Skip to content

docs: Superset 6.1 documentation catch-up (security, alerts/reports, theming, config)#39440

Merged
rusackas merged 5 commits into
masterfrom
docs/superset-6.1-catchup
May 8, 2026
Merged

docs: Superset 6.1 documentation catch-up (security, alerts/reports, theming, config)#39440
rusackas merged 5 commits into
masterfrom
docs/superset-6.1-catchup

Conversation

@rusackas
Copy link
Copy Markdown
Member

@rusackas rusackas commented Apr 17, 2026

SUMMARY

Documentation updates for features shipped in Superset 6.1 that weren't covered in the initial 6.0 docs release:

  • API Key Authentication (security.mdx) — documents the new long-lived API keys UI (Security → API Keys), how to create/revoke keys, how to pass them as Bearer tokens, and recommended use cases (CI/CD, MCP integrations, service accounts). Covers PR feat(api-keys): add API key authentication via FAB SecurityManager #37973.

  • Webhook Notifications (alerts-reports.mdx) — documents the ALERT_REPORT_WEBHOOK feature flag, how to configure a webhook recipient in the alert/report UI, the exact JSON payload structure, multipart file attachments, ALERT_REPORTS_WEBHOOK_HTTPS_ONLY enforcement, and retry behavior. Covers PR feat(reports): add webhook option for notifications #36127.

  • Default Fonts & Theme Validation (theming.mdx) — updates the Default Fonts section to reflect IBM Plex Mono replacing Fira Code as the default code font in 6.1, with a migration note for users with existing fontFamilyCode overrides. Also adds a Theme Validation and Fallback section explaining the three-level fallback order and server log warnings on invalid theme JSON.

  • Config Keys (configuring-superset.mdx) — documents two new config keys:

    • HASH_ALGORITHM — switch between md5 (default) and sha256 for FedRAMP-compliant environments
    • SQLLAB_HISTORY_RETENTION_DAYS — controls query history retention (default 30 days, None to disable pruning)

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A — documentation-only changes.

TESTING INSTRUCTIONS

  • Review each added section for accuracy
  • Optionally: cd docs && npm start to render locally and verify MDX formatting

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration
  • Introduces new feature or API
  • Removes existing feature or API

Part of the 6.1 documentation catch-up series alongside #39422 (MCP server docs).

@claude
docs: add 6.1 catchup documentation for security, alerts, theming, an…
90b82f5 
…d config

- security.mdx: document API key authentication (PR #37973) — creation via
  Security → API Keys, Bearer token usage, use cases, and security caution
- alerts-reports.mdx: document webhook notifications (PR #36127) — enable
  via ALERT_REPORT_WEBHOOK feature flag, JSON payload format, multipart
  attachments, HTTPS enforcement, and retry behavior
- theming.mdx: update default fonts note (IBM Plex Mono replaces Fira Code
  as default monospace in 6.1); add Theme Validation and Fallback section
  explaining the three-level fallback order and warning log behavior
- configuring-superset.mdx: document HASH_ALGORITHM config key (md5/sha256
  for FedRAMP compliance) and SQLLAB_HISTORY_RETENTION_DAYS (default 30 days,
  None to disable pruning)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions Bot added the doc Namespace | Anything related to documentation label Apr 17, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 17, 2026
edited
Loading

Deploy Preview for superset-docs-preview ready!

Name Link
🔨 Latest commit a08219e
🔍 Latest deploy log https://app.netlify.com/projects/superset-docs-preview/deploys/69e9c2c83d073e0007c6d521
😎 Deploy Preview https://deploy-preview-39440--superset-docs-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

This was referenced Apr 17, 2026
Merged
Merged
Merged
@rusackas rusackas marked this pull request as ready for review April 17, 2026 17:00
bito-code-review[bot]
bito-code-review Bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@bito-code-review bito-code-review Bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Agent Run #dabb50

Actionable Suggestions - 3
  • docs/admin_docs/configuration/configuring-superset.mdx - 3
Review Details
  • Files reviewed - 4 · Commit Range: 90b82f5..90b82f5
    • docs/admin_docs/configuration/alerts-reports.mdx
    • docs/admin_docs/configuration/configuring-superset.mdx
    • docs/admin_docs/configuration/theming.mdx
    • docs/admin_docs/security/security.mdx
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

