.. _changes_1.6.4:
|
|
1.6.4 (2016-08-17)
|
==================
|
|
Bug Fixes
|
---------
|
|
- Oops, Apparently wheels do not build cleanly every time, so build artifacts
|
from 1.7.1 creeped into the wheel for 1.6.3. Note to self: ``rm -rf build``.
|
|
.. _changes_1.6.3:
|
|
1.6.3 (2016-08-16)
|
==================
|
|
Bug Fixes
|
---------
|
|
- Revert changes from #2706 released in Pyramid 1.6.2. JSON renderers will
|
continue to return unicode data instead of UTF-8 encoded bytes. This means
|
that WebOb responses are still expected to handle unicode data even though
|
JSON does not have a charset.
|
See https://github.com/Pylons/pyramid/issues/2744
|
|
.. _changes_1.6.2:
|
|
1.6.2 (2016-08-16)
|
==================
|
|
Bug Fixes
|
---------
|
|
- Fixed bug in `proutes` such that it now shows the correct view when a class
|
and `attr` is involved.
|
See: https://github.com/Pylons/pyramid/pull/2687
|
|
- The JSON renderers now encode their result as UTF-8. The renderer helper
|
will now warn the user and encode the result as UTF-8 if a renderer returns a
|
text type and the response does not have a valid character set. See
|
https://github.com/Pylons/pyramid/pull/2706
|
|
.. _changes_1.6.1:
|
|
1.6.1 (2016-02-02)
|
==================
|
|
Deprecations
|
------------
|
|
- Missed the deprecation of one more daemon/process management feature that
|
allowed logging to a file. This deprecates ``--log-file`` which is generally
|
only used with pserve running in daemon mode. See
|
https://github.com/Pylons/pyramid/pull/2330
|
|
Bug Fixes
|
---------
|
|
- Fix an issue with differing CSRF token data types on Python runtimes
|
supporting ``hmac.compare_digest``.
|
See https://github.com/Pylons/pyramid/pull/2299
|
|
1.6 (2016-01-03)
|
================
|
|
Deprecations
|
------------
|
|
- Continue removal of ``pserve`` daemon/process management features
|
by deprecating ``--user`` and ``--group`` options.
|
See https://github.com/Pylons/pyramid/pull/2190
|
|
1.6b3 (2015-12-17)
|
==================
|
|
Backward Incompatibilities
|
--------------------------
|
|
- Remove the ``cachebust`` option from ``config.add_static_view``. See
|
``config.add_cache_buster`` for the new way to attach cache busters to
|
static assets.
|
See https://github.com/Pylons/pyramid/pull/2186
|
|
- Modify the ``pyramid.interfaces.ICacheBuster`` API to be a simple callable
|
instead of an object with ``match`` and ``pregenerate`` methods. Cache
|
busters are now focused solely on generation. Matching has been dropped.
|
|
Note this affects usage of ``pyramid.static.QueryStringCacheBuster`` and
|
``pyramid.static.ManifestCacheBuster``.
|
|
See https://github.com/Pylons/pyramid/pull/2186
|
|
Features
|
--------
|
|
- Add a new ``config.add_cache_buster`` API for attaching cache busters to
|
static assets. See https://github.com/Pylons/pyramid/pull/2186
|
|
Bug Fixes
|
---------
|
|
- Ensure that ``IAssetDescriptor.abspath`` always returns an absolute path.
|
There were cases depending on the process CWD that a relative path would
|
be returned. See https://github.com/Pylons/pyramid/issues/2188
|
|
1.6b2 (2015-10-15)
|
==================
|
|
Features
|
--------
|
|
- Allow asset specifications to be supplied to
|
``pyramid.static.ManifestCacheBuster`` instead of requiring a
|
filesystem path.
|
|
1.6b1 (2015-10-15)
|
==================
|
|
Backward Incompatibilities
|
--------------------------
|
|
- IPython and BPython support have been removed from pshell in the core.
