- Changed the default
serializer
onpyramid.session.SignedCookieSessionFactory
to usepyramid.session.JSONSerializer
instead ofpyramid.session.PickleSerializer
. Read "Changes to ISession in Pyramid 2.0" in the "Sessions" chapter of the documentation for more information about why this change was made. See Pylons#3413
pcreate
and the builtin scaffolds have been removed in favor of using thecookiecutter
tool and thepyramid-cookiecutter-starter
cookiecutter. The script and scaffolds were deprecated in Pyramid 1.8. See Pylons#3406- Removed
pyramid.interfaces.ITemplateRenderer
. This interface was deprecated since Pyramid 1.5 and was an interface used by libraries likepyramid_mako
andpyramid_chameleon
but provided no functionality within Pyramid itself. See Pylons#3409 - Removed
pyramid.security.has_permission
,pyramid.security.authenticated_userid
,pyramid.security.unauthenticated_userid
, andpyramid.security.effective_principals
. These methods were deprecated in Pyramid 1.5 and all have equivalents available as properties on the request. For example,request.authenticated_userid
. See Pylons#3410 - Removed support for supplying a media range to the
accept
predicate of bothpyramid.config.Configurator.add_view
andpyramid.config.Configurator.add_route
. These options were deprecated in Pyramid 1.10 and WebOb 1.8 because they resulted in uncontrollable matching that was not compliant with the RFC. See Pylons#3411 - Removed
pyramid.session.UnencryptedCookieSessionFactoryConfig
. This session factory was replaced withpyramid.session.SignedCookieSessionFactory
in Pyramid 1.5 and has been deprecated since then. See Pylons#3412 - Removed
pyramid.session.signed_serialize
, andpyramid.session.signed_deserialize
. These methods were only used by the now-removedpyramid.session.UnencryptedCookieSessionFactoryConfig
and were coupled to the vulnerable pickle serialization format which could lead to remove code execution if the secret key is compromised. See Pylons#3412 - Changed the default
serializer
onpyramid.session.SignedCookieSessionFactory
to usepyramid.session.JSONSerializer
instead ofpyramid.session.PickleSerializer
. Read "Changes to ISession in Pyramid 2.0" in the "Sessions" chapter of the documentation for more information about why this change was made. See Pylons#3413