| | |
| | | unreleased |
| | | ========== |
| | | .. _changes_1.9.1: |
| | | |
| | | Features |
| | | -------- |
| | | 1.9.1 (2017-07-13) |
| | | ================== |
| | | |
| | | - Add a ``_depth`` and ``_category`` arguments to all of the venusian |
| | | decorators. The ``_category`` argument can be used to affect which actions |
| | | are registered when performing a ``config.scan(..., category=...)`` with a |
| | | specific category. The ``_depth`` argument should be used when wrapping |
| | | the decorator in your own. This change affects ``pyramid.view.view_config``, |
| | | ``pyramid.view.exception_view_config``, |
| | | ``pyramid.view.forbidden_view_config``, ``pyramid.view.notfound_view_config``, |
| | | ``pyramid.events.subscriber`` and ``pyramid.response.response_adapter`` |
| | | decorators. See https://github.com/Pylons/pyramid/pull/3121 and |
| | | https://github.com/Pylons/pyramid/pull/3123 |
| | | |
| | | - Fix a circular import which made it impossible to import |
| | | ``pyramid.viewderivers`` before ``pyramid.config``. |
| | | See https://github.com/Pylons/pyramid/pull/3124 |
| | | |
| | | - Improve documentation to show the ``pyramid.config.Configurator`` being |
| | | used as a context manager in more places. |
| | | See https://github.com/Pylons/pyramid/pull/3126 |
| | | |
| | | 1.9 (2017-06-26) |
| | | ================ |
| | | |
| | | - No major changes from 1.9b1. |
| | | |
| | | - Updated documentation links for ``docs.pylonsproject.org`` to use HTTPS. |
| | | |
| | | 1.9b1 (2017-06-19) |
| | | ================== |
| | | |
| | | - Add an informative error message when unknown predicates are supplied. The |
| | | new message suggests alternatives based on the list of known predicates. |
| | | See https://github.com/Pylons/pyramid/pull/3054 |
| | | |
| | | - Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and |
| | | resulting source files in tutorials. |
| | | See https://github.com/Pylons/pyramid/issues/2548 |
| | | |
| | | - Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to |
| | | use shortcut. |
| | | See https://github.com/Pylons/pyramid/issues/3042 |
| | | |
| | | - Ensure the correct threadlocals are pushed during view execution when |
| | | invoked from ``request.invoke_exception_view``. |
| | | See https://github.com/Pylons/pyramid/pull/3060 |
| | | |
| | | - Fix a bug in which ``pyramid.security.ALL_PERMISSIONS`` failed to return |
| | | a valid iterator in its ``__iter__`` implementation. |
| | | See https://github.com/Pylons/pyramid/pull/3074 |
| | | |
| | | - Normalize the permission results to a proper class hierarchy. |
| | | ``pyramid.security.ACLAllowed`` is now a subclass of |
| | | ``pyramid.security.Allowed`` and ``pyramid.security.ACLDenied`` is now a |
| | | subclass of ``pyramid.security.Denied``. |
| | | See https://github.com/Pylons/pyramid/pull/3084 |
| | | |
| | | - Add a ``quote_via`` argument to ``pyramid.encode.urlencode`` to follow |
| | | the stdlib's version and enable custom quoting functions. |
| | | See https://github.com/Pylons/pyramid/pull/3088 |
| | | |
| | | - Support `_query=None` and `_anchor=None` in ``request.route_url`` as well |
| | | as ``query=None`` and ``anchor=None`` in ``request.resource_url``. |
| | | Previously this would cause an `?` and a `#`, respectively, in the url |
| | | with nothing after it. Now the unnecessary parts are dropped from the |
| | | generated URL. See https://github.com/Pylons/pyramid/pull/3034 |
| | | |
| | | - Revamp the ``IRouter`` API used by ``IExecutionPolicy`` to force |
| | | pushing/popping the request threadlocals. The |
| | | ``IRouter.make_request(environ)`` API has been replaced by |
| | | ``IRouter.request_context(environ)`` which should be used as a context |
| | | manager. See https://github.com/Pylons/pyramid/pull/3086 |
| | | |
| | | 1.9a2 (2017-05-09) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - ``request.exception`` and ``request.exc_info`` will only be set if the |
| | | response was generated by the EXCVIEW tween. This is to avoid any confusion |
| | | where a response was generated elsewhere in the pipeline and not in |
| | | direct relation to the original exception. If anyone upstream wants to |
| | | catch and render responses for exceptions they should set |
| | | ``request.exception`` and ``request.exc_info`` themselves to indicate |
| | | the exception that was squashed when generating the response. |
| | | |
| | | Similar behavior occurs with ``request.invoke_exception_view`` in which |
| | | the exception properties are set to reflect the exception if a response |
| | | is successfully generated by the method. |
| | | |
| | | This is a very minor incompatibility. Most tweens right now would give |
| | | priority to the raised exception and ignore ``request.exception``. This |
| | | change just improves and clarifies that bookkeeping by trying to be |
| | | more clear about the relationship between the response and its squashed |
| | | exception. See https://github.com/Pylons/pyramid/pull/3029 and |
| | | https://github.com/Pylons/pyramid/pull/3031 |
| | | |
| | | 1.9a1 (2017-05-01) |
| | | ================== |
| | | |
| | | Major Features |
| | | -------------- |
| | | |
| | | - The file format used by all ``p*`` command line scripts such as ``pserve`` |
| | | and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function |
| | | is now replaceable thanks to a new dependency on |
| | | `plaster <https://docs.pylonsproject.org/projects/plaster/en/latest/>`_. |
| | | |
| | | For now, Pyramid is still shipping with integrated support for the |
| | | PasteDeploy INI format by depending on the |
| | | `plaster_pastedeploy <https://github.com/Pylons/plaster_pastedeploy>`_ |
