Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial Update #102

wants to merge 42 commits into from


Copy link

commented Feb 24, 2017

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:


Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

Flask 0.10.1 » 0.12 PyPI | Changelog | Repo
Flask-Admin 1.3.0 » 1.4.2 PyPI | Changelog | Repo | Docs
Flask-Bootstrap » PyPI | Changelog | Repo | Docs
Flask-DebugToolbar 0.10.0 » 0.10.1 PyPI | Changelog | Docs
Flask-Login 0.2.11 » 0.4.0 PyPI | Changelog | Repo | Docs
Flask-Migrate 1.5.0 » 2.0.3 PyPI | Changelog | Repo | Docs
Flask-Security 1.7.4 » 1.7.5 PyPI | Changelog | Repo | Docs
Flask-SQLAlchemy 2.0 » 2.1 PyPI | Changelog | Repo | Docs
Flask-WTF 0.12 » 0.14.2 PyPI | Changelog | Repo | Docs
alembic 0.8.1 » 0.8.10 PyPI | Repo | Docs
GeoAlchemy2 0.2.5 » 0.4.0 PyPI | Homepage
SQLAlchemy 1.0.8 » 1.1.5 PyPI | Homepage
psycopg2 2.6.1 » 2.6.2 PyPI | Changelog | Homepage | Docs
celery 3.1.18 » 4.0.2 PyPI | Changelog | Homepage | Docs
redis 2.10.3 » 2.10.5 PyPI | Repo
arrow 0.6.0 » 0.10.0 PyPI | Changelog | Repo
beautifulsoup4 4.4.0 » 4.5.3 PyPI | Homepage
ipaddress 1.0.14 » 1.0.18 PyPI | Repo
Jinja2 2.8 » 2.9.5 PyPI | Changelog | Homepage
Mako 1.0.1 » 1.0.6 PyPI | Homepage
passlib 1.6.5 » 1.7.1 PyPI | Changelog | Repo | Docs
parsedatetime 1.5 » 2.2 PyPI | Changelog | Repo
pillow 2.9.0 » 4.0.0 PyPI | Changelog | Homepage
pyparsing 2.0.3 » 2.1.10 PyPI | Homepage | Docs
python-dateutil 2.4.2 » 2.6.0 PyPI | Changelog | Docs
pytz 2015.4 » 2016.10 PyPI | Homepage | Docs
PyYAML 3.11 » 3.12 PyPI | Homepage
requests 2.7.0 » 2.13.0 PyPI | Changelog | Homepage
Shapely 1.5.11 » 1.5.17.post1 PyPI | Changelog | Repo
raven 5.5.0 » 6.0.0 PyPI | Changelog | Repo
six 1.9.0 » 1.10.0 PyPI | Changelog | Homepage | Docs
Werkzeug 0.10.4 » 0.11.15 PyPI | Changelog | Homepage
WTForms 2.0.2 » 2.1 PyPI | Changelog | Homepage | Docs
matplotlib 1.4.3 » 2.0.0 PyPI | Changelog | Homepage
seaborn 0.6.0 » 0.7.1 PyPI | Repo
coverage 3.7.1 » 4.3.4 PyPI | Changelog | Docs
coveralls 0.5 » 1.1 PyPI | Changelog | Repo
Flask-Testing 0.4.2 » 0.6.1 PyPI | Repo | Docs
mock 1.3.0 » 2.0.0 PyPI | Repo
pytest 2.7.2 » 3.0.6 PyPI | Changelog | Homepage
vcrpy 1.7.2 » 1.10.5 PyPI | Changelog | Repo
codecov 2.0.5 » 2.0.5 PyPI | Changelog | Repo


Flask 0.10.1 -> 0.12


Released on December 21st 2016, codename Punsch.

