Daniel Vaz Gaspar comments

Results 152 comments of


                                            Daniel Vaz Gaspar

How to use LDAP_MATCHING_RULE_IN_CHAIN?

it may depend but the LDAP search for a user is done here: https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/manager.py#L912

`next` url (still) does not render correctly - AuthOAuthView

Thank you for reporting, currently investigating

fix: all_database_access should enable access to all datasets/charts/dashboards

> After conversations with @eschutho and @yousoph , we decided that `all_database_access` should remain and provide both access to all data (through all databases connections) and allow listing all said...

session cookies are still valid after logout

To fully invalidate sessions on logout use this: https://superset.apache.org/docs/security/#switching-to-server-side-sessions

feat: unpack payload into log function

POST payload can have sensitive data

Redirect Url is getting Access denied error

please provide your OAUTH configuration

superset 4.0.1 uses sqlparse 0.4.4 with two high CVE findings => update to 0.5.0

Thank you for posting this issue. sqlparse was bumped to 0.5.0 on https://github.com/apache/superset/pull/28144

superset 4.0.1 uses Gunicorn 21.2.0 with CVE => should update to 22.0.0

the bump was already merged to master here: https://github.com/apache/superset/commit/4f693c6db0dc5c7286a36b8d23e90541943ff13f unfortunately our 4.0.1 had an upper constraint on 22

chore(export): Added ability to export chart YAML files with Unicode characters, fix #20331

> @john-bodley Certainly. I've previously dedicated some time to exploring the optimal location for writing unit tests, yet I was unable to identify an appropriate spot within the tests directory....

Improper Input Validation while creating dashboard and charts

Please follow our guidelines: https://github.com/apache/superset/security/policy