commit | author | age
|
dd3071
|
1 |
.. _changes_1.7.1: |
MM |
2 |
|
|
3 |
1.7.1 (2016-08-16) |
|
4 |
================== |
67696b
|
5 |
|
7f306a
|
6 |
- Change flake8 noqa directive to ignore only a single line instead of the |
SP |
7 |
entire file in scaffold and documentation. See |
|
8 |
https://github.com/Pylons/pyramid/pull/2646 |
|
9 |
|
8d4026
|
10 |
- Add option to build docs as PDF only via tox. See: |
SP |
11 |
https://github.com/Pylons/pyramid/issues/2575 |
|
12 |
|
41ba0a
|
13 |
- Correct the column type used in the SQLAlchemy + URL Dispatch tutorial by |
SP |
14 |
changing it from Integer to Text. See |
|
15 |
https://github.com/Pylons/pyramid/pull/2591 |
|
16 |
|
f9db79
|
17 |
- Fix a bug in which the ``password_hash`` in the Wiki2 tutorial was sometimes |
MM |
18 |
being treated as bytes instead of unicode. |
|
19 |
See https://github.com/Pylons/pyramid/pull/2705 |
|
20 |
|
67696b
|
21 |
- Properly emit a ``DeprecationWarning`` for using |
MM |
22 |
``pyramid.config.Configurator.set_request_property`` instead of |
|
23 |
``pyramid.config.Configurator.add_request_method``. |
|
24 |
|
ea6898
|
25 |
- Updated Windows installation instructions and related bits. |
SP |
26 |
See: https://github.com/Pylons/pyramid/issues/2661 |
|
27 |
|
b0512e
|
28 |
- Fixed bug in `proutes` such that it now shows the correct view when a class |
9d8b0a
|
29 |
and `attr` is involved. |
SP |
30 |
See: https://github.com/Pylons/pyramid/pull/2687 |
|
31 |
|
e00f8b
|
32 |
- The JSON renderers now encode their result as UTF-8. The renderer helper |
BJR |
33 |
will now warn the user and encode the result as UTF-8 if a renderer returns a |
|
34 |
text type and the response does not have a valid character set. See |
|
35 |
https://github.com/Pylons/pyramid/pull/2706 |
|
36 |
|
182175
|
37 |
1.7 (2016-05-19) |
MM |
38 |
================ |
3cb76c
|
39 |
|
MM |
40 |
- Fix a bug in the wiki2 tutorial where bcrypt is always expecting byte |
|
41 |
strings. See https://github.com/Pylons/pyramid/pull/2576 |
|
42 |
|
182175
|
43 |
- Simplify windows detection code and remove some duplicated data. |
f73dea
|
44 |
See https://github.com/Pylons/pyramid/pull/2585 and |
MM |
45 |
https://github.com/Pylons/pyramid/pull/2586 |
|
46 |
|
efa756
|
47 |
1.7b4 (2016-05-12) |
MM |
48 |
================== |
9e21a2
|
49 |
|
MM |
50 |
- Fixed the exception view tween to re-raise the original exception if |
|
51 |
no exception view could be found to handle the exception. This better |
|
52 |
allows tweens further up the chain to handle exceptions that were |
|
53 |
left unhandled. Previously they would be converted into a |
|
54 |
``PredicateMismatch`` exception if predicates failed to allow the view to |
|
55 |
handle the exception. |
|
56 |
See https://github.com/Pylons/pyramid/pull/2567 |
|
57 |
|
|
58 |
- Exposed the ``pyramid.interfaces.IRequestFactory`` interface to mirror |
|
59 |
the public ``pyramid.interfaces.IResponseFactory`` interface. |
|
60 |
|
7c48d5
|
61 |
1.7b3 (2016-05-10) |
MM |
62 |
================== |
9903a6
|
63 |
|
66f3a6
|
64 |
- Fix ``request.invoke_exception_view`` to raise an ``HTTPNotFound`` |
MM |
65 |
exception if no view is matched. Previously ``None`` would be returned |
|
66 |
if no views were matched and a ``PredicateMismatch`` would be raised if |
|
67 |
a view "almost" matched (a view was found matching the context). |
|
68 |
See https://github.com/Pylons/pyramid/pull/2564 |
|
69 |
|
9903a6
|
70 |
- Add defaults for py.test configuration and coverage to all three scaffolds, |
SP |
71 |
and update documentation accordingly. |
|
72 |
See https://github.com/Pylons/pyramid/pull/2550 |
|
73 |
|
|
74 |
