| commit | author | age | ||
| 41636b | 1 | 1.6a2 (2015-06-30) |
| MM | 2 | ================== |
| 3 | ||
| 4 | Bug Fixes | |
| 5 | --------- | |
| 0d8159 | 6 | |
| ebf0da | 7 | - Ensure that ``pyramid.httpexceptions.exception_response`` returns the |
| 41636b | 8 | appropriate "concrete" class for ``400`` and ``500`` status codes. |
| MM | 9 | See https://github.com/Pylons/pyramid/issues/1832 |
| ebf0da | 10 | |
| 85be09 | 11 | - Fix an infinite recursion bug introduced in 1.6a1 when |
| CM | 12 | ``pyramid.view.render_view_to_response`` was called directly or indirectly. |
| 41636b | 13 | See https://github.com/Pylons/pyramid/issues/1643 |
| 85be09 | 14 | |
| 0d8159 | 15 | - Further fix the JSONP renderer by prefixing the returned content with |
| MM | 16 | a comment. This should mitigate attacks from Flash (See CVE-2014-4671). |
| 17 | See https://github.com/Pylons/pyramid/pull/1649 | |
| 18 | ||
| 19 | - Allow periods and brackets (``[]``) in the JSONP callback. The original | |
| 20 | fix was overly-restrictive and broke Angular. | |
| 21 | See https://github.com/Pylons/pyramid/pull/1649 | |
| 22 | ||
| 85be09 | 23 | 1.6a1 (2015-04-15) |
| CM | 24 | ================== |
| c61755 | 25 | |
| 9177d0 | 26 | Features |
| CR | 27 | -------- |
| 28 | ||
| 0f5f18 | 29 | - pcreate will now ask for confirmation if invoked with |
| IS | 30 | an argument for a project name that already exists or |
| 31 | is importable in the current environment. | |
| 32 | See https://github.com/Pylons/pyramid/issues/1357 and | |
| 33 | https://github.com/Pylons/pyramid/pull/1837 | |
| 34 | ||
| 200c9e | 35 | - Make it possible to subclass ``pyramid.request.Request`` and also use |
| CM | 36 | ``pyramid.request.Request.add_request.method``. See |
| 37 | https://github.com/Pylons/pyramid/issues/1529 | |
| 38 | ||
| d35a91 | 39 | - The ``pyramid.config.Configurator`` has grown the ability to allow |
| MM | 40 | actions to call other actions during a commit-cycle. This enables much more |
| 41 | logic to be placed into actions, such as the ability to invoke other actions | |
| 568a02 | 42 | or group them for improved conflict detection. We have also exposed and |
| MM | 43 | documented the config phases that Pyramid uses in order to further assist |
| 44 | in building conforming addons. | |
| d35a91 | 45 | See https://github.com/Pylons/pyramid/pull/1513 |
| MM | 46 | |
| 46bc7f | 47 | - Add ``pyramid.request.apply_request_extensions`` function which can be |
| MM | 48 | used in testing to apply any request extensions configured via |
| 49 | ``config.add_request_method``. Previously it was only possible to test | |
| 50 | the extensions by going through Pyramid's router. | |
| 51 | See https://github.com/Pylons/pyramid/pull/1581 | |
| 52 | ||
| c9cb19 | 53 | - pcreate when run without a scaffold argument will now print information on |
| BJR | 54 | the missing flag, as well as a list of available scaffolds. |
| 55 | See https://github.com/Pylons/pyramid/pull/1566 and | |
| 56 | https://github.com/Pylons/pyramid/issues/1297 | |
| 57 | ||
| bc8e4d | 58 | - Added support / testing for 'pypy3' under Tox and Travis. |
| 782eb4 | 59 | See https://github.com/Pylons/pyramid/pull/1469 |
| bc8e4d | 60 | |
| 149d36 | 61 | - Automate code coverage metrics across py2 and py3 instead of just py2. |
| MM | 62 | See https://github.com/Pylons/pyramid/pull/1471 |
| 63 | ||
| 9177d0 | 64 | - Cache busting for static resources has been added and is available via a new |
| 15b979 | 65 | argument to ``pyramid.config.Configurator.add_static_view``: ``cachebust``. |
| 5fdf9a | 66 | Core APIs are shipped for both cache busting via query strings and |
| MM | 67 | path segments and may be extended to fit into custom asset pipelines. |
| 68 | See https://github.com/Pylons/pyramid/pull/1380 and | |
| 69 | https://github.com/Pylons/pyramid/pull/1583 | |
| 9177d0 | 70 | |
| ae6c88 | 71 | - Add ``pyramid.config.Configurator.root_package`` attribute and init |
| MM | 72 | parameter to assist with includeable packages that wish to resolve |
