Blog

Important patch releases for your CKAN site

Please upgrade to CKAN 2.8.12 and CKAN 2.9.7 to patch important vulnerabilities

03-oct2022-new-patch-releases-BLOG.png

We are happy to announce that the new patch releases for CKAN 2.9.x and 2.8.x are now available to download and install. Note that following our revised release policy, this will be the last patch release on the 2.8.x line.

These patch releases are particularly important to apply as they address a vulnerability in user registration (CVE-2022-43685), so users should upgrade as soon as possible to the latest patch release for the CKAN version they are using.

Patch release upgrades are very straight-forward and do not contain any backwards incompatible changes or involve any change in the database or Solr schema.

For more details, check the CHANGELOG for the relevant version:

In case of doubt don't hesitate to ask for help. To discuss security related issues please email security@ckan.org. Otherwise you can ask your questions in the Discussions or the Gitter channel. As stated in the release policy, the latest patch release is the only one officially supported. For details on how to upgrade, see the following links depending on your install method: