diff --git a/UPDATING.md b/UPDATING.md index 49f817eff8f1f..3f059f675596d 100644 --- a/UPDATING.md +++ b/UPDATING.md @@ -22,13 +22,20 @@ This file documents any backwards-incompatible changes in Superset and assists people when migrating to a new version. ## Next + +* [9133](https://github.com/apache/incubator-superset/pull/9133): Security list of permissions and list views has been +disable by default. You can optionally enable them back again by setting the following config keys: +FAB_ADD_SECURITY_PERMISSION_VIEW, FAB_ADD_SECURITY_VIEW_MENU_VIEW, FAB_ADD_SECURITY_PERMISSION_VIEWS_VIEW to True. + * [9173](https://github.com/apache/incubator-superset/pull/9173): Changes the encoding of the query source from an int to an enum. + * [9120](https://github.com/apache/incubator-superset/pull/9120): Changes the default behavior of ad-hoc sharing of queries in SQLLab to one that links to the saved query rather than one that copies the query data into the KVStore model and links to the record there. This is a security-related change that makes SQLLab query sharing respect the existing role-based access controls. Should you wish to retain the existing behavior, set two feature flags: `"KV_STORE": True` will re-enable the `/kv/` and `/kv/store/` endpoints, and `"SHARE_QUERIES_VIA_KV_STORE": True` will tell the front-end to utilize them for query sharing. + * [9109](https://github.com/apache/incubator-superset/pull/9109): Expire `filter_immune_slices` and `filter_immune_filter_fields` to favor dashboard scoped filter metadata `filter_scopes`. diff --git a/requirements.txt b/requirements.txt index d510d1a8acf78..5695d0c8839be 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,7 +21,7 @@ croniter==0.3.31 cryptography==2.8 decorator==4.4.1 # via retry defusedxml==0.6.0 # via python3-openid -flask-appbuilder==2.2.3 +flask-appbuilder==2.2.4 flask-babel==1.0.0 # via flask-appbuilder flask-caching==1.8.0 flask-compress==1.4.0 diff --git a/setup.py b/setup.py index 6daa124f9099d..4e5a584e41f2c 100644 --- a/setup.py +++ b/setup.py @@ -76,7 +76,7 @@ def get_git_sha(): "croniter>=0.3.28", "cryptography>=2.4.2", "flask>=1.1.0, <2.0.0", - "flask-appbuilder>=2.2.3, <2.3.0", + "flask-appbuilder>=2.2.4, <2.3.0", "flask-caching", "flask-compress", "flask-talisman", diff --git a/superset/config.py b/superset/config.py index 45237b1aa7a32..a58a7e88456a2 100644 --- a/superset/config.py +++ b/superset/config.py @@ -586,6 +586,9 @@ class CeleryConfig: # pylint: disable=too-few-public-methods SILENCE_FAB = True FAB_ADD_SECURITY_VIEWS = True +FAB_ADD_SECURITY_PERMISSION_VIEW = False +FAB_ADD_SECURITY_VIEW_MENU_VIEW = False +FAB_ADD_SECURITY_PERMISSION_VIEWS_VIEW = False # The link to a page containing common errors and their resolutions # It will be appended at the bottom of sql_lab errors.