| 73 | resources relative to the package in which the ``Configurator`` was created. | |
| 73b162 | 74 | This is especially useful for addons that need to load asset specs from |
| c617b7 | 75 | settings, in which case it is may be natural for a developer to define |
| MM | 76 | imports or assets relative to the top-level package. |
| ae6c88 | 77 | See https://github.com/Pylons/pyramid/pull/1337 |
| MM | 78 | |
| ba5444 | 79 | - Added line numbers to the log formatters in the scaffolds to assist with |
| MM | 80 | debugging. See https://github.com/Pylons/pyramid/pull/1326 |
| 81 | ||
| 7dd390 | 82 | - Add new HTTP exception objects for status codes |
| MM | 83 | ``428 Precondition Required``, ``429 Too Many Requests`` and |
| 84 | ``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``. | |
| 85 | See https://github.com/Pylons/pyramid/pull/1372/files | |
| 86 | ||
| f3a567 | 87 | - The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is |
| MM | 88 | defined in the environment prior to launching the interpreter. |
| 823ac4 | 89 | See https://github.com/Pylons/pyramid/pull/1448 |
| 0c5e5a | 90 | |
| 7b1d42 | 91 | - Make it simple to define notfound and forbidden views that wish to use |
| MM | 92 | the default exception-response view but with altered predicates and other |
| 93 | configuration options. The ``view`` argument is now optional in | |
| 94 | ``config.add_notfound_view`` and ``config.add_forbidden_view``.. | |
| 95 | See https://github.com/Pylons/pyramid/issues/494 | |
| 96 | ||
| c617b7 | 97 | - Greatly improve the readability of the ``pcreate`` shell script output. |
| MM | 98 | See https://github.com/Pylons/pyramid/pull/1453 |
| 99 | ||
| 716a20 | 100 | - Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and |
| MM | 101 | the ``SignedCookieSessionFactory`` classes by using the stdlib's |
| 102 | ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+). | |
| 103 | See https://github.com/Pylons/pyramid/pull/1457 | |
| 889bdc | 104 | |
| 407b33 | 105 | - Assets can now be overidden by an absolute path on the filesystem when using |
| 8d5352 | 106 | the ``config.override_asset`` API. This makes it possible to fully support |
| MM | 107 | serving up static content from a mutable directory while still being able |
| 108 | to use the ``request.static_url`` API and ``config.add_static_view``. | |
| 109 | Previously it was not possible to use ``config.add_static_view`` with an | |
| 110 | absolute path **and** generate urls to the content. This change replaces | |
| 111 | the call, ``config.add_static_view('/abs/path', 'static')``, with | |
| 112 | ``config.add_static_view('myapp:static', 'static')`` and | |
| 113 | ``config.override_asset(to_override='myapp:static/', | |
| 114 | override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely | |
| 115 | made up and does not need to exist - it is used for generating urls | |
| 116 | via ``request.static_url('myapp:static/foo.png')``. | |
| 650d3d | 117 | See https://github.com/Pylons/pyramid/issues/1252 |
| 407b33 | 118 | |
| a62462 | 119 | - Added ``pyramid.config.Configurator.set_response_factory`` and the |
| JA | 120 | ``response_factory`` keyword argument to the ``Configurator`` for defining |
| 121 | a factory that will return a custom ``Response`` class. | |
| 122 | See https://github.com/Pylons/pyramid/pull/1499 | |
| 123 | ||
| 2d659e | 124 | - Allow an iterator to be returned from a renderer. Previously it was only |
| MM | 125 | possible to return bytes or unicode. |
| 126 | See https://github.com/Pylons/pyramid/pull/1417 | |
| 127 | ||
| 8dd970 | 128 | - ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server |
| MA | 129 | URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533 |
| 130 | ||
| 3f8ac5 | 131 | - Overall improvments for the ``proutes`` command. Added ``--format`` and |
| 149ea9 | 132 | ``--glob`` arguments to the command, introduced the ``method`` |
| JA | 133 | column for displaying available request methods, and improved the ``view`` |
| 134 | output by showing the module instead of just ``__repr__``. | |