|
To continue using them on Pyramid 1.6+ you must install the binding
|
packages explicitly::
|
|
$ pip install pyramid_ipython
|
|
or
|
|
$ pip install pyramid_bpython
|
|
- Remove default cache busters introduced in 1.6a1 including
|
``PathSegmentCacheBuster``, ``PathSegmentMd5CacheBuster``, and
|
``QueryStringMd5CacheBuster``.
|
See https://github.com/Pylons/pyramid/pull/2116
|
|
Features
|
--------
|
|
- Additional shells for ``pshell`` can now be registered as entrypoints. See
|
https://github.com/Pylons/pyramid/pull/1891 and
|
https://github.com/Pylons/pyramid/pull/2012
|
|
- The variables injected into ``pshell`` are now displayed with their
|
docstrings instead of the default ``str(obj)`` when possible.
|
See https://github.com/Pylons/pyramid/pull/1929
|
|
- Add new ``pyramid.static.ManifestCacheBuster`` for use with external
|
asset pipelines as well as examples of common usages in the narrative.
|
See https://github.com/Pylons/pyramid/pull/2116
|
|
- Fix ``pserve --reload`` to not crash on syntax errors!!!
|
See https://github.com/Pylons/pyramid/pull/2125
|
|
- Fix an issue when user passes unparsed strings to ``pyramid.session.CookieSession``
|
and ``pyramid.authentication.AuthTktCookieHelper`` for time related parameters
|
``timeout``, ``reissue_time``, ``max_age`` that expect an integer value.
|
See https://github.com/Pylons/pyramid/pull/2050
|
|
Bug Fixes
|
---------
|
|
- ``pyramid.httpexceptions.HTTPException`` now defaults to
|
``520 Unknown Error`` instead of ``None None`` to conform with changes in
|
WebOb 1.5.
|
See https://github.com/Pylons/pyramid/pull/1865
|
|
- ``pshell`` will now preserve the capitalization of variables in the
|
``[pshell]`` section of the INI file. This makes exposing classes to the
|
shell a little more straightfoward.
|
See https://github.com/Pylons/pyramid/pull/1883
|
|
- Fixed usage of ``pserve --monitor-restart --daemon`` which would fail in
|
horrible ways. See https://github.com/Pylons/pyramid/pull/2118
|
|
- Explicitly prevent ``pserve --reload --daemon`` from being used. It's never
|
been supported but would work and fail in weird ways.
|
See https://github.com/Pylons/pyramid/pull/2119
|
|
- Fix an issue on Windows when running ``pserve --reload`` in which the
|
process failed to fork because it could not find the pserve script to
|
run. See https://github.com/Pylons/pyramid/pull/2138
|
|
Deprecations
|
------------
|
|
- Deprecate ``pserve --monitor-restart`` in favor of user's using a real
|
process manager such as Systemd or Upstart as well as Python-based
|
solutions like Circus and Supervisor.
|
See https://github.com/Pylons/pyramid/pull/2120
|
|
1.6a2 (2015-06-30)
|
==================
|
|
Bug Fixes
|
---------
|
|
- Ensure that ``pyramid.httpexceptions.exception_response`` returns the
|
appropriate "concrete" class for ``400`` and ``500`` status codes.
|
See https://github.com/Pylons/pyramid/issues/1832
|
|
- Fix an infinite recursion bug introduced in 1.6a1 when
|
``pyramid.view.render_view_to_response`` was called directly or indirectly.
|
See https://github.com/Pylons/pyramid/issues/1643
|
|
- Further fix the JSONP renderer by prefixing the returned content with
|
a comment. This should mitigate attacks from Flash (See CVE-2014-4671).
|
See https://github.com/Pylons/pyramid/pull/1649
|
|
- Allow periods and brackets (``[]``) in the JSONP callback. The original
|
fix was overly-restrictive and broke Angular.
