commit | author | age
|
e2c2c9
|
1 |
.. _changes_1.9.2: |
MM |
2 |
|
|
3 |
1.9.2 (2018-04-23) |
|
4 |
================== |
a6ff46
|
5 |
|
68010f
|
6 |
- Pin to ``webob >= 1.7.0`` instead of ``1.7.0rc2`` to avoid accidentally |
MM |
7 |
opting users into pre-releases because a downstream dependency allowed it. |
|
8 |
See https://github.com/Pylons/pyramid/issues/3220 |
|
9 |
|
a6ff46
|
10 |
- Fix ``pyramid.scripting.get_root`` which was broken by the execution policy |
MM |
11 |
feature added in the 1.9 release. |
|
12 |
See https://github.com/Pylons/pyramid/pull/3265 |
|
13 |
|
d1969a
|
14 |
.. _changes_1.9.1: |
MM |
15 |
|
|
16 |
1.9.1 (2017-07-13) |
|
17 |
================== |
7ecf62
|
18 |
|
4ed714
|
19 |
- Add a ``_depth`` and ``_category`` arguments to all of the venusian |
MM |
20 |
decorators. The ``_category`` argument can be used to affect which actions |
|
21 |
are registered when performing a ``config.scan(..., category=...)`` with a |
|
22 |
specific category. The ``_depth`` argument should be used when wrapping |
|
23 |
the decorator in your own. This change affects ``pyramid.view.view_config``, |
|
24 |
``pyramid.view.exception_view_config``, |
|
25 |
``pyramid.view.forbidden_view_config``, ``pyramid.view.notfound_view_config``, |
|
26 |
``pyramid.events.subscriber`` and ``pyramid.response.response_adapter`` |
|
27 |
decorators. See https://github.com/Pylons/pyramid/pull/3121 and |
|
28 |
https://github.com/Pylons/pyramid/pull/3123 |
7ecf62
|
29 |
|
7987e8
|
30 |
- Fix a circular import which made it impossible to import |
MM |
31 |
``pyramid.viewderivers`` before ``pyramid.config``. |
|
32 |
See https://github.com/Pylons/pyramid/pull/3124 |
|
33 |
|
d08255
|
34 |
- Improve documentation to show the ``pyramid.config.Configurator`` being |
MM |
35 |
used as a context manager in more places. |
|
36 |
See https://github.com/Pylons/pyramid/pull/3126 |
|
37 |
|
d826df
|
38 |
1.9 (2017-06-26) |
MM |
39 |
================ |
|
40 |
|
|
41 |
- No major changes from 1.9b1. |
|
42 |
|
|
43 |
- Updated documentation links for ``docs.pylonsproject.org`` to use HTTPS. |
|
44 |
|
bd124a
|
45 |
1.9b1 (2017-06-19) |
MM |
46 |
================== |
37d887
|
47 |
|
MM |
48 |
- Add an informative error message when unknown predicates are supplied. The |
|
49 |
new message suggests alternatives based on the list of known predicates. |
|
50 |
See https://github.com/Pylons/pyramid/pull/3054 |
|
51 |
|
50d216
|
52 |
- Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and |
SP |
53 |
resulting source files in tutorials. |
|
54 |
See https://github.com/Pylons/pyramid/issues/2548 |
|
55 |
|
d179ce
|
56 |
- Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to |
SP |
57 |
use shortcut. |
cc8ce5
|
58 |
See https://github.com/Pylons/pyramid/issues/3042 |
MM |
59 |
|
|
60 |
- Ensure the correct threadlocals are pushed during view execution when |
|
61 |
invoked from ``request.invoke_exception_view``. |
|
62 |
See https://github.com/Pylons/pyramid/pull/3060 |
d179ce
|
63 |
|
7b3249
|
64 |
- Fix a bug in which ``pyramid.security.ALL_PERMISSIONS`` failed to return |
MM |
65 |
a valid iterator in its ``__iter__`` implementation. |
|
66 |
See https://github.com/Pylons/pyramid/pull/3074 |
|
67 |
|
b54a70
|
68 |
- Normalize the permission results to a proper class hierarchy. |
MM |
69 |
``pyramid.security.ACLAllowed`` is now a subclass of |
975b02
|
70 |
``pyramid.security.Allowed`` and ``pyramid.security.ACLDenied`` is now a |
b54a70
|
71 |
subclass of ``pyramid.security.Denied``. |
MM |
72 |
See https://github.com/Pylons/pyramid/pull/3084 |
|
73 |
|
5c437a
|
74 |
- Add a ``quote_via`` argument to ``pyramid.encode.urlencode`` to follow |
MM |
75 |
the stdlib's version and enable custom quoting functions. |
|
76 |
See https://github.com/Pylons/pyramid/pull/3088 |
|
77 |
|
983216
|
78 |
- Support `_query=None` and `_anchor=None` in ``request.route_url`` as well |
MM |
79 |
as ``query=None`` and ``anchor=None`` in ``request.resource_url``. |
|
80 |
Previously this would cause an `?` and a `#`, respectively, in the url |
53cfb8
|
81 |
with nothing after it. Now the unnecessary parts are dropped from the |
MM |
82 |
generated URL. See https://github.com/Pylons/pyramid/pull/3034 |
983216
|
83 |
|
5aa1af
|
84 |
- Revamp the ``IRouter`` API used by ``IExecutionPolicy`` to force |