  • the cli command now responds to --version.
  • Mimetype guessing and ETag generation for file-like objects in send_file
    has been removed, as per issue 104. See pull request 1849.
  • Mimetype guessing in send_file now fails loudly and doesn't fall back to
    application/octet-stream. See pull request 1988.
  • Make flask.safe_join able to join multiple paths like os.path.join
    (pull request 1730).
  • Revert a behavior change that made the dev server crash instead of returning
    a Internal Server Error (pull request 2006).
  • Correctly invoke response handlers for both regular request dispatching as
    well as error handlers.
  • Disable logger propagation by default for the app logger.
  • Add support for range requests in send_file.
  • app.test_client includes preset default environment, which can now be
    directly set, instead of per client.get.


Bugfix release, unreleased

  • Fix crash when running under PyPy3, see pull request 1814.


Bugfix release, released on June 7th 2016.

  • Fixed a bug that prevented FLASK_APP=foobar/ from working. See
    pull request 1872.


Released on May 29th 2016, codename Absinthe.

  • Added support to serializing top-level arrays to :func:flask.jsonify. This
    introduces a security risk in ancient browsers. See
    :ref:json-security for details.
  • Added before_render_template signal.
  • Added **kwargs to :meth:flask.Test.test_client to support passing
    additional keyword arguments to the constructor of
  • Added SESSION_REFRESH_EACH_REQUEST config key that controls the
    set-cookie behavior. If set to True a permanent session will be
    refreshed each request and get their lifetime extended, if set to
    False it will only be modified if the session actually modifies.
    Non permanent sessions are not affected by this and will always
    expire if the browser window closes.
  • Made Flask support custom JSON mimetypes for incoming data.
  • Added support for returning tuples in the form (response, headers)
    from a view function.
  • Added :meth:flask.Config.from_json.
  • Added :attr:flask.Flask.config_class.
  • Added :meth:flask.Config.get_namespace.
  • Templates are no longer automatically reloaded outside of debug mode. This
    can be configured with the new TEMPLATES_AUTO_RELOAD config key.
  • Added a workaround for a limitation in Python 3.3's namespace loader.
  • Added support for explicit root paths when using Python 3.3's namespace
  • Added :command:flask and the flask.cli module to start the local
    debug server through the click CLI system. This is recommended over the old method as it works faster and more reliable due to a
    different design and also replaces Flask-Script.
  • Error handlers that match specific classes are now checked first,
    thereby allowing catching exceptions that are subclasses of HTTP
    exceptions (in werkzeug.exceptions). This makes it possible
    for an extension author to create exceptions that will by default
    result in the HTTP error of their choosing, but may be caught with
    a custom error handler if desired.
  • Added :meth:flask.Config.from_mapping.
  • Flask will now log by default even if debug is disabled. The log format is
    now hardcoded but the default log handling can be disabled through the
    LOGGER_HANDLER_POLICY configuration key.
  • Removed deprecated module functionality.
  • Added the EXPLAIN_TEMPLATE_LOADING config flag which when enabled will
    instruct Flask to explain how it locates templates. This should help
    users debug when the wrong templates are loaded.
  • Enforce blueprint handling in the order they were registered for template
  • Ported test suite to py.test.
  • Deprecated request.json in favour of request.get_json().
  • Add "pretty" and "compressed" separators definitions in jsonify() method.
    Reduces JSON response size when JSONIFY_PRETTYPRINT_REGULAR=False by removing
    unnecessary white space included by default after separators.
  • JSON responses are now terminated with a newline character, because it is a
    convention that UNIX text files end with a newline and some clients don't
    deal well when this newline is missing. See
    pallets/flask#1262 -- this came up originally as a
    part of postmanlabs/httpbin#168
  • The automatically provided OPTIONS method is now correctly disabled if
    the user registered an overriding rule with the lowercase-version
    options (issue 1288).
  • flask.json.jsonify now supports the type (pull request
  • Don't leak exception info of already catched exceptions to context teardown
    handlers (pull request 1393).
  • Allow custom Jinja environment subclasses (pull request 1422).
  • flask.g now has pop() and setdefault methods.
  • Turn on autoescape for flask.templating.render_template_string by default
    (pull request 1515).
  • flask.ext is now deprecated (pull request 1484).
  • send_from_directory now raises BadRequest if the filename is invalid on
    the server OS (pull request 1763).
  • Added the JSONIFY_MIMETYPE configuration variable (pull request 1728).
  • Exceptions during teardown handling will no longer leave bad application
    contexts lingering around.


