commit | author | age
|
41636b
|
1 |
1.6a2 (2015-06-30) |
MM |
2 |
================== |
|
3 |
|
|
4 |
Bug Fixes |
|
5 |
--------- |
0d8159
|
6 |
|
ebf0da
|
7 |
- Ensure that ``pyramid.httpexceptions.exception_response`` returns the |
41636b
|
8 |
appropriate "concrete" class for ``400`` and ``500`` status codes. |
MM |
9 |
See https://github.com/Pylons/pyramid/issues/1832 |
ebf0da
|
10 |
|
85be09
|
11 |
- Fix an infinite recursion bug introduced in 1.6a1 when |
CM |
12 |
``pyramid.view.render_view_to_response`` was called directly or indirectly. |
41636b
|
13 |
See https://github.com/Pylons/pyramid/issues/1643 |
85be09
|
14 |
|
0d8159
|
15 |
- Further fix the JSONP renderer by prefixing the returned content with |
MM |
16 |
a comment. This should mitigate attacks from Flash (See CVE-2014-4671). |
|
17 |
See https://github.com/Pylons/pyramid/pull/1649 |
|
18 |
|
|
19 |
- Allow periods and brackets (``[]``) in the JSONP callback. The original |
|
20 |
fix was overly-restrictive and broke Angular. |
|
21 |
See https://github.com/Pylons/pyramid/pull/1649 |
|
22 |
|
85be09
|
23 |
1.6a1 (2015-04-15) |
CM |
24 |
================== |
c61755
|
25 |
|
9177d0
|
26 |
Features |
CR |
27 |
-------- |
|
28 |
|
0f5f18
|
29 |
- pcreate will now ask for confirmation if invoked with |
IS |
30 |
an argument for a project name that already exists or |
|
31 |
is importable in the current environment. |
|
32 |
See https://github.com/Pylons/pyramid/issues/1357 and |
|
33 |
https://github.com/Pylons/pyramid/pull/1837 |
|
34 |
|
200c9e
|
35 |
- Make it possible to subclass ``pyramid.request.Request`` and also use |
CM |
36 |
``pyramid.request.Request.add_request.method``. See |
|
37 |
https://github.com/Pylons/pyramid/issues/1529 |
|
38 |
|
d35a91
|
39 |
- The ``pyramid.config.Configurator`` has grown the ability to allow |
MM |
40 |
actions to call other actions during a commit-cycle. This enables much more |
|
41 |
logic to be placed into actions, such as the ability to invoke other actions |
568a02
|
42 |
or group them for improved conflict detection. We have also exposed and |
MM |
43 |
documented the config phases that Pyramid uses in order to further assist |
|
44 |
in building conforming addons. |
d35a91
|
45 |
See https://github.com/Pylons/pyramid/pull/1513 |
MM |
46 |
|
46bc7f
|
47 |
- Add ``pyramid.request.apply_request_extensions`` function which can be |
MM |
48 |
used in testing to apply any request extensions configured via |
|
49 |
``config.add_request_method``. Previously it was only possible to test |
|
50 |
the extensions by going through Pyramid's router. |
|
51 |
See https://github.com/Pylons/pyramid/pull/1581 |
|
52 |
|
c9cb19
|
53 |
- pcreate when run without a scaffold argument will now print information on |
BJR |
54 |
the missing flag, as well as a list of available scaffolds. |
|
55 |
See https://github.com/Pylons/pyramid/pull/1566 and |
|
56 |
https://github.com/Pylons/pyramid/issues/1297 |
|
57 |
|
bc8e4d
|
58 |
- Added support / testing for 'pypy3' under Tox and Travis. |
782eb4
|
59 |
See https://github.com/Pylons/pyramid/pull/1469 |
bc8e4d
|
60 |
|
149d36
|
61 |
- Automate code coverage metrics across py2 and py3 instead of just py2. |
MM |
62 |
See https://github.com/Pylons/pyramid/pull/1471 |
|
63 |
|
9177d0
|
64 |
- Cache busting for static resources has been added and is available via a new |
15b979
|
65 |
argument to ``pyramid.config.Configurator.add_static_view``: ``cachebust``. |
5fdf9a
|
66 |
Core APIs are shipped for both cache busting via query strings and |
MM |
67 |
path segments and may be extended to fit into custom asset pipelines. |
|
68 |
See https://github.com/Pylons/pyramid/pull/1380 and |
|
69 |
https://github.com/Pylons/pyramid/pull/1583 |
9177d0
|
70 |
|
ae6c88
|
71 |
- Add ``pyramid.config.Configurator.root_package`` attribute and init |
MM |
72 |
parameter to assist with includeable packages that wish to resolve |
|
73 |
