CKAN 2.9.13

Title2.9.13 (Security Patch from Derilinx)
Version2.9.13
Release Date2025-02-27
Changes
Show details

This version is not from CKAN. Derilinx has made this fork to introduce security patches. Derilinx: https://derilinx.com

Bug fixes

CVE-2025-24372: Fix potential XSS vector through user and group/organization images.

v.2.9.12 2024-08-21 Bugfixes

CVE-2024-43371: SSRF prevention mechanisms. Added support for the :ref:`ckan.download_proxy` setting in the Resource Proxy plugin.
CVE-2024-41674: fixed Solr credentials leak via error message in package_search action.
CVE-2024-41675: fixed XSS vector in DataTables view.
Url Ckangeloghttps://github.com/derilinx/ckan-backports/blob/dev-v2.9/CHANGELOG.rst#v2913-2025-02-27