(bugfix release, release date to be announced)

  • Fixed broken test_appcontext_signals() test case.
  • Raise an :exc:AttributeError in :func:flask.helpers.find_package with a
    useful message explaining why it is raised when a PEP 302 import hook is used
    without an is_package() method.
  • Fixed an issue causing exceptions raised before entering a request or app
    context to be passed to teardown handlers.
  • Fixed an issue with query parameters getting removed from requests in
    the test client when absolute URLs were requested.
  • Made before_first_request into a decorator as intended.
  • Fixed an etags bug when sending a file streams with a name.
  • Fixed send_from_directory not expanding to the application root path
  • Changed logic of before first request handlers to flip the flag after
    invoking. This will allow some uses that are potentially dangerous but
    should probably be permitted.
  • Fixed Python 3 bug when a handler from app.url_build_error_handlers
    reraises the BuildError.

Flask-Admin 1.3.0 -> 1.4.2


  • Small bug fix release. Fixes regression that prevented usage of "virtual" columns with a custom formatter.


  • Official Python 3.5 support
  • Customizable row actions
  • Tablib support (exporting to XLS, XLSX, CSV, etc)
  • Updated external dependencies (jQuery, x-editable, etc)
  • Added settings that allows exceptions to be raised on view errors
  • Bug fixes


  • Updated and reworked documentation
  • FileAdmin went through minor refactoring and now supports remote file systems. Comes with the new, optional, AWS S3 file management interface
  • Configurable CSV export for model views
  • Added overridable URL generation logic. Allows using custom URLs with parameters for administrative views
  • Added column_display_actions to ModelView control visibility of the action column without overriding the template
  • Added support for the latest MongoEngine
  • New SecureForm base class for easier CSRF validation
  • Lots of translation-related fixes and updated translations
  • Bug fixes

Flask-Bootstrap ->

  • Most likely to be the last major Bootstrap 3 release (see
    twbs/bootstrap#20631). Make sure you pin
    Flask-Bootstrap's version to <4 to avoid inadvertent updates.

  • IE-specific meta information and viewport meta tags have been added to the
    base template.
  • The flashed messages are no longer considered "safe", which means HTML-markup
    will be escaped. See :func:flashed_messages for more information.
  • The title block now contains an empty-by-default title variable.

Flask-DebugToolbar 0.10.0 -> 0.10.1



  • Add support for Python wheels


  • Switch imports from deprecated flask.ext.* to flask_* syntax (94, thanks
    Michael Lenzen & 97 thanks Iuri de Silvio)

Flask-Login 0.2.11 -> 0.4.0


Released on October 26th, 2016

  • Fixes OPTIONS exemption from login. 244
  • Fixes use of MD5 by replacing with SHA512. 264
  • BREAKING: The login_manager.token_handler function, get_auth_token method
    on the User class, and the utils.make_secure_token utility function have
    been removed to prevent users from creating insecure auth implementations.
    Use the Alternative Tokens example from the docs instead. 291


Released on October 8th, 2015

  • Fixes Python 2.6 compatibility.
  • Updates SESSION_KEYS to include "remember".


Released on September 30th, 2015

  • Fixes removal of non-Flask-Login keys from session object when using 'strong'


Released on September 10th, 2015

  • Fixes handling of X-Forward-For header.
  • Update to use SHA512 instead of MD5 for session identifier creation.
  • Fixes session creation for every view.
  • BREAKING: UTC used to set cookie duration.
  • BREAKING: Non-fresh logins now returns HTTP 401.
  • Support unicode user IDs in cookie.
  • Fixes user_logged_out signal invocation.
  • Support for per-Blueprint login views.
  • BREAKING: The is_authenticated, is_active, and is_anonymous members of
    the user class are now properties, not methods. Applications should update
    their user classes accordingly.
  • Various other improvements including documentation and code clean up.

