Warning: This release contains a security fix related to authenticated writable canned queries. If you are using this feature you should upgrade as soon as possible.
- Security fix: CSRF tokens were incorrectly included in read-only canned query forms, which could allow them to be leaked to a sophisticated attacker. See issue 918 for details.
- Datasette now supports GraphQL via the new datasette-graphql plugin - see GraphQL in Datasette with the new datasette-graphql plugin.
- Principle git branch has been renamed from
mastertomain. (#849) - New debugging tool:
/-/allow-debug tool(demo here) helps test allow blocks against actors, as described in Defining permissions with "allow" blocks. (#908) - New logo for the documentation, and a new project tagline: "An open source multi-tool for exploring and publishing data".
- Whitespace in column values is now respected on display, using
white-space: pre-wrap. (#896) - New
await request.post_body()method for accessing the raw POST body, see Request object. (#897) - Database file downloads now include a
content-lengthHTTP header, enabling download progress bars. (#905) - File downloads now also correctly set the suggested file name using a
content-dispositionHTTP header. (#909) testsare now excluded from the Datasette package properly - thanks, abeyerpath. (#456)- The Datasette package published to PyPI now includes
sdistas well asbdist_wheel. - Better titles for canned query pages. (#887)
- Now only loads Python files from a directory passed using the
--plugins-diroption - thanks, Amjith Ramanujam. (#890) - New documentation section on Publishing to Vercel.