (#3494)
- Minor changes:
- Renamed example theme plugin (#3576)
- Localization support for groups (#3559)
- Create new resource views when format changes (#3515)
- Email field validation (#3568)
- datastore_run_triggers sysadmin-only action to apply triggers to existing data (#3565)
- Docs updated for Ubuntu 16.04 (#3544)
- Upgrade leaflet to 0.7.7 (#3534)
- Datapusher CLI always-answer-yes option (#3524)
- Added docs for all plugin interfaces (#3519)
- DataStore dumps nested columns as JSON (#3487)
- Faster/optional datastore_search total calculation (#3467)
- Faster group_activity_query (#3466)
- Faster query performance (#3430)
- Marked remaining JS strings translatable (#3423)
- Upgrade font-awesome to 4.0.3 (#3400)
- group/organization_show include_dataset_count option (#3385)
- image_formats config option for image viewer (#3380)
- click may now be used for CLI interfaces: use load_config instead of CkanCommand (#3384)
- package_search option to return only names/ids (#3427)
- user_list all_fields option (#3353)
- Error controller may now be overridden (#3340)
- Plural translations in JS (#3211)
- Support JS translations in extensions (#3272)
- Requirements upgraded (#3305)
- Dockerfile updates (#3295)
- Fix activity test to use utcnow (#3644)
- Changed required permission from 'update' to 'manage_group' (#3631)
- Catch invalid sort param exception (#3630)
- Choose direction of recreated package relationship depending on its type (#3626)
- Fix render_datetime for dates before year 1900 (#3611)
- Fix KeyError in 'package_create' (#3027)
- Allow slug preview to work with autocomplete fields (#2501)
- Fix filter results button not working for organization/group (#3620)
- Allow underscores in URL slug preview on create dataset (#3612)
- Fallback to po file translations on
h.get_translated()
(#3577) - Fix Fanstatic URL on non-root installs (#3618)
- Fixed escaping issues with
helpers.mail_to
and datapusher logs - Autocomplete fields are more responsive - 300ms timeout instead of 1s (#3693)
- Fixed dataset count display for groups (#3711)
- Restrict access to form pages (#3684)
- Render_datetime can handle dates before year 1900 (#2228)
- API changes:
organization_list_for_user
(and theh.organizations_available()
helper) now return all organizations a user belongs to regardless of capacity (Admin, Editor or Member), not just the ones where she is an administrator (#2457)organization_list_for_user
(and theh.organizations_available()
helper) now default to not include package_count. Pass include_dataset_count=True if you need the package_count values.resource['size']
will change from string to long integer (#3205)- Font Awesome has been upgraded from version 3.2.1 to 4.0.3 .Please refer to https://github.com/FortAwesome/Font-Awesome/wiki/Upgrading-from-3.2.1-to-4 to upgrade your code accordingly if you are using custom themes.
- Deprecations:
- The API versions 1 and 2 (also known as the REST API, ie
/api/rest/*
will removed in favour of the version 3 (action API,/api/action/*
), which was introduced in CKAN 2.0. The REST API will be removed on CKAN 2.8. - The default theme included in CKAN core will switch to use Bootstrap 3 instead of Bootstrap 2 in CKAN 2.8. The current Bootstrap 2 based templates will still be included in the next CKAN versions, so existing themes will still work. Bootstrap 2 templates will be eventually removed though, so instances are encouraged to update their themes using the available documentation (https://getbootstrap.com/migration/)
- The activity stream related actions ending with
*_list
(egpackage_activity_list
) and*_html
(egpackage_activity_list_html
) will be removed in CKAN 2.8 in favour of more efficient alternatives and are now deprecated. - The legacy revisions controller (ie
/revisions/*
) will be completely removed in CKAN 2.8. - The old Celery based background jobs will be removed in CKAN 2.8 in favour of the new RQ based jobs (http://docs.ckan.org/en/latest/maintaining/background-tasks.html). Extensions can still of course use Celery but they will need to handle the management themselves.
- The API versions 1 and 2 (also known as the REST API, ie
- General notes:
- Note: This version does not requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
Fixes:
- Fix for number of datasets displayed on the My organizations tab (#3580)
- Fix datetime comparison in resource_dict_save (#5033)
- Fetch less data for get_all_entity_ids (#5201)
- Show error in text view if xhr failed (#5271)
- Allow vocabulary_id in /api/2/util/tag/autocomplete (#5071)
- Fix code injection in autocomplete module (#5064)
- Fix broken translation in image view placeholder (#5099)
- Filter revisions shown according to dataset permissions
- Update JS vendor libraries
- Use returned facets in group controller (#2713)
- Samesite support in auth cookie (#5255)
- Handle missing resources in case we have a race condition with the DataPusher (#3980)
- Add the g object to toolkit
- General notes:
- Note: This version does not requires a requirements upgrade on source installations
- Note: This version does not requires a database upgrade
- Note: This version does not require a Solr schema upgrade
Fixes:
- Fix broken div nesting in the user/read_base.html (#4672)
- Strip local path when uploading file in IE (#4608)
- Increase size of h1 headings to 1.8em (#4665)
- Fix ValueError in url_validator (#4629)
- More robust auth functions for resource_view_show (#4827)
- Allow to customize the DataProxy URL (#4874)
- Allow custom CKAN callback URL for the DataPusher (#4878)
- Adding filter at resoruce preview doesn't work while site is setup with ckan.root_path param (#4140)
- Stable version URLs CKAN for documentation (#4209)
- Add Warning in docs sidebar (#4209)
Note: This version requires a database upgrade
- Activity Time stored in UTC (#2882)
- Migration script to adjust current activity timestamps to UTC
- Change CORS header keys and values to string instead of unicode (#3855)
- Fix cors header when all origins are allowed (#3898)
- Update SOLR schema.xml reference in Dockerfile
- Build local SOLR container by default
- Create datastore indexes only if they don't exist
- Properly close file responses
- Use javascript content-type for jsonp responses (#4022)
- Fix SOLR index delete_package implementation
- Add second half of DataStore set-permissions command (Docs)
- Return a 403 if not authorized on the search page (#4081)
- Add support for user/pass for Solr as ENV var
- Disallow solr local parameters
- Improve text view rendering
- Update Orgs/Groups logic for custom fields delete and update (#4094)
- Mail recepient header override (#3781)
- Skip url parsing in redirect (#3499)
- Support non root for fanstatic (#3618)
- Fix in organization / group form image URL field (#3661)
- Fix activity test to use utcnow (#3644)
- Changed required permission from 'update' to 'manage_group' (#3631)
- Catch invalid sort param exception (#3630)
- Choose direction of recreated package relationship depending on its type (#3626)
- Fix render_datetime for dates before year 1900 (#3611)
- Fix KeyError in 'package_create' (#3027)
- Allow slug preview to work with autocomplete fields (#2501)
- Fix filter results button not working for organization/group (#3620)
- Allow underscores in URL slug preview on create dataset (#3612)
- Create new resource view if resource format changed (#3515)
- Fixed escaping issues with helpers.mail_to and datapusher logs
- Autocomplete fields are more responsive - 300ms timeout instead of 1s (#3693)
- Fixed dataset count display for groups (#3711)
- Restrict access to form pages (#3684)
- Use fully qualified urls for reset emails (#3486)
- Fix edit_resource for resource with draft state (#3480)
- Tag fix for group/organization pages (#3460)
- Setting of datastore_active flag moved to separate function (#3481)
- Fix DataPusher being fired multiple times (#3245)
- Use the url_for() helper for datapusher URLs (#2866)
- Resource creation date use datetime.utcnow() (#3447)
- Fix locale error when using fix ckan.root_path
- render_markdown breaks links with ampersands
- Check group name and id during package creation
- Use utcnow() on dashboard_mark_activities_old (#3373)
- Fix encoding error on DataStore exception
- Datastore doesn't add site_url to resource created via API (#3189)
- Fix memberships after user deletion (#3265)
- Remove idle database connection (#3260)
- Fix package_owner_org_update action when called via the API (#2661)
- Fix French locale (#3327)
- Updated translations
Note: Starting from this version, CKAN requires at least Python 2.7 and Postgres 9.2
Note: This version requires a requirements upgrade on source installations
Note: This version requires a database upgrade
- Note: This version does not require a Solr schema upgrade (You may want to
- upgrade the schema if you want to target Solr>=5, see #2914)
- Major:
- Minor:
- Make resource name default to file name (#1372)
- Customizable email templates (#1527)
- Change solrpy library to pysolr (#2352)
- Cache SQL query results (#2353)
- File Upload UX improvements (#2604)
- Helpers for multilingual fields (#2678)
- Improve Extension translation docs (#2783)
- Decouple configuration from Pylons (#3163)
- toolkit: add h, StopOnError, DefaultOrganizationForm (#2835)
- Remove Genshi support (#2833)
- Make resource URLs optional (#2844)
- Use 403 when actions are forbidden, not 401 (#2846)
- Upgrade requirements version (#3004, #3005)
- Add icons sources (#3048)
- Remove lib/dumper (#2879)
- ckan.__version__ available as template helper (#3103)
- Remove site_url_nice from app_globals (#3117)
- Remove e.message deprecation warning when running tests (#3121)
- Drop Python 2.6 support (#3126)
- Update Recline version (#3184)
- Refactor config/middleware.py to more closely match poc-flask-views (#3116)
- Creation of datasets sources with no organization specified (#3046)
- Bug fixes:
- DataPusher called multiple times when creating a dataset (#2856)
- Default view is re-added when removed before DataStore upload is complete (#3011)
- "Data API" button disappears on resource page after empty update (#3012)
- Uncaught email exceptions on user invite (#3077)
- Resource view description is not rendered as Markdown (#3128)
- Fix broken html5lib dependency (#3180)
- ZH_cn translation formatter fix (#3238)
- Incorrect i18n-paths in extension's setup.cfg (#3275)
- Changing your user name produces an error and logs you out (#2394)
- Fix "Load more" functionality in the dashboard (#2346)
- Fix filters not working when embedding a resource view (#2657)
- Proper sanitation of header name on SlickGrid view (#2923)
- Fix unicode error when indexing field of type JSON (#2969)
- Fix group feeds returning no datasets (#2955)
- Replace MapQuest tiles in Recline with Stamen Terrain (#3162)
- Fix bulk operations not taking effect (#3199)
- Raise validation errors on group/org_member_create (#3108)
- Incorrect warnings when ckan.views.default_views is empty (#3093)
- Don't show deleted users/datasets on member_list (#3078)
- Fix Tag pagination widget styling (#2399)
- Fix package_owner_org_update standalone (#2661)
- Don't template fanstatic error pages (#2770)
- group_controller() on IGroupForm not in interface (#2771)
- Fix assert_true to test for message in response (#2802)
- Add user parameter to paster profile command (#2815)
- make context['user'] always username or None (#2817)
- remove some deprecated compatibility hacks (#2818)
- Param use_default_schema does not work on package_search (#2848)
- Sanitize offset when listing group activity (#2859)
- Incorrect 'download resource' hyperlink when a resource is unable to upload to datastore (#2873)
- Resolve datastore_delete erasing the database when filters was blank. (#2885)
- DomainObject.count() doesn't return count (#2919)
- Fix response code test failures (#2931)
- Fixed the url_for_* helpers when both SCRIPT_NAME and ckan.root_path are defined (#2936)
- Escape special characters in password while db loading (#2952)