Flask-Migrate 1.5.0 -> 2.0.3


  • Support multiple -x arguments in the Flask-Script interface (103)


  • Support passing alembic context kwargs from constructor into init_app (138)


  • Fix flake8 warnings in Alembic templates (136)


  • Added Travis CI builds for Python 3.5
  • Support for the new Flask CLI based on Click


  • Allow to init_app to work correctly when db is given in constructor (118)


  • Allow db to be given in constructor, while app is given later in init_app
  • Added missing Python 2 classifiers in setup script
  • Various documentation updates


  • Added migrate.configure decorator to register configuration callbacks
  • Documentation updates


  • Added support for Alembic's edit command
  • Allow migration directory to be given in constructor and not in init_app


  • Do not generate a migration if no schema changes are found
  • Merge command now supports multiple arguments

Flask-Security 1.7.4 -> 1.7.5


Released December 2nd 2015

  • Added SECURITY_TOKEN_MAX_AGE configuration setting
  • Fixed calls to SQLAlchemyUserDatastore.get_user(None) (this now returns False instead of raising a TypeError
  • Fixed URL generation adding extra slashes in some cases (see GitHub 343)
  • Fixed handling of trackable IP addresses when the X-Forwarded-For header contains multiple values
  • Include WWW-Authenticate headers in auth_required authentication checks
  • Fixed error when check_token function is used with a json list
  • Added support for custom AnonymousUser classes
  • Restricted forgot_password endpoint to anonymous users
  • Allowed unauthorized callback to be overridden
  • Fixed issue where passwords cannot be reset if currently set to None
  • Ensured that password reset tokens are invalidated after use
  • Updated is_authenticated and is_active functions to support Flask-Login changes
  • Various documentation improvements

Flask-SQLAlchemy 2.0 -> 2.1


Released on October 23rd 2015, codename Caesium

  • Table names are automatically generated in more cases, including
    subclassing mixins and abstract models.
  • Allow using a custom MetaData object.
  • Add support for binds parameter to session.

Flask-WTF 0.12 -> 0.14.2


Released 2017-01-10

  • Fix bug where FlaskForm assumed meta argument was not None if it
    was passed. (278_)

.. _278: lepture/flask-wtf#278


Released 2017-01-10

  • Fix bug where the file validators would incorrectly identify an empty file as
    valid data. (276, 277)
  • FileField is no longer deprecated. The data is checked during
    processing and only set if it's a valid file.
  • has_file is deprecated; it's now equivalent to bool(
  • FileRequired and FileAllowed work with both the Flask-WTF and
    WTForms FileField classes.
  • The Optional validator now works with FileField.

.. _276: lepture/flask-wtf#276
.. _277: lepture/flask-wtf#277


Released 2017-01-06

  • Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
    ourselves. (264_)
  • All tokens are URL safe, removing the url_safe parameter from
    generate_csrf. (206_)
  • All tokens store a timestamp, which is checked in validate_csrf. The
    time_limit parameter of generate_csrf is removed.
  • Remove the app attribute from CsrfProtect, use current_app.
  • CsrfProtect protects the DELETE method by default. (264_)
  • The same CSRF token is generated for the lifetime of a request. It is exposed
    as request.csrf_token for use during testing. (227, 264)
  • CsrfProtect.error_handler is deprecated. (264_)
  • Handlers that return a response work in addition to those that raise an
    error. The behavior was not clear in previous docs.
  • (200, 209, 243, 252)
  • Use Form.Meta instead of deprecated SecureForm for CSRF (and
    everything else). (216, 271)
  • csrf_enabled parameter is still recognized but deprecated. All other
    attributes and methods from SecureForm are removed. (271_)
  • Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
  • validate_csrf raises wtforms.ValidationError with specific messages
    instead of returning True or False. This breaks anything that was
    calling the method directly. (239, 271)
  • CSRF errors are logged as well as raised. (239_)
  • CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
    when using the old name. CsrfError is renamed to CSRFError without
    deprecation. (271_)
  • FileField is deprecated because it no longer provides functionality over
    the provided validators. Use wtforms.FileField directly. (272_)

