⚠️ Security Advisory: If you are on versions <=4.3.2, please update immediately. v4.4.0 fixes a path traversal vulnerability on /raw routes and when uploading through the x-zipline-filename header. The vulnerability is only exploitable when using the local datasource, but even if you're using S3 please update. ⚠️ thanks to @DenizParlak for finding this and reporting!
have a great holidays! ❤️ more updates and features will be coming soon!
What's Changed
- fixed s3 ignoring subdirectory #910 #909
- fixed original name not showing in view routes #908
- fixed performance issues when rendering code with tons of lines #911
- fixed data export not completing fully with large sets #915
- fixed table options/id search buttons overlapping on title text #919
- fixed password protected uploads 403ing #921
- fixed mfa qrcode not being visible #916
- fixed deleting users causing a crash loop #914
- fixed file editing actions not working when viewing other users files #918
- fixed gps metadata removal not writing updated buffer to file
- fixed metrics erroring when collecting null usernames
- fixed transactional endpoint not working when on the current user
- fixed animated image compression not outputting animated file #926
- fixed table options/id search showing up in grid view #935
- fixed renaming large files in s3 #931
- added import/export V4 instance (wip, please test out on your instances!)
- added export folder's files as a zip file
- added copy raw file link to file modal
- updated react and other packages (RSC is not used but good idea to update)
Pulls Merged
New Contributors
Full Changelog: v4.3.2...v4.4.0