|
See https://github.com/Pylons/pyramid/pull/1649
|
|
1.6a1 (2015-04-15)
|
==================
|
|
Features
|
--------
|
|
- pcreate will now ask for confirmation if invoked with
|
an argument for a project name that already exists or
|
is importable in the current environment.
|
See https://github.com/Pylons/pyramid/issues/1357 and
|
https://github.com/Pylons/pyramid/pull/1837
|
|
- Make it possible to subclass ``pyramid.request.Request`` and also use
|
``pyramid.request.Request.add_request.method``. See
|
https://github.com/Pylons/pyramid/issues/1529
|
|
- The ``pyramid.config.Configurator`` has grown the ability to allow
|
actions to call other actions during a commit-cycle. This enables much more
|
logic to be placed into actions, such as the ability to invoke other actions
|
or group them for improved conflict detection. We have also exposed and
|
documented the config phases that Pyramid uses in order to further assist
|
in building conforming addons.
|
See https://github.com/Pylons/pyramid/pull/1513
|
|
- Add ``pyramid.request.apply_request_extensions`` function which can be
|
used in testing to apply any request extensions configured via
|
``config.add_request_method``. Previously it was only possible to test
|
the extensions by going through Pyramid's router.
|
See https://github.com/Pylons/pyramid/pull/1581
|
|
- pcreate when run without a scaffold argument will now print information on
|
the missing flag, as well as a list of available scaffolds.
|
See https://github.com/Pylons/pyramid/pull/1566 and
|
https://github.com/Pylons/pyramid/issues/1297
|
|
- Added support / testing for 'pypy3' under Tox and Travis.
|
See https://github.com/Pylons/pyramid/pull/1469
|
|
- Automate code coverage metrics across py2 and py3 instead of just py2.
|
See https://github.com/Pylons/pyramid/pull/1471
|
|
- Cache busting for static resources has been added and is available via a new
|
argument to ``pyramid.config.Configurator.add_static_view``: ``cachebust``.
|
Core APIs are shipped for both cache busting via query strings and
|
path segments and may be extended to fit into custom asset pipelines.
|
See https://github.com/Pylons/pyramid/pull/1380 and
|
https://github.com/Pylons/pyramid/pull/1583
|
|
- Add ``pyramid.config.Configurator.root_package`` attribute and init
|
parameter to assist with includeable packages that wish to resolve
|
resources relative to the package in which the ``Configurator`` was created.
|
This is especially useful for addons that need to load asset specs from
|
settings, in which case it is may be natural for a developer to define
|
imports or assets relative to the top-level package.
|
See https://github.com/Pylons/pyramid/pull/1337
|
|
- Added line numbers to the log formatters in the scaffolds to assist with
|
debugging. See https://github.com/Pylons/pyramid/pull/1326
|
|
- Add new HTTP exception objects for status codes
|
``428 Precondition Required``, ``429 Too Many Requests`` and
|
``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``.
|
See https://github.com/Pylons/pyramid/pull/1372/files
|
|
- The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is
|
defined in the environment prior to launching the interpreter.
|
See https://github.com/Pylons/pyramid/pull/1448
|
|
- Make it simple to define notfound and forbidden views that wish to use
|
the default exception-response view but with altered predicates and other
|
configuration options. The ``view`` argument is now optional in
|
``config.add_notfound_view`` and ``config.add_forbidden_view``..
|
See https://github.com/Pylons/pyramid/issues/494
|
|
- Greatly improve the readability of the ``pcreate`` shell script output.
|
See https://github.com/Pylons/pyramid/pull/1453
|
|
- Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and
|
the ``SignedCookieSessionFactory`` classes by using the stdlib's
|
``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+).
|
See https://github.com/Pylons/pyramid/pull/1457
|
|
- Assets can now be overidden by an absolute path on the filesystem when using
|
the ``config.override_asset`` API. This makes it possible to fully support
|
serving up static content from a mutable directory while still being able
|
to use the ``request.static_url`` API and ``config.add_static_view``.
