Skip to content

Datasette

v0.65.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 7mo Relational Databases
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

asgi automatic-api csv datasets datasette datasette-io
+5 more
docker json python sql sqlite

Summary

AI summary

Fixed an open redirect security vulnerability in Datasette.

Full changelog
  • Fixes an open redirect security issue: Datasette instances would redirect to example.com/foo/bar if you accessed the path //example.com/foo/bar. Thanks to James Jefferies for the fix. #2429
  • Upgraded for compatibility with Python 3.14.
  • Fixed datasette publish cloudrun to work with changes to the underlying Cloud Run architecture. #2511
  • Minor upgrades to fix warnings, including pkg_resources deprecation.

Security Fixes

  • CVE-2024-XXXXX – Fixed open redirect vulnerability that allowed redirection to arbitrary URLs such as `example.com/foo/bar` when accessing paths like `//example.com/foo/bar`
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Datasette

Get notified when new releases ship.

Sign up free

About Datasette

Explore and publish data with easy import and export and database management.

All releases →

Related context

Beta — feedback welcome: [email protected]