Patch releases for CKAN 2.9 and 2.10 now available
Keep your site up to date with the latest round of fixes and improvements
We are happy to announce that the new patch releases for CKAN 2.10.x and 2.9.x are now available to download and install.
These patch releases are particularly important to apply as they address a vulnerability in the resource id field that could lead to Remote Code Execution vulnerabilities, disclosure of private data, or DOS attacks (CVE-2023-32321). Users should upgrade as soon as possible to the latest patch release for the CKAN version they are using. In addition, users of the official Docker images (ckan/ckan-base
and ckan/ckan-dev
) should also pull the latest versions of them and rebuild their project images to incorporate additional security-related changes (CVE-2023-32696) :
docker pull ckan/ckan-base:2.10.1
docker pull ckan/ckan-dev:2.10.1
docker compose build ckan
docker compose stop ckan
docker compose rm -f ckan
docker compose up -d
Special thanks to Colin at Radiant Security for their responsible disclosure of the vulnerabilities and follow-up. If you want to report and discuss a potential vulnerability in CKAN do not hesitate to email security@ckan.org.
Patch release upgrades are very straightforward and do not contain any backward incompatible changes or involve any change in the database or Solr schema.
For more details, check the CHANGELOG for the relevant version:
Keep your site up to date with the latest round of fixes and improvements
In the spirit of fostering a more inclusive and collaborative environment, we're thrilled to announce that #CKANDemoDays is not coming to an end — it's just getting started! Submit your video and become a part of a growing collection of CKAN success stories. Let us amplify your success!.