Permalink
Fetching contributors…
Cannot retrieve contributors at this time
93 lines (74 sloc) 3.74 KB

unreleased

Features

  • Changed the default serializer on pyramid.session.SignedCookieSessionFactory to use pyramid.session.JSONSerializer instead of pyramid.session.PickleSerializer. Read "Changes to ISession in Pyramid 2.0" in the "Sessions" chapter of the documentation for more information about why this change was made. See https://github.com/Pylons/pyramid/pull/3413

  • It is now possible to control whether a route pattern contains a trailing slash when it is composed with a route prefix using config.include(..., route_prefix=...) or with config.route_prefix_context(...). This can be done by specifying an empty pattern and setting the new argument inherit_slash=True. For example:

    with config.route_prefix_context('/users'):
        config.add_route('users', '', inherit_slash=True)

    In the example, the resulting pattern will be /users. Similarly, if the route prefix were /users/ then the final pattern would be /users/. If the pattern was '/', then the final pattern would always be /users/. This new setting is only available if the pattern supplied to add_route is the empty string (''). See https://github.com/Pylons/pyramid/pull/3420

Bug Fixes

Deprecations

Backward Incompatibilities

  • pcreate and the builtin scaffolds have been removed in favor of using the cookiecutter tool and the pyramid-cookiecutter-starter cookiecutter. The script and scaffolds were deprecated in Pyramid 1.8. See https://github.com/Pylons/pyramid/pull/3406
  • Removed pyramid.interfaces.ITemplateRenderer. This interface was deprecated since Pyramid 1.5 and was an interface used by libraries like pyramid_mako and pyramid_chameleon but provided no functionality within Pyramid itself. See https://github.com/Pylons/pyramid/pull/3409
  • Removed pyramid.security.has_permission, pyramid.security.authenticated_userid, pyramid.security.unauthenticated_userid, and pyramid.security.effective_principals. These methods were deprecated in Pyramid 1.5 and all have equivalents available as properties on the request. For example, request.authenticated_userid. See https://github.com/Pylons/pyramid/pull/3410
  • Removed support for supplying a media range to the accept predicate of both pyramid.config.Configurator.add_view and pyramid.config.Configurator.add_route. These options were deprecated in Pyramid 1.10 and WebOb 1.8 because they resulted in uncontrollable matching that was not compliant with the RFC. See https://github.com/Pylons/pyramid/pull/3411
  • Removed pyramid.session.UnencryptedCookieSessionFactoryConfig. This session factory was replaced with pyramid.session.SignedCookieSessionFactory in Pyramid 1.5 and has been deprecated since then. See https://github.com/Pylons/pyramid/pull/3412
  • Removed pyramid.session.signed_serialize, and pyramid.session.signed_deserialize. These methods were only used by the now-removed pyramid.session.UnencryptedCookieSessionFactoryConfig and were coupled to the vulnerable pickle serialization format which could lead to remove code execution if the secret key is compromised. See https://github.com/Pylons/pyramid/pull/3412
  • Changed the default serializer on pyramid.session.SignedCookieSessionFactory to use pyramid.session.JSONSerializer instead of pyramid.session.PickleSerializer. Read "Changes to ISession in Pyramid 2.0" in the "Sessions" chapter of the documentation for more information about why this change was made. See https://github.com/Pylons/pyramid/pull/3413

Documentation Changes