- Fix redirect not working with non-root (#2968)
- Group pagination does not preserve sort order (#2981)
- Remove LazyJSONObject (#2983)
- Deleted users appear in sysadmin user lists (#2988)
- Server error at /organization if not authorized to list organizations (#2990)
- Slow page rendering when using lots of snippets (#3000)
- Only allow JSONP callbacks on GET requests (#3002)
- Attempting to access non-existing helpers should raise HelperException (#3041)
- Deprecate h.url, make it use h.url_for internally (#3055)
- Tests fail when LANG environment variable is set to German (#3060)
- Fix pagination style (CSS) (#3067)
- Login fails with 404 when using root_path (#3089)
- Resource view description is not rendered as Markdown (#3128)
- Clarify package_relationship_update documentation (#3132)
- q parameter in followee_list action has no effect (#3167)
- Zh cn translation formatter fix (#3238)
- Users are not removed in related tables if the main user entry is deleted (#3265)
- API changes and deprecations:
- Replace c.__version__ with new helper h.ckan_version() (#3103)
- Adding filter at resoruce preview doesn't work while site is setup with ckan.root_path param (#4140)
- Add Warning in docs sidebar (#4209)
- Point API docs to stable URL (#4209)
Note: This version requires a database upgrade
- Fix language switcher
- Activity Time stored in UTC (#2882)
- Migration script to adjust current activity timestamps to UTC
- Change CORS header keys and values to string instead of unicode (#3855)
- Fix cors header when all origins are allowed (#3898)
- Create datastore indexes only if they are not exist
- Use javascript content-type for jsonp responses (#4022)
- Fix SOLR index delete_package implementation
- Add second half of DataStore set-permissions command(Docs)
- Update SOLR client (pysolr -> solrpy)
- Return a 403 if not authorized on the search page (#4081)
- Add support for user/pass for Solr as ENV var
- Disallow solr local parameters
- Improve text view rendering
- Update Orgs/Groups logic for custom fields delete and update (#4094)
- Allow overriding email headers (#3781)
- Support non-root instances on fanstatic (#3618)
- Add missing close button on organization page (#3814)
- Fix in organization / group form image URL field (#3661)
- Fix activity test to use utcnow (#3644)
- Changed required permission from 'update' to 'manage_group' (#3631)
- Catch invalid sort param exception (#3630)
- Choose direction of recreated package relationship depending on its type (#3626)
- Fix render_datetime for dates before year 1900 (#3611)
- Fix KeyError in 'package_create' (#3027)
- Allow slug preview to work with autocomplete fields (#2501)
- Fix filter results button not working for organization/group (#3620)
- Allow underscores in URL slug preview on create dataset (#3612)
- Create new resource view if resource format changed (#3515)
- Fixed incorrect escaping in mail_to and datapusher's log
- Autocomplete fields are more responsive - 300ms timeout instead of 1s (#3693)
- Fixed dataset count display for groups (#3711)
- Restrict access to form pages (#3684)
- Use fully qualified urls for reset emails (#3486)
- Fix edit_resource for resource with draft state (#3480)
- Tag fix for group/organization pages (#3460)
- Setting of datastore_active flag moved to separate function (#3481)
- Fix DataPusher being fired multiple times (#3245)
- Use the url_for() helper for datapusher URLs (#2866)
- Resource creation date use datetime.utcnow() (#3447)
- Fix locale error when using fix ckan.root_path
- render_markdown breaks links with ampersands
- Check group name and id during package creation
- Use utcnow() on dashboard_mark_activities_old (#3373)
- Fix encoding error on DataStore exception
- Datastore doesn't add site_url to resource created via API (#3189)
- Fix memberships after user deletion (#3265)
- Remove idle database connection (#3260)
- Fix package_owner_org_update action when called via the API (#2661)
- DataPusher called multiple times when creating a dataset (#2856)
- Default view is re-added when removed before DataStore upload is complete (#3011)
- "Data API" button disappears on resource page after empty update (#3012)
- Uncaught email exceptions on user invite (#3077)
- Resource view description is not rendered as Markdown (#3128)
- Fix broken html5lib dependency (#3180)
- ZH_cn translation formatter fix (#3238)
- Incorrect i18n-paths in extension's setup.cfg (#3275)
- Changing your user name produces an error and logs you out (#2394)
- Fix "Load more" functionality in the dashboard (#2346)
- Fix filters not working when embedding a resource view (#2657)
- Proper sanitation of header name on SlickGrid view (#2923)
- Fix unicode error when indexing field of type JSON (#2969)
- Fix group feeds returning no datasets (#2955)
- Replace MapQuest tiles in Recline with Stamen Terrain (#3162)
- Fix bulk operations not taking effect (#3199)
- Raise validation errors on group/org_member_create (#3108)
- Incorrect warnings when ckan.views.default_views is empty (#3093)
- Don't show deleted users/datasets on member_list (#3078)
- Bug fixes:
- Avoid submitting resources to the DataPusher multiple times (#2856)
- Use resource.url as raw_resource_url (#2873)
- Fix DomainObject.count() to return count (#2919)
- Prevent unicode/ascii conversion errors in DataStore
- Fix datastore_delete erasing the db when filters is blank (#2885)
- Avoid package_search exception when using use_default_schema (#2848)
- Encode EXPLAIN SQL before sending to datastore
- Use ckan.site_url to generate urls of resources (#2592)
- Fixed the url for the organization_item template
Note: This version requires a requirements upgrade on source installations
Note: This version requires a database upgrade
Note: This version does not require a Solr schema upgrade
- Major:
- CKAN extension language translations integrated using ITranslations interface (#2461, #2643)
- Speed improvements for displaying a dataset (#2234), home page (#2554), searching (#2382, #2724) and API actions: package_show (#1078) and user_list (#2752).
- An interface to replace the file uploader, allowing integration with other cloud storage providers (IUploader interface) (#2510)
- Minor:
- package_purge API action added (#1572)
- revision_list API action now has paging (#1431)
- Official Ubuntu 14.04 LTS support (#1651)
- Require/validate current password before allowing a password change (#1940)
- recline_map_view now recognizes GeoJSON fileds (#2387)
- Timezone setting (#2494)
- Updating a resource via upload now saves the last_modified value in the resource (#2519)
- DataPusher can be customized using the new IDataPusher interface (#2571)
- Exporting and importing users, with their passwords (if sysadmin) (#2647)
- Bug fixes:
- Fix to allow uppercase letters in local part of email when sending user invitations (#2415)
- License pick-list changes would cause old values in datasets to be overwritten when edited (#2472)
- Schema was being passed to package_create_default_resource_views (#2484)
- Arabic translation format string issue (#2493)
- Error when deleting organizations (#2512)
- When DataPusher had an error storing a resource in Data Store, the resource data page gave an error (#2518)
- Data preview failed when it comes from a server that gives 403 error from a HEAD request (#2530)
- 'paster views create' failed for non-default dataset types (#2532)
- DataPusher didn't work for TSV files (#2553)
- DataPusher failed sometimes due to 'type mismatch' (#2581)
- IGroupForm wasn't allowing new groups (of type 'group') to use group_form (#2617, #2640)
- group_purge left behind a Member if it has a parent group/org (#2631)
- organization_purge left orphaned datasets still with owner_id (#2632)
- Fix Markdown rendering issue
- Return default error page on fanstatic errors
- Prevent authentication when using API callbacks
The old RDF templates to output a dataset in RDF/XML or N3 format have been removed. These can be now enabled using the
dcat
plugin on ckanext-dcat:The library used to render markdown has been changed to python-markdown. This introduces both
python-markdown
andbleach
as dependencies, asbleach
is used to clean any HTML provided to the markdown processor.This is the last version of CKAN to support Postgresql 8.x, 9.0 and 9.1. The next minor version of CKAN will require Postgresql 9.2 or later.
Cancelled release
- Allow overriding email headers (#3781)
- Support non-root instances on fanstatic (#3618)
- Add missing close button on organization page (#3814)
- Fix in organization / group form image URL field (#3661)
- Fix activity test to use utcnow (#3644)
- Changed required permission from 'update' to 'manage_group' (#3631)
- Catch invalid sort param exception (#3630)
- Choose direction of recreated package relationship depending on its type (#3626)
- Fix render_datetime for dates before year 1900 (#3611)
- Fix KeyError in 'package_create' (#3027)
- Allow slug preview to work with autocomplete fields (#2501)
- Fix filter results button not working for organization/group (#3620)
- Allow underscores in URL slug preview on create dataset (#3612)
- Create new resource view if resource format changed (#3515)
- Fixed incorrect escaping in mail_to
- Autocomplete fields are more responsive - 300ms timeout instead of 1s (#3693)
- Fixed dataset count display for groups (#3711)
- Restrict access to form pages (#3684)
- Use fully qualified urls for reset emails (#3486)
- Fix edit_resource for resource with draft state (#3480)
- Tag fix for group/organization pages (#3460)
- Fix for package_search context (#3489)
- Use the url_for() helper for datapusher URLs (#2866)
- Resource creation date use datetime.utcnow() (#3447)
- Fix locale error when using fix ckan.root_path
- render_markdown breaks links with ampersands
- Check group name and id during package creation
- Use utcnow() on dashboard_mark_activities_old (#3373)
- Fix encoding error on DataStore exception
- Datastore doesn't add site_url to resource created via API (#3189)
- Fix memberships after user deletion (#3265)
- Remove idle database connection (#3260)
- Fix package_owner_org_update action when called via the API (#2661)
Cancelled release
- Changing your user name produces an error and logs you out (#2394)
- Fix "Load more" functionality in the dashboard (#2346)
- Fix filters not working when embedding a resource view (#2657)
- Proper sanitation of header name on SlickGrid view (#2923)
- Fix unicode error when indexing field of type JSON (#2969)
- Fix group feeds returning no datasets (#2955)
- Replace MapQuest tiles in Recline with Stamen Terrain (#3162)
- Fix bulk operations not taking effect (#3199)
- Raise validation errors on group/org_member_create (#3108)
- Incorrect warnings when ckan.views.default_views is empty (#3093)
- Don't show deleted users/datasets on member_list (#3078)
- Bug fixes:
- Use resource.url as raw_resource_url (#2873)
- Fix DomainObject.count() to return count (#2919)
- Add offset param to organization_activity (#2640)
- Prevent unicode/ascii conversion errors in DataStore
- Fix datastore_delete erasing the db when filters is blank (#2885)
- Avoid package_search exception when using use_default_schema (#2848)
- resource_edit incorrectly setting action to new instead of edit
- Encode EXPLAIN SQL before sending to datastore
- Use ckan.site_url to generate urls of resources (#2592)
- Don't hide actual exception on paster commands
Note: This version requires a requirements upgrade on source installations
- Bug fixes:
- Fix Markdown rendering issue
- Return default error page on fanstatic errors
- Prevent authentication when using API callbacks
- Note: #2554 fixes a regression where
group_list
andorganization_list
- where returning extra additional fields by default, causing performance
issues. This is now fixed, so the output for these actions no longer returns
users
,extras
, etc. Also, on the homepage template thec.groups
andc.group_package_stuff
context variables are no longer available.