| | | binding library. This may change in the future. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2985 |
| | | |
| | | - Added an execution policy hook to the request pipeline. An execution |
| | | policy has the ability to control creation and execution of the request |
| | | objects before they enter the rest of the pipeline. This means for a single |
| | | request environ the policy may create more than one request object. |
| | | |
| | | The first library to use this feature is |
| | | `pyramid_retry |
| | | <https://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2964 |
| | | |
| | | - CSRF support has been refactored out of sessions and into its own |
| | | independent API in the ``pyramid.csrf`` module. It supports a pluggable |
| | | ``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your |
| | | own mechanism for generating and validating CSRF tokens. By default, |
| | | Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy`` |
| | | that uses the ``request.session.get_csrf_token`` and |
| | | ``request.session.new_csrf_token`` APIs under the hood to preserve |
| | | compatibility. Two new policies are shipped as well, |
| | | ``pyramid.csrf.SessionCSRFStoragePolicy`` and |
| | | ``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens |
| | | in the session and in a standalone cookie, respectively. The storage policy |
| | | can be changed by using the new |
| | | ``pyramid.config.Configurator.set_csrf_storage_policy`` config directive. |
| | | |
| | | CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``, |
| | | ``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs |
| | | in order to continue working if the storage policy is changed. Also, the |
| | | ``pyramid.csrf.get_csrf_token`` function is injected into templates to be |
| | | used conveniently in UI code. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2854 and |
| | | https://github.com/Pylons/pyramid/pull/3019 |
| | | |
| | | Minor Features |
| | | -------------- |
| | | |
| | | - Support an ``open_url`` config setting in the ``pserve`` section of the |
| | | config file. This url is used to open a web browser when ``pserve --browser`` |
| | | is invoked. When this setting is unavailable the ``pserve`` script will |
| | | attempt to guess the port the server is using from the |
| | | ``server:<server_name>`` section of the config file but there is no |
| | | requirement that the server is being run in this format so it may fail. |
| | | See https://github.com/Pylons/pyramid/pull/2984 |
| | | |
| | | - The ``pyramid.config.Configurator`` can now be used as a context manager |
| | | which will automatically push/pop threadlocals (similar to |
| | | ``config.begin()`` and ``config.end()``). It will also automatically perform |
| | | a ``config.commit()`` and thus it is only recommended to be used at the |
| | | top-level of your app. See https://github.com/Pylons/pyramid/pull/2874 |
| | | |
| | | - The threadlocals are now available inside any function invoked via |
| | | ``config.include``. This means the only config-time code that cannot rely |
| | | on threadlocals is code executed from non-actions inside the main. This |
| | | can be alleviated by invoking ``config.begin()`` and ``config.end()`` |
| | | appropriately or using the new context manager feature of the configurator. |
| | | See https://github.com/Pylons/pyramid/pull/2989 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - HTTPException's accepts a detail kwarg that may be used to pass additional |
| | | details to the exception. You may now pass objects so long as they have a |
| | | valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 |
| | | valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 |
| | | |
| | | - Fix a reference cycle causing memory leaks in which the registry |
| | | would keep a ``Configurator`` instance alive even after the configurator |
| | | was discarded. Another fix was also added for the ``global_registries`` |
| | | object in which the registry was stored in a closure preventing it from |
| | | being deallocated. See https://github.com/Pylons/pyramid/pull/2967 |
| | | |
| | | - Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the |
| | | ``--reload`` option in which ``sys.argv`` is always used in the subprocess |
| | | instead of the supplied ``argv``. |
| | | See https://github.com/Pylons/pyramid/pull/2962 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | - Pyramid currently depends on ``plaster_pastedeploy`` to simplify the |
| | | transition to ``plaster`` by maintaining integrated support for INI files. |
| | | This dependency on ``plaster_pastedeploy`` should be considered subject to |
| | | Pyramid's deprecation policy and may be removed in the future. |
| | | Applications should depend on the appropriate plaster binding to satisfy |
| | | their needs. |
| | | |
| | | - Retrieving CSRF token from the session has been deprecated in favor of |
| | | equivalent methods in the ``pyramid.csrf`` module. The CSRF methods |
| | | (``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer |
| | | required on the ``ISession`` interface except when using the default |
| | | ``pyramid.csrf.LegacySessionCSRFStoragePolicy``. |
| | | |
| | | Also, ``pyramid.session.check_csrf_token`` is now located at |
| | | ``pyramid.csrf.check_csrf_token``. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2854 and |
| | | https://github.com/Pylons/pyramid/pull/3019 |
| | | |
| | | Documentation Changes |
| | | --------------------- |
| | | |
| | | - Added the execution policy to the routing diagram in the Request Processing |
| | | chapter. See https://github.com/Pylons/pyramid/pull/2993 |