- Add ``linkcheck`` to ``Makefile`` for Sphinx. To check the documentation for |
|
75 |
broken links, use the command ``make linkcheck |
|
76 |
SPHINXBUILD=$VENV/bin/sphinx-build``. Also removed and fixed dozens of broken |
|
77 |
external links. |
|
78 |
|
39fe06
|
79 |
- Fix the internal runner for scaffold tests to ensure they work with pip |
MM |
80 |
and py.test. |
|
81 |
See https://github.com/Pylons/pyramid/pull/2565 |
|
82 |
|
cbb538
|
83 |
1.7b2 (2016-05-01) |
MM |
84 |
================== |
4b349f
|
85 |
|
3c88da
|
86 |
- Removed inclusion of pyramid_tm in development.ini for alchemy scaffold |
SP |
87 |
See https://github.com/Pylons/pyramid/issues/2538 |
|
88 |
|
4b349f
|
89 |
- A default permission set via ``config.set_default_permission`` will no |
MM |
90 |
longer be enforced on an exception view. This has been the case for a while |
|
91 |
with the default exception views (``config.add_notfound_view`` and |
|
92 |
``config.add_forbidden_view``), however for any other exception view a |
|
93 |
developer had to remember to set ``permission=NO_PERMISSION_REQUIRED`` or |
|
94 |
be surprised when things didn't work. It is still possible to force a |
|
95 |
permission check on an exception view by setting the ``permission`` argument |
|
96 |
manually to ``config.add_view``. This behavior is consistent with the new |
|
97 |
CSRF features added in the 1.7 series. |
|
98 |
See https://github.com/Pylons/pyramid/pull/2534 |
|
99 |
|
a872ef
|
100 |
1.7b1 (2016-04-25) |
MM |
101 |
================== |
|
102 |
|
|
103 |
- This release announces the beta period for 1.7. |
|
104 |
|
|
105 |
- Fix an issue where some files were being included in the alchemy scafffold |
|
106 |
which had been removed from the 1.7 series. |
|
107 |
See https://github.com/Pylons/pyramid/issues/2525 |
|
108 |
|
721b17
|
109 |
1.7a2 (2016-04-19) |
MM |
110 |
================== |
|
111 |
|
|
112 |
Features |
|
113 |
-------- |
|
114 |
|
|
115 |
- Automatic CSRF checks are now disabled by default on exception views. They |
|
116 |
can be turned back on by setting the appropriate `require_csrf` option on |
|
117 |
the view. |
|
118 |
See https://github.com/Pylons/pyramid/pull/2517 |
b8caec
|
119 |
|
0f850a
|
120 |
- The automatic CSRF API was reworked to use a config directive for |
MM |
121 |
setting the options. The ``pyramid.require_default_csrf`` setting is |
|
122 |
no longer supported. Instead, a new ``config.set_default_csrf_options`` |
|
123 |
directive has been introduced that allows the developer to specify |
|
124 |
the default value for ``require_csrf`` as well as change the CSRF token, |
|
125 |
header and safe request methods. The ``pyramid.csrf_trusted_origins`` |
|
126 |
setting is still supported. |
|
127 |
See https://github.com/Pylons/pyramid/pull/2518 |
|
128 |
|
721b17
|
129 |
Bug fixes |
MM |
130 |
--------- |
b8caec
|
131 |
|
MM |
132 |
- CSRF origin checks had a bug causing the checks to always fail. |
|
133 |
See https://github.com/Pylons/pyramid/pull/2512 |
|
134 |
|
89e476
|
135 |
- Fix the test suite to pass on windows. |
MM |
136 |
See https://github.com/Pylons/pyramid/pull/2520 |
|
137 |
|
1eea18
|
138 |
1.7a1 (2016-04-16) |
MM |
139 |
================== |
70074c
|
140 |
|
1cf132
|
141 |
Backward Incompatibilities |
BJR |
142 |
-------------------------- |
|
143 |
|
|
144 |
- Following the Pyramid deprecation period (1.4 -> 1.6), |
|
145 |
AuthTktAuthenticationPolicy's default hashing algorithm is changing from md5 |
|
146 |
to sha512. If you are using the authentication policy and need to continue |
|
147 |
using md5, please explicitly set hashalg to 'md5'. |
|
148 |
|
|
149 |