Bug fixes:
- Fix dataset count in templates and show datasets on featured org/group (#2557)
- Fix autodetect for TSV resources (#2553)
- Improve character escaping in DataStore parameters
- Fix "paster db init" when celery is configured with a non-database backend
- Fix severe performance issues with groups and orgs listings (#2554)
Note: This version requires a database upgrade
Note: This version requires a Solr schema upgrade
- Major:
- CKAN config can now be set from environment variables and via the API (#2429)
- Minor:
- API calls now faster:
group_show
,organization_show
,user_show
,package_show
,vocabulary_show
&tag_show
(#1886, #2206, #2207, #2376) - Require/validate current password before allowing a password change (#1940)
- Added
organization_autocomplete
action (#2125) - Default authorization no longer allows anyone to create datasets etc (#2164)
organization_list_for_user
now returns organizations in hierarchy if they exist for roles set inckan.auth.roles_that_cascade_to_sub_groups
(#2199)- Improved accessibility (text based browsers) focused on the page header (#2258)
- Improved IGroupForm for better customizing groups and organization behaviour (#2354)
- Admin page can now be extended to have new tabs (#2351)
- API calls now faster:
- Bug fixes:
- Command line
paster user
failed for non-ascii characters (#1244) - Memory leak fixed in datastore API (#1847)
- Modifying resource didn't update it's last updated timestamp (#1874)
- Datastore didn't update if you uploaded a new file of the same name as the existing file (#2147)
- Files with really long file were skipped by datapusher (#2057)
- Multi-lingual Solr schema is now updated so it works again (#2161)
- Resource views didn't display when embedded in another site (#2238)
resource_update
failed if you supplied a revision_id (#2340)- Recline could not plot GeoJSON on a map (#2387)
- Dataset create form 404 error if you added a resource but left it blank (#2392)
- Editing a resource view for a file that was UTF-8 and had a BOM gave an error (#2401)
- Email invites had the email address changed to lower-case (#2415)
- Default resource views not created when using a custom dataset schema (#2421, #2482)
- If the licenses pick-list was customized to remove some, datasets with old values had them overwritten when edited (#2472)
- Recline views failed on some non-ascii characters (#2490)
- Resource proxy failed if HEAD responds with 403 (#2530)
- Resource views for non-default dataset types couldn't be created (#2532)
- Command line
The default of allowing anyone to create datasets, groups and organizations has been changed to False. It is advised to ensure you set all of the :ref:`authorization-settings` options explicitly in your CKAN config. (#2164)
The
package_show
API call does not return thetracking_summary
, keys in the dataset or resources by default any more.Any custom templates or users of this API call that use these values will need to pass:
include_tracking=True
.The legacy tests directory has moved to tests/legacy, the new_tests directory has moved to tests and the new_authz.py module has been renamed authz.py. Code that imports names from the old locations will continue to work in this release but will issue a deprecation warning. (#1753)
group_show
andorganization_show
API calls no longer return the datasets by default (#2206)Custom templates or users of this API call will need to pass
include_datasets=True
to include datasets in the response.The
vocabulary_show
andtag_show
API calls no longer returns thepackages
key - i.e. datasets that use the vocabulary or tag. Howevertag_show
now has aninclude_datasets
option. (#1886)Config option
site_url
is now required - CKAN will not abort during start-up if it is not set. (#1976)
- Fix "Load more" functionality in the dashboard (#2346)
- Fix filters not working when embedding a resource view (#2657)
- Proper sanitation of header name on SlickGrid view (#2923)
- Fix unicode error when indexing field of type JSON (#2969)
- Fix group feeds returning no datasets (#2955)
- Replace MapQuest tiles in Recline with Stamen Terrain (#3162)
- Fix bulk operations not taking effect (#3199)
- Raise validation errors on group/org_member_create (#3108)
- Incorrect warnings when ckan.views.default_views is empty (#3093)
- Don't show deleted users/datasets on member_list (#3078)
- Bug fixes:
- Use resource.url as raw_resource_url (#2873)
- Fix DomainObject.count() to return count (#2919)
- Prevent unicode/ascii conversion errors in DataStore
- Fix datastore_delete erasing the db when filters is blank (#2885)
- Avoid package_search exception when using use_default_schema (#2848)
- resource_edit incorrectly setting action to new instead of edit
- Use ckan.site_url to generate urls of resources (#2592)
- Don't hide actual exception on paster commands
Note: This version requires a requirements upgrade on source installations
- Bug fixes:
- Fix Markdown rendering issue
- Return default error page on fanstatic errors
- Prevent authentication when using API callbacks
Bug fixes: * Fix autodetect for TSV resources (#2553) * Improve character escaping in DataStore parameters * Fix "paster db init" when celery is configured with a non-database backend
- Bug fixes:
- Resource views won't display when embedded in another site (#2238)
resource_update
failed if you supplied a revision_id (#2340)- Recline could not plot GeoJSON on a map (#2387)
- Dataset create form 404 error if you added a resource but left it blank (#2392)
- Editing a resource view for a file that was UTF-8 and had a BOM gave an error (#2401)
- Email invites had the email address changed to lower-case (#2415)
- Default resource views not created when using a custom dataset schema (#2421, #2482)
- If the licenses pick-list was customized to remove some, datasets with old values had them overwritten when edited (#2472)
- Recline views failed on some non-ascii characters (#2490)
- Resource views for non-default dataset types couldn't be created (#2532)
Note: This version requires a requirements upgrade on source installations
Note: This version requires a database upgrade
Note: This version requires a Solr schema upgrade
- Note: This version requires a DataPusher upgrade on source installations. You
- should target DataPusher=>0.0.6 and upgrade its dependencies.
- Major:
Completely refactored resource data visualizations, allowing multiple persistent views of the same data an interface to manage and configure them. (#1251, #1851, #1852, #2204, #2205) Check the updated documentation to know more, and the "Changes and deprecations" section for migration details:
Responsive design for the default theme, that allows nicer rendering across different devices (#1935)
Improved DataStore filtering and full text search capabilities (#1792, #1830, #1838, #1815)
Added new extension points to modify the DataStore behaviour (#1725)
Simplified two-step dataset creation process (#1659)
Ability for users to regenerate their own API keys (#1412)
New
package_patch
action to allow individual fields dataset updates (#1416, #1679)Changes on the authentication mechanism to allow more secure setups (
httponly
andsecure
cookies, disable CORS, etc). (#2004. #2050, #2052 ...) See "Changes and deprecations" section for more details and "Troubleshooting" for migration instructions.Better support for custom dataset types (#1795, #2083)
Extensions can combine free-form extras and
convert_to_extras
fields (#1894)Updated documentation theme, now clearer and responsive (#1845)
- Minor:
- Adding custom fields tutorial (#790)
- Add metadata created and modified fields to the dataset page (#655)
- Improve IFacets plugin interface docstrings (#781)
- Remove help string from API calls (#1318)
- Add "datapusher submit" command to upload existing resources data (#1792)
- More template blocks to allow for easier extension maintenance (#1301)
- CKAN API - remove help string from standard calls (#1318)
- Hide activity by selected users on activity stream (#1330)
- Documentation and clarification about "CKAN Flavored Markdown" (#1332)
- Resource formats are now guessed automatically (#1350)
- New JavaScript modules tutorial (#1377)
- Allow overriding dataset, group, org validation (#1400)
- Remove ResourceGroups, show package_id on resources (#1407)
- Better errors for NAVL junk (#1418)
- DataPusher integration improvements (#1446)
- Allow people to create unowned datasets when they belong to an org (#1473)
- Add res_type to Solr schema (#1495)
- Separate data and metadata licenses on create dataset page (#1503)
- Allow CKAN (and paster) to find config from envvar (#1597)
- Added xlsx and tsv to the defaults for ckan.datapusher.formats. (#1644)
- Add resource extras to Solr search index (#1709)
- Prevent packages update in organization_update (#1711)
- Programatically log user in after registration (#1721)
- New plugin interfaces: IValidators.get_validators and IConverters.get_converters (#1841)
- Index resource name in Solr (#1905)
- Update search index after membership changes (#1917)
- resource_show: use package_show to get validated data (#1921)
- Serve placeholder images locally (#1951)
- Don't get all datasets when loading the org in the dataset page (#1978)
- Text file preview - lack of vertical scroll bar for long files (#1982)
- Changes to allow better use of custom group types in IGroupForm extensions (#1987)
- Remove moderated edits (#2006)
- package_create: allow sysadmins to set package ids (#2102)
- Enable a logged in user to move dataset to another organization (#2218)
- Move PDF views into a separate extension (#2270)
- Do not provide email configuration in default config file (#2273)
- Add custom DataStore SQLAlchemy properties (#2279)
- Bug fixes:
- Set up stats extension as namespace plugin (#291)
- Fix visibility validator for datasets (#1188)
- Select boxes with autocomplete are clearing their placeholders (#1278)
- Default search ordering on organization home page is broken (#1368)
- related_list logic function throws a 503 without any parameters (#1384)
- Exception on group dictize due to 'with_capacity' on context (#1390)
- Wrong template on Add member page (#1392)
- Overflowing email address on user page (#1398)
- The reset password e-mail is using an incorrect translation string (#1409)
- You can't view a group when there is an IGroupForm (#1420)
- Disabling activity_streams borks editing groups and user (#1421)
- Use a more secure default for the repoze secret key (#1422)
- Duplicated Required Fields notice on Group form (#1426)
- UI language reset after account creation (#1429)
- num_followers and package_count not in default_group_schema (#1434)
- Fix extras deletion (#1449)
- Fix resource reordering (#1450)
- Datastore callback fails when browser url is different from site_url (#1451)
- sysadmins should not create datasets wihout org when config is set (#1453)
- Member Editing Fixes (#1454)
- Bulk editing broken on IE7 (#1455)
- Fix group deletion on IE7 (#1460)
- Organization ATOM feed is broken (#1463)
- Users can not delete a dataset that not belongs to an organization (#1471)
- Error during authorization in datapusher_hook (#1487)
- Wrong datapusher hook callback URL on non-root deployments (#1490)
- Wrong breadcrumbs on new dataset form and resource pages (#1491)
- Atom feed Content-Type returned as 'text/html' (#1504)
- Invite to organization causes Internal Server error (#1505)
- Dataset tags autocomplete doesn't work (#1512)
- Activity Stream from: Organization Error group not found (#1519)
- Improve password hashing algorithm (#1530)
- Can't download resources with geojson extension (#1534)
- All datasets for featured group/organization shown on home page (#1569)
- Able to list private datasets via the API (#1580)
- Don't lowercase the names of uploaded files (#1584)
- Show more facets only if there are more facts to show (#1612)
- resource_create should break when called without URL (#1641)
- Creating a DataStore resource with the package_id fails for a normal user (#1652)
- Fix package permission checks for create+update (#1664)
- bulk_process page for non-existent organization throws Exception (#1682)
- Catch NotFound error in resource_proxy (#1684)
- Fix int_validator (#1692)
- Current date indexed on empty "_date" fields (#1701)
- Possible to show a resource inside an arbitary dataset (#1707)
- Edit member page shows wrong fields (#1723)
- Insecure content warning when running Recline under SSL (#1729)
- Flash messages not displayed as part of page.html (#1743)
- package_show response includes solr rubbish when using ckan.cache_validated_datasets (#1764)
- "Add some resources" link shown to unauthorized users (#1766)
- email notifications via paster plugin post erroneously demands authentication (#1767)
- Inserting empty arrays in JSON type fields in datastore fails (#1776)
- Ordering a dataset listing loses the existing filters (#1791)
- Don't delete all cookies whose names start with "ckan" (#1793)
- Upgrade some major requirements (eg SQLAlchemy, Requests) (#1817, #1819)
- list of member roles disappears on add member page (#1873)
- Stats plugin should only show active datasets (#1936)
- Featured group on homepage not linking to group (#1996)
- --reload doesn't work on the 'paster serve' command (#2013)
- Can not override auth config options from tests (#2035)
- Fix
resource_create
authorization (#2037) - package_search gives internal server error if page < 1 (#2042)
- Fix organization pagination (#2141)
- Resource extras can not be updated (#2158)
- package_show doesn't validate when a custom schema is used (#2175)
- Update jQuery minified version to match the unminified one (#1750)
- Fix exception during database upgrade (#2029)
- Fix resources disappearing on dataset upate (#1779)
- Fix activity stream queries performance on large instances (#2008)
- Only link to http, https and ftp resource urls (#2085)
- Avoid private and deleted datasets on stats plugin (#1936)
- Fix tags count and group links in stats extension (#1649)
- Make resource_create auth work against package_update (#2037)
- Fix DataStore permissions check on startup (#1374)
- Fix datastore docs link (#2044)
- Clean up field names before rendering the Recline table (#2319)
- Don't "normalize" resource URL in recline view (#2324)
- Don't assume resource format is there on text preview (#2320)
- And many, many more!