|
Previously it was not possible to use ``config.add_static_view`` with an
|
absolute path **and** generate urls to the content. This change replaces
|
the call, ``config.add_static_view('/abs/path', 'static')``, with
|
``config.add_static_view('myapp:static', 'static')`` and
|
``config.override_asset(to_override='myapp:static/',
|
override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely
|
made up and does not need to exist - it is used for generating urls
|
via ``request.static_url('myapp:static/foo.png')``.
|
See https://github.com/Pylons/pyramid/issues/1252
|
|
- Added ``pyramid.config.Configurator.set_response_factory`` and the
|
``response_factory`` keyword argument to the ``Configurator`` for defining
|
a factory that will return a custom ``Response`` class.
|
See https://github.com/Pylons/pyramid/pull/1499
|
|
- Allow an iterator to be returned from a renderer. Previously it was only
|
possible to return bytes or unicode.
|
See https://github.com/Pylons/pyramid/pull/1417
|
|
- ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server
|
URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533
|
|
- Overall improvments for the ``proutes`` command. Added ``--format`` and
|
``--glob`` arguments to the command, introduced the ``method``
|
column for displaying available request methods, and improved the ``view``
|
output by showing the module instead of just ``__repr__``.
|
See https://github.com/Pylons/pyramid/pull/1488
|
|
- Support keyword-only arguments and function annotations in views in
|
Python 3. See https://github.com/Pylons/pyramid/pull/1556
|
|
- ``request.response`` will no longer be mutated when using the
|
``pyramid.renderers.render_to_response()`` API. It is now necessary to
|
pass in a ``response=`` argument to ``render_to_response`` if you wish to
|
supply the renderer with a custom response object for it to use. If you
|
do not pass one then a response object will be created using the
|
application's ``IResponseFactory``. Almost all renderers
|
mutate the ``request.response`` response object (for example, the JSON
|
renderer sets ``request.response.content_type`` to ``application/json``).
|
However, when invoking ``render_to_response`` it is not expected that the
|
response object being returned would be the same one used later in the
|
request. The response object returned from ``render_to_response`` is now
|
explicitly different from ``request.response``. This does not change the
|
API of a renderer. See https://github.com/Pylons/pyramid/pull/1563
|
|
- The ``append_slash`` argument of ```Configurator().add_notfound_view()`` will
|
now accept anything that implements the ``IResponse`` interface and will use
|
that as the response class instead of the default ``HTTPFound``. See
|
https://github.com/Pylons/pyramid/pull/1610
|
|
Bug Fixes
|
---------
|
|
- The JSONP renderer created JavaScript code in such a way that a callback
|
variable could be used to arbitrarily inject javascript into the response
|
object. https://github.com/Pylons/pyramid/pull/1627
|
|
- Work around an issue where ``pserve --reload`` would leave terminal echo
|
disabled if it reloaded during a pdb session.
|
See https://github.com/Pylons/pyramid/pull/1577,
|
https://github.com/Pylons/pyramid/pull/1592
|
|
- ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise
|
``ValueError`` when accidentally passed ``None``.
|
See https://github.com/Pylons/pyramid/pull/1320
|
|
- Fix an issue whereby predicates would be resolved as maybe_dotted in the
|
introspectable but not when passed for registration. This would mean that
|
``add_route_predicate`` for example can not take a string and turn it into
|
the actual callable function.
|
See https://github.com/Pylons/pyramid/pull/1306
|
|
- Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper
|
package. Previously it was not possible to do package-relative includes
|
using the returned ``Configurator`` during testing. There is now a
|
``package`` argument that can override this behavior as well.
|
See https://github.com/Pylons/pyramid/pull/1322
|
|
- Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset
|
where it does not belong. See https://github.com/Pylons/pyramid/pull/1251
|
|
- Work around a bug introduced in Python 2.7.7 on Windows where
|
``mimetypes.guess_type`` returns Unicode rather than str for the content
|
type, unlike any previous version of Python. See
|
https://github.com/Pylons/pyramid/issues/1360 for more information.
