HumanSignal/label-studio 1.9.2.post0

on GitHub

Security

• Fix ORM Leak security vulnerability in Label Studio (CVE-2023-47117). This vulnerability inadvertently made it possible to leak certain secrets from the database via the task filtering endpoint powering Data Manager. We strongly recommend upgrading to this new version, and would like to thank @alex-elttam for identifying this issue in Label Studio.

Breaking changes

• In general, task filtering expressions that depend on foreign keys will no longer be allowed in this and future versions of Label Studio. However, individual expressions leveraging foreign key relationships (that is, filters containing __, as in updated_by__active_organization) may be allowlisted via the environment variable DATA_MANAGER_FILTER_ALLOWLIST, which accepts a comma-separated list of task filters.

Full Changelog: tags/1.9.2...1.9.2.post0
This changelog was updated in response to a push of f931d9d Workflow run

Jira Release not found
Aha! Release 1.9.2.post0
Release Notes are generated based on git log: No tasks found in Task Tracker.

Turned off Feature Flags (98)

• feat_all_optic_71_dashboard_multiple_labeling_group_support_v1_01092023_short
• feat_front_dev_1752_notification_links_in_label_and_review_streams
• feat_front_dev_3260_alternative_shortcuts_for_video_naviagtion
• feat_front_dev_399_lock_interface_when_trial_expired_short
• feat_front_dev_4008_quick_task_open_short
• feat_front_lsdv_4583_multi_image_segmentation_short
• ff_back_1587_email_notifications_310122_long
• ff_back_2004_async_review_24032022_short
• ff_back_2884_comments_notifications_02092022_short
• ff_back_DEV_1711_review_queue_140222_short
• ff_back_DEV_3374_review_query_160922_short
• ff_back_dev_1417_start_training_mlbackend_webhooks_250122_long
• ff_back_dev_1948_reviewed_status_16052022_short
• ff_back_dev_2362_project_credentials_060722_short
• ff_back_dev_4664_remove_storage_file_on_export_delete_29032023_short
• ff_back_experimental_features
• ff_front_DEV_1713_audio_ui_150222_short
• ff_front_dev_1442_unselect_shape_on_click_outside_080622_short
• ff_front_dev_1470_dm_pagination_010422_short
• ff_front_dev_1480_created_on_in_review_180122_short
• ff_front_dev_1555_auto_annotations_not_visible
• ff_front_dev_1658_notification_center_170222_short
• ff_front_dev_2186_comments_for_update
• ff_front_dev_2458_comments_for_skip_250522_short
• ff_front_dev_2671_anchor_rotate_bbox_010722_short
• fflag-feat-back-lops-154-datasets-export-candidates
• fflag-feat-dev-2887-comments-ui-editor-short
• fflag-feat-dev-3034-comments-with-drafts-short
• fflag-feat-dia-407-accept-multiple-search-queries-short
• fflag-feat-front-dev-2395-consistent-working-area-for-all-image-sizes
• fflag-feat-front-dev-2866-free-trial-invite-short
• fflag-feat-front-dev-3051-trial-experience
• fflag_feat_all_dia_13_structured_data_support_short
• fflag_feat_all_lops_315_temp_datasets_limitations_short
• fflag_feat_all_lops_milvus_migration_short
• fflag_feat_all_lsdv_4915_async_task_import_13042023_short
• fflag_feat_all_lsdv_4945_api_requests_with_pagination_20042023_short
• fflag_feat_all_lsdv_e_295_project_level_roles_via_saml_scim_ldap_short
• fflag_feat_all_optic_114_soft_delete_for_churned_employees
• fflag_feat_back_dev_3756_queue_enrollment_min_short
• fflag_feat_back_dev_3792_add_sync_update_is_labeled_301122_short
• fflag_feat_back_dev_3792_next_task_data_fix_long