By convention, view plugin names now end with
_view
rather than_preview
(egrecline_view
rather thanrecline_preview
). You will need to update them on the :ref:`ckan.plugins` setting.The way resource visualizations are created by default has changed. You might need to set the :ref:`ckan.views.default_views` configuration option and run a migration command on existing instances. Please refer to the migration guide for more details:
http://docs.ckan.org/en/latest/maintaining/data-viewer.html#migrating-from-previous-ckan-versions
The PDF Viewer extension has been moved to a separate extension: https://github.com/ckan/ckanext-pdfview. Please install it separately if you are using the
pdf_view
plugin (or the oldpdf_preview
one).The action API (v3) no longer returns the full help for the action on each request. It rather includes a link to a separate call to get the action help string.
The
user_show
API call does not return thedatasets
,num_followers
oractivity
keys by default any more.Any custom templates or users of this API call that use these values will need to specify parameters:
include_datasets
orinclude_num_followers
.activity
has been removed completely as it was actually a list of revisions, rather than the activity stream. If you want the actual activity stream for a user, calluser_activity_list
instead.The output of
resource_show
now contains apackage_id
key that links to the parent dataset.helpers.get_action()
(orh.get_action()
in templates) is deprecated.Since action functions raise exceptions and templates cannot catch exceptions, it's not a good idea to call action functions from templates.
Instead, have your controller method call the action function and pass the result to your template using the
extra_vars
param ofrender()
.Alternatively you can wrap individual action functions in custom template helper functions that handle any exceptions appropriately, but this is likely to make your the logic in your templates more complex and templates are difficult to test and debug.
Note that logic.get_action() and toolkit.get_action() are not deprecated, core code and plugin code should still use
get_action()
.Cross-Origin Resource Sharing (CORS) support is no longer enabled by default. Previously, Access-Control-Allow-* response headers were added for all requests, with Access-Control-Allow-Origin set to the wildcard value
*
. To re-enable CORS, use the newckan.cors
configuration settings (:ref:`ckan.cors.origin_allow_all` and :ref:`ckan.cors.origin_whitelist`).The HttpOnly flag will be set on the authorization cookie by default. For enhanced security, we recommend using the HttpOnly flag, but this behaviour can be changed in the
Repoze.who
settings detailed in the Config File Options documentation (who.httponly).The OpenID login option has been removed and is no longer supported. See "Troubleshooting" if you are upgrading an existing CKAN instance as you may need to update your
who.ini
file.
Note to people with custom themes: If you've changed the
{% block secondary_content %}
in templates/package/search.html pay close attention as this pull request changes the structure of that template block a little.Also: There's a few more bootstrap classes (especially for grid layout) that are now going to be in the templates. Take a look if any of the following changes might effect your content blocks:
Login does not work, for existing and new users.
You need to update your existing
who.ini
file.In the
[plugin:auth_tkt]
section, replace:use = ckan.config.middleware:ckan_auth_tkt_make_app
with:
use = ckan.lib.auth_tkt:make_plugin
In
[authenticators]
, add theauth_tkt
plugin
Also see the next point for OpenID related changes.
Exception on first load after upgrading from a previous CKAN version:
ImportError: <module 'ckan.lib.authenticator' from '/usr/lib/ckan/default/src/ckan/ckan/lib/authenticator.py'> has no 'OpenIDAuthenticator' attribute
or:
ImportError: No module named openid
There are OpenID related configuration options in your
who.ini
file which are no longer supported.This file is generally located in
/etc/ckan/default/who.ini
but its location may vary if you used a custom deployment.The options that you need to remove are:
The whole
[plugin:openid]
sectionIn
[general]
, replace:challenge_decider = repoze.who.plugins.openid.classifiers:openid_challenge_decider
with:
challenge_decider = repoze.who.classifiers:default_challenge_decider
In
[identifiers]
, removeopenid
In
[authenticators]
, removeckan.lib.authenticator:OpenIDAuthenticator
In
[challengers]
, removeopenid
This is a diff with the whole changes:
Also see the previous point for other
who.ini
changes.
Note: This version requires a requirements upgrade on source installations
- Bug fixes:
- Fix Markdown rendering issue
- Return default error page on fanstatic errors
- Prevent authentication when using API callbacks
- Bug fixes:
- Allow uppercase emails on user invites (#2415)
- Fix broken boolean validator (#2443)
- Fix auth check in resources_list.html (#2037)
- Key error on resource proxy (#2425)
- Ignore revision_id passed to resources (#2340)
- Add reset for reset_key on successful password change (#2379)
- Bug fixes:
- Update jQuery minified version to match the unminified one (#1750)
- Fix exception during database upgrade (#2029)
- Fix resources disappearing on dataset upate (#1779)
- Fix activity stream queries performance on large instances (#2008)
- Only link to http, https and ftp resource urls (#2085)
- Avoid private and deleted datasets on stats plugin (#1936)
- Fix tags count and group links in stats extension (#1649)
- Make resource_create auth work against package_update (#2037)
- Fix DataStore permissions check on startup (#1374)
- Fix datastore docs link (#2044)
- Fix resource extras getting lost on resource update (#2158)
- Clean up field names before rendering the Recline table (#2319)
- Don't "normalize" resource URL in recline view (#2324)
- Don't assume resource format is there on text preview (#2320)
- Bug fixes:
- Organization image_url is not displayed in the dataset view. (#1934)
- list of member roles disappears on add member page if you enter a user that doesn't exist (#1873)
- group/organization_member_create do not return a value. (#1878)
- i18n: Close a tag in French translation in Markdown syntax link (#1919)
- organization_list_for_user() fixes (#1918)
- Don't show private datasets to group members (#1902)
- Incorrect link in Organization snippet on dataset page (#1882)
- Prevent reading system tables on DataStore SQL search (#1871)
- Ensure that the DataStore is running on legacy mode when using PostgreSQL < 9.x (#1879)
- Select2 in the Tags field is broken(#1864)
- Edit user encoding error (#1436)
- Able to list private datasets via the API (#1580)
- Insecure content warning when running Recline under SSL (#1729)
- Add quotes to package ID in Solr query in _bulk_update_dataset to prevent Solr errors with custom dataset IDs. (#1853)
- Ordering a dataset listing loses the existing filters (#1791)
- Inserting empty arrays in JSON type fields in datastore fails (#1776)
- email notifications via paster plugin post erroneously demands authentication (#1767)
- "Add some resources" link shown to unauthorized users (#1766)
- Current date indexed on empty "*_date" fields (#1701)
- Edit member page shows wrong fields (#1723)
- programatically log user in after registration (#1721)
- Dataset tags autocomplete doesn't work (#1512)
- Deleted Users bug (#1668)
- UX problem with previous and next during dataset creation (#1598)
- Catch NotFound error in resources page (#1685)
- _tracking page should only respond to POST (#1683)
- bulk_process page for non-existent organization throws Exception (#1682)
- Fix package permission checks for create+update (#1664)
- Creating a DataStore resource with the package_id fails for a normal user (#1652)
- Trailing whitespace in resource URLs not stripped (#1634)
- Move the closing div inside the block (#1620)
- Fix open redirect (#1419)
- Show more facets only if there are more facts to show (#1612)
- Fix breakage in package groups page (#1594)
- Fix broken links in RSS feed (#1589)
- Activity Stream from: Organization Error group not found (#1519)
- DataPusher and harvester collision (#1500)
- Can't download resources with geojson extension (#1534)
- Oversized Forgot Password button and field (#1508)
- Invite to organization causes Internal Server error (#1505)
Note: This version does not require a requirements upgrade on source installations
Note: This version requires a database upgrade
Note: This version requires a Solr schema upgrade (The Solr schema file has been renamed, the schema file from the previous release is compatible with this version, but users are encouraged to point to the new one, see "API changes and deprecations")
- Major:
- Brand new automatic importer of tabular data to the DataStore, the DataPusher. This is much more robust and simple to deploy and maintain than its predecesor (ckanext-datastorer). Whole new UI for re-importing data to the DataStore and view the import logs (#932, #938, #940, #981, #1196, #1200 ...)