Comment thread docs/admin_docs/configuration/configuring-superset.mdx Outdated
Comment thread docs/admin_docs/configuration/configuring-superset.mdx Outdated
Comment thread docs/admin_docs/configuration/configuring-superset.mdx Outdated
rusackas added 2 commits April 22, 2026 12:35
@rusackas
address review: correct HASH_ALGORITHM default in docs
df194a2 
Default is sha256 (per superset/config.py), not md5. Also mentions
the HASH_ALGORITHM_FALLBACKS companion setting.
@rusackas
address review: document SQL Lab query pruning accurately
eadd147 
There is no SQLLAB_HISTORY_RETENTION_DAYS config. Pruning is opt-in
via the prune_query Celery beat task, which is commented out in the
default CELERY_BEAT_SCHEDULE. Rewrite the section to reflect how the
feature actually works.
codeant-ai-for-open-source[bot]
codeant-ai-for-open-source Bot reviewed Apr 22, 2026
View reviewed changes
Comment thread docs/admin_docs/configuration/alerts-reports.mdx Outdated
Comment thread docs/admin_docs/configuration/configuring-superset.mdx Outdated
Comment thread docs/admin_docs/security/security.mdx Outdated
codeant-ai-for-open-source[bot]
codeant-ai-for-open-source Bot reviewed Apr 22, 2026
View reviewed changes
Comment thread docs/admin_docs/security/security.mdx Outdated
Comment thread docs/admin_docs/configuration/alerts-reports.mdx Outdated
Comment thread docs/admin_docs/configuration/configuring-superset.mdx Outdated
@bito-code-review
Copy link
Copy Markdown
Contributor

bito-code-review Bot commented Apr 22, 2026
edited
Loading

Code Review Agent Run #8c7a77

Actionable Suggestions - 0
Review Details
  • Files reviewed - 1 · Commit Range: 90b82f5..eadd147
    • docs/admin_docs/configuration/configuring-superset.mdx
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

rusackas added 2 commits April 22, 2026 23:56
@rusackas
address review: correct webhook multipart payload description
61dbcc9 
Clarify that multipart/form-data webhook deliveries send each top-level
payload field (name, text, description, url) as its own form field, with
nested values like `header` JSON-encoded. Files are attached as repeated
`files` form fields. This matches what
`WebhookNotification.send()` actually does in
superset/reports/notifications/webhook.py.
@rusackas
address review: correct API key enablement and UI location in docs
a08219e 
The previous docs said API keys are managed via Security → API Keys in
the admin menu, but that page does not exist. In reality:

- API key authentication is disabled by default. Admins must both set
  FAB_API_KEY_ENABLED=True (Flask-AppBuilder config) and enable the
  FAB_API_KEY_ENABLED feature flag to expose the UI.
- Keys are managed on the User Info page, under the "API Keys"
  collapse panel (see superset-frontend/src/pages/UserInfo/index.tsx).

Update the section to describe both the enablement steps and the
correct UI path.
@bito-code-review
Copy link
Copy Markdown
Contributor

bito-code-review Bot commented Apr 23, 2026
edited
Loading

Code Review Agent Run #4c089b

Actionable Suggestions - 0
Review Details
  • Files reviewed - 2 · Commit Range: eadd147..a08219e
    • docs/admin_docs/configuration/alerts-reports.mdx
    • docs/admin_docs/security/security.mdx
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

@rusackas rusackas merged commit b899556 into master May 8, 2026
64 checks passed
@rusackas rusackas deleted the docs/superset-6.1-catchup branch May 8, 2026 17:11
qfcwell pushed a commit to qfcwell/superset that referenced this pull request May 12, 2026
@rusackas @claude
docs: Superset 6.1 documentation catch-up (security, alerts/reports, …
81ebe5d 
…theming, config) (apache#39440)

Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@dosubot dosubot Bot mentioned this pull request May 14, 2026
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sadpandajoe sadpandajoe sadpandajoe approved these changes

+2 more reviewers

@bito-code-review bito-code-review[bot] bito-code-review[bot] left review comments

@codeant-ai-for-open-source codeant-ai-for-open-source[bot] codeant-ai-for-open-source[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

doc Namespace | Anything related to documentation size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rusackas @sadpandajoe