resources relative to the package in which the ``Configurator`` was created. |
73b162
|
74 |
This is especially useful for addons that need to load asset specs from |
c617b7
|
75 |
settings, in which case it is may be natural for a developer to define |
MM |
76 |
imports or assets relative to the top-level package. |
ae6c88
|
77 |
See https://github.com/Pylons/pyramid/pull/1337 |
MM |
78 |
|
ba5444
|
79 |
- Added line numbers to the log formatters in the scaffolds to assist with |
MM |
80 |
debugging. See https://github.com/Pylons/pyramid/pull/1326 |
|
81 |
|
7dd390
|
82 |
- Add new HTTP exception objects for status codes |
MM |
83 |
``428 Precondition Required``, ``429 Too Many Requests`` and |
|
84 |
``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``. |
|
85 |
See https://github.com/Pylons/pyramid/pull/1372/files |
|
86 |
|
f3a567
|
87 |
- The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is |
MM |
88 |
defined in the environment prior to launching the interpreter. |
823ac4
|
89 |
See https://github.com/Pylons/pyramid/pull/1448 |
0c5e5a
|
90 |
|
7b1d42
|
91 |
- Make it simple to define notfound and forbidden views that wish to use |
MM |
92 |
the default exception-response view but with altered predicates and other |
|
93 |
configuration options. The ``view`` argument is now optional in |
|
94 |
``config.add_notfound_view`` and ``config.add_forbidden_view``.. |
|
95 |
See https://github.com/Pylons/pyramid/issues/494 |
|
96 |
|
c617b7
|
97 |
- Greatly improve the readability of the ``pcreate`` shell script output. |
MM |
98 |
See https://github.com/Pylons/pyramid/pull/1453 |
|
99 |
|
716a20
|
100 |
- Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and |
MM |
101 |
the ``SignedCookieSessionFactory`` classes by using the stdlib's |
|
102 |
``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+). |
|
103 |
See https://github.com/Pylons/pyramid/pull/1457 |
889bdc
|
104 |
|
407b33
|
105 |
- Assets can now be overidden by an absolute path on the filesystem when using |
8d5352
|
106 |
the ``config.override_asset`` API. This makes it possible to fully support |
MM |
107 |
serving up static content from a mutable directory while still being able |
|
108 |
to use the ``request.static_url`` API and ``config.add_static_view``. |
|
109 |
Previously it was not possible to use ``config.add_static_view`` with an |
|
110 |
absolute path **and** generate urls to the content. This change replaces |
|
111 |
the call, ``config.add_static_view('/abs/path', 'static')``, with |
|
112 |
``config.add_static_view('myapp:static', 'static')`` and |
|
113 |
``config.override_asset(to_override='myapp:static/', |
|
114 |
override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely |
|
115 |
made up and does not need to exist - it is used for generating urls |
|
116 |
via ``request.static_url('myapp:static/foo.png')``. |
650d3d
|
117 |
See https://github.com/Pylons/pyramid/issues/1252 |
407b33
|
118 |
|
a62462
|
119 |
- Added ``pyramid.config.Configurator.set_response_factory`` and the |
JA |
120 |
``response_factory`` keyword argument to the ``Configurator`` for defining |
|
121 |
a factory that will return a custom ``Response`` class. |
|
122 |
See https://github.com/Pylons/pyramid/pull/1499 |
|
123 |
|
2d659e
|
124 |
- Allow an iterator to be returned from a renderer. Previously it was only |
MM |
125 |
possible to return bytes or unicode. |
|
126 |
See https://github.com/Pylons/pyramid/pull/1417 |
|
127 |
|
8dd970
|
128 |
- ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server |
MA |
129 |
URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533 |
|
130 |
|
3f8ac5
|
131 |
- Overall improvments for the ``proutes`` command. Added ``--format`` and |
149ea9
|
132 |
``--glob`` arguments to the command, introduced the ``method`` |
JA |
133 |
column for displaying available request methods, and improved the ``view`` |
|
134 |
output by showing the module instead of just ``__repr__``. |
|
