| | |
| | | 1.8 (2017-01-21) |
| | | ================ |
| | | |
| | | - No major changes from 1.8b1. |
| | | |
| | | 1.8b1 (2017-01-17) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Added an ``override`` option to ``config.add_translation_dirs`` to allow |
| | | later calls to place translation directories at a higher priority than |
| | | earlier calls. See https://github.com/Pylons/pyramid/pull/2902 |
| | | |
| | | Documentation Changes |
| | | --------------------- |
| | | |
| | | - Improve registry documentation to discuss uses as a component registry |
| | | and as a dictionary. See https://github.com/Pylons/pyramid/pull/2893 |
| | | |
| | | - Quick Tour, Quick Tutorial, and most other remaining documentation updated to |
| | | use cookiecutters instead of pcreate and scaffolds. |
| | | See https://github.com/Pylons/pyramid/pull/2888 and |
| | | https://github.com/Pylons/pyramid/pull/2889 |
| | | |
| | | - Fix unittests in wiki2 to work without different dependencies between |
| | | py2 and py3. See https://github.com/Pylons/pyramid/pull/2899 |
| | | |
| | | - Update Windows documentation to track newer Python 3 improvements to the |
| | | installer. See https://github.com/Pylons/pyramid/pull/2900 |
| | | |
| | | - Updated the ``mod_wsgi`` tutorial to use cookiecutters and Apache 2.4+. |
| | | See https://github.com/Pylons/pyramid/pull/2901 |
| | | |
| | | 1.8a1 (2016-12-25) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - Support for the ``IContextURL`` interface that was deprecated in Pyramid 1.3 |
| | | has been removed. See https://github.com/Pylons/pyramid/pull/2822 |
| | | |
| | | - Following the Pyramid deprecation period (1.6 -> 1.8), |
| | | daemon support for pserve has been removed. This includes removing the |
| | | daemon commands (start, stop, restart, status) as well as the following |
| | | arguments: ``--daemon``, ``--pid-file``, ``--log-file``, |
| | | ``--monitor-restart``, ``--status``, ``--user``, ``--group``, |
| | | ``--stop-daemon`` |
| | | |
| | | To run your server as a daemon you should use a process manager instead of |
| | | pserve. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2615 |
| | | |
| | | - ``pcreate`` is now interactive by default. You will be prompted if a file |
| | | already exists with different content. Previously if there were similar |
| | | files it would silently skip them unless you specified ``--interactive`` |
| | | or ``--overwrite``. |
| | | See https://github.com/Pylons/pyramid/pull/2775 |
| | | |
| | | - Removed undocumented argument ``cachebust_match`` from |
| | | ``pyramid.static.static_view``. This argument was shipped accidentally |
| | | in Pyramid 1.6. See https://github.com/Pylons/pyramid/pull/2681 |
| | | |
| | | - Change static view to avoid setting the ``Content-Encoding`` response header |
| | | to an encoding guessed using Python's ``mimetypes`` module. This was causing |
| | | clients to decode the content of gzipped files when downloading them. The |
| | | client would end up with a ``foo.txt.gz`` file on disk that was already |
| | | decoded, thus should really be ``foo.txt``. Also, the ``Content-Encoding`` |
| | | should only have been used if the client itself broadcast support for the |
| | | encoding via ``Accept-Encoding`` request headers. |
| | | See https://github.com/Pylons/pyramid/pull/2810 |
| | | |
| | | - Settings are no longer accessible as attributes on the settings object |
| | | (e.g. ``request.registry.settings.foo``). This was deprecated in Pyramid 1.2. |
| | | See https://github.com/Pylons/pyramid/pull/2823 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Python 3.6 compatibility. |
| | | https://github.com/Pylons/pyramid/issues/2835 |
| | | |
| | | - ``pcreate`` learned about ``--package-name`` to allow you to create a new |
| | | project in an existing folder with a different package name than the project |
| | | name. See https://github.com/Pylons/pyramid/pull/2783 |
| | | |
| | | - The ``_get_credentials`` private method of ``BasicAuthAuthenticationPolicy`` |
| | | has been extracted into standalone function ``extract_http_basic_credentials`` |
| | | in ``pyramid.authentication`` module, this function extracts HTTP Basic |
| | | credentials from a ``request`` object, and returns them as a named tuple. |
| | | See https://github.com/Pylons/pyramid/pull/2662 |
| | | |
| | | - Pyramid 1.4 silently dropped a feature of the configurator that has been |
| | | restored. It's again possible for action discriminators to conflict across |
| | | different action orders. |
| | | See https://github.com/Pylons/pyramid/pull/2757 |
| | | |
| | | - ``pyramid.paster.bootstrap`` and its sibling ``pyramid.scripting.prepare`` |
| | | can now be used as context managers to automatically invoke the ``closer`` |
| | | and pop threadlocals off of the stack to prevent memory leaks. |
| | | See https://github.com/Pylons/pyramid/pull/2760 |
| | | |
| | | - Added ``pyramid.config.Configurator.add_exception_view`` and the |
| | | ``pyramid.view.exception_view_config`` decorator. It is now possible using |
| | | these methods or via the new ``exception_only=True`` option to ``add_view`` |
| | | to add a view which will only be matched when handling an exception. |
| | | Previously any exception views were also registered for a traversal |
| | | context that inherited from the exception class which prevented any |
| | | exception-only optimizations. |
| | | See https://github.com/Pylons/pyramid/pull/2660 |
| | | |
| | | - Added the ``exception_only`` boolean to |
| | | ``pyramid.interfaces.IViewDeriverInfo`` which can be used by view derivers |
| | | to determine if they are wrapping a view which only handles exceptions. |
| | | This means that it is no longer necessary to perform request-time checks |
| | | for ``request.exception`` to determine if the view is handling an exception |
| | | - the pipeline can be optimized at config-time. |