.. _200: lepture/flask-wtf#200
.. _209: lepture/flask-wtf#209
.. _216: lepture/flask-wtf#216
.. _227: lepture/flask-wtf#227
.. _239: lepture/flask-wtf#239
.. _243: lepture/flask-wtf#243
.. _252: lepture/flask-wtf#252
.. _264: lepture/flask-wtf#264
.. _271: lepture/flask-wtf#271
.. _272: lepture/flask-wtf#272


Released 2016/10/6

  • Deprecation warning for Form is shown during __init__ instead of immediately when subclassing. (262_)
  • Don't use pkg_resources to get version, for compatibility with GAE. (261_)

.. _261: lepture/flask-wtf#261
.. _262: lepture/flask-wtf#262


Released 2016/09/29

  • Form is renamed to FlaskForm in order to avoid name collision with WTForms's base class. Using Form will show a deprecation warning. (250_)
  • hidden_tag no longer wraps the hidden inputs in a hidden div. This is valid HTML5 and any modern HTML parser will behave correctly. (217, 193)
  • flask_wtf.html5 is deprecated. Import directly from wtforms.fields.html5. (251_)
  • is_submitted is true for PATCH and DELETE in addition to POST and PUT. (187_)
  • generate_csrf takes a token_key parameter to specify the key stored in the session. (206_)
  • generate_csrf takes a url_safe parameter to allow the token to be used in URLs. (206_)
  • can be accessed multiple times without raising an exception. (248_)
  • File extension with multiple parts (.tar.gz) can be used in the FileAllowed validator. (201_)

.. _187: lepture/flask-wtf#187
.. _193: lepture/flask-wtf#193
.. _201: lepture/flask-wtf#201
.. _206: lepture/flask-wtf#206
.. _217: lepture/flask-wtf#217
.. _248: lepture/flask-wtf#248
.. _250: lepture/flask-wtf#250
.. _251: lepture/flask-wtf#251

psycopg2 2.6.1 -> 2.6.2



  • Report the server response status on errors (such as 🎫281).
  • Raise !NotSupportedError on unhandled server response status
  • Allow overriding string adapter encoding with no connection (🎫331).
  • The ~psycopg2.extras.wait_select callback allows interrupting a
    long-running query in an interactive shell using :kbd:Ctrl-C
  • Fixed !PersistentConnectionPool on Python 3 (🎫348).
  • Fixed segfault on repr() of an unitialized connection (🎫361).
  • Allow adapting bytes using QuotedString on Python 3 too (🎫365).
  • Added support for setuptools/wheel (🎫370).
  • Fix build on Windows with Python 3.5, VS 2015 (🎫380).
  • Fixed !errorcodes.lookup initialization thread-safety (🎫382).
  • Fixed !read() exception propagation in copy_from (🎫412).
  • Fixed possible NULL TZ decref (🎫424).
  • ~psycopg2.errorcodes map updated to PostgreSQL 9.5.

celery 3.1.18 -> 4.0.2


:release-date: 2016-12-15 03:40 PM PST
:release-by: Ask Solem

  • Requirements
  • Now depends on :ref:Kombu 4.0.2 <kombu:version-4.0.2>.
  • Tasks: Fixed problem with JSON serialization of group
    (keys must be string error, Issue 3688).
  • Worker: Fixed JSON serialization issue when using inspect active
    and friends (Issue 3667).
  • App: Fixed saferef errors when using signals (Issue 3670).
  • Prefork: Fixed bug with pack requiring bytes argument
    on Python 2.7.5 and earlier (Issue 3674).
  • Tasks: Saferepr did not handle unicode in bytestrings on Python 2
    (Issue 3676).
  • Testing: Added new celery_worker_paremeters fixture.

Contributed by Michael Howitz.

  • Tasks: Added new app argument to GroupResult.restore
    (Issue 3669).

This makes the restore method behave the same way as the GroupResult

Contributed by Andreas Pelme.