This change does mean that any existing auth tickets (and associated cookies) |
|
150 |
will no longer be valid, and users will no longer be logged in, and have to |
2945f7
|
151 |
login to their accounts again. |
MM |
152 |
|
|
153 |
See https://github.com/Pylons/pyramid/pull/2496 |
1cf132
|
154 |
|
8ceb14
|
155 |
- The ``check_csrf_token`` function no longer validates a csrf token in the |
MM |
156 |
query string of a request. Only headers and request bodies are supported. |
|
157 |
See https://github.com/Pylons/pyramid/pull/2500 |
|
158 |
|
1cf132
|
159 |
Features |
BJR |
160 |
-------- |
2945f7
|
161 |
|
MM |
162 |
- Added a new setting, ``pyramid.require_default_csrf`` which may be used |
|
163 |
to turn on CSRF checks globally for every POST request in the application. |
|
164 |
This should be considered a good default for websites built on Pyramid. |
|
165 |
It is possible to opt-out of CSRF checks on a per-view basis by setting |
|
166 |
``require_csrf=False`` on those views. |
|
167 |
See https://github.com/Pylons/pyramid/pull/2413 |
|
168 |
|
1799be
|
169 |
- Added a ``require_csrf`` view option which will enforce CSRF checks on any |
BJR |
170 |
request with an unsafe method as defined by RFC2616. If the CSRF check fails |
|
171 |
a ``BadCSRFToken`` exception will be raised and may be caught by exception |
|
172 |
views (the default response is a ``400 Bad Request``). This option should be |
|
173 |
used in place of the deprecated ``check_csrf`` view predicate which would |
|
174 |
normally result in unexpected ``404 Not Found`` response to the client |
|
175 |
instead of a catchable exception. See |
|
176 |
https://github.com/Pylons/pyramid/pull/2413 and |
|
177 |
https://github.com/Pylons/pyramid/pull/2500 |
1cf132
|
178 |
|
65dee6
|
179 |
- Added an additional CSRF validation that checks the origin/referrer of a |
DS |
180 |
request and makes sure it matches the current ``request.domain``. This |
|
181 |
particular check is only active when accessing a site over HTTPS as otherwise |
|
182 |
browsers don't always send the required information. If this additional CSRF |
|
183 |
validation fails a ``BadCSRFOrigin`` exception will be raised and may be |
|
184 |
caught by exception views (the default response is ``400 Bad Request``). |
|
185 |
Additional allowed origins may be configured by setting |
|
186 |
``pyramid.csrf_trusted_origins`` to a list of domain names (with ports if on |
|
187 |
a non standard port) to allow. Subdomains are not allowed unless the domain |
8ceb14
|
188 |
name has been prefixed with a ``.``. See |
65dee6
|
189 |
https://github.com/Pylons/pyramid/pull/2501 |
8ceb14
|
190 |
|
MM |
191 |
- Added a new ``pyramid.session.check_csrf_origin`` API for validating the |
|
192 |
origin or referrer headers against the request's domain. |
|
193 |
See https://github.com/Pylons/pyramid/pull/2501 |
65dee6
|
194 |
|
4c6592
|
195 |
- Pyramid HTTPExceptions will now take into account the best match for the |
BJR |
196 |
clients Accept header, and depending on what is requested will return |
|
197 |
text/html, application/json or text/plain. The default for */* is still |
|
198 |
text/html, but if application/json is explicitly mentioned it will now |
8ceb14
|
199 |
receive a valid JSON response. See |
4c6592
|
200 |
https://github.com/Pylons/pyramid/pull/2489 |
BJR |
201 |
|
17905a
|
202 |
- A new event and interface (BeforeTraversal) has been introduced that will |
BJR |
203 |
notify listeners before traversal starts in the router. See |
|
204 |
https://github.com/Pylons/pyramid/pull/2469 and |
|
205 |
https://github.com/Pylons/pyramid/pull/1876 |
|
206 |
|
1cf132
|
207 |
- Add a new "view deriver" concept to Pyramid to allow framework authors to |