| | | See https://github.com/Pylons/pyramid/pull/2660 |
| | | |
| | | - ``pserve`` should now work with ``gevent`` and other workers that need |
| | | to monkeypatch the process, assuming the server and / or the app do so |
| | | as soon as possible before importing the rest of pyramid. |
| | | See https://github.com/Pylons/pyramid/pull/2797 |
| | | |
| | | - Pyramid no longer copies the settings object passed to the |
| | | ``pyramid.config.Configurator(settings=)``. The original ``dict`` is kept. |
| | | See https://github.com/Pylons/pyramid/pull/2823 |
| | | |
| | | - The csrf trusted origins setting may now be a whitespace-separated list of |
| | | domains. Previously only a python list was allowed. Also, it can now be set |
| | | using the ``PYRAMID_CSRF_TRUSTED_ORIGINS`` environment variable similar to |
| | | other settings. See https://github.com/Pylons/pyramid/pull/2823 |
| | | |
| | | - ``pserve --reload`` now uses the |
| | | `hupper <http://docs.pylonsproject.org/projects/hupper/en/latest/>` |
| | | library to monitor file changes. This comes with many improvements: |
| | | |
| | | - If the `watchdog <http://pythonhosted.org/watchdog/>`_ package is |
| | | installed then monitoring will be done using inotify instead of |
| | | cpu and disk-intensive polling. |
| | | |
| | | - The monitor is now a separate process that will not crash and starts up |
| | | before any of your code. |
| | | |
| | | - The monitor will not restart the process after a crash until a file is |
| | | saved. |
| | | |
| | | - The monitor works on windows. |
| | | |
| | | - You can now trigger a reload manually from a pyramid view or any other |
| | | code via ``hupper.get_reloader().trigger_reload()``. Kind of neat. |
| | | |
| | | - You can trigger a reload by issuing a ``SIGHUP`` to the monitor process. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2805 |
| | | |
| | | - A new ``[pserve]`` section is supported in your config files with a |
| | | ``watch_files`` key that can configure ``pserve --reload`` to monitor custom |
| | | file paths. See https://github.com/Pylons/pyramid/pull/2827 |
| | | |
| | | - Allow streaming responses to be made from subclasses of |
| | | ``pyramid.httpexceptions.HTTPException``. Previously the response would |
| | | be unrolled while testing for a body, making it impossible to stream |
| | | a response. |
| | | See https://github.com/Pylons/pyramid/pull/2863 |
| | | |
| | | - Update starter, alchemy and zodb scaffolds to support IPv6 by using the |
| | | new ``listen`` directives in waitress. |
| | | See https://github.com/Pylons/pyramid/pull/2853 |
| | | |
| | | - All p* scripts now use argparse instead of optparse. This improves their |
| | | ``--help`` output as well as enabling nicer documentation of their options. |
| | | See https://github.com/Pylons/pyramid/pull/2864 |
| | | |
| | | - Any deferred configuration action registered via ``config.action`` may now |
| | | depend on threadlocal state, such as asset overrides, being active when |
| | | the action is executed. |
| | | See https://github.com/Pylons/pyramid/pull/2873 |
| | | |
| | | - Asset specifications for directories passed to |
| | | ``config.add_translation_dirs`` now support overriding the entire asset |
| | | specification, including the folder name. Previously only the package name |
| | | was supported and the folder would always need to have the same name. |
| | | See https://github.com/Pylons/pyramid/pull/2873 |
| | | |
| | | - ``config.begin()`` will propagate the current threadlocal request through |
| | | as long as the registry is the same. For example: |
| | | |
| | | .. code-block:: python |
| | | |
| | | request = Request.blank(...) |
| | | config.begin(request) # pushes a request |
| | | config.begin() # propagates the previous request through unchanged |
| | | assert get_current_request() is request |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2873 |
| | | |
| | | - Added a new ``callback`` option to ``config.set_default_csrf_options`` which |
| | | can be used to determine per-request whether CSRF checking should be enabled |
| | | to allow for a mix authentication methods. Only cookie-based methods |
| | | generally require CSRF checking. |
| | | See https://github.com/Pylons/pyramid/pull/2778 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Fixed bug in ``proutes`` such that it now shows the correct view when a |
| | | class and ``attr`` is involved. |
| | | See: https://github.com/Pylons/pyramid/pull/2687 |
| | | |
| | | - Fix a ``FutureWarning`` in Python 3.5 when using ``re.split`` on the |
| | | ``format`` setting to the ``proutes`` script. |
| | | See https://github.com/Pylons/pyramid/pull/2714 |
| | | |
| | | - Fix a ``RuntimeWarning`` emitted by WebOb when using arbitrary objects |
| | | as the ``userid`` in the ``AuthTktAuthenticationPolicy``. This is now caught |
| | | by the policy and the object is serialized as a base64 string to avoid |
| | | the cryptic warning. Since the userid will be read back as a string on |
| | | subsequent requests a more useful warning is emitted encouraging you to |
| | | use a primitive type instead. |
| | | See https://github.com/Pylons/pyramid/pull/2715 |
| | | |
| | | - Pyramid 1.6 introduced the ability for an action to invoke another action. |
| | | There was a bug in the way that ``config.add_view`` would interact with |
| | | custom view derivers introduced in Pyramid 1.7 because the view's |
| | | discriminator cannot be computed until view derivers and view predicates |
| | | have been created in earlier orders. Invoking an action from another action |
| | | would trigger an unrolling of the pipeline and would compute discriminators |
| | | before they were ready. The new behavior respects the ``order`` of the action |
| | | and ensures the discriminators are not computed until dependent actions |
| | | from previous orders have executed. |
