From d44913011bcd6990cff8e0a1a261a94068485964 Mon Sep 17 00:00:00 2001 From: Steve Piercy <web@stevepiercy.com> Date: Tue, 15 Aug 2017 04:12:24 +0200 Subject: [PATCH] Merge pull request #3157 from stevepiercy/1.9-branch --- CHANGES.txt | 215 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 208 insertions(+), 7 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 59a733b..e00fdbd 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,21 +1,222 @@ -unreleased -========== +.. _changes_1.9.1: -Features --------- +1.9.1 (2017-07-13) +================== + +- Add a ``_depth`` and ``_category`` arguments to all of the venusian + decorators. The ``_category`` argument can be used to affect which actions + are registered when performing a ``config.scan(..., category=...)`` with a + specific category. The ``_depth`` argument should be used when wrapping + the decorator in your own. This change affects ``pyramid.view.view_config``, + ``pyramid.view.exception_view_config``, + ``pyramid.view.forbidden_view_config``, ``pyramid.view.notfound_view_config``, + ``pyramid.events.subscriber`` and ``pyramid.response.response_adapter`` + decorators. See https://github.com/Pylons/pyramid/pull/3121 and + https://github.com/Pylons/pyramid/pull/3123 + +- Fix a circular import which made it impossible to import + ``pyramid.viewderivers`` before ``pyramid.config``. + See https://github.com/Pylons/pyramid/pull/3124 + +- Improve documentation to show the ``pyramid.config.Configurator`` being + used as a context manager in more places. + See https://github.com/Pylons/pyramid/pull/3126 + +1.9 (2017-06-26) +================ + +- No major changes from 1.9b1. + +- Updated documentation links for ``docs.pylonsproject.org`` to use HTTPS. + +1.9b1 (2017-06-19) +================== + +- Add an informative error message when unknown predicates are supplied. The + new message suggests alternatives based on the list of known predicates. + See https://github.com/Pylons/pyramid/pull/3054 + +- Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and + resulting source files in tutorials. + See https://github.com/Pylons/pyramid/issues/2548 + +- Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to + use shortcut. + See https://github.com/Pylons/pyramid/issues/3042 + +- Ensure the correct threadlocals are pushed during view execution when + invoked from ``request.invoke_exception_view``. + See https://github.com/Pylons/pyramid/pull/3060 + +- Fix a bug in which ``pyramid.security.ALL_PERMISSIONS`` failed to return + a valid iterator in its ``__iter__`` implementation. + See https://github.com/Pylons/pyramid/pull/3074 + +- Normalize the permission results to a proper class hierarchy. + ``pyramid.security.ACLAllowed`` is now a subclass of + ``pyramid.security.Allowed`` and ``pyramid.security.ACLDenied`` is now a + subclass of ``pyramid.security.Denied``. + See https://github.com/Pylons/pyramid/pull/3084 + +- Add a ``quote_via`` argument to ``pyramid.encode.urlencode`` to follow + the stdlib's version and enable custom quoting functions. + See https://github.com/Pylons/pyramid/pull/3088 + +- Support `_query=None` and `_anchor=None` in ``request.route_url`` as well + as ``query=None`` and ``anchor=None`` in ``request.resource_url``. + Previously this would cause an `?` and a `#`, respectively, in the url + with nothing after it. Now the unnecessary parts are dropped from the + generated URL. See https://github.com/Pylons/pyramid/pull/3034 + +- Revamp the ``IRouter`` API used by ``IExecutionPolicy`` to force + pushing/popping the request threadlocals. The + ``IRouter.make_request(environ)`` API has been replaced by + ``IRouter.request_context(environ)`` which should be used as a context + manager. See https://github.com/Pylons/pyramid/pull/3086 + +1.9a2 (2017-05-09) +================== + +Backward Incompatibilities +-------------------------- + +- ``request.exception`` and ``request.exc_info`` will only be set if the + response was generated by the EXCVIEW tween. This is to avoid any confusion + where a response was generated elsewhere in the pipeline and not in + direct relation to the original exception. If anyone upstream wants to + catch and render responses for exceptions they should set + ``request.exception`` and ``request.exc_info`` themselves to indicate + the exception that was squashed when generating the response. + + Similar behavior occurs with ``request.invoke_exception_view`` in which + the exception properties are set to reflect the exception if a response + is successfully generated by the method. + + This is a very minor incompatibility. Most tweens right now would give + priority to the raised exception and ignore ``request.exception``. This + change just improves and clarifies that bookkeeping by trying to be + more clear about the relationship between the response and its squashed + exception. See https://github.com/Pylons/pyramid/pull/3029 and + https://github.com/Pylons/pyramid/pull/3031 + +1.9a1 (2017-05-01) +================== + +Major Features +-------------- + +- The file format used by all ``p*`` command line scripts such as ``pserve`` + and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function + is now replaceable thanks to a new dependency on + `plaster <https://docs.pylonsproject.org/projects/plaster/en/latest/>`_. + + For now, Pyramid is still