Warning: This release contains a security fix related to authenticated writable canned queries. If you are using this feature you should upgrade as soon as possible.
- Security fix: CSRF tokens were incorrectly included in read-only canned query forms, which could allow them to be leaked to a sophisticated attacker. See issue 918 for details.
- Datasette now supports GraphQL via the new datasette-graphql plugin - see GraphQL in Datasette with the new datasette-graphql plugin.
- Principle git branch has been renamed from
- New debugging tool:
/-/allow-debug tool(demo here) helps test allow blocks against actors, as described in Defining permissions with "allow" blocks. (#908)
- New logo for the documentation, and a new project tagline: "An open source multi-tool for exploring and publishing data".
- Whitespace in column values is now respected on display, using
white-space: pre-wrap. (#896)
await request.post_body()method for accessing the raw POST body, see Request object. (#897)
- Database file downloads now include a
content-lengthHTTP header, enabling download progress bars. (#905)
- File downloads now also correctly set the suggested file name using a
content-dispositionHTTP header. (#909)
testsare now excluded from the Datasette package properly - thanks, abeyerpath. (#456)
- The Datasette package published to PyPI now includes
sdistas well as
- Better titles for canned query pages. (#887)
- Now only loads Python files from a directory passed using the
--plugins-diroption - thanks, Amjith Ramanujam. (#890)
- New documentation section on Publishing to Vercel.