Simon Willison’s Weblog

Datasette 0.64.8. A very small Datasette release, fixing a minor potential security issue where the name of missing databases or tables was reflected on the 404 page in a way that could allow an attacker to present arbitrary text to a user who followed a link. Not an XSS attack (no code could be executed) but still a potential vector for confusing messages.

# 21st June 2024, 11:48 pm / projects, releases, security, datasette

Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users. I found and fixed a security vulnerability in the Datasette 1.0 alpha series, described in this GitHub security advisory.

The vulnerability allowed unauthenticated users to see the names of the databases and tables in an otherwise private Datasette instance—though not the actual table contents.

The fix is now shipped in Datasette 1.0a4.

The vulnerability affected Datasette Cloud as well, but thankfully I was able to analyze the access logs and confirm that no unauthenticated requests had been made against any of the affected endpoints.

# 22nd August 2023, 5:44 pm / releases, security, datasette

LLM 0.4. I released a major update to my LLM CLI tool today—version 0.4, which adds conversation mode and prompt templates so you can store and re-use interesting prompts, plus a whole bunch of other large and small improvements.

I also released 0.4.1 with some minor fixes and the ability to install the tool using Hombrew: brew install simonw/llm/llm

# 17th June 2023, 10:58 pm / projects, releases, ai, openai, generative-ai, chatgpt, llms

Django 1.2 release notes (via) Released today, this is a terrific upgrade. Multiple database connections, model validation, improved CSRF protection, a messages framework, the new smart if template tag and lots, lots more. I’ve been using the 1.2 betas for a major new project over the past few months and it’s been smooth sailing all the way.

# 17th May 2010, 9:11 pm / csrf, django, multidb, open-source, python, releases, recovered

What’s new in Django 1.2 alpha 1 (via) Multiple database support, improved CSRF prevention, a messages framework (similar to the Rails “flash” feature), model validation, custom e-mail backends, template caching for much faster handling of the include and extends tags, read only fields in the admin, a better if tag and more. Very exciting release.

# 7th January 2010, 7:31 pm / alpha, csrf, django, python, releases

Django 1.1 release notes (via) Django 1.1 is out! Congratulations everyone who worked on this, it’s a fantastic release. New features include aggregate support in the ORM, proxy models, deferred fields and some really nice admin improvements. Oh, and the testing framework is now up to 10 times thanks to smart use of transactions.

# 29th July 2009, 9:34 am / aggregates, django, open-source, orm, python, releases

Nmap 5.00 Release Notes. Released today, “the most important Nmap release since 1997”. New features include Ncat, a powerful netcat alternative, Ndiff, a utility for comparing scan results so you can spot changes to your network, and a new Nmap Scripting Engine using Lua.

# 16th July 2009, 7:40 pm / lua, ncat, ndiff, netcat, nmap, releases, security, tools

What’s New In Python 3.1. Lots of stuff, but the best bits are an ordered dictionary type (congrats, Armin), a Counter class for counting unique items in an iterable (I do this on an almost daily basis) and a bunch of performance improvements including a rewrite of the Python 3.0 IO system in C.

# 28th June 2009, 3:02 pm / arminronacher, performance, python, python3, python31, releases

Dojo 1.3 now available. Looks like an excellent release. dojo.create is particularly nice—I’d be interested to know why something similar has never shipped with jQuery (presumably there’s a reason) as it feels a lot more elegant than gluing together an HTML-style string. Also interesting: you can swap between Dojo’s Acme selector engine and John Resig’s sizzle.

# 1st April 2009, 12:19 am / acme, dojo, dojocreate, javascript, jquery, releases, selectors, sizzle

Python 3.0. “We are pleased to announce the release of Python 3.0 (final), a new production-ready release, on December 3rd, 2008.”

# 4th December 2008, 12:38 pm / python, python3, releases

Django 1.0.2 released. An update to last week’s 1.0.1 release, which I failed to link to. 1.0.2 mainly fixes some packaging issues, while 1.0.1 contains “over two hundred fixes to the original Django 1.0 codebase”. The team are holding up the promise to move to a regular release cycle after 1.0.

# 19th November 2008, 8:46 am / django, python, releases

What’s New in Python 2.6 (via) Python 2.6 final has been released (the last 2.x version before 3.0). multiprocessing and simplejson (as json) are now in the standard library, any backwards compatible 3.0 features have been added and the official docs are now powered by Sphinx (used by Django 1.0 as well). There’s plenty more.

# 2nd October 2008, 11:47 am / django, json, multiprocessing, python, releases, simplejson, sphinx-docs

Django’s release process. Django is moving to time-based releases, with minor releases (new features but no backwards incompatible changes) approximately every six months.

# 20th September 2008, 7:16 pm / django, python, releases

[Release] CouchDB 0.7.0. This is a huge milestone for the project—it’s the first official release to include the JSON REST API instead of XML, and it’s also the first release that is “intended for widespread use”.

# 17th November 2007, 12:25 am / couchdb, jan-lehnardt, json, releases, rest, xml

Opera 9.5 (Kestrel). The latest Opera alpha includes a bunch of CSS3 features (including an almost full implementation of CSS3 Selectors) as well as the ability to use SVG for scalable background images.

# 4th September 2007, 10:49 am / annevankesteren, browsers, css3, opera, opera95, releases, selectors, svg

Satchmo 0.5 Release. Django powered e-commerce application, “the webshop for perfectionists with deadlines”.

# 22nd August 2007, 10:36 pm / django, python, releases, satchmo