Permalink
Browse files

update master's history with the changelog from 1.7

  • Loading branch information...
1 parent 6d42e2d commit f038c7d477f98713d48eed9f74822f2b2d7028cd @mmerickel mmerickel committed May 20, 2016
Showing with 127 additions and 8 deletions.
  1. +101 −0 HISTORY.txt
  2. +26 −8 docs/whatsnew-1.7.rst
View
@@ -1,3 +1,104 @@
+1.7 (2016-05-19)
+================
+
+- Fix a bug in the wiki2 tutorial where bcrypt is always expecting byte
+ strings. See https://github.com/Pylons/pyramid/pull/2576
+
+- Simplify windows detection code and remove some duplicated data.
+ See https://github.com/Pylons/pyramid/pull/2585 and
+ https://github.com/Pylons/pyramid/pull/2586
+
+1.7b4 (2016-05-12)
+==================
+
+- Fixed the exception view tween to re-raise the original exception if
+ no exception view could be found to handle the exception. This better
+ allows tweens further up the chain to handle exceptions that were
+ left unhandled. Previously they would be converted into a
+ ``PredicateMismatch`` exception if predicates failed to allow the view to
+ handle the exception.
+ See https://github.com/Pylons/pyramid/pull/2567
+
+- Exposed the ``pyramid.interfaces.IRequestFactory`` interface to mirror
+ the public ``pyramid.interfaces.IResponseFactory`` interface.
+
+1.7b3 (2016-05-10)
+==================
+
+- Fix ``request.invoke_exception_view`` to raise an ``HTTPNotFound``
+ exception if no view is matched. Previously ``None`` would be returned
+ if no views were matched and a ``PredicateMismatch`` would be raised if
+ a view "almost" matched (a view was found matching the context).
+ See https://github.com/Pylons/pyramid/pull/2564
+
+- Add defaults for py.test configuration and coverage to all three scaffolds,
+ and update documentation accordingly.
+ See https://github.com/Pylons/pyramid/pull/2550
+
+- Add ``linkcheck`` to ``Makefile`` for Sphinx. To check the documentation for
+ broken links, use the command ``make linkcheck
+ SPHINXBUILD=$VENV/bin/sphinx-build``. Also removed and fixed dozens of broken
+ external links.
+
+- Fix the internal runner for scaffold tests to ensure they work with pip
+ and py.test.
+ See https://github.com/Pylons/pyramid/pull/2565
+
+1.7b2 (2016-05-01)
+==================
+
+- Removed inclusion of pyramid_tm in development.ini for alchemy scaffold
+ See https://github.com/Pylons/pyramid/issues/2538
+
+- A default permission set via ``config.set_default_permission`` will no
+ longer be enforced on an exception view. This has been the case for a while
+ with the default exception views (``config.add_notfound_view`` and
+ ``config.add_forbidden_view``), however for any other exception view a
+ developer had to remember to set ``permission=NO_PERMISSION_REQUIRED`` or
+ be surprised when things didn't work. It is still possible to force a
+ permission check on an exception view by setting the ``permission`` argument
+ manually to ``config.add_view``. This behavior is consistent with the new
+ CSRF features added in the 1.7 series.
+ See https://github.com/Pylons/pyramid/pull/2534
+
+1.7b1 (2016-04-25)
+==================
+
+- This release announces the beta period for 1.7.
+
+- Fix an issue where some files were being included in the alchemy scafffold
+ which had been removed from the 1.7 series.
+ See https://github.com/Pylons/pyramid/issues/2525
+
+1.7a2 (2016-04-19)
+==================
+
+Features
+--------
+
+- Automatic CSRF checks are now disabled by default on exception views. They
+ can be turned back on by setting the appropriate `require_csrf` option on
+ the view.
+ See https://github.com/Pylons/pyramid/pull/2517
+
+- The automatic CSRF API was reworked to use a config directive for
+ setting the options. The ``pyramid.require_default_csrf`` setting is
+ no longer supported. Instead, a new ``config.set_default_csrf_options``