| | | See https://github.com/Pylons/pyramid/pull/2757 |
| | | |
| | | - Fix bug in i18n where the default domain would always use the Germanic plural |
| | | style, even if a different plural function is defined in the relevant |
| | | messages file. See https://github.com/Pylons/pyramid/pull/2859 |
| | | |
| | | - The ``config.override_asset`` method now occurs during |
| | | ``pyramid.config.PHASE1_CONFIG`` such that it is ordered to execute before |
| | | any calls to ``config.add_translation_dirs``. |
| | | See https://github.com/Pylons/pyramid/pull/2873 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``pcreate`` script and related scaffolds have been deprecated in favor |
| | | of the popular |
| | | `cookiecutter <https://cookiecutter.readthedocs.io/en/latest/>`_ project. |
| | | |
| | | All of Pyramid's official scaffolds as well as the tutorials have been |
| | | ported to cookiecutters: |
| | | |
| | | - `pyramid-cookiecutter-starter |
| | | <https://github.com/Pylons/pyramid-cookiecutter-starter>`_ |
| | | |
| | | - `pyramid-cookiecutter-alchemy |
| | | <https://github.com/Pylons/pyramid-cookiecutter-alchemy>`_ |
| | | |
| | | - `pyramid-cookiecutter-zodb |
| | | <https://github.com/Pylons/pyramid-cookiecutter-zodb>`_ |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2780 |
| | | |
| | | Documentation Changes |
| | | --------------------- |
| | | |
| | | - Update Typographical Conventions. |
| | | https://github.com/Pylons/pyramid/pull/2838 |
| | | |
| | | - Add `pyramid_nacl_session |
| | | <http://docs.pylonsproject.org/projects/pyramid-nacl-session/en/latest/>`_ |
| | | to session factories. See https://github.com/Pylons/pyramid/issues/2791 |
| | | |
| | | - Update ``HACKING.txt`` from stale branch that was never merged to master. |
| | | See https://github.com/Pylons/pyramid/pull/2782 |
| | | |
| | | - Updated Windows installation instructions and related bits. |
| | | See https://github.com/Pylons/pyramid/issues/2661 |
| | | |
| | | - Fix an inconsistency in the documentation between view predicates and |
| | | route predicates and highlight the differences in their APIs. |
| | | See https://github.com/Pylons/pyramid/pull/2764 |
| | | |
| | | - Clarify a possible misuse of the ``headers`` kwarg to subclasses of |
| | | ``pyramid.httpexceptions.HTTPException`` in which more appropriate |
| | | kwargs from the parent class ``pyramid.response.Response`` should be |
| | | used instead. See https://github.com/Pylons/pyramid/pull/2750 |
| | | |
| | | - The SQLAlchemy + URL Dispatch + Jinja2 (``wiki2``) and |
| | | ZODB + Traversal + Chameleon (``wiki``) tutorials have been updated to |
| | | utilize the new cookiecutters and drop support for the ``pcreate`` |
| | | scaffolds. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2881 and |
| | | https://github.com/Pylons/pyramid/pull/2883. |
| | | |
| | | - Improve output of p* script descriptions for help. |
| | | See https://github.com/Pylons/pyramid/pull/2886 |
| | | |
| | | - Quick Tour updated to use cookiecutters instead of pcreate and scaffolds. |
| | | See https://github.com/Pylons/pyramid/pull/2888 |
| | | |
| | | 1.7 (2016-05-19) |
| | | ================ |
| | | |
| | | - Fix a bug in the wiki2 tutorial where bcrypt is always expecting byte |
| | | strings. See https://github.com/Pylons/pyramid/pull/2576 |
| | | |
| | | - Simplify windows detection code and remove some duplicated data. |
| | | See https://github.com/Pylons/pyramid/pull/2585 and |
| | | https://github.com/Pylons/pyramid/pull/2586 |
| | | |
| | | 1.7b4 (2016-05-12) |
| | | ================== |
| | | |
| | | - Fixed the exception view tween to re-raise the original exception if |
| | | no exception view could be found to handle the exception. This better |
| | | allows tweens further up the chain to handle exceptions that were |
| | | left unhandled. Previously they would be converted into a |
| | | ``PredicateMismatch`` exception if predicates failed to allow the view to |
| | | handle the exception. |
| | | See https://github.com/Pylons/pyramid/pull/2567 |
| | | |
| | | - Exposed the ``pyramid.interfaces.IRequestFactory`` interface to mirror |
| | | the public ``pyramid.interfaces.IResponseFactory`` interface. |
| | | |
| | | 1.7b3 (2016-05-10) |
| | | ================== |
| | | |
| | | - Fix ``request.invoke_exception_view`` to raise an ``HTTPNotFound`` |
| | | exception if no view is matched. Previously ``None`` would be returned |
| | | if no views were matched and a ``PredicateMismatch`` would be raised if |
| | | a view "almost" matched (a view was found matching the context). |
| | | See https://github.com/Pylons/pyramid/pull/2564 |
| | | |
| | | - Add defaults for py.test configuration and coverage to all three scaffolds, |
| | | and update documentation accordingly. |
| | | See https://github.com/Pylons/pyramid/pull/2550 |
| | | |
| | | - Add ``linkcheck`` to ``Makefile`` for Sphinx. To check the documentation for |
| | | broken links, use the command ``make linkcheck |
| | | SPHINXBUILD=$VENV/bin/sphinx-build``. Also removed and fixed dozens of broken |
| | | external links. |
| | | |
| | | - Fix the internal runner for scaffold tests to ensure they work with pip |
| | | and py.test. |
| | | See https://github.com/Pylons/pyramid/pull/2565 |
| | | |
| | | 1.7b2 (2016-05-01) |
| | | ================== |
| | | |
| | | - Removed inclusion of pyramid_tm in development.ini for alchemy scaffold |
| | | See https://github.com/Pylons/pyramid/issues/2538 |
| | | |
| | | - A default permission set via ``config.set_default_permission`` will no |
| | | longer be enforced on an exception view. This has been the case for a while |
| | | with the default exception views (``config.add_notfound_view`` and |
| | | ``config.add_forbidden_view``), however for any other exception view a |
| | | developer had to remember to set ``permission=NO_PERMISSION_REQUIRED`` or |