- Completely revamped file uploads that allow closer integration with resources and the DataStore, as well as making easir to integrate file uploads in other features. For example users can now upload images for organizations and groups. See "API changes and deprecations" if you are using the current FileStore. (#1273, #1173 ... )
- UI and API endpoints for resource reordering (#1277)
- Backend support for organization hierarchy, allowing parent and children organizations. Frontend needs to be implemented in extensions (#1038)
- User invitations: it is now possible to create new users with just their email address. An invite email is sent to them, allowing to change their user name and password (#1178)
- Disable user registration with a configuration option (#1226)
- Great effort in improving documentation, specially for customizing CKAN, with a complete tutorial for writing extensions and customizing the theme. User and sysadmin guides have also been moved to the main documentation (#943, #847, #1253)
- Minor:
- Homepage modules to allow predefined layouts (#1126)
- Ability to delete users (#1163)
- Dedicated dataset groups page for displaying and managing them (#1102)
- Implement organization_purge and group_purge action functions (#707)
- Improve package_show performance (#1078)
- Support internationalization of rendered dates and times (#1041)
- Improve plugin load handling (#549)
- Authorization function auditing for action functions (#1060)
- Improve datetime rendering (#518)
- New SQL indexes to improve performance (#1164)
- Changes in requirements management (#1149)
- Add offset/limit to package_list action (#1179)
- Document all available configuraton options (#848)
- Make CKAN sqlalchemy 0.8.4 compatible (#1427)
- UI labelling and cleanup (#1030)
- Better UX for empty groups/orgs (#1094)
- Improve performance of group_dictize when the group has a lot of packages (#1208)
- Hide __extras from extras on package_show (#1218)
- "Clear all" link within each facet block is unnecessary (#1263)
- Term translations of organizations (#1274)
- '--reset-db' option for when running tests (#1304)
- Bug fixes:
- Fix plugins load/unload issues (#547)
- Improve performance when new_activities not needed (#1013)
- Resource preview breaks when CSV headers include percent sign (#1067)
- Package index not rebuilt when resources deleted (#1081)
- Don't accept invalid URLs in resource proxy (#1106)
- UI language reset after account creation (#1429)
- Catch non-integer facet limits (#1118)
- Error when deleting custom tags (#1114)
- Organization images do not display on Organization user dashboard page (#1127)
- Can not reactivate a deleted dataset from the UI (#607)
- Non-existent user profile should give error (#1068)
- Recaptcha not working in CKAN 2.0 (jinja templates) (#1070)
- Groups and organizations can be visited with interchangeable URLs (#1180)
- Dataset Source (url) and Version fields missing (#1187)
- Fix problems with private / public datasets and organizations (#1188)
- group_show should never return private data (#1191)
- When editing a dataset, the organization field is not set (#1199)
- Fix resource_delete action (#1216)
- Fix trash purge action redirect broken for CKAN instances not at / (#1217)
- Title edit for existing dataset changes the URL (#1232)
- 'facet.limit' in package_search wrongly handled (#1237)
- h.SI_number_span doesn't close <span /> correctly (#1238)
- CkanVersionException wrongly raised (#1241)
- (group|organization)_member_create only accepts username (and not id) (#1243)
- package_create uses the wrong parameter for organization (#1257)
- ValueError for non-int limit and offset query params (#1258)
- Visibility field value not kept if there are errors on the form (#1265)
- package_list should not return private datasets (#1295)
- Fix 404 on organization activity stream and about page (#1298)
- Fix placeholder images broken on non-root locations (#1309)
- "Add Dataset" button shown on org pages when not authorized (#1348)
- Fix exception when visiting organization history page (#1359)
- Fix search ordering on organization home page (#1368)
- datastore_search_sql failing for some anonymous users (#1373)
- related_list logic function throws a 503 without any parameters (#1384)
- Disabling activity_streams borks editing groups and user (#1421)
- Member Editing Fixes (#1454)
- Bulk editing broken in IE7 (#1455)
- Fix group deletion in IE7 (#1460)
- And many, many more!
- API changes and deprecations:
- The Solr schema file is now always named
schema.xml
regardless of the CKAN version. Old schema files have been kept for backwards compatibility but users are encouraged to point to the new unified one (#1314) - The FileStore and file uploads have been completely refactored and simplified to only support local storage backend. The links from previous versions of the FileStore to hosted files will still work, but there is a command available to migrate the files to new Filestore. See this page for more details: http://docs.ckan.org/en/latest/filestore.html#filestore-21-to-22-migration
- By default, the authorization for any action defined from an extension will
require a logged in user, otherwise a :py:class:`ckan.logic.NotAuthorized`
exception will be raised. If an action function allows anonymous access (eg
search, show status, etc) the
auth_allow_anonymous_access
decorator (available on the plugins toolkit) must be used (#1210) package_search
now returns results with custom schemas applied likepackage_show
, ause_default_schema
parameter was added to request the old behaviour, this change may affect customized search result templates (#1255)- The
ckan.api_url
configuration option has been completely removed and it can no longer be used (#960) - The
edit
andafter_update
methods of IPackageController plugins are now called when updating a resource using the web frontend or the resource_update API action (#1052) - Dataset moderation has been deprecated, and the code will probably be removed in later CKAN versions (#1139)
- Some front end libraries have been updated, this may affect existing custom themes: Bootstrap 2.0.3 > 2.3.2, Font Awesome 3.0.2 > 3.2.1, jQuery 1.7.2 > 1.10.2 (#1082)
- SQLite is officially no longer supported as the tests backend
- The Solr schema file is now always named
- Troubleshooting:
Exception on startup after upgrading from a previous CKAN version:
AttributeError: 'instancemethod' object has no attribute 'auth_audit_exempt'
Make sure that you are not loading a 2.1-only plugin (eg
datapusher-ext
) and update all the plugin in your configuration file to the latest stable version.Exception on startup after upgrading from a previous CKAN version:
File "/usr/lib/ckan/default/src/ckan/ckan/lib/dictization/model_dictize.py", line 330, in package_dictize result_dict['metadata_modified'] = pkg.metadata_modified.isoformat() AttributeError: 'NoneType' object has no attribute 'isoformat'
One of the database changes on this version is the addition of a
metadata_modified
field in the package table, that was filled during the DB migration process. If you have previously migrated the database and revert to an older CKAN version the migration process may have failed at this step, leaving the fields empty. Also make sure to restart running processes like harvesters after the update to make sure they use the new code base.
Note: This version requires a requirements upgrade on source installations
- Bug fixes:
- Fix Markdown rendering issue
- Return default error page on fanstatic errors
- Prevent authentication when using API callbacks
- Bug fixes:
- Fix broken boolean validator (#2443)
- Key error on resource proxy (#2425)
- Ignore revision_id passed to resources (#2340)
- Add reset for reset_key on successful password change (#2379)
- Bug fixes:
- Only link to http, https and ftp resource urls (#2085)
- Avoid private and deleted datasets on stats plugin (#1936)
- Fix tags count and group links in stats extension (#1649)
- Make resource_create auth work against package_update (#2037)
- Fix DataStore permissions check on startup (#1374)
- Fix datastore docs link (#2044)
- Fix resource extras getting lost on resource update (#2158)
- Clean up field names before rendering the Recline table (#2319)
- Don't "normalize" resource URL in recline view (#2324)
- Don't assume resource format is there on text preview (#2320)
- Bug fixes:
- Organization image_url is not displayed in the dataset view. (#1934)
- i18n: Close a tag in French translation in Markdown syntax link (#1919)
- organization_list_for_user() fixes (#1918)
- Incorrect link in Organization snippet on dataset page (#1882)
- Prevent reading system tables on DataStore SQL search (#1871)
- Ensure that the DataStore is running on legacy mode when using PostgreSQL < 9.x (#1879)
- Edit user encoding error (#1436)
- Able to list private datasets via the API (#1580)
- Insecure content warning when running Recline under SSL (#1729)
- Add quotes to package ID in Solr query in _bulk_update_dataset to prevent Solr errors with custom dataset IDs. (#1853)
- Ordering a dataset listing loses the existing filters (#1791)
- Inserting empty arrays in JSON type fields in datastore fails (#1776)
- programatically log user in after registration (#1721)
- Deleted Users bug (#1668)
- Catch NotFound error in resources page (#1685)
- bulk_process page for non-existent organization throws Exception (#1682)
- Default search ordering on organization home page is broken (#1368)
- Term translations of organizations (#1274)
- Preview fails on private datastore resources (#1221)
- Strip whitespace from title in model dictize (#1228)
- Bug fixes:
- Fix context for group/about setup_template_variables (#1433)
- Call setup_template_variables in group/org read, about and bulk_process (#1281)
- Remove repeated sort code in package_search (#1461)
- Ensure that check_access is called on activity_create (#1421)
- Fix visibility validator (#1188)
- Remove p.toolkit.auth_allow_anonymous_access as it is not available on 2.1.x (#1373)
- Add organization_revision_list to avoid exception on org history page (#1359)
- Fix activity and about organization pages (#1298)
- Show 404 instead of login page on user not found (#1068)
- Don't show Add Dataset button on org pages unless authorized (#1348)
- Fix datastore_search_sql authorization function (#1373)
- Fix extras deletion (#1449)
- Better word breaking on long words (#1398)
- Fix activity and about organization pages (#1298)
- Remove limit of number of arguments passed to
user add
command. - Fix related_list logic function (#1384)
- Avoid UnicodeEncodeError on feeds when params contains non ascii characters
- Bug fixes:
- Fix errors on preview on non-root locations (#960)
- Fix place-holder images on non-root locations (#1309)
- Don't accept invalid URLs in resource proxy (#1106)
- Make sure came_from url is local (#1039)
- Fix logout redirect in non-root locations (#1025)
- Wrong auth checks for sysadmins on package_create (#1184)
- Don't return private datasets on package_list (#1295)
- Stop tracking failing when no lang/encoding headers (#1192)
- Fix for paster db clean command getting frozen
- Fix organization not set when editing a dataset (#1199)
- Fix PDF previews (#1194)
- Fix preview failing on private datastore resources (#1221)
Note: This version requires a requirements upgrade on source installations
Note: This version requires a database upgrade
Note: This version does not require a Solr schema upgrade
Note
The json_preview
plugin has been renamed to text_preview
(see #266). If you are upgrading CKAN from a previous version you need
to change the plugin name on your CKAN config file after upgrading to avoid
a PluginNotFound exception.
- Major:
- Bulk updates of datasets within organizations (delete, make public/private) (#278)
- Organizations and Groups search (#303)
- Generic text preview extension for JSON, XML and plain text files (#226)
- Improve consistency of the Action API (#473)
- IAuthenticator interface for plugging into authorization platforms (Work in progress) (#1007)
- New clearer dashboard with more information easier to access (#626)
- New
rebuild_fast
command to speed up reindex using multiple cores (#700) - Complete restructure of the documentation, with updated sections on installation, upgrading, release process, etc and guidelines on how to write new documentation (#769 and multiple others)
- Minor:
- Add group members page to templates (#844)
- Show search facets on organization page (#776)
- Changed default sort ordering (#869)
- More consistent display of buttons across pages (#890)
- History page ported to new templates (#368)
- More blocks to templates to allow furhter customization (#688)
- Improve imports from lib.helpers (#262)
- Add support for callback parameter on Action API (#414)
- Create site_user at startup (#952)
- Add warning before deleting an organization (#803)
- Remove flags from language selector (#822)
- Hide the Data API button when datastore is disabled (#752)
- Pin all requirements and separate minimal requirements in a separate file (#491, #1149)
- Better preview plugin selection (#1002)
- Add new functions to the plugins toolkit (#1015)
- Improve ExampleIDatasetFormPlugin (#2750)
- Extend h.sorted_extras() to do substitutions and auto clean keys (#440)
- Separate default database for development and testing (#517)
- More descriptive Solr exceptions when indexing (#674)
- Validate datastore input through schemas (#905)
- Bug fixes:
- Fix 500 on password reset (#264)
- Fix exception when indexing a wrong date on a _date field (#267)
- Fix datastore permissions issues (#652)
- Placeholder images are not linked with h.url_for_static (#948)
- Explore dropdown menu is hidden behind other resources in IE (#915)
- Buttons interrupt file uploading (#902)
- Fix resource proxy encoding errors (#896)
- Enable streaming in resource proxy (#989)
- Fix cache_dir and beaker paths on deployment.ini_tmpl (#888)
- Fix multiple issues on create dataset form on IE (#881)
- Fix internal server error when adding member (#869)
- Fix license faceting (#853)
- Fix exception in dashboard (#830)
- Fix Google Analytics integration (#827)
- Fix ValueError when resource size is not an integer (#1009)
- Catch NotFound on new resource when package does not exist (#1010)
- Fix Celery configuration to allow overriding from config (#1027)
- came_from after login is validated to not redidirect to another site (#1039)
- And many, many more!
- Deprecated and removed:
- The
json_preview
plugin has been replaced by a newtext_preview
one. Please update your config files if using it. (#226)
- The
- Known issues:
- Under certain authorization setups the frontend for the groups functionality may not work as expected (See #1176 #1175).