+ directive has been introduced that allows the developer to specify
+ the default value for ``require_csrf`` as well as change the CSRF token,
+ header and safe request methods. The ``pyramid.csrf_trusted_origins``
+ setting is still supported.
+ See https://github.com/Pylons/pyramid/pull/2518
+
+Bug fixes
+---------
+
+- CSRF origin checks had a bug causing the checks to always fail.
+ See https://github.com/Pylons/pyramid/pull/2512
+
+- Fix the test suite to pass on windows.
+ See https://github.com/Pylons/pyramid/pull/2520
+
1.7a1 (2016-04-16)
==================
View
@@ -32,6 +32,11 @@ Backwards Incompatibilities
csrf token in the query string of a request. Only headers and request bodies
are supported. See https://github.com/Pylons/pyramid/pull/2500
+- A global permission set via
+ :meth:`pyramid.config.Configurator.set_default_permission` will no longer
+ affect exception views. A permission must be set explicitly on the view for
+ it to be enforced. See https://github.com/Pylons/pyramid/pull/2534
+
Feature Additions
-----------------
@@ -42,14 +47,6 @@ Feature Additions
other stages of the pipeline such as the raw response from a view or prior
to security checks. See https://github.com/Pylons/pyramid/pull/2021
-- Added a new setting, ``pyramid.require_default_csrf`` which may be used
- to turn on CSRF checks globally for every request in the application.
- This should be considered a good default for websites built on Pyramid.
- It is possible to opt-out of CSRF checks on a per-view basis by setting
- ``require_csrf=False`` on those views.
- See :ref:`auto_csrf_checking` and
- https://github.com/Pylons/pyramid/pull/2413
-
- Added a ``require_csrf`` view option which will enforce CSRF checks on
requests with an unsafe method as defined by RFC2616. If the CSRF check fails
a ``BadCSRFToken`` exception will be raised and may be caught by exception
@@ -60,6 +57,17 @@ Feature Additions
https://github.com/Pylons/pyramid/pull/2413 and
https://github.com/Pylons/pyramid/pull/2500
+- Added a new method,
+ :meth:`pyramid.config.Configurator.set_csrf_default_options`,
+ for configuring CSRF checks used by the ``require_csrf=True`` view option.
+ This method can be used to turn on CSRF checks globally for every view
+ in the application. This should be considered a good default for websites
+ built on Pyramid. It is possible to opt-out of CSRF checks on a per-view
+ basis by setting ``require_csrf=False`` on those views.
+ See :ref:`auto_csrf_checking` and
+ https://github.com/Pylons/pyramid/pull/2413 and
+ https://github.com/Pylons/pyramid/pull/2518
+
- Added an additional CSRF validation that checks the origin/referrer of a
request and makes sure it matches the current ``request.domain``. This
particular check is only active when accessing a site over HTTPS as otherwise
@@ -96,6 +104,11 @@ Feature Additions
``EXCVIEW`` tween where you may need more control over the request.
See https://github.com/Pylons/pyramid/pull/2393
+- A global permission set via
+ :meth:`pyramid.config.Configurator.set_default_permission` will no longer
+ affect exception views. A permission must be set explicitly on the view for
+ it to be enforced. See https://github.com/Pylons/pyramid/pull/2534
+
- Allow a leading ``=`` on the key of the request param predicate.
For example, ``'=abc=1'`` is equivalent down to
``request.params['=abc'] == '1'``.
@@ -111,6 +124,11 @@ Feature Additions
:func:`pyramid.paster.setup_logging`.
See https://github.com/Pylons/pyramid/pull/2399
+- The :attr:`pyramid.tweens.EXCVIEW` tween will now re-raise the original
+ exception if no exception view could be found to handle it. This allows
+ the exception to be handled upstream by another tween or middelware.
+ See https://github.com/Pylons/pyramid/pull/2567
+
Deprecations
------------

0 comments on commit f038c7d

Please sign in to comment.