DKAN 1.12.6 Release Notes

Special note: This release contains security updates and should be applied immediately.

This is a “patch” release of DKAN, containing bug fixes and minor updates to DKAN 7.x-1.12, but adding no new functionality. Upgrading should be straightforward.

Improvements in this release

  • Adds validation to search parameters. Without this, text can be passed into search parameters and passed unsanitized to the browser. The way the facets are themed allowed Javascript to be injected into the attributes of any facet items with icons, (such as content types). The fix validates all facet input and returns a “page not found” error if a search parameter passed in the URL arguments does not match available options. See #1271
  • Starts sanitizing output to the facets on the search page, as an additional safeguard against malicious input from the search parameters.
  • Adds icons to the topics drop-down menu rather than just the title of the topic.
  • Added a new module called Role Assign, which gives site managers the ability to assign roles to other users without giving them access to the entire Permissions module, which meant previously only admins could assign roles.
  • Made links and emails in dataset metadata clickable in certain places that they hadn’t been for a better user experience.