Note: This version requires a requirements upgrade on source installations
- Bug fixes:
- Fix Markdown rendering issue
- Return default error page on fanstatic errors
- Prevent authentication when using API callbacks
- Bug fixes:
- Fix broken boolean validator (#2443)
- Key error on resource proxy (#2425)
- Ignore revision_id passed to resources (#2340)
- Add reset for reset_key on successful password change (#2379)
- Bug fixes:
- Only link to http, https and ftp resource urls (#2085)
- Avoid private and deleted datasets on stats plugin (#1936)
- Fix tags count and group links in stats extension (#1649)
- Make resource_create auth work against package_update (#2037)
- Fix datastore docs link (#2044)
- Fix resource extras getting lost on resource update (#2158)
- Clean up field names before rendering the Recline table (#2319)
- Don't "normalize" resource URL in recline view (#2324)
- Don't assume resource format is there on text preview (#2320)
- Bug fixes:
- organization_list_for_user() fixes (#1918)
- Incorrect link in Organization snippet on dataset page (#1882)
- Prevent reading system tables on DataStore SQL search (#1871)
- Ensure that the DataStore is running on legacy mode when using PostgreSQL < 9.x (#1879)
- Current date indexed on empty "*_date" fields (#1701)
- Able to list private datasets via the API (#1580)
- Insecure content warning when running Recline under SSL (#1729)
- Inserting empty arrays in JSON type fields in datastore fails (#1776)
- Deleted Users bug (#1668)
- Bug fixes:
- Fix extras deletion (#1449)
- Better word breaking on long words (#1398)
- Fix activity and about organization pages (#1298)
- Show 404 instead of login page on user not found (#1068)
- Remove limit of number of arguments passed to
user add
command. - Fix related_list logic function (#1384)
- Bug fixes:
- Fix errors on preview on non-root locations (#960)
- Don't accept invalid URLs in resource proxy (#1106)
- Make sure came_from url is local (#1039)
- Fix logout redirect in non-root locations (#1025)
- Don't return private datasets on package_list (#1295)
- Stop tracking failing when no lang/encoding headers (#1192)
- Fix for paster db clean command getting frozen
- Bug fixes:
- Fix markdown in group descriptions (#303)
- Fix resource proxy encoding errors (#896)
- Fix datastore exception on first run (#907)
- Enable streaming in resource proxy (#989)
- Fix in user search (#1024)
- Fix Celery configuration to allow overriding from config (#1027)
- Undefined function on organizations controller (#1036)
- Fix license not translated in orgs/groups (#1040)
- Fix link to documentation from the footer (#1062)
- Fix missing close breadcrumb tag in org templates (#1071)
- Fix recently_changed_packages_activity_stream function (#1159)
- Fix Recline map sidebar not showing in IE 7-8 (#1133)
- Bug fixes:
- Use IDatasetForm schema for resource_update (#897)
- Fixes for CKAN being run on a non-root URL (#948, #913)
- Fix resource edit errors losing info (#580)
- Fix Czech translation (#900)
- Allow JSON filters for datastore_search on GET requests (#917)
- Install vdm from the Python Package Index (#764)
- Allow extra parameters on Solr queries (#739)
- Create site user at startup if it does not exist (#952)
- Fix modal popups positioning (#828)
- Fix wrong redirect on dataset form on IE (#963)
Note
Starting on v2.0, issue numbers with four digits refer to the old ticketing system at http://trac.ckan.org and the ones with three digits refer to GitHub issues. For example:
- #3020 is http://trac.ckan.org/ticket/3020
- #271 is ckan#271
Some GitHub issues URLs will redirect to GitHub pull request pages.
Note
v2.0 is a huge release so the changes listed here are just the highlights. Bug fixes are not listed.
Note: This version requires a requirements upgrade on source installations
Note: This version requires a database upgrade
Note: This version requires a Solr schema upgrade
- Organizations based authorization (see :doc:`/maintaining/authorization`):
CKAN's new "organizations" feature replaces the old authorization system with a new one based on publisher organizations. It replaces the "Publisher Profile and Workflow" feature from CKAN 1.X, any instances relying on it will need to be updated.
- New organization-based authorization and organization of datasets
- Supports private datasets
- Publisher workflow
- New authorization ini file options
- New frontend (see :doc:`/theming/index`):
CKAN's frontend has been completely redesigned, inside and out. There is a new default theme and the template engine has moved from Genshi to Jinja2. Any custom templates using Genshi will need to be updated, although there is a
ckan.legacy_templates
setting to aid in the migration.- Block-based template inheritance
- Custom jinja tags: {% ckan_extends %}, {% snippet %} and {% url_for %} (#2502, #2503)
- CSS "primer" page for theme developers
- We're now using LESS for CSS
- Scalable font icons (#2563)
- Social sharing buttons (google plus, facebook, twitter) (this replaces the ckanext-social extension)
- Three-stage dataset creation form (#2501)
- New paster front-end-build command does everything needed to build the frontend for a production CKAN site (runs paster less to compile the css files, paster minify to minify the css and js files, etc.)
- Plugins & Extensions:
- New plugins toolkit provides a stable set of utility and helper functions for CKAN plugins to depend on.
- The IDatasetForm plugin interface has been redesigned (note: this breaks backwards-compatibility with existing IDatasetForm plugins) (#649)
- Many IDatasetForm bugs were fixed
- New example extensions in core, and better documentation for the relevant plugin interfaces: example_itemplatehelpers (#447), example_idatasetform (#2750), hopefully more to come in 2.1!
- New IFacets interface that allows to modify the facets shown on various pages. (#400)
- The get_action() function now automatically adds 'model' and 'session' to the context dict (this saves on boiler-plate code, and means plugins don't have to import ckan.model in order to call get_action()) (#172)
- Activity Streams, Following & User Dashboard:
- New visual design for activity streams (#2941)
- Group activity streams now include activities for changes to any of the group's datasets (#1664)
- Group activity streams now appear on group pages (previously they could only be retrieved via the api)
- Dataset activity streams now appear on dataset pages (previously they could only be retrieved via the api) (#3024)
- Users can now follow groups (previously you could only follow users or datasets) (#3005)
- Activity streams and following are also supported for organizations (#505)
- When you're logged into CKAN, you now get a notifications count in the top-right corner of the site, telling you how many new notifications you have on your dashboard. Clicking on the count takes you to your dashboard page to view your notifications. (#3009)
- Optionally, you can also receive notifications by email when you have new activities on your dashboard (#1635)
- Infinite scrolling of activity streams (if you scroll to the bottom of a an activity stream, CKAN will automatically load more activities) (#3018)
- Redesigned user dashboard (#3028):
- New dropdown-menu enables you to filter you dashboard activity stream to show only activities from a particular user, dataset, group or organization that you're following
- New sidebar shows previews and unfollow buttons (when the activity stream is filtered)
- New :ref:`ckan.activity_streams_enabled` config file setting allows you to disable the generation of activity streams (#654)
- Data Preview:
- PDF files preview (#2203)
- JSON files preview
- HTML pages preview (in an iframe) (#2888)
- New plugin extension point that allows plugins to add custom data previews for different data types (#2961)
- Improved Recline Data Explorer previews (CSV files, Excel files..)
- Plain text files preview
- API:
- The Action API is now CKAN's default API, and the API documentation has been rewritten (#357)
- Other highlights:
- CKAN now has continuous integration testing at https://travis-ci.org/ckan/ckan/
- Dataset pages now have <link rel="alternate" type="application/rdf+xml" links in the HTML headers, allows linked-data tools to find CKAN's RDF rendering of a dataset's metadata (#413)
- CKAN's DataStore and Data API have been rewritten, and now use PostgreSQL instead of elasticsearch, so there's no need to install elasticsearch anymore (this feature was also back-ported to CKAN 1.8) (#2733)
- New Config page for sysadmins (/ckan-admin/config) enables sysadmins to set the site title, tag line, logo, the intro text shown on the front page, the about text shown on the /about page, select a theme, and add custom CSS (#2302, #2781)
- New paster color command for creating color schemes
- Fanstatic integration (#2371):
- CKAN now uses Fanstatic to specify required static resource files (js, css..) for web pages
- Enables each page to only include the static files that it needs, reducing page loads
- Enables CKAN to use bundled and minified static files, further reducing page loads
- CKAN's new paster minify command is used to create minified js and css files (#2950) (also see paster front-end-build)
- CKAN will now recognise common file format strings such as "application/json", "JSON", ".json" and "json" as a single file type "json" (#2416)
- CKAN now supports internalization of strings in javascript files, the new paster trans command is used to pull translatable strings out of javascript files (#2774, #2750)
- convert_to/from_extras have been fixed to not add quotes around strings (#2930)
- Updated CKAN coding standards (#3020) and CONTRIBUTING.rst file
- Built-in page view counting and 'popular' badges on datasets and resources There's also a paster command to export the tracking data to a csv file (#195)
- Updated CKAN Coding Standards and new CONTRIBUTING.rst file
- You can now change the sort ordering of datasets on the dataset search page
- Deprecated and removed:
- The IGenshiStreamFilter plugin interface is deprecated (#271), use the ITemplateHelpers plugin interface instead
- The Model, Search and Util APIs are deprecated, use the Action API instead
- Removed restrict_template_vars config setting (#2257)
- Removed deprecated facet_title() template helper function, use get_facet_title() instead (#2257)
- Removed deprecated am_authorized() template helper function, use check_access() instead (#2257)
- Removed deprecated datetime_to_datestr() template helper function (#2257)
- Bug fixes:
- Fix for using harvesters with organization setup
- Refactor for user update logic
- Tweak resources visibility query
- Bug fixes:
- Fixed possible XSS vulnerability on html input (#703)
- Fix unicode template 500 error (#808)
- Fix error on related controller
Note: This version requires a requirements upgrade on source installations
Note: This version requires a database upgrade
Note: This version does not require a Solr schema upgrade
- Major
- New 'follow' feature that allows logged in users to follow other users or datasets (#2304)
- New user dashboard that shows an activity stream of all the datasets and users you are following. Thanks to Sven R. Kunze for his work on this (#2305)
- New version of the Datastore. It has been completely rewritten to use PostgreSQL as backend, it is more stable and fast and supports SQL queries (#2733)
- Clean up and simplifyng of CKAN's dependencies and source install instructions. Ubuntu 12.04 is now supported for source installs (#2428,#2592)
- Big speed improvements when indexing datasets (#2788)
- New action API reference docs, which individually document each function and its arguments and return values (#2345)
- Updated translations, added Japanese and Korean translations
- Minor
- Add source install upgrade docs (#2757)
- Mark more strings for translation (#2770)
- Allow sort ordering of dataset listings on group pages (#2842)
- Reenable simple search option (#2844)
- Editing organization removes all datasets (#2845)
- Accessibility enhancements on templates
- Bug fixes
- Fix for relative url being used when doing file upload to local storage
- Various fixes on IGroupFrom (#2750)
- Fix group dataset sort (#2722)
- Fix adding existing datasets to organizations (#2843)
- Fix 500 error in related controller (#2856)
- Fix for non-open licenses appearing open
- Editing organization removes all datasets (#2845)
- API changes and deprecation:
- Template helper functions are now restricted by default. By default only those helper functions listed in lib.helpers.__allowed_functions__ are available to templates. The full functions can still be made available by setting ckan.restrict_template_vars = false in your ini file. Only restricted functions will be allowed in future versions of CKAN.
- Deprecated functions related to the old faceting data structure have been removed: helpers.py:facet_items(), facets.html:facet_sidebar(), facets.html:facet_list_items(). Internal use of the old facets datastructure (attached to the context, c.facets) has been superseded by use of the improved facet data structure, c.search_facets. The old data structure is still available on c.facets, but is deprecated, and will be removed in future versions. (#2313)
- Bug fixes:
- Refactor for user update logic
- Tweak resources visibility query
- Bug fixes:
- Fixed possible XSS vulnerability on html input (#703)
- Minor:
- Documentation enhancements regarding file uploads
- Bug fixes:
- Fixes for lincences i18n
- Remove sensitive data from user dict (#2784)
- Fix bug in feeds controller (#2869)
- Show dataset author and maintainer names even if they have no emails
- Fix URLs for some Amazon buckets
- Other minor fixes
- Minor:
- Documentation enhancements regarding install and extensions (#2505)
- Home page and search results speed improvements (#2402,#2403)
- I18n: Added Greek translation and updated other ones (#2506)
- Bug fixes:
- UI fixes (#2507)
- Fixes for i18n login and logout issues (#2497)
- Date on add/edit resource breaks if offset is specified (#2383)
- Fix in organizations read page (#2509)
- Add synchronous_search plugin to deployment.ini template (#2521)
- Inconsistent language on license dropdown (#2575)
- Fix bug in translating lists in multilingual plugin
- Group autocomplete doesn't work with multiple words (#2373)
- Other minor fixes
- Major:
- Updated SOLR schema (#2327). Note: This will require and update of the SOLR schema file and a reindex.
- Support for Organization based workflow, with membership determinig access permissions to datasets (#1669,#2255)
- Related items such as visualizations, applications or ideas can now be added to datasets (#2204)
- Restricted vocabularies for tags, allowing grouping related tags together (#1698)
- Internal analytics that track number of views and downloads for datasets and resources (#2251)
- Consolidated multilingual features in an included extension (#1821,#1820)
- Atom feeds for publishers, tags and search results (#1593,#2277)
- RDF dump paster command (#2303)
- Better integration with the DataStore, based on ElasticSearch, with nice helper docs (#1797)
- Updated the Recline data viewer with new features such as better graphs and a map view (#2236,#2283)
- Improved and redesigned documentation (#2226,#2245,#2248)
- Minor:
- Groups can have an image associated (#2275)
- Basic resource validation (#1711)
- Ability to search without accents for accented words (#906)
- Weight queries so that title is more important than rest of body (#1826)
- Enhancements in the dataset and resource forms (#1506)
- OpenID can now be disabled (#1830)
- API and forms use same validation (#1792)
- More robust bulk search indexing, with options to ignore exceptions and just refresh (#1616i,#2232)
- Modify where the language code is placed in URLs (#2261)
- Simplified licenses list (#1359)
- Add extension point for dataset view (#1741)
- Bug fixes:
- Catch exceptions on the QA archiver (#1809)
- Error when changing language when CKAN is mounted in URL (#1804)
- Naming of a new package/group can clash with a route (#1742)
- Can't delete all of a package's resources over REST API (#2266)
- Group edit form didn't allow adding multiple datasets at once (#2292)
- Fix layout bugs in IE 7 (#1788)
- Bug with Portugese translation and Javascript (#2318)
- Fix broken parse_rfc_2822 helper function (#2314)
- Major:
- Resources now have their own pages, as well as showing in the Dataset (#1445, #1449)
- Group pages enhanced, including in-group search (#1521)
- User pages enhanced with lists of datasets (#1396) and recent activity (#1515)
- Dataset view page decluttered (#1450)
- Tags not restricted to just letters and dashes (#1453)
- Stats Extension and Storage Extension moved into core CKAN (#1576, #1608)
- Ability to mounting CKAN at a sub-URL (#1401, #1659)
- 5 Stars of Openness ratings show by resources, if ckanext-qa is installed (#1583)
- Recline Data Explorer (for previewing and plotting data) improved and v2 moved into core CKAN (#1602, #1630)
- Minor:
- 'About' page rewritten and easily customisable in the config (#1626)
- Gravatar picture displayed next to My Account link (#1528)
- 'Delete' button for datasets (#1425)
- Relationships API more RESTful, validated and documented (#1695)
- User name displayed when logged in (#1529)
- Database dumps now exclude deleted packages (#1623)
- Dataset/Tag name length now limited to 100 characters in API (#1473)
- 'Status' API call now includes installed extensions (#1488)
- Command-line interface for list/read/deleting datasets (#1499)
- Slug API calls tidied up and documented (#1500)
- Users nagged to add email address if missing from their account (#1413)
- Model and API for Users to become Members of a Group in a certain Capacity (#1531, #1477)
- Extension interface to adjust search queries, indexing and results (#1547, #1738)
- API for changing permissions (#1688)
- Bug fixes:
- Group deletion didn't work (#1536)
- metadata_created used to return an entirely wrong date (#1546)
- Unicode characters in field-specific API search queries caused exception (since CKAN 1.5) (#1798)
- Sometimes task_status errors weren't being recorded (#1483)
- Registering or Logging in failed silently when already logged in (#1799)
- Deleted packages were browseable by administrators and appeared in dumps (#1283, #1623)
- Facicon was a broken link unless corrected in config file (#1627)
- Dataset search showed last result of each page out of order (#1683)
- 'Simple search' mode showed 0 packages on home page (#1709)
- Occasionally, 'My Account' shows when user is not logged in (#1513)
- Could not change language when on a tag page that had accented characters or dataset creation page (#1783, #1791)
- Editing package via API deleted its relationships (#1786)
- Major:
- Background tasks (#1363, #1371, #1408)
- Fix for security issue affecting CKAN v1.5 (#1585)
- Minor:
- Language support now excellent for European languages: en de fr it es no sv pl ru pt cs sr ca
- Web UI improvements:
- Resource editing refreshed
- Group editing refreshed
- Indication that group creation requires logging-in (#1004)
- Users' pictures displayed using Gravatar (#1409)
- 'Welcome' banner shown to new users (#1378)
- Group package list now ordered alphabetically (#1502)
- Allow managing a dataset's groups also via package entity API (#1381)
- Dataset listings in API standardised (#1490)
- Search ordering by modification and creation date (#191)
- Account creation disallowed with Open ID (create account in CKAN first) (#1386)
- User name can be modified (#1386)
- Email address required for registration (for password reset) (#1319)
- Atom feeds hidden for now
- New config options to ease CSS insertion into the template (#1380)
- Removed ETag browser cache headers (#1422)
- CKAN version number and admin contact in new 'status_show' API (#1087)
- Upgrade SQLAlchemy to 0.7.3 (compatible with Postgres up to 9.1) (#1433)
- SOLR schema is now versioned (#1498)
- Bug fixes:
- Group ordering on main page was alphabetical but should be by size (since 1.5) (#1487)
- Package could get added multiple times to same Group, distorting Group size (#1484)
- Search index corruption when multiple CKAN instances on a server all storing the same object (#1430)
- Dataset property metadata_created had wrong value (since v1.3) (#1546)
- Tag browsing showed tags for deleted datasets (#920)
- User name change field validation error (#1470)
- You couldn't edit a user with a unicode email address (#1479)
- Package search API results missed the extra fields (#1455)
- OpenID registration disablement explained better (#1532)
- Data upload (with ckanext-storage) failed if spaces in the filename (#1518)
- Resource download count fixed (integration with ckanext-googleanalytics) (#1451)
- Multiple CKANs with same dataset IDs on the same SOLR core would conflict (#1462)
Deprecated due to security issue #1585
- Major:
- New visual theme (#1108)
- Package & Resource edit overhaul (#1294/#1348/#1351/#1368/#1296)
- JS and CSS reorganization (#1282, #1349, #1380)
- Apache Solr used for search in core instead of Postgres (#1275, #1361, #1365)
- Authorization system now embedded in the logic layer (#1253)
- Captcha added for user registration (#1307, #1431)
- UI language translations refreshed (#1292, #1350, #1418)
- Action API improved with docs now (#1315, #1302, #1371)
- Minor:
- Cross-Origin Resource Sharing (CORS) support (#1271)
- Strings to translate into other languages tidied up (#1249)
- Resource format autocomplete (#816)
- Database disconnection gives better error message (#1290)
- Log-in cookie is preserved between sessions (#78)
- Extensions can access formalchemy forms (#1301)
- 'Dataset' is the new name for 'Package' (#1293)
- Resource standard fields added: type, format, size (#1324)
- Listing users speeded up (#1268)
- Basic data preview functionality moved to core from QA extension (#1357)
- Admin Extension merged into core CKAN (#1264)
- URLs in the Notes field are automatically linked (#1320)
- Disallow OpenID for account creation (but can be linked to accounts) (#1386)
- Tag name now validated for max length (#1418)
- Bug fixes:
- Purging of revisions didn't work (since 1.4.3) (#1258)
- Search indexing wasn't working for SOLR (since 1.4.3) (#1256)
- Configuration errors were being ignored (since always) (#1172)
- Flash messages were temporarily held-back when using proxy cache (since 1.3.2) (#1321)
- On login, user told 'welcome back' even if he's just registered (#1194)
- Various minor exceptions cropped up (mostly since 1.4.3) (#1334, #1346)
- Extra field couldn't be set to original value when key deleted (#1356)
- JSONP callback parameter didn't work for the Action API (since 1.4.3) (#1437)
- The same tag could be added to a package multiple times (#1331)
- Minor:
- Added files to allow debian packaging of CKAN
- Added Catalan translation
- Bug fixes:
- Incorrect Group creation form parameter caused exception (#1347)
- Incorrect AuthGroup creation form parameter caused exception (#1346)
- Major:
- Action API (API v3) (beta version) provides powerful RPC-style API to CKAN data (#1335)
- Documentation overhaul (#1142, #1192)
- Minor:
- Viewing of a package at a given date (as well as revision) with improved UI (#1236)
- Extensions can now add functions to the logic layer (#1211)
- Refactor all remaining database code out of the controllers and into the logic layer (#1229)
- Any OpenID log-in errors that occur are now displayed (#1228)
- 'url' field added to search index (e9214)
- Speed up tag reading (98d72)
- Cope with new WebOb version 1 (#1267)
- Avoid exceptions caused by bots hitting error page directly (#1176)
- Too minor to mention: #1234,
- Bug fixes:
- Re-adding tags to a package failed (since 1.4.1 in Web UI, 1.4 in API) (#1239)
- Modified revisions retrieved over API caused exception (since 1.4.2) (#1310)
- Whichever language you changed to, it announced "Language set to: English" (since 1.3.1) (#1082)
- Incompatibilities with Python 2.5 (since 1.3.4.1 and maybe earlier) (#1325)
- You could create an authorization group without a name, causing exceptions displaying it (#1323)
- Revision list wasn't showing deleted packages (b21f4)
- User editing error conditions handled badly (#1265)
- Major:
- Packages revisions can be marked as 'moderated' (#1141, #1147)
- Password reset facility (#1186/#1198)
- Minor:
- Viewing of a package at any revision (#1236)
- API POSTs can be of Content-Type "application/json" as alternative to existing "application/x-www-form-urlencoded" (#1206)
- Caching of static files (#1223)
- Bug fixes:
- When you removed last row of resource table, you could't add it again - since 1.0 (#1215)
- Adding a tag to package that had it previously didn't work - since 1.4.1 in UI and 1.4.0 in API (#1239)