|
|
- ``pcreate`` now normalizes the package name by converting hyphens to
|
underscores. See https://github.com/Pylons/pyramid/pull/1376
|
|
- Fix an issue with the final response/finished callback being unable to
|
add another callback to the list. See
|
https://github.com/Pylons/pyramid/pull/1373
|
|
- Fix a failing unittest caused by differing mimetypes across various OSs.
|
See https://github.com/Pylons/pyramid/issues/1405
|
|
- Fix route generation for static view asset specifications having no path.
|
See https://github.com/Pylons/pyramid/pull/1377
|
|
- Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no
|
valid request object. In this case it will not wrap the object in a
|
callback and thus behave just like the ``pyramid.renderers.JSON`` renderer.
|
See https://github.com/Pylons/pyramid/pull/1561
|
|
- Prevent "parameters to load are deprecated" ``DeprecationWarning``
|
from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541
|
|
- Avoiding sharing the ``IRenderer`` objects across threads when attached to
|
a view using the `renderer=` argument. These renderers were instantiated
|
at time of first render and shared between requests, causing potentially
|
subtle effects like `pyramid.reload_templates = true` failing to work
|
in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575
|
and https://github.com/Pylons/pyramid/issues/1268
|
|
- Avoiding timing attacks against CSRF tokens.
|
See https://github.com/Pylons/pyramid/pull/1574
|
|
- ``request.finished_callbacks`` and ``request.response_callbacks`` now
|
default to an iterable instead of ``None``. It may be checked for a length
|
of 0. This was the behavior in 1.5.
|
|
Deprecations
|
------------
|
|
- The ``pserve`` command's daemonization features have been deprecated. This
|
includes the ``[start,stop,restart,status]`` subcommands as well as the
|
``--daemon``, ``--stop-server``, ``--pid-file``, and ``--status`` flags.
|
|
Please use a real process manager in the future instead of relying on the
|
``pserve`` to daemonize itself. Many options exist including your Operating
|
System's services such as Systemd or Upstart, as well as Python-based
|
solutions like Circus and Supervisor.
|
|
See https://github.com/Pylons/pyramid/pull/1641
|
|
- Renamed the ``principal`` argument to ``pyramid.security.remember()`` to
|
``userid`` in order to clarify its intended purpose.
|
See https://github.com/Pylons/pyramid/pull/1399
|
|
Docs
|
----
|
|
- Moved the documentation for ``accept`` on ``Configurator.add_view`` to no
|
longer be part of the predicate list. See
|
https://github.com/Pylons/pyramid/issues/1391 for a bug report stating
|
``not_`` was failing on ``accept``. Discussion with @mcdonc led to the
|
conclusion that it should not be documented as a predicate.
|
See https://github.com/Pylons/pyramid/pull/1487 for this PR
|
|
- Removed logging configuration from Quick Tutorial ini files except for
|
scaffolding- and logging-related chapters to avoid needing to explain it too
|
early.
|
|
- Clarify a previously-implied detail of the ``ISession.invalidate`` API
|
documentation.
|
|
- Improve and clarify the documentation on what Pyramid defines as a
|
``principal`` and a ``userid`` in its security APIs.
|
See https://github.com/Pylons/pyramid/pull/1399
|
|
- Add documentation of command line programs (``p*`` scripts). See
|
https://github.com/Pylons/pyramid/pull/2191
|
|
Scaffolds
|
---------
|
|
- Update scaffold generating machinery to return the version of pyramid and
|
pyramid docs for use in scaffolds. Updated starter, alchemy and zodb
|
templates to have links to correctly versioned documentation and reflect
|
which pyramid was used to generate the scaffold.
|
|
- Removed non-ascii copyright symbol from templates, as this was
|
causing the scaffolds to fail for project generation.
|
|
- You can now run the scaffolding func tests via ``tox py2-scaffolds`` and
|
``tox py3-scaffolds``.
|