shipping with integrated support for the + PasteDeploy INI format by depending on the + `plaster_pastedeploy <https://github.com/Pylons/plaster_pastedeploy>`_ + binding library. This may change in the future. + + See https://github.com/Pylons/pyramid/pull/2985 + +- Added an execution policy hook to the request pipeline. An execution + policy has the ability to control creation and execution of the request + objects before they enter the rest of the pipeline. This means for a single + request environ the policy may create more than one request object. + + The first library to use this feature is + `pyramid_retry + <https://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_. + + See https://github.com/Pylons/pyramid/pull/2964 + +- CSRF support has been refactored out of sessions and into its own + independent API in the ``pyramid.csrf`` module. It supports a pluggable + ``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your + own mechanism for generating and validating CSRF tokens. By default, + Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy`` + that uses the ``request.session.get_csrf_token`` and + ``request.session.new_csrf_token`` APIs under the hood to preserve + compatibility. Two new policies are shipped as well, + ``pyramid.csrf.SessionCSRFStoragePolicy`` and + ``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens + in the session and in a standalone cookie, respectively. The storage policy + can be changed by using the new + ``pyramid.config.Configurator.set_csrf_storage_policy`` config directive. + + CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``, + ``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs + in order to continue working if the storage policy is changed. Also, the + ``pyramid.csrf.get_csrf_token`` function is injected into templates to be + used conveniently in UI code. + + See https://github.com/Pylons/pyramid/pull/2854 and + https://github.com/Pylons/pyramid/pull/3019 + +Minor Features +-------------- + +- Support an ``open_url`` config setting in the ``pserve`` section of the + config file. This url is used to open a web browser when ``pserve --browser`` + is invoked. When this setting is unavailable the ``pserve`` script will + attempt to guess the port the server is using from the + ``server:<server_name>`` section of the config file but there is no + requirement that the server is being run in this format so it may fail. + See https://github.com/Pylons/pyramid/pull/2984 + +- The ``pyramid.config.Configurator`` can now be used as a context manager + which will automatically push/pop threadlocals (similar to + ``config.begin()`` and ``config.end()``). It will also automatically perform + a ``config.commit()`` and thus it is only recommended to be used at the + top-level of your app. See https://github.com/Pylons/pyramid/pull/2874 + +- The threadlocals are now available inside any function invoked via + ``config.include``. This means the only config-time code that cannot rely + on threadlocals is code executed from non-actions inside the main. This + can be alleviated by invoking ``config.begin()`` and ``config.end()`` + appropriately or using the new context manager feature of the configurator. + See https://github.com/Pylons/pyramid/pull/2989 Bug Fixes --------- - HTTPException's accepts a detail kwarg that may be used to pass additional details to the exception. You may now pass objects so long as they have a - valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 + valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 + +- Fix a reference cycle causing memory leaks in which the registry + would keep a ``Configurator`` instance alive even after the configurator + was discarded. Another fix was also added for the ``global_registries`` + object in which the registry was stored in a closure preventing it from + being deallocated. See https://github.com/Pylons/pyramid/pull/2967 + +- Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the + ``--reload`` option in which ``sys.argv`` is always used in the subprocess + instead of the supplied ``argv``. + See https://github.com/Pylons/pyramid/pull/2962 Deprecations ------------ -Backward Incompatibilities --------------------------- +- Pyramid currently depends on ``plaster_pastedeploy`` to simplify the + transition to ``plaster`` by maintaining integrated support for INI files. + This dependency on ``plaster_pastedeploy`` should be considered subject to + Pyramid's deprecation policy and may be removed in the future. + Applications should depend on the appropriate plaster binding to satisfy + their needs. + +- Retrieving CSRF token from the session has been deprecated in favor of + equivalent methods in the ``pyramid.csrf`` module. The CSRF methods + (``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer + required on the ``ISession`` interface except when using the default + ``pyramid.csrf.LegacySessionCSRFStoragePolicy``. + + Also, ``pyramid.session.check_csrf_token`` is now located at + ``pyramid.csrf.check_csrf_token``. + + See https://github.com/Pylons/pyramid/pull/2854 and + https://github.com/Pylons/pyramid/pull/3019 Documentation Changes --------------------- + +- Added the execution policy to the routing diagram in the Request Processing + chapter. See https://github.com/Pylons/pyramid/pull/2993 -- Gitblit v1.9.3