| | | be surprised when things didn't work. It is still possible to force a |
| | | permission check on an exception view by setting the ``permission`` argument |
| | | manually to ``config.add_view``. This behavior is consistent with the new |
| | | CSRF features added in the 1.7 series. |
| | | See https://github.com/Pylons/pyramid/pull/2534 |
| | | |
| | | 1.7b1 (2016-04-25) |
| | | ================== |
| | | |
| | | - This release announces the beta period for 1.7. |
| | | |
| | | - Fix an issue where some files were being included in the alchemy scafffold |
| | | which had been removed from the 1.7 series. |
| | | See https://github.com/Pylons/pyramid/issues/2525 |
| | | |
| | | 1.7a2 (2016-04-19) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Automatic CSRF checks are now disabled by default on exception views. They |
| | | can be turned back on by setting the appropriate `require_csrf` option on |
| | | the view. |
| | | See https://github.com/Pylons/pyramid/pull/2517 |
| | | |
| | | - The automatic CSRF API was reworked to use a config directive for |
| | | setting the options. The ``pyramid.require_default_csrf`` setting is |
| | | no longer supported. Instead, a new ``config.set_default_csrf_options`` |
| | | directive has been introduced that allows the developer to specify |
| | | the default value for ``require_csrf`` as well as change the CSRF token, |
| | | header and safe request methods. The ``pyramid.csrf_trusted_origins`` |
| | | setting is still supported. |
| | | See https://github.com/Pylons/pyramid/pull/2518 |
| | | |
| | | Bug fixes |
| | | --------- |
| | | |
| | | - CSRF origin checks had a bug causing the checks to always fail. |
| | | See https://github.com/Pylons/pyramid/pull/2512 |
| | | |
| | | - Fix the test suite to pass on windows. |
| | | See https://github.com/Pylons/pyramid/pull/2520 |
| | | |
| | | 1.7a1 (2016-04-16) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - Following the Pyramid deprecation period (1.4 -> 1.6), |
| | | AuthTktAuthenticationPolicy's default hashing algorithm is changing from md5 |
| | | to sha512. If you are using the authentication policy and need to continue |
| | | using md5, please explicitly set hashalg to 'md5'. |
| | | |
| | | This change does mean that any existing auth tickets (and associated cookies) |
| | | will no longer be valid, and users will no longer be logged in, and have to |
| | | login to their accounts again. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2496 |
| | | |
| | | - The ``check_csrf_token`` function no longer validates a csrf token in the |
| | | query string of a request. Only headers and request bodies are supported. |
| | | See https://github.com/Pylons/pyramid/pull/2500 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Added a new setting, ``pyramid.require_default_csrf`` which may be used |
| | | to turn on CSRF checks globally for every POST request in the application. |
| | | This should be considered a good default for websites built on Pyramid. |
| | | It is possible to opt-out of CSRF checks on a per-view basis by setting |
| | | ``require_csrf=False`` on those views. |
| | | See https://github.com/Pylons/pyramid/pull/2413 |
| | | |
| | | - Added a ``require_csrf`` view option which will enforce CSRF checks on any |
| | | request with an unsafe method as defined by RFC2616. If the CSRF check fails |
| | | a ``BadCSRFToken`` exception will be raised and may be caught by exception |
| | | views (the default response is a ``400 Bad Request``). This option should be |
| | | used in place of the deprecated ``check_csrf`` view predicate which would |
| | | normally result in unexpected ``404 Not Found`` response to the client |
| | | instead of a catchable exception. See |
| | | https://github.com/Pylons/pyramid/pull/2413 and |
| | | https://github.com/Pylons/pyramid/pull/2500 |
| | | |
| | | - Added an additional CSRF validation that checks the origin/referrer of a |
| | | request and makes sure it matches the current ``request.domain``. This |
| | | particular check is only active when accessing a site over HTTPS as otherwise |
| | | browsers don't always send the required information. If this additional CSRF |
| | | validation fails a ``BadCSRFOrigin`` exception will be raised and may be |
| | | caught by exception views (the default response is ``400 Bad Request``). |
| | | Additional allowed origins may be configured by setting |
| | | ``pyramid.csrf_trusted_origins`` to a list of domain names (with ports if on |
| | | a non standard port) to allow. Subdomains are not allowed unless the domain |
| | | name has been prefixed with a ``.``. See |
| | | https://github.com/Pylons/pyramid/pull/2501 |
| | | |
| | | - Added a new ``pyramid.session.check_csrf_origin`` API for validating the |
| | | origin or referrer headers against the request's domain. |
| | | See https://github.com/Pylons/pyramid/pull/2501 |
| | | |
| | | - Pyramid HTTPExceptions will now take into account the best match for the |
| | | clients Accept header, and depending on what is requested will return |
| | | text/html, application/json or text/plain. The default for */* is still |
| | | text/html, but if application/json is explicitly mentioned it will now |
| | | receive a valid JSON response. See |
| | | https://github.com/Pylons/pyramid/pull/2489 |
| | | |
| | | - A new event and interface (BeforeTraversal) has been introduced that will |
| | | notify listeners before traversal starts in the router. See |
| | | https://github.com/Pylons/pyramid/pull/2469 and |
| | | https://github.com/Pylons/pyramid/pull/1876 |
| | | |
| | | - Add a new "view deriver" concept to Pyramid to allow framework authors to |
| | | inject elements into the standard Pyramid view pipeline and affect all |
| | | views in an application. This is similar to a decorator except that it |
| | | has access to options passed to ``config.add_view`` and can affect other |