135 |
See https://github.com/Pylons/pyramid/pull/1488 |
|
136 |
|
86f4d5
|
137 |
- Support keyword-only arguments and function annotations in views in |
MM |
138 |
Python 3. See https://github.com/Pylons/pyramid/pull/1556 |
|
139 |
|
d23e69
|
140 |
- ``request.response`` will no longer be mutated when using the |
042068
|
141 |
``pyramid.renderers.render_to_response()`` API. It is now necessary to |
MM |
142 |
pass in a ``response=`` argument to ``render_to_response`` if you wish to |
|
143 |
supply the renderer with a custom response object for it to use. If you |
|
144 |
do not pass one then a response object will be created using the |
|
145 |
application's ``IResponseFactory``. Almost all renderers |
d23e69
|
146 |
mutate the ``request.response`` response object (for example, the JSON |
MM |
147 |
renderer sets ``request.response.content_type`` to ``application/json``). |
|
148 |
However, when invoking ``render_to_response`` it is not expected that the |
|
149 |
response object being returned would be the same one used later in the |
|
150 |
request. The response object returned from ``render_to_response`` is now |
|
151 |
explicitly different from ``request.response``. This does not change the |
042068
|
152 |
API of a renderer. See https://github.com/Pylons/pyramid/pull/1563 |
d23e69
|
153 |
|
a7d77f
|
154 |
- The ``append_slash`` argument of ```Configurator().add_notfound_view()`` will |
CM |
155 |
now accept anything that implements the ``IResponse`` interface and will use |
|
156 |
that as the response class instead of the default ``HTTPFound``. See |
|
157 |
https://github.com/Pylons/pyramid/pull/1610 |
12b6f5
|
158 |
|
c61755
|
159 |
Bug Fixes |
8e90d6
|
160 |
--------- |
a0e97b
|
161 |
|
7c3745
|
162 |
- The JSONP renderer created JavaScript code in such a way that a callback |
MM |
163 |
variable could be used to arbitrarily inject javascript into the response |
|
164 |
object. https://github.com/Pylons/pyramid/pull/1627 |
|
165 |
|
c45d6a
|
166 |
- Work around an issue where ``pserve --reload`` would leave terminal echo |
DG |
167 |
disabled if it reloaded during a pdb session. |
1bcc34
|
168 |
See https://github.com/Pylons/pyramid/pull/1577, |
DG |
169 |
https://github.com/Pylons/pyramid/pull/1592 |
a0e97b
|
170 |
|
8e90d6
|
171 |
- ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise |
BJR |
172 |
``ValueError`` when accidentally passed ``None``. |
ab2a77
|
173 |
See https://github.com/Pylons/pyramid/pull/1320 |
c61755
|
174 |
|
0cb759
|
175 |
- Fix an issue whereby predicates would be resolved as maybe_dotted in the |
CM |
176 |
introspectable but not when passed for registration. This would mean that |
ab2a77
|
177 |
``add_route_predicate`` for example can not take a string and turn it into |
MM |
178 |
the actual callable function. |
|
179 |
See https://github.com/Pylons/pyramid/pull/1306 |
09beb2
|
180 |
|
d24055
|
181 |
- Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper |
MM |
182 |
package. Previously it was not possible to do package-relative includes |
|
183 |
using the returned ``Configurator`` during testing. There is now a |
|
184 |
``package`` argument that can override this behavior as well. |
ab2a77
|
185 |
See https://github.com/Pylons/pyramid/pull/1322 |
d24055
|
186 |
|
dc9c38
|
187 |
- Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset |
MM |
188 |
where it does not belong. See https://github.com/Pylons/pyramid/pull/1251 |
|
189 |
|
326021
|
190 |
- Work around a bug introduced in Python 2.7.7 on Windows where |
CM |
191 |
``mimetypes.guess_type`` returns Unicode rather than str for the content |
|
192 |
type, unlike any previous version of Python. See |
|
193 |
https://github.com/Pylons/pyramid/issues/1360 for more information. |
|
194 |
|
18566a
|
195 |
- ``pcreate`` now normalizes the package name by converting hyphens to |
MM |
196 |
underscores. See https://github.com/Pylons/pyramid/pull/1376 |
|
197 |
|
909486
|
198 |