MM |
85 |
pushing/popping the request threadlocals. The |
|
86 |
``IRouter.make_request(environ)`` API has been replaced by |
|
87 |
``IRouter.request_context(environ)`` which should be used as a context |
|
88 |
manager. See https://github.com/Pylons/pyramid/pull/3086 |
|
89 |
|
1fc7ee
|
90 |
1.9a2 (2017-05-09) |
MM |
91 |
================== |
|
92 |
|
|
93 |
Backward Incompatibilities |
|
94 |
-------------------------- |
|
95 |
|
|
96 |
- ``request.exception`` and ``request.exc_info`` will only be set if the |
|
97 |
response was generated by the EXCVIEW tween. This is to avoid any confusion |
|
98 |
where a response was generated elsewhere in the pipeline and not in |
|
99 |
direct relation to the original exception. If anyone upstream wants to |
|
100 |
catch and render responses for exceptions they should set |
|
101 |
``request.exception`` and ``request.exc_info`` themselves to indicate |
|
102 |
the exception that was squashed when generating the response. |
|
103 |
|
|
104 |
Similar behavior occurs with ``request.invoke_exception_view`` in which |
|
105 |
the exception properties are set to reflect the exception if a response |
|
106 |
is successfully generated by the method. |
|
107 |
|
|
108 |
This is a very minor incompatibility. Most tweens right now would give |
|
109 |
priority to the raised exception and ignore ``request.exception``. This |
|
110 |
change just improves and clarifies that bookkeeping by trying to be |
|
111 |
more clear about the relationship between the response and its squashed |
|
112 |
exception. See https://github.com/Pylons/pyramid/pull/3029 and |
|
113 |
https://github.com/Pylons/pyramid/pull/3031 |
|
114 |
|
c84904
|
115 |
1.9a1 (2017-05-01) |
MM |
116 |
================== |
bdb8e0
|
117 |
|
fa8a9d
|
118 |
Major Features |
MM |
119 |
-------------- |
|
120 |
|
|
121 |
- The file format used by all ``p*`` command line scripts such as ``pserve`` |
|
122 |
and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function |
|
123 |
is now replaceable thanks to a new dependency on |
19d341
|
124 |
`plaster <https://docs.pylonsproject.org/projects/plaster/en/latest/>`_. |
fa8a9d
|
125 |
|
MM |
126 |
For now, Pyramid is still shipping with integrated support for the |
fdd77d
|
127 |
PasteDeploy INI format by depending on the |
fbfd81
|
128 |
`plaster_pastedeploy <https://github.com/Pylons/plaster_pastedeploy>`_ |
fdd77d
|
129 |
binding library. This may change in the future. |
fa8a9d
|
130 |
|
MM |
131 |
See https://github.com/Pylons/pyramid/pull/2985 |
5f4649
|
132 |
|
4c3971
|
133 |
- Added an execution policy hook to the request pipeline. An execution |
MM |
134 |
policy has the ability to control creation and execution of the request |
f454b8
|
135 |
objects before they enter the rest of the pipeline. This means for a single |
fa8a9d
|
136 |
request environ the policy may create more than one request object. |
MM |
137 |
|
|
138 |
The first library to use this feature is |
|
139 |
`pyramid_retry |
19d341
|
140 |
<https://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_. |
fa8a9d
|
141 |
|
MM |
142 |
See https://github.com/Pylons/pyramid/pull/2964 |
|
143 |
|
6419a3
|
144 |
- CSRF support has been refactored out of sessions and into its own |
MM |
145 |
independent API in the ``pyramid.csrf`` module. It supports a pluggable |
|
146 |
``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your |
|
147 |
own mechanism for generating and validating CSRF tokens. By default, |
|
148 |
Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy`` |
|
149 |
that uses the ``request.session.get_csrf_token`` and |
|
150 |
``request.session.new_csrf_token`` APIs under the hood to preserve |
|
151 |
compatibility. Two new policies are shipped as well, |
|
152 |
``pyramid.csrf.SessionCSRFStoragePolicy`` and |
|
153 |
``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens |
|
154 |
in the session and in a standalone cookie, respectively. The storage policy |
|
155 |
can be changed by using the new |
|
156 |
``pyramid.config.Configurator.set_csrf_storage_policy`` config directive. |
|
157 |
|
|
158 |
CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``, |
|
159 |
``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs |
|
160 |
in order to continue working if the storage policy is changed. Also, the |