| | | stages of the pipeline such as the raw response from a view or prior to |
| | | security checks. See https://github.com/Pylons/pyramid/pull/2021 |
| | | |
| | | - Allow a leading ``=`` on the key of the request param predicate. |
| | | For example, '=abc=1' is equivalent down to |
| | | ``request.params['=abc'] == '1'``. |
| | | See https://github.com/Pylons/pyramid/pull/1370 |
| | | |
| | | - A new ``request.invoke_exception_view(...)`` method which can be used to |
| | | invoke an exception view and get back a response. This is useful for |
| | | rendering an exception view outside of the context of the excview tween |
| | | where you may need more control over the request. |
| | | See https://github.com/Pylons/pyramid/pull/2393 |
| | | |
| | | - Allow using variable substitutions like ``%(LOGGING_LOGGER_ROOT_LEVEL)s`` |
| | | for logging sections of the .ini file and populate these variables from |
| | | the ``pserve`` command line -- e.g.: |
| | | ``pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG`` |
| | | See https://github.com/Pylons/pyramid/pull/2399 |
| | | |
| | | Documentation Changes |
| | | --------------------- |
| | | |
| | | - A complete overhaul of the docs: |
| | | |
| | | - Use pip instead of easy_install. |
| | | - Become opinionated by preferring Python 3.4 or greater to simplify |
| | | installation of Python and its required packaging tools. |
| | | - Use venv for the tool, and virtual environment for the thing created, |
| | | instead of virtualenv. |
| | | - Use py.test and pytest-cov instead of nose and coverage. |
| | | - Further updates to the scaffolds as well as tutorials and their src files. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2468 |
| | | |
| | | - A complete overhaul of the ``alchemy`` scaffold as well as the |
| | | Wiki2 SQLAlchemy + URLDispatch tutorial to introduce more modern features |
| | | into the usage of SQLAlchemy with Pyramid and provide a better starting |
| | | point for new projects. |
| | | See https://github.com/Pylons/pyramid/pull/2024 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Fix ``pserve --browser`` to use the ``--server-name`` instead of the |
| | | app name when selecting a section to use. This was only working for people |
| | | who had server and app sections with the same name, for example |
| | | ``[app:main]`` and ``[server:main]``. |
| | | See https://github.com/Pylons/pyramid/pull/2292 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``check_csrf`` view predicate has been deprecated. Use the |
| | | new ``require_csrf`` option or the ``pyramid.require_default_csrf`` setting |
| | | to ensure that the ``BadCSRFToken`` exception is raised. |
| | | See https://github.com/Pylons/pyramid/pull/2413 |
| | | |
| | | - Support for Python 3.3 will be removed in Pyramid 1.8. |
| | | https://github.com/Pylons/pyramid/issues/2477 |
| | | |
| | | - Python 2.6 is no longer supported by Pyramid. See |
| | | https://github.com/Pylons/pyramid/issues/2368 |
| | | |
| | | - Dropped Python 3.2 support. |
| | | See https://github.com/Pylons/pyramid/pull/2256 |
| | | |
| | | 1.6 (2016-01-03) |
| | | ================ |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - Continue removal of ``pserve`` daemon/process management features |
| | | by deprecating ``--user`` and ``--group`` options. |
| | | See https://github.com/Pylons/pyramid/pull/2190 |
| | | |
| | | 1.6b3 (2015-12-17) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - Remove the ``cachebust`` option from ``config.add_static_view``. See |
| | | ``config.add_cache_buster`` for the new way to attach cache busters to |
| | | static assets. |
| | | See https://github.com/Pylons/pyramid/pull/2186 |
| | | |
| | | - Modify the ``pyramid.interfaces.ICacheBuster`` API to be a simple callable |
| | | instead of an object with ``match`` and ``pregenerate`` methods. Cache |
| | | busters are now focused solely on generation. Matching has been dropped. |
| | | |
| | | Note this affects usage of ``pyramid.static.QueryStringCacheBuster`` and |
| | | ``pyramid.static.ManifestCacheBuster``. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2186 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Add a new ``config.add_cache_buster`` API for attaching cache busters to |
| | | static assets. See https://github.com/Pylons/pyramid/pull/2186 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Ensure that ``IAssetDescriptor.abspath`` always returns an absolute path. |
| | | There were cases depending on the process CWD that a relative path would |
| | | be returned. See https://github.com/Pylons/pyramid/issues/2188 |
| | | |
| | | 1.6b2 (2015-10-15) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Allow asset specifications to be supplied to |
| | | ``pyramid.static.ManifestCacheBuster`` instead of requiring a |
| | | filesystem path. |
| | | |
| | | 1.6b1 (2015-10-15) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - IPython and BPython support have been removed from pshell in the core. |
| | | To continue using them on Pyramid 1.6+ you must install the binding |
| | | packages explicitly:: |
| | | |
| | | $ pip install pyramid_ipython |
| | | |
| | | or |
| | | |
| | | $ pip install pyramid_bpython |
| | | |
| | | - Remove default cache busters introduced in 1.6a1 including |
| | | ``PathSegmentCacheBuster``, ``PathSegmentMd5CacheBuster``, and |
| | | ``QueryStringMd5CacheBuster``. |
| | | See https://github.com/Pylons/pyramid/pull/2116 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Additional shells for ``pshell`` can now be registered as entrypoints. See |
| | | https://github.com/Pylons/pyramid/pull/1891 and |
| | | https://github.com/Pylons/pyramid/pull/2012 |
| | | |
| | | - The variables injected into ``pshell`` are now displayed with their |
| | | docstrings instead of the default ``str(obj)`` when possible. |
| | | See https://github.com/Pylons/pyramid/pull/1929 |
