Skip to main content

Miscellaneous

Reporting a security vulnerability

If you think you have found a security vulnerability in Liteset-specific code (the async runtime, Litestar handlers, AsyncSecurityManager, middleware), please do not open a public GitHub issue. Instead, contact the project maintainer privately via GitHub security advisories on the repository.

If the vulnerability is in upstream Apache Superset code that Liteset re-uses (the React frontend, the chart-rendering engine, the SQL parser, the dataset model, etc.), please report it upstream via the Apache Superset security process (private@superset.apache.org). Liteset will then pick up the fix as part of its regular re-sync with upstream.

In either case, follow responsible disclosure: do not publish the issue until a fix is available.

SQL Lab Async

It's possible to configure a local database to operate in async mode, to work on async related features.

To do this, you'll need to:

  • Add an additional database entry. We recommend you copy the connection string from the database labeled main, and then enable SQL Lab and the features you want to use. Don't forget to check the Async box

  • Configure a results backend, here's a local FileSystemCache example, not recommended for production, but perfect for testing (stores cache in /tmp)

    # The flask-caching cache config dict is read by Liteset's cache backend factory unchanged.
    from flask_caching.backends.filesystemcache import FileSystemCache
    RESULTS_BACKEND = FileSystemCache('/tmp/sqllab')

  • Start up a celery worker

    celery --app=superset.tasks.celery_app:app worker -O fair

Note that:

  • for changes that affect the worker logic, you'll have to restart the celery worker process for the changes to be reflected.
  • The message queue used is a sqlite database using the SQLAlchemy experimental broker. Ok for testing, but not recommended in production
  • In some cases, you may want to create a context that is more aligned to your production environment, and use the similar broker as well as results backend configuration

Async Chart Queries

It's possible to configure database queries for charts to operate in async mode. This is especially useful for dashboards with many charts that may otherwise be affected by browser connection limits. To enable async queries for dashboards and Explore, the following dependencies are required:

  • Redis 5.0+ (the feature utilizes Redis Streams)
  • Cache backends enabled via the CACHE_CONFIG and DATA_CACHE_CONFIG config settings
  • Celery workers configured and running to process async tasks