You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by vi...@apache.org on 2020/09/05 19:36:24 UTC
[incubator-superset] 26/26: security: disallow uuid package on
jinja2 (#10794)
This is an automated email from the ASF dual-hosted git repository.
villebro pushed a commit to branch 0.37
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
commit 4ce3bd1af8599673833c1ae9a649894b67935567
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Fri Sep 4 16:37:14 2020 +0100
security: disallow uuid package on jinja2 (#10794)
* fix: disallow uuid package on jinja2
* update UPDATING.md
* Update UPDATING.md
Co-authored-by: Ville Brofeldt <33...@users.noreply.github.com>
Co-authored-by: Ville Brofeldt <33...@users.noreply.github.com>
---
UPDATING.md | 4 ++++
docs/sqllab.rst | 5 ++++-
superset/extensions.py | 5 ++++-
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/UPDATING.md b/UPDATING.md
index 3755694..2a6dcb8 100644
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -21,6 +21,10 @@ under the License.
This file documents any backwards-incompatible changes in Superset and
assists people when migrating to a new version.
+## 0.37.1
+
+* [10794](https://github.com/apache/incubator-superset/pull/10794): Breaking change: `uuid` python package is not supported on Jinja2 anymore, only uuid functions are exposed eg: `uuid1`, `uuid3`, `uuid4`, `uuid5`.
+
## 0.37.0
* [9964](https://github.com/apache/incubator-superset/pull/9964): Breaking change on Flask-AppBuilder 3. If you're using OAuth, find out what needs to be changed [here](https://github.com/dpgaspar/Flask-AppBuilder/blob/master/README.rst#change-log).
diff --git a/docs/sqllab.rst b/docs/sqllab.rst
index b582c53..27711cb 100644
--- a/docs/sqllab.rst
+++ b/docs/sqllab.rst
@@ -73,7 +73,10 @@ Superset's Jinja context:
- ``time``: ``time``
- ``datetime``: ``datetime.datetime``
-- ``uuid``: ``uuid``
+- ``uuid1``: ``uuid1``
+- ``uuid3``: ``uuid3``
+- ``uuid4``: ``uuid4``
+- ``uuid5``: ``uuid5``
- ``random``: ``random``
- ``relativedelta``: ``dateutil.relativedelta.relativedelta``
diff --git a/superset/extensions.py b/superset/extensions.py
index a0dad81..2a35166 100644
--- a/superset/extensions.py
+++ b/superset/extensions.py
@@ -48,7 +48,10 @@ class JinjaContextManager:
"relativedelta": relativedelta,
"time": time,
"timedelta": timedelta,
- "uuid": uuid,
+ "uuid1": uuid.uuid1,
+ "uuid3": uuid.uuid3,
+ "uuid4": uuid.uuid4,
+ "uuid5": uuid.uuid5,
}
self._template_processors: Dict[str, Type["BaseTemplateProcessor"]] = {}