| | | |
| | | - Add new ``pyramid.static.ManifestCacheBuster`` for use with external |
| | | asset pipelines as well as examples of common usages in the narrative. |
| | | See https://github.com/Pylons/pyramid/pull/2116 |
| | | |
| | | - Fix ``pserve --reload`` to not crash on syntax errors!!! |
| | | See https://github.com/Pylons/pyramid/pull/2125 |
| | | |
| | | - Fix an issue when user passes unparsed strings to ``pyramid.session.CookieSession`` |
| | | and ``pyramid.authentication.AuthTktCookieHelper`` for time related parameters |
| | | ``timeout``, ``reissue_time``, ``max_age`` that expect an integer value. |
| | | See https://github.com/Pylons/pyramid/pull/2050 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - ``pyramid.httpexceptions.HTTPException`` now defaults to |
| | | ``520 Unknown Error`` instead of ``None None`` to conform with changes in |
| | | WebOb 1.5. |
| | | See https://github.com/Pylons/pyramid/pull/1865 |
| | | |
| | | - ``pshell`` will now preserve the capitalization of variables in the |
| | | ``[pshell]`` section of the INI file. This makes exposing classes to the |
| | | shell a little more straightfoward. |
| | | See https://github.com/Pylons/pyramid/pull/1883 |
| | | |
| | | - Fixed usage of ``pserve --monitor-restart --daemon`` which would fail in |
| | | horrible ways. See https://github.com/Pylons/pyramid/pull/2118 |
| | | |
| | | - Explicitly prevent ``pserve --reload --daemon`` from being used. It's never |
| | | been supported but would work and fail in weird ways. |
| | | See https://github.com/Pylons/pyramid/pull/2119 |
| | | |
| | | - Fix an issue on Windows when running ``pserve --reload`` in which the |
| | | process failed to fork because it could not find the pserve script to |
| | | run. See https://github.com/Pylons/pyramid/pull/2138 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - Deprecate ``pserve --monitor-restart`` in favor of user's using a real |
| | | process manager such as Systemd or Upstart as well as Python-based |
| | | solutions like Circus and Supervisor. |
| | | See https://github.com/Pylons/pyramid/pull/2120 |
| | | |
| | | 1.6a2 (2015-06-30) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Ensure that ``pyramid.httpexceptions.exception_response`` returns the |
| | | appropriate "concrete" class for ``400`` and ``500`` status codes. |
| | | See https://github.com/Pylons/pyramid/issues/1832 |
| | | |
| | | - Fix an infinite recursion bug introduced in 1.6a1 when |
| | | ``pyramid.view.render_view_to_response`` was called directly or indirectly. |
| | | See https://github.com/Pylons/pyramid/issues/1643 |
| | | |
| | | - Further fix the JSONP renderer by prefixing the returned content with |
| | | a comment. This should mitigate attacks from Flash (See CVE-2014-4671). |
| | | See https://github.com/Pylons/pyramid/pull/1649 |
| | | |
| | | - Allow periods and brackets (``[]``) in the JSONP callback. The original |
| | | fix was overly-restrictive and broke Angular. |
| | | See https://github.com/Pylons/pyramid/pull/1649 |
| | | |
| | | 1.6a1 (2015-04-15) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - pcreate will now ask for confirmation if invoked with |
| | | an argument for a project name that already exists or |
| | | is importable in the current environment. |
| | | See https://github.com/Pylons/pyramid/issues/1357 and |
| | | https://github.com/Pylons/pyramid/pull/1837 |
| | | |
| | | - Make it possible to subclass ``pyramid.request.Request`` and also use |
| | | ``pyramid.request.Request.add_request.method``. See |
| | | https://github.com/Pylons/pyramid/issues/1529 |
| | | |
| | | - The ``pyramid.config.Configurator`` has grown the ability to allow |
| | | actions to call other actions during a commit-cycle. This enables much more |
| | | logic to be placed into actions, such as the ability to invoke other actions |
| | | or group them for improved conflict detection. We have also exposed and |
| | | documented the config phases that Pyramid uses in order to further assist |
| | | in building conforming addons. |
| | | See https://github.com/Pylons/pyramid/pull/1513 |
| | | |
| | | - Add ``pyramid.request.apply_request_extensions`` function which can be |
| | | used in testing to apply any request extensions configured via |
| | | ``config.add_request_method``. Previously it was only possible to test |
| | | the extensions by going through Pyramid's router. |
| | | See https://github.com/Pylons/pyramid/pull/1581 |
| | | |
| | | - pcreate when run without a scaffold argument will now print information on |
| | | the missing flag, as well as a list of available scaffolds. |
| | | See https://github.com/Pylons/pyramid/pull/1566 and |
| | | https://github.com/Pylons/pyramid/issues/1297 |
| | | |
| | | - Added support / testing for 'pypy3' under Tox and Travis. |
| | | See https://github.com/Pylons/pyramid/pull/1469 |
| | | |
| | | - Automate code coverage metrics across py2 and py3 instead of just py2. |
| | | See https://github.com/Pylons/pyramid/pull/1471 |
| | | |
| | | - Cache busting for static resources has been added and is available via a new |
| | | argument to ``pyramid.config.Configurator.add_static_view``: ``cachebust``. |
| | | Core APIs are shipped for both cache busting via query strings and |
| | | path segments and may be extended to fit into custom asset pipelines. |
| | | See https://github.com/Pylons/pyramid/pull/1380 and |
| | | https://github.com/Pylons/pyramid/pull/1583 |
| | | |
| | | - Add ``pyramid.config.Configurator.root_package`` attribute and init |
| | | parameter to assist with includeable packages that wish to resolve |
| | | resources relative to the package in which the ``Configurator`` was created. |
| | | This is especially useful for addons that need to load asset specs from |
| | | settings, in which case it is may be natural for a developer to define |