| 135 | See https://github.com/Pylons/pyramid/pull/1488 | |
| 136 | ||
| 86f4d5 | 137 | - Support keyword-only arguments and function annotations in views in |
| MM | 138 | Python 3. See https://github.com/Pylons/pyramid/pull/1556 |
| 139 | ||
| d23e69 | 140 | - ``request.response`` will no longer be mutated when using the |
| 042068 | 141 | ``pyramid.renderers.render_to_response()`` API. It is now necessary to |
| MM | 142 | pass in a ``response=`` argument to ``render_to_response`` if you wish to |
| 143 | supply the renderer with a custom response object for it to use. If you | |
| 144 | do not pass one then a response object will be created using the | |
| 145 | application's ``IResponseFactory``. Almost all renderers | |
| d23e69 | 146 | mutate the ``request.response`` response object (for example, the JSON |
| MM | 147 | renderer sets ``request.response.content_type`` to ``application/json``). |
| 148 | However, when invoking ``render_to_response`` it is not expected that the | |
| 149 | response object being returned would be the same one used later in the | |
| 150 | request. The response object returned from ``render_to_response`` is now | |
| 151 | explicitly different from ``request.response``. This does not change the | |
| 042068 | 152 | API of a renderer. See https://github.com/Pylons/pyramid/pull/1563 |
| d23e69 | 153 | |
| a7d77f | 154 | - The ``append_slash`` argument of ```Configurator().add_notfound_view()`` will |
| CM | 155 | now accept anything that implements the ``IResponse`` interface and will use |
| 156 | that as the response class instead of the default ``HTTPFound``. See | |
| 157 | https://github.com/Pylons/pyramid/pull/1610 | |
| 12b6f5 | 158 | |
| c61755 | 159 | Bug Fixes |
| 8e90d6 | 160 | --------- |
| a0e97b | 161 | |
| 7c3745 | 162 | - The JSONP renderer created JavaScript code in such a way that a callback |
| MM | 163 | variable could be used to arbitrarily inject javascript into the response |
| 164 | object. https://github.com/Pylons/pyramid/pull/1627 | |
| 165 | ||
| c45d6a | 166 | - Work around an issue where ``pserve --reload`` would leave terminal echo |
| DG | 167 | disabled if it reloaded during a pdb session. |
| 1bcc34 | 168 | See https://github.com/Pylons/pyramid/pull/1577, |
| DG | 169 | https://github.com/Pylons/pyramid/pull/1592 |
| a0e97b | 170 | |
| 8e90d6 | 171 | - ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise |
| BJR | 172 | ``ValueError`` when accidentally passed ``None``. |
| ab2a77 | 173 | See https://github.com/Pylons/pyramid/pull/1320 |
| c61755 | 174 | |
| 0cb759 | 175 | - Fix an issue whereby predicates would be resolved as maybe_dotted in the |
| CM | 176 | introspectable but not when passed for registration. This would mean that |
| ab2a77 | 177 | ``add_route_predicate`` for example can not take a string and turn it into |
| MM | 178 | the actual callable function. |
| 179 | See https://github.com/Pylons/pyramid/pull/1306 | |
| 09beb2 | 180 | |
| d24055 | 181 | - Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper |
| MM | 182 | package. Previously it was not possible to do package-relative includes |
| 183 | using the returned ``Configurator`` during testing. There is now a | |
| 184 | ``package`` argument that can override this behavior as well. | |
| ab2a77 | 185 | See https://github.com/Pylons/pyramid/pull/1322 |
| d24055 | 186 | |
| dc9c38 | 187 | - Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset |
| MM | 188 | where it does not belong. See https://github.com/Pylons/pyramid/pull/1251 |
| 189 | ||
| 326021 | 190 | - Work around a bug introduced in Python 2.7.7 on Windows where |
| CM | 191 | ``mimetypes.guess_type`` returns Unicode rather than str for the content |
| 192 | type, unlike any previous version of Python. See | |
| 193 | https://github.com/Pylons/pyramid/issues/1360 for more information. | |
| 194 | ||
| 18566a | 195 | - ``pcreate`` now normalizes the package name by converting hyphens to |
| MM | 196 | underscores. See https://github.com/Pylons/pyramid/pull/1376 |
| 197 | ||
