We ran into this after altering the base docker image that our CKAN installation was hosted in. It appears that some versions of debian set the mime.config files in such a way that text/plain does not resolve to a .bat extension, and others do.
This change means that plain text files will no longer be blocked based on guessing the possible extension and matching against the blacklist.
If you want to explicitly block plaintext files, you can add 'text/plain' to the block list.
This issue was originally reported in https://github.com/data-govt-nz/ckanext-security/issues/42
We ran into this after altering the base docker image that our CKAN installation was hosted in. It appears that some versions of debian set the mime.config files in such a way that text/plain does not resolve to a .bat extension, and others do.
This change means that plain text files will no longer be blocked based on guessing the possible extension and matching against the blacklist.
If you want to explicitly block plaintext files, you can add 'text/plain' to the block list.