- Fix an issue with the final response/finished callback being unable to |
MM |
199 |
add another callback to the list. See |
|
200 |
https://github.com/Pylons/pyramid/pull/1373 |
|
201 |
|
46a268
|
202 |
- Fix a failing unittest caused by differing mimetypes across various OSs. |
MM |
203 |
See https://github.com/Pylons/pyramid/issues/1405 |
|
204 |
|
e7745a
|
205 |
- Fix route generation for static view asset specifications having no path. |
RL |
206 |
See https://github.com/Pylons/pyramid/pull/1377 |
|
207 |
|
1ef35b
|
208 |
- Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no |
MM |
209 |
valid request object. In this case it will not wrap the object in a |
750b78
|
210 |
callback and thus behave just like the ``pyramid.renderers.JSON`` renderer. |
1ef35b
|
211 |
See https://github.com/Pylons/pyramid/pull/1561 |
MM |
212 |
|
e30c3b
|
213 |
- Prevent "parameters to load are deprecated" ``DeprecationWarning`` |
327985
|
214 |
from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541 |
e30c3b
|
215 |
|
06bb4a
|
216 |
- Avoiding sharing the ``IRenderer`` objects across threads when attached to |
MM |
217 |
a view using the `renderer=` argument. These renderers were instantiated |
|
218 |
at time of first render and shared between requests, causing potentially |
|
219 |
subtle effects like `pyramid.reload_templates = true` failing to work |
|
220 |
in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575 |
|
221 |
and https://github.com/Pylons/pyramid/issues/1268 |
|
222 |
|
b4e990
|
223 |
- Avoiding timing attacks against CSRF tokens. |
MM |
224 |
See https://github.com/Pylons/pyramid/pull/1574 |
|
225 |
|
f4800e
|
226 |
- ``request.finished_callbacks`` and ``request.response_callbacks`` now |
MM |
227 |
default to an iterable instead of ``None``. It may be checked for a length |
|
228 |
of 0. This was the behavior in 1.5. |
|
229 |
|
3ffd40
|
230 |
Deprecations |
MM |
231 |
------------ |
|
232 |
|
|
233 |
- Renamed the ``principal`` argument to ``pyramid.security.remember()`` to |
|
234 |
``userid`` in order to clarify its intended purpose. |
|
235 |
See https://github.com/Pylons/pyramid/pull/1399 |
|
236 |
|
7a6bf6
|
237 |
Docs |
CM |
238 |
---- |
|
239 |
|
63366c
|
240 |
- Moved the documentation for ``accept`` on ``Configurator.add_view`` to no |
c015da
|
241 |
longer be part of the predicate list. See |
63366c
|
242 |
https://github.com/Pylons/pyramid/issues/1391 for a bug report stating |
BJR |
243 |
``not_`` was failing on ``accept``. Discussion with @mcdonc led to the |
|
244 |
conclusion that it should not be documented as a predicate. |
f17663
|
245 |
See https://github.com/Pylons/pyramid/pull/1487 for this PR |
63366c
|
246 |
|
7a6bf6
|
247 |
- Removed logging configuration from Quick Tutorial ini files except for |
CM |
248 |
scaffolding- and logging-related chapters to avoid needing to explain it too |
|
249 |
early. |
a0e97b
|
250 |
|
dd4f73
|
251 |
- Clarify a previously-implied detail of the ``ISession.invalidate`` API |
MM |
252 |
documentation. |
|
253 |
|
3ffd40
|
254 |
- Improve and clarify the documentation on what Pyramid defines as a |
MM |
255 |
``principal`` and a ``userid`` in its security APIs. |
|
256 |
See https://github.com/Pylons/pyramid/pull/1399 |
|
257 |
|
742397
|
258 |
Scaffolds |
CM |
259 |
--------- |
|
260 |
|
|
261 |
- Update scaffold generating machinery to return the version of pyramid and |
|
262 |
pyramid docs for use in scaffolds. Updated starter, alchemy and zodb |
|
263 |
templates to have links to correctly versioned documentation and reflect |
|
264 |
which pyramid was used to generate the scaffold. |
|
265 |
|
93bc46
|
266 |
- Removed non-ascii copyright symbol from templates, as this was |
FT |
267 |
causing the scaffolds to fail for project generation. |
|
268 |
|
109b2a
|
269 |
- You can now run the scaffolding func tests via ``tox py2-scaffolds`` and |
CM |
270 |
``tox py3-scaffolds``. |
db0185
|
271 |
|