- Search index was not updated if you added a package to a group - since 1.1 (#1140)
- Exception if you had any Groups and migrated between CKAN v1.0.2 to v1.2 (migration 29) - since v1.0.2 (#1205)
- API Package edit requests returned the Package in a different format to usual - since 1.4 (#1214)
- API error responses were not all JSON format and didn't have correct Content-Type (#1214)
- API package delete doesn't require a Content-Length header (#1214)
- Major:
- Refactor Web interface to use logic layer rather than model objects directly. Forms now defined in navl schema and designed in HTML template. Forms use of Formalchemy is deprecated. (#1078)
- Minor:
- Links in user-supplied text made less attractive to spammers (nofollow) #1181
- Package change notifications - remove duplicates (#1149)
- Metadata dump linked to (#1169)
- Refactor authorization code to be common across Package, Group and Authorization Group (#1074)
- Bug fixes
- Duplicate authorization roles were difficult to delete (#1083)
- Major:
- Authorization forms now in grid format (#1074)
- Links to RDF, N3 and Turtle metadata formats provided by semantic.ckan.net (#1088)
- Refactor internal logic to all use packages in one format - a dictionary (#1046)
- A new button for administrators to change revisions to/from a deleted state (#1076)
- Minor:
- Etags caching can now be disabled in config (#840)
- Command-line tool to check search index covers all packages (#1073)
- Command-line tool to load/dump postgres database (#1067)
- Bug fixes:
- Visitor can't create packages on new CKAN install - since v1.3.3 (#1090)
- OpenID user pages couldn't be accessed - since v1.3.2 (#1056)
- Default site_url configured to ckan.net, so pages obtains CSS from ckan.net- since v1.3 (#1085)
- Major:
- Authorization checks added to editing Groups and PackageRelationships (#1052)
- API: Added package revision history (#1012, #1071)
- Minor:
- API can take auth credentials from cookie (#1001)
- Theming: Ability to set custom favicon (#1051)
- Importer code moved out into ckanext-importlib repo (#1042)
- API: Group can be referred to by ID (in addition to name) (#1045)
- Command line tool: rights listing can now be filtered (#1072)
- Bug fixes:
- SITE_READ role setting couldn't be overridden by sysadmins (#1044)
- Default 'reader' role too permissive (#1066)
- Resource ordering went wrong when editing and adding at same time (#1054)
- GET followed by PUTting a package stored an incorrect license value (#662)
- Sibling package relationships were shown for deleted packages (#664)
- Tags were displayed when they only apply to deleted packages (#920)
- API: 'Last modified' time was localised - now UTC (#1068)
- Major:
- User list in the Web interface (#1010)
- CKAN packaged as .deb for install on Ubuntu
- Resources can have extra fields (although not in web interface yet) (#826)
- CSW Harvesting - numerous of fixes & improvements. Ready for deployment. (#738 etc)
- Language switcher (82002)
- Minor:
- Wordpress integration refactored as a Middleware plugin (#1013)
- Unauthorized actions lead to a flash message (#366)
- Resources Groups to group Resources in Packages (#956)
- Plugin interface for authorization (#1011)
- Database migrations tested better and corrected (#805, #998)
- Government form moved out into ckanext-dgu repo (#1018)
- Command-line user authorization tools extended (#1038, #1026)
- Default user roles read from config file (#1039)
- Bug fixes:
- Mounting of filesystem (affected versions since 1.0.1) (#1040)
- Resubmitting a package via the API (affected versions since 0.6?) (#662)
- Open redirect (affected v1.3) (#1026)
http://ckan.org/milestone/ckan-v1.3
- Highlights of changes:
- Package edit form improved:
- field instructions (#679)
- name autofilled from title (#778)
- Group-based access control - Authorization Groups (#647)
- Metadata harvest job management (#739, #884, #771)
- CSW harvesting now uses owslib (#885)
- Package creation authorization is configurable (#648)
- Read-only maintenance mode (#777)
- Stats page (#832) and importer (#950) moved out into CKAN extensions
- Minor:
- site_title and site_description config variables (#974)
- Package creation/edit timestamps (#806)
- Caching configuration centralised (#828)
- Command-line tools - sysadmin management (#782)
- Group now versioned (#231)
http://ckan.org/milestone/ckan-v1.2
- Highlights of changes:
- Package edit form: attach package to groups (#652) & revealable help
- Form API - Package/Harvester Create/New (#545)
- Authorization extended: user groups (#647) and creation of packages (#648)
- Plug-in interface classes (#741)
- WordPress twentyten compatible theming (#797)
- Caching support (ETag) (#693)
- Harvesting GEMINI2 metadata records from OGC CSW servers (#566)
- Minor:
- New API key header (#466)
- Group metadata now revisioned (#231)
http://ckan.org/milestone/v1.1
- Highlights of changes:
- Changes to the database cause notifications via AMQP for clients (#325)
- Pluggable search engines (#317), including SOLR (#353)
- API is versioned and packages & groups can be referred to by invariant ID (#313)
- Resource search in API (#336)
- Visual theming of CKAN now easy (#340, #320)
- Greater integration with external Web UIs (#335, #347, #348)
- Plug-ins can be configured to handle web requests from specified URIs and insert HTML into pages.
- Minor:
- Search engine optimisations e.g. alphabetical browsing (#350)
- CSV and JSON dumps improved (#315)
- Bugfix: API returns error when creating package (#432)
Functionality:
- API: Revision search 'since id' and revision model in API
- API: Basic API versioning - packages specified by ID (#313)
- Pluggable search - initial hooks
- Customisable templates (#340) and external UI hooks (#335)
Bugfixes:
- Revision primary key lost in migrating data (#311)
- Local authority license correction in migration (#319)
- I18n formatting issues
- Web i/f searches foreign characters (#319)
- Data importer timezone issue (#330)
CKAN comes of age, having been used successfully in several deployments around the world. 56 tickets covered in this release. See: http://ckan.org/milestone/v1.0
Highlights of changes:
- Package edit form: new pluggable architecture for custom forms (#281, #286)
- Package revisions: diffs now include tag, license and resource changes (#303)
- Web interface: visual overhaul (#182, #206, #214-#227, #260) including a tag cloud (#89)
- i18n: completion in Web UI - now covers package edit form (#248)
- API extended: revisions (#251, #265), feeds per package (#266)
- Developer documentation expanded (#289, #290)
- Performance improved and CKAN stress-tested (#201)
- Package relationships (Read-Write in API, Read-Only in Web UI) (#253-257)
- Statistics page (#184)
- Group edit: add multiple packages at once (#295)
- Package view: RDF and JSON formatted metadata linked to from package page (#247)
Bugfixes:
- Resources were losing their history (#292)
- Extra fields now work with spaces in the name (#278, #280) and international characters (#288)
- Updating resources in the REST API (#293)
Infrastructural:
- Licenses: now uses external License Service ('licenses' Python module)
- Changesets introduced to support distributed revisioning of CKAN data - see doc/distributed.rst for more information.
Our biggest release so far (55 tickets) with lots of new features and improvements. This release also saw a major new production deployment with the CKAN software powering http://data.gov.uk/ which had its public launch on Jan 21st!
For a full listing of tickets see: <http://ckan.org/milestone/v0.11>. Main highlights:
- Package Resource object (multiple download urls per package): each package can have multiple 'resources' (urls) with each resource having additional metadata such as format, description and hash (#88, #89, #229)
- "Full-text" searching of packages (#187)
- Semantic web integration: RDFization of all data plus integration with an online RDF store (e.g. for http://www.ckan.net/ at http://semantic.ckan.net/ or Talis store) (#90 #163)
- Package ratings (#77 #194)
- i18n: we now have translations into German and French with deployments at http://de.ckan.net/ and http://fr.ckan.net/ (#202)
- Package diffs available in package history (#173)
- Minor:
- Package undelete (#21, #126)
- Automated CKAN deployment via Fabric (#213)
- Listings are sorted alphabetically (#195)
- Add extras to rest api and to ckanclient (#158 #166)
- Infrastructural:
- Change to UUIDs for revisions and all domain objects
- Improved search performance and better pagination
- Significantly improved performance in API and WUI via judicious caching
- Switch to repoze.who for authentication (#64)
- Explicit User object and improved user account UI with recent edits etc (#111, #66, #67)
- Generic Attributes for Packages (#43)
- Use sqlalchemy-migrate to handle db/model upgrades (#94)
- "Groups" of packages (#105, #110, #130, #121, #123, #131)
- Package search in the REST API (#108)
- Full role-based access control for Packages and Groups (#93, #116, #114, #115, #117, #122, #120)
- New CKAN logo (#72)
- Infrastructural:
- Upgrade to Pylons 0.9.7 (#71)
- Convert to use formalchemy for all forms (#76)
- Use paginate in webhelpers (#118)
- Minor:
- Add author and maintainer attributes to package (#91)
- Change package state in the WUI (delete and undelete) (#126)
- Ensure non-active packages don't show up (#119)
- Change tags to contain any character (other than space) (#62)
- Add Is It Open links to package pages (#74)
- (DM!) Add version attribute for package
- Fix purge to use new version of vdm (0.4)
- Link to changed packages when listing revision
- Show most recently registered or updated packages on front page
- Bookmarklet to enable easy package registration on CKAN
- Usability improvements (package search and creation on front page)
- Use external list of licenses from license repository
- Convert from py.test to nosetests
- View information about package history (ticket:53)
- Basic datapkg integration (ticket:57)
- Show information about package openness using icons (ticket:56)
- One-stage package create/registration (r437)
- Reinstate package attribute validation (r437)
- Upgrade to vdm 0.4
- Convert to use SQLAlchemy and vdm v0.3 (v. major)
- Atom/RSS feed for Recent Changes
- Package search via name and title
- Tag lists show number of associated packages
- Autocompletion (+ suggestion) of tags when adding tags to a package.
- Paginated lists for packages, tags, and revisions.
- RESTful machine API for package access, update, listing and creation.
- API Keys for users who wish to modify information via the REST API.
- Update to vdm v0.2 (SQLObject) which fixes ordering of lists.
- Better immunity to SQL injection attacks.
- Purging of a Revision and associated changes from cli and wui (ticket:37)
- Make data available in machine-usable form via sql dump (ticket:38)
- Upgrade to Pylons 0.9.6.* and deploy (ticket:41)
- List and search tags (ticket:33)
- (bugfix) Manage reserved html characters in urls (ticket:40)
- New spam management utilities including (partial) blacklist support
- Preview support when editing a package (ticket:36).
- Correctly list IP address of of not logged in users (ticket:35).
- Improve read action for revision to list details of changed items (r179).
- Sort out deployment using modpython.
- System now in a suitable state for production deployment as a beta
- Domain model versioning via the vdm package (currently released separately)
- Basic Recent Changes listing log messages
- User authentication (login/logout) via open ID
- License page
- Myriad of small fixes and improvements
- Complete rewrite of ckan to use pylons web framework
- Support for full CRUD on packages and tags
- No support for users (authentication)
- No versioning of domain model objects
NB: not an official release
- Almost functional system with support for persons, packages
- Tag support only half-functional (tags are per package not global)
- Limited release and file support