BJR |
208 |
inject elements into the standard Pyramid view pipeline and affect all |
|
209 |
views in an application. This is similar to a decorator except that it |
|
210 |
has access to options passed to ``config.add_view`` and can affect other |
|
211 |
stages of the pipeline such as the raw response from a view or prior to |
|
212 |
security checks. See https://github.com/Pylons/pyramid/pull/2021 |
|
213 |
|
|
214 |
- Allow a leading ``=`` on the key of the request param predicate. |
|
215 |
For example, '=abc=1' is equivalent down to |
|
216 |
``request.params['=abc'] == '1'``. |
|
217 |
See https://github.com/Pylons/pyramid/pull/1370 |
|
218 |
|
|
219 |
- A new ``request.invoke_exception_view(...)`` method which can be used to |
|
220 |
invoke an exception view and get back a response. This is useful for |
|
221 |
rendering an exception view outside of the context of the excview tween |
|
222 |
where you may need more control over the request. |
|
223 |
See https://github.com/Pylons/pyramid/pull/2393 |
|
224 |
|
|
225 |
- Allow using variable substitutions like ``%(LOGGING_LOGGER_ROOT_LEVEL)s`` |
|
226 |
for logging sections of the .ini file and populate these variables from |
|
227 |
the ``pserve`` command line -- e.g.: |
|
228 |
``pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG`` |
|
229 |
See https://github.com/Pylons/pyramid/pull/2399 |
|
230 |
|
|
231 |
Documentation Changes |
|
232 |
--------------------- |
16bdbb
|
233 |
|
47ebf0
|
234 |
- A complete overhaul of the docs: |
SP |
235 |
|
|
236 |
- Use pip instead of easy_install. |
|
237 |
- Become opinionated by preferring Python 3.4 or greater to simplify |
|
238 |
installation of Python and its required packaging tools. |
|
239 |
- Use venv for the tool, and virtual environment for the thing created, |
|
240 |
instead of virtualenv. |
|
241 |
- Use py.test and pytest-cov instead of nose and coverage. |
|
242 |
- Further updates to the scaffolds as well as tutorials and their src files. |
|
243 |
|
|
244 |
See https://github.com/Pylons/pyramid/pull/2468 |
|
245 |
|
d5c361
|
246 |
- A complete overhaul of the ``alchemy`` scaffold as well as the |
MM |
247 |
Wiki2 SQLAlchemy + URLDispatch tutorial to introduce more modern features |
|
248 |
into the usage of SQLAlchemy with Pyramid and provide a better starting |
|
249 |
point for new projects. |
|
250 |
See https://github.com/Pylons/pyramid/pull/2024 |
|
251 |
|
1cf132
|
252 |
Bug Fixes |
BJR |
253 |
--------- |
70074c
|
254 |
|
802c3f
|
255 |
- Fix ``pserve --browser`` to use the ``--server-name`` instead of the |
MM |
256 |
app name when selecting a section to use. This was only working for people |
|
257 |
who had server and app sections with the same name, for example |
|
258 |
``[app:main]`` and ``[server:main]``. |
|
259 |
See https://github.com/Pylons/pyramid/pull/2292 |
|
260 |
|
1cf132
|
261 |
Deprecations |
BJR |
262 |
------------ |
cb98a9
|
263 |
|
2945f7
|
264 |
- The ``check_csrf`` view predicate has been deprecated. Use the |
MM |
265 |
new ``require_csrf`` option or the ``pyramid.require_default_csrf`` setting |
|
266 |
to ensure that the ``BadCSRFToken`` exception is raised. |
|
267 |
See https://github.com/Pylons/pyramid/pull/2413 |
|
268 |
|
|
269 |
- Support for Python 3.3 will be removed in Pyramid 1.8. |
1cf132
|
270 |
https://github.com/Pylons/pyramid/issues/2477 |
4d4688
|
271 |
|
1cf132
|
272 |
- Python 2.6 is no longer supported by Pyramid. See |
BJR |
273 |
https://github.com/Pylons/pyramid/issues/2368 |
1514ea
|
274 |
|
1cf132
|
275 |
- Dropped Python 3.2 support. |
BJR |
276 |
See https://github.com/Pylons/pyramid/pull/2256 |