Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Catalog to use CKAN 2.10.5 #4854

Closed
4 tasks done
FuhuXia opened this issue Aug 21, 2024 · 2 comments
Closed
4 tasks done

Upgrade Catalog to use CKAN 2.10.5 #4854

FuhuXia opened this issue Aug 21, 2024 · 2 comments
Assignees
@FuhuXia
Labels
compliance Relating to security compliance or documentation
Milestone
September 2024

Comments

@FuhuXia
Copy link
Member

FuhuXia commented Aug 21, 2024

User Story

Upgrade Catalog to use CKAN 2.10.5

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

  • Catalog CKAN status shows ckan_version: "2.10.5"
  • Finished harvest jobs.
  • QA done, focusing on changes from the changelog.
  • Catalog requirement.in file is updated with ckan upstream.

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]
@FuhuXia FuhuXia added the bug Software defect or bug label Aug 21, 2024
@Bagesary Bagesary moved this to 📟 Sprint Backlog [7] in data.gov team board Aug 22, 2024
@rshewitt
Copy link
Contributor

All of these are introduced by ckan 2.10.4 and should be resolved by upgrading to 2.10.5

  • Server-Side Request Forgery (SSRF) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CKAN-7786366]
  • Information Exposure Through an Error Message (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CKAN-7786369]
  • Cross-site Scripting (XSS) (new) [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CKAN-7786367]

@FuhuXia FuhuXia added compliance Relating to security compliance or documentation and removed bug Software defect or bug labels Aug 26, 2024
@FuhuXia FuhuXia added this to the September 2024 milestone Aug 26, 2024
@FuhuXia FuhuXia mentioned this issue Aug 27, 2024
Closed
@FuhuXia FuhuXia self-assigned this Sep 3, 2024
This was referenced Sep 5, 2024
Merged
Merged
@FuhuXia
Copy link
Member Author

FuhuXia commented Sep 6, 2024

CKAN core 2.10.5 is deployed to catalog and catalog-next.
https://catalog.data.gov/api/action/status_show
https://catalog-next-dev-datagov.app.cloud.gov/api/action/status_show

@FuhuXia FuhuXia closed this as completed Sep 6, 2024
@github-project-automation github-project-automation bot moved this from 👀 Needs Review [2] to ✔ Done in data.gov team board Sep 6, 2024
@hkdctol hkdctol moved this from ✔ Done to 🗄 Closed in data.gov team board Sep 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FuhuXia FuhuXia

Labels
compliance Relating to security compliance or documentation
Projects
data.gov team board
Archived in project
Milestone
September 2024
Development

No branches or pull requests
2 participants
@FuhuXia @rshewitt