• fflag_feat_back_lsdv_3958_server_side_encryption_for_target_storage_short
• fflag_feat_back_lsdv_4932_enable_memory_profiler
• fflag_feat_back_lsdv_5307_import_reviews_drafts_29062023_short
• fflag_feat_dev_2755_regions_list_grouped_by_labels_with_ordered_collapse_short
• fflag_feat_dia_471_add_new_column_projects_short
• fflag_feat_front_dev-2536_comment_notifications_short
• fflag_feat_front_dev_2758_adjustable_draggable_spans_short
• fflag_feat_front_dev_3051_trial_experience_short
• fflag_feat_front_dev_3143_explore_page_short
• fflag_feat_front_leap_e_1_monorepo_migration_short
• fflag_feat_front_leap_e_4_streams_refinements_long
• fflag_feat_front_lops_12_label_ops_ui_short
• fflag_feat_front_lops_75_pretty_select_short
• fflag_feat_front_lops_86_datasets_storage_edit_short
• fflag_feat_front_lops_e_10_updated_ux_short
• fflag_feat_front_lsdv_3025_outliner_filter_short
• fflag_feat_front_lsdv_4583_6_images_preloading_short
• fflag_feat_front_lsdv_4583_multi_image_segmentation_short
• fflag_feat_front_lsdv_5451_async_taxonomy_110823_short
• fflag_feat_front_lsdv_5452_taxonomy_labeling_110823_short
• fflag_feat_front_prod_281_project_list_search_19072023_short
• fflag_feat_front_prod_292_archive_workspaces_short
• fflag_feat_optic_198_multi_select_users_short
• fflag_feat_optic_67_drag_and_drop_charts
• fflag_fix_all_lsdv_4813_async_export_conversion_22032023_short
• fflag_fix_all_lsdv_4896_dm_actions_to_reviewers_20230403_short
• fflag_fix_all_lsdv_4971_async_reimport_09052023_short
• fflag_fix_all_optic_18_dashboard_label_distribution_chart_async_22082023_short
• fflag_fix_all_optic_79_task_count_is_wrong_short
• fflag_fix_back_dev_3668_review_stream_optimizaion_short
• fflag_fix_back_dev_4174_overlap_issue_experiments_10012023_short
• fflag_fix_back_dev_4185_next_task_additional_logging_long
• fflag_fix_back_leap_24_tasks_api_optimization_05092023_short
• fflag_fix_back_lsdv_1044_check_annotations_24012023_short
• fflag_fix_back_lsdv_3029_set_password_on_trial_signup_25012023_short
• fflag_fix_back_lsdv_4523_show_overlap_first_order_27022023_short
• fflag_fix_back_lsdv_4826_annotation_history_20230331_short
• fflag_fix_back_lsdv_5289_prevent_db_deadlocks_16062023_short
• fflag_fix_back_lsdv_5289_run_bulk_updates_in_transactions_short
• fflag_fix_back_lsdv_5361_members_dashboard_page_timeouts
• fflag_fix_back_lsdv_5410_temporary_disable_auto_inference_jobs_short
• fflag_fix_back_lsdv_5425_1_enable_permissions_restrictions_for_annotators_long
• fflag_fix_back_optic_183_datamanager_filter_placeholder_keyed_task_data_short
• fflag_fix_back_optic_216_change_per_user_agreement_query_to_hit_more_indexes
• fflag_fix_font_lsdv_3009_draft_saving_stuck_130223_short
• fflag_fix_front_dev_2918_labeling_filtered_paragraphs_250822_short
• fflag_fix_front_dev_3391_interactive_view_all
• fflag_fix_front_dev_3706_undo_with_ml_backend_081122_short
• fflag_fix_front_dev_3734_hide_task_counter_131222_short
• fflag_fix_front_leap_218_improve_performance_of_taxonomy_search_short
• fflag_fix_front_lsdv_5177_image_regions_in_history_260523_short
• fflag_fix_front_lsdv_5177_save_draft_on_task_switch_250523_short
• fflag_fix_front_lsdv_5436_dashboard_members_page_async_24072023_short
• fix-backend-dev-3134-exclude-deactivated-users
• fix_back_dev_3351_ml_validation_error_extension_short
• fix_backend_dev_3134_exclude_deactivated_users

ALL LINES STARTING FROM QUOTE WILL BE IGNORED