This is an automated email from the ASF dual-hosted git repository.

dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 25f4226dbb fix: add more clickhouse disallowed functions on config 
(#31198)
25f4226dbb is described below

commit 25f4226dbb29dceef4fc7ce93fd2aa721e4ce172
Author: Daniel Vaz Gaspar <[email protected]>
AuthorDate: Tue Dec 3 10:48:06 2024 +0000

    fix: add more clickhouse disallowed functions on config (#31198)
---
 UPDATING.md        | 1 +
 superset/config.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/UPDATING.md b/UPDATING.md
index 50dc288245..347f7c77ca 100644
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -24,6 +24,7 @@ assists people when migrating to a new version.
 
 ## Next
 
+- [31198](https://github.com/apache/superset/pull/31198) Disallows by default 
the use of the following ClickHouse functions: "version", "currentDatabase", 
"hostName".
 - [29798](https://github.com/apache/superset/pull/29798) Since 3.1.0, the 
intial schedule for an alert or report was mistakenly offset by the specified 
timezone's relation to UTC. The initial schedule should now begin at the 
correct time.
 - [30021](https://github.com/apache/superset/pull/30021) The `dev` layer in 
our Dockerfile no long includes firefox binaries, only Chromium to reduce 
bloat/docker-build-time.
 - [30099](https://github.com/apache/superset/pull/30099) Translations are no 
longer included in the default docker image builds. If your environment 
requires translations, you'll want to set the docker build arg 
`BUILD_TRANSACTION=true`.
diff --git a/superset/config.py b/superset/config.py
index acead4c2d4..8a490a982d 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1342,7 +1342,7 @@ DISALLOWED_SQL_FUNCTIONS: dict[str, set[str]] = {
         "table_to_xml_and_xmlschema",
         "version",
     },
-    "clickhouse": {"url"},
+    "clickhouse": {"url", "version", "currentDatabase", "hostName"},
     "mysql": {"version"},
 }
 

Reply via email to