| 909486 | 198 | - Fix an issue with the final response/finished callback being unable to |
| MM | 199 | add another callback to the list. See |
| 200 | https://github.com/Pylons/pyramid/pull/1373 | |
| 201 | ||
| 46a268 | 202 | - Fix a failing unittest caused by differing mimetypes across various OSs. |
| MM | 203 | See https://github.com/Pylons/pyramid/issues/1405 |
| 204 | ||
| e7745a | 205 | - Fix route generation for static view asset specifications having no path. |
| RL | 206 | See https://github.com/Pylons/pyramid/pull/1377 |
| 207 | ||
| 1ef35b | 208 | - Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no |
| MM | 209 | valid request object. In this case it will not wrap the object in a |
| 750b78 | 210 | callback and thus behave just like the ``pyramid.renderers.JSON`` renderer. |
| 1ef35b | 211 | See https://github.com/Pylons/pyramid/pull/1561 |
| MM | 212 | |
| e30c3b | 213 | - Prevent "parameters to load are deprecated" ``DeprecationWarning`` |
| 327985 | 214 | from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541 |
| e30c3b | 215 | |
| 06bb4a | 216 | - Avoiding sharing the ``IRenderer`` objects across threads when attached to |
| MM | 217 | a view using the `renderer=` argument. These renderers were instantiated |
| 218 | at time of first render and shared between requests, causing potentially | |
| 219 | subtle effects like `pyramid.reload_templates = true` failing to work | |
| 220 | in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575 | |
| 221 | and https://github.com/Pylons/pyramid/issues/1268 | |
| 222 | ||
| b4e990 | 223 | - Avoiding timing attacks against CSRF tokens. |
| MM | 224 | See https://github.com/Pylons/pyramid/pull/1574 |
| 225 | ||
| f4800e | 226 | - ``request.finished_callbacks`` and ``request.response_callbacks`` now |
| MM | 227 | default to an iterable instead of ``None``. It may be checked for a length |
| 228 | of 0. This was the behavior in 1.5. | |
| 229 | ||
| 3ffd40 | 230 | Deprecations |
| MM | 231 | ------------ |
| 232 | ||
| 233 | - Renamed the ``principal`` argument to ``pyramid.security.remember()`` to | |
| 234 | ``userid`` in order to clarify its intended purpose. | |
| 235 | See https://github.com/Pylons/pyramid/pull/1399 | |
| 236 | ||
| 7a6bf6 | 237 | Docs |
| CM | 238 | ---- |
| 239 | ||
| 63366c | 240 | - Moved the documentation for ``accept`` on ``Configurator.add_view`` to no |
| c015da | 241 | longer be part of the predicate list. See |
| 63366c | 242 | https://github.com/Pylons/pyramid/issues/1391 for a bug report stating |
| BJR | 243 | ``not_`` was failing on ``accept``. Discussion with @mcdonc led to the |
| 244 | conclusion that it should not be documented as a predicate. | |
| f17663 | 245 | See https://github.com/Pylons/pyramid/pull/1487 for this PR |
| 63366c | 246 | |
| 7a6bf6 | 247 | - Removed logging configuration from Quick Tutorial ini files except for |
| CM | 248 | scaffolding- and logging-related chapters to avoid needing to explain it too |
| 249 | early. | |
| a0e97b | 250 | |
| dd4f73 | 251 | - Clarify a previously-implied detail of the ``ISession.invalidate`` API |
| MM | 252 | documentation. |
| 253 | ||
| 3ffd40 | 254 | - Improve and clarify the documentation on what Pyramid defines as a |
| MM | 255 | ``principal`` and a ``userid`` in its security APIs. |
| 256 | See https://github.com/Pylons/pyramid/pull/1399 | |
| 257 | ||
| 742397 | 258 | Scaffolds |
| CM | 259 | --------- |
| 260 | ||
| 261 | - Update scaffold generating machinery to return the version of pyramid and | |
| 262 | pyramid docs for use in scaffolds. Updated starter, alchemy and zodb | |
| 263 | templates to have links to correctly versioned documentation and reflect | |
| 264 | which pyramid was used to generate the scaffold. | |
| 265 | ||
| 93bc46 | 266 | - Removed non-ascii copyright symbol from templates, as this was |
| FT | 267 | causing the scaffolds to fail for project generation. |
| 268 | ||
| 109b2a | 269 | - You can now run the scaffolding func tests via ``tox py2-scaffolds`` and |
| CM | 270 | ``tox py3-scaffolds``. |
| db0185 | 271 | |