| | | imports or assets relative to the top-level package. |
| | | See https://github.com/Pylons/pyramid/pull/1337 |
| | | |
| | | - Added line numbers to the log formatters in the scaffolds to assist with |
| | | debugging. See https://github.com/Pylons/pyramid/pull/1326 |
| | | |
| | | - Add new HTTP exception objects for status codes |
| | | ``428 Precondition Required``, ``429 Too Many Requests`` and |
| | | ``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``. |
| | | See https://github.com/Pylons/pyramid/pull/1372/files |
| | | |
| | | - The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is |
| | | defined in the environment prior to launching the interpreter. |
| | | See https://github.com/Pylons/pyramid/pull/1448 |
| | | |
| | | - Make it simple to define notfound and forbidden views that wish to use |
| | | the default exception-response view but with altered predicates and other |
| | | configuration options. The ``view`` argument is now optional in |
| | | ``config.add_notfound_view`` and ``config.add_forbidden_view``.. |
| | | See https://github.com/Pylons/pyramid/issues/494 |
| | | |
| | | - Greatly improve the readability of the ``pcreate`` shell script output. |
| | | See https://github.com/Pylons/pyramid/pull/1453 |
| | | |
| | | - Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and |
| | | the ``SignedCookieSessionFactory`` classes by using the stdlib's |
| | | ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+). |
| | | See https://github.com/Pylons/pyramid/pull/1457 |
| | | |
| | | - Assets can now be overidden by an absolute path on the filesystem when using |
| | | the ``config.override_asset`` API. This makes it possible to fully support |
| | | serving up static content from a mutable directory while still being able |
| | | to use the ``request.static_url`` API and ``config.add_static_view``. |
| | | Previously it was not possible to use ``config.add_static_view`` with an |
| | | absolute path **and** generate urls to the content. This change replaces |
| | | the call, ``config.add_static_view('/abs/path', 'static')``, with |
| | | ``config.add_static_view('myapp:static', 'static')`` and |
| | | ``config.override_asset(to_override='myapp:static/', |
| | | override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely |
| | | made up and does not need to exist - it is used for generating urls |
| | | via ``request.static_url('myapp:static/foo.png')``. |
| | | See https://github.com/Pylons/pyramid/issues/1252 |
| | | |
| | | - Added ``pyramid.config.Configurator.set_response_factory`` and the |
| | | ``response_factory`` keyword argument to the ``Configurator`` for defining |
| | | a factory that will return a custom ``Response`` class. |
| | | See https://github.com/Pylons/pyramid/pull/1499 |
| | | |
| | | - Allow an iterator to be returned from a renderer. Previously it was only |
| | | possible to return bytes or unicode. |
| | | See https://github.com/Pylons/pyramid/pull/1417 |
| | | |
| | | - ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server |
| | | URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533 |
| | | |
| | | - Overall improvments for the ``proutes`` command. Added ``--format`` and |
| | | ``--glob`` arguments to the command, introduced the ``method`` |
| | | column for displaying available request methods, and improved the ``view`` |
| | | output by showing the module instead of just ``__repr__``. |
| | | See https://github.com/Pylons/pyramid/pull/1488 |
| | | |
| | | - Support keyword-only arguments and function annotations in views in |
| | | Python 3. See https://github.com/Pylons/pyramid/pull/1556 |
| | | |
| | | - ``request.response`` will no longer be mutated when using the |
| | | ``pyramid.renderers.render_to_response()`` API. It is now necessary to |
| | | pass in a ``response=`` argument to ``render_to_response`` if you wish to |
| | | supply the renderer with a custom response object for it to use. If you |
| | | do not pass one then a response object will be created using the |
| | | application's ``IResponseFactory``. Almost all renderers |
| | | mutate the ``request.response`` response object (for example, the JSON |
| | | renderer sets ``request.response.content_type`` to ``application/json``). |
| | | However, when invoking ``render_to_response`` it is not expected that the |
| | | response object being returned would be the same one used later in the |
| | | request. The response object returned from ``render_to_response`` is now |
| | | explicitly different from ``request.response``. This does not change the |
| | | API of a renderer. See https://github.com/Pylons/pyramid/pull/1563 |
| | | |
| | | - The ``append_slash`` argument of ```Configurator().add_notfound_view()`` will |
| | | now accept anything that implements the ``IResponse`` interface and will use |
| | | that as the response class instead of the default ``HTTPFound``. See |
| | | https://github.com/Pylons/pyramid/pull/1610 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The JSONP renderer created JavaScript code in such a way that a callback |
| | | variable could be used to arbitrarily inject javascript into the response |
| | | object. https://github.com/Pylons/pyramid/pull/1627 |
| | | |
| | | - Work around an issue where ``pserve --reload`` would leave terminal echo |
| | | disabled if it reloaded during a pdb session. |
| | | See https://github.com/Pylons/pyramid/pull/1577, |
| | | https://github.com/Pylons/pyramid/pull/1592 |
| | | |
| | | - ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise |
| | | ``ValueError`` when accidentally passed ``None``. |
| | | See https://github.com/Pylons/pyramid/pull/1320 |
| | | |
| | | - Fix an issue whereby predicates would be resolved as maybe_dotted in the |
| | | introspectable but not when passed for registration. This would mean that |
| | | ``add_route_predicate`` for example can not take a string and turn it into |