  • Tasks: Fixed type checking crash when task takes *args on Python 3
    (Issue 3678).
  • Documentation and examples improvements by:
  • BLAGA Razvan-Paul
  • Michael Howitz
  • :github_user:paradox41

.. _version-4.0.1:


:release-date: 2016-12-08 05:22 PM PST
:release-by: Ask Solem

  • [Security: CELERYSA-0003_] Insecure default configuration

The default :setting:accept_content setting was set to allow
deserialization of pickled messages in Celery 4.0.0.

The insecure default has been fixed in 4.0.1, and you can also
configure the 4.0.0 version to explicitly only allow json serialized

.. code-block:: python

   app.conf.accept_content = ['json']

.. _CELERYSA-0003:

  • Tasks: Added new method to register class-based tasks (Issue 3615).

To register a class based task you should now call app.register_task:

.. code-block:: python

   from celery import Celery, Task
   app = Celery()
   class CustomTask(Task):
       def run(self):
           return 'hello'
  • Tasks: Argument checking now supports keyword-only arguments on Python3
    (Issue 3658).

Contributed by :github_user:sww.

  • Tasks: The task-sent event was not being sent even if
    configured to do so (Issue 3646).
  • Worker: Fixed AMQP heartbeat support for eventlet/gevent pools
    (Issue 3649).
  • App: app.conf.humanize() would not work if configuration
    not finalized (Issue 3652).
  • Utils: saferepr attempted to show iterables as lists
    and mappings as dicts.
  • Utils: saferepr did not handle unicode-errors
    when attempting to format bytes on Python 3 (Issue 3610).
  • Utils: saferepr should now properly represent byte strings
    with non-ascii characters (Issue 3600).
  • Results: Fixed bug in elasticsearch where _index method missed
    the body argument (Issue 3606).

Fix contributed by 何翔宇 (Sean Ho).

  • Canvas: Fixed :exc:ValueError in chord with single task header
    (Issue 3608).

Fix contributed by Viktor Holmqvist.

  • Task: Ensure class-based task has name prior to registration
    (Issue 3616).

Fix contributed by Rick Wargo.

  • Beat: Fixed problem with strings in shelve (Issue 3644).

Fix contributed by Alli.

  • Worker: Fixed :exc:KeyError in inspect stats when -O argument
    set to something other than fast or fair (Issue 3621).
  • Task: Retried tasks were no longer sent to the original queue
    (Issue 3622).
  • Worker: Python 3: Fixed None/int type comparison in
    :file:apps/ (Issue 3631).
  • Results: Redis has a new :setting:redis_socket_connect_timeout
  • Results: Redis result backend passed the socket_connect_timeout
    argument to UNIX socket based connections by mistake, causing a crash.
  • Worker: Fixed missing logo in worker splash screen when running on
    Python 3.x (Issue 3627).

Fix contributed by Brian Luan.

  • Deps: Fixed celery[redis] bundle installation (Issue 3643).

Fix contributed by Rémi Marenco.

  • Deps: Bundle celery[sqs] now also requires :pypi:pycurl
    (Issue 3619).
  • Worker: Hard time limits were no longer being respected (Issue 3618).
  • Worker: Soft time limit log showed Trues instead of the number
    of seconds.
  • App: registry_cls argument no longer had any effect (Issue 3613).
  • Worker: Event producer now uses connection_for_Write (Issue 3525).
  • Results: Redis/memcache backends now uses :setting:result_expires
    to expire chord counter (Issue 3573).

Contributed by Tayfun Sen.

  • Django: Fixed command for upgrading settings with Django (Issue 3563).

Fix contributed by François Voron.

  • Testing: Added a celery_parameters test fixture to be able to use
    customized Celery init parameters. (3626)

Contributed by Steffen Allner.

  • Documentation improvements contributed by
  • :github_user:csfeathers
  • Moussa Taifi
  • Yuhannaa
  • Laurent Peuch
  • Christian
  • Bruno Alla
  • Steven Johns
  