|
161 |
``pyramid.csrf.get_csrf_token`` function is injected into templates to be |
|
162 |
used conveniently in UI code. |
|
163 |
|
682a9b
|
164 |
See https://github.com/Pylons/pyramid/pull/2854 and |
MM |
165 |
https://github.com/Pylons/pyramid/pull/3019 |
a2c7c7
|
166 |
|
2b9b6c
|
167 |
Minor Features |
MM |
168 |
-------------- |
9028c9
|
169 |
|
MM |
170 |
- Support an ``open_url`` config setting in the ``pserve`` section of the |
|
171 |
config file. This url is used to open a web browser when ``pserve --browser`` |
|
172 |
is invoked. When this setting is unavailable the ``pserve`` script will |
|
173 |
attempt to guess the port the server is using from the |
|
174 |
``server:<server_name>`` section of the config file but there is no |
|
175 |
requirement that the server is being run in this format so it may fail. |
|
176 |
See https://github.com/Pylons/pyramid/pull/2984 |
|
177 |
|
87af11
|
178 |
- The ``pyramid.config.Configurator`` can now be used as a context manager |
MM |
179 |
which will automatically push/pop threadlocals (similar to |
|
180 |
``config.begin()`` and ``config.end()``). It will also automatically perform |
|
181 |
a ``config.commit()`` and thus it is only recommended to be used at the |
|
182 |
top-level of your app. See https://github.com/Pylons/pyramid/pull/2874 |
a2c7c7
|
183 |
|
847fb7
|
184 |
- The threadlocals are now available inside any function invoked via |
MM |
185 |
``config.include``. This means the only config-time code that cannot rely |
|
186 |
on threadlocals is code executed from non-actions inside the main. This |
|
187 |
can be alleviated by invoking ``config.begin()`` and ``config.end()`` |
|
188 |
appropriately or using the new context manager feature of the configurator. |
|
189 |
See https://github.com/Pylons/pyramid/pull/2989 |
|
190 |
|
1cf132
|
191 |
Bug Fixes |
BJR |
192 |
--------- |
45f882
|
193 |
|
564b63
|
194 |
- HTTPException's accepts a detail kwarg that may be used to pass additional |
BJR |
195 |
details to the exception. You may now pass objects so long as they have a |
169155
|
196 |
valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 |
MM |
197 |
|
|
198 |
- Fix a reference cycle causing memory leaks in which the registry |
|
199 |
would keep a ``Configurator`` instance alive even after the configurator |
|
200 |
was discarded. Another fix was also added for the ``global_registries`` |
|
201 |
object in which the registry was stored in a closure preventing it from |
|
202 |
being deallocated. See https://github.com/Pylons/pyramid/pull/2967 |
564b63
|
203 |
|
38294e
|
204 |
- Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the |
MM |
205 |
``--reload`` option in which ``sys.argv`` is always used in the subprocess |
|
206 |
instead of the supplied ``argv``. |
|
207 |
See https://github.com/Pylons/pyramid/pull/2962 |
|
208 |
|
1cf132
|
209 |
Deprecations |
BJR |
210 |
------------ |
cb98a9
|
211 |
|
2b9b6c
|
212 |
- Pyramid currently depends on ``plaster_pastedeploy`` to simplify the |
MM |
213 |
transition to ``plaster`` by maintaining integrated support for INI files. |
|
214 |
This dependency on ``plaster_pastedeploy`` should be considered subject to |
2aebc6
|
215 |
Pyramid's deprecation policy and may be removed in the future. |
2b9b6c
|
216 |
Applications should depend on the appropriate plaster binding to satisfy |
MM |
217 |
their needs. |
d2f0fe
|
218 |
|
2b9b6c
|
219 |
- Retrieving CSRF token from the session has been deprecated in favor of |
MM |
220 |
equivalent methods in the ``pyramid.csrf`` module. The CSRF methods |
|
221 |
(``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer |
|
222 |
required on the ``ISession`` interface except when using the default |
|
223 |
``pyramid.csrf.LegacySessionCSRFStoragePolicy``. |
a2c7c7
|
224 |
|
2b9b6c
|
225 |
Also, ``pyramid.session.check_csrf_token`` is now located at |
MM |
226 |
``pyramid.csrf.check_csrf_token``. |
|
227 |
|
|
228 |
See https://github.com/Pylons/pyramid/pull/2854 and |
|
229 |
https://github.com/Pylons/pyramid/pull/3019 |
3213e2
|
230 |
|
785088
|
231 |
Documentation Changes |
MM |
232 |
--------------------- |
|
233 |
|
|
234 |
- Added the execution policy to the routing diagram in the Request Processing |
840508
|
235 |
chapter. See https://github.com/Pylons/pyramid/pull/2993 |