| | | the actual callable function. |
| | | See https://github.com/Pylons/pyramid/pull/1306 |
| | | |
| | | - Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper |
| | | package. Previously it was not possible to do package-relative includes |
| | | using the returned ``Configurator`` during testing. There is now a |
| | | ``package`` argument that can override this behavior as well. |
| | | See https://github.com/Pylons/pyramid/pull/1322 |
| | | |
| | | - Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset |
| | | where it does not belong. See https://github.com/Pylons/pyramid/pull/1251 |
| | | |
| | | - Work around a bug introduced in Python 2.7.7 on Windows where |
| | | ``mimetypes.guess_type`` returns Unicode rather than str for the content |
| | | type, unlike any previous version of Python. See |
| | | https://github.com/Pylons/pyramid/issues/1360 for more information. |
| | | |
| | | - ``pcreate`` now normalizes the package name by converting hyphens to |
| | | underscores. See https://github.com/Pylons/pyramid/pull/1376 |
| | | |
| | | - Fix an issue with the final response/finished callback being unable to |
| | | add another callback to the list. See |
| | | https://github.com/Pylons/pyramid/pull/1373 |
| | | |
| | | - Fix a failing unittest caused by differing mimetypes across various OSs. |
| | | See https://github.com/Pylons/pyramid/issues/1405 |
| | | |
| | | - Fix route generation for static view asset specifications having no path. |
| | | See https://github.com/Pylons/pyramid/pull/1377 |
| | | |
| | | - Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no |
| | | valid request object. In this case it will not wrap the object in a |
| | | callback and thus behave just like the ``pyramid.renderers.JSON`` renderer. |
| | | See https://github.com/Pylons/pyramid/pull/1561 |
| | | |
| | | - Prevent "parameters to load are deprecated" ``DeprecationWarning`` |
| | | from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541 |
| | | |
| | | - Avoiding sharing the ``IRenderer`` objects across threads when attached to |
| | | a view using the `renderer=` argument. These renderers were instantiated |
| | | at time of first render and shared between requests, causing potentially |
| | | subtle effects like `pyramid.reload_templates = true` failing to work |
| | | in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575 |
| | | and https://github.com/Pylons/pyramid/issues/1268 |
| | | |
| | | - Avoiding timing attacks against CSRF tokens. |
| | | See https://github.com/Pylons/pyramid/pull/1574 |
| | | |
| | | - ``request.finished_callbacks`` and ``request.response_callbacks`` now |
| | | default to an iterable instead of ``None``. It may be checked for a length |
| | | of 0. This was the behavior in 1.5. |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``pserve`` command's daemonization features have been deprecated. This |
| | | includes the ``[start,stop,restart,status]`` subcommands as well as the |
| | | ``--daemon``, ``--stop-server``, ``--pid-file``, and ``--status`` flags. |
| | | |
| | | Please use a real process manager in the future instead of relying on the |
| | | ``pserve`` to daemonize itself. Many options exist including your Operating |
| | | System's services such as Systemd or Upstart, as well as Python-based |
| | | solutions like Circus and Supervisor. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/1641 |
| | | |
| | | - Renamed the ``principal`` argument to ``pyramid.security.remember()`` to |
| | | ``userid`` in order to clarify its intended purpose. |
| | | See https://github.com/Pylons/pyramid/pull/1399 |
| | | |
| | | Docs |
| | | ---- |
| | | |
| | | - Moved the documentation for ``accept`` on ``Configurator.add_view`` to no |
| | | longer be part of the predicate list. See |
| | | https://github.com/Pylons/pyramid/issues/1391 for a bug report stating |
| | | ``not_`` was failing on ``accept``. Discussion with @mcdonc led to the |
| | | conclusion that it should not be documented as a predicate. |
| | | See https://github.com/Pylons/pyramid/pull/1487 for this PR |
| | | |
| | | - Removed logging configuration from Quick Tutorial ini files except for |
| | | scaffolding- and logging-related chapters to avoid needing to explain it too |
| | | early. |
| | | |
| | | - Clarify a previously-implied detail of the ``ISession.invalidate`` API |
| | | documentation. |
| | | |
| | | - Improve and clarify the documentation on what Pyramid defines as a |
| | | ``principal`` and a ``userid`` in its security APIs. |
| | | See https://github.com/Pylons/pyramid/pull/1399 |
| | | |
| | | - Add documentation of command line programs (``p*`` scripts). See |
| | | https://github.com/Pylons/pyramid/pull/2191 |
| | | |
| | | Scaffolds |
| | | --------- |
| | | |
| | | - Update scaffold generating machinery to return the version of pyramid and |
| | | pyramid docs for use in scaffolds. Updated starter, alchemy and zodb |
| | | templates to have links to correctly versioned documentation and reflect |
| | | which pyramid was used to generate the scaffold. |
| | | |
| | | - Removed non-ascii copyright symbol from templates, as this was |
| | | causing the scaffolds to fail for project generation. |
| | | |
| | | - You can now run the scaffolding func tests via ``tox py2-scaffolds`` and |
| | | ``tox py3-scaffolds``. |
| | | |
| | | |
| | | 1.5 (2014-04-08) |
| | | ================ |
| | | |
| | | - Python 3.4 compatibility. |
| | | |
| | | - Avoid crash in ``pserve --reload`` under Py3k, when iterating over possibly |
| | | mutated ``sys.modules``. |
| | |
| | | Features |
| | | -------- |
| | | |
| | | - Python 3.3 compatibility. |
| | | |
| | | - Configurator.add_directive now accepts arbitrary callables like partials or |
| | | objects implementing ``__call__`` which dont have ``__name__`` and |
| | | ``__doc__`` attributes. See https://github.com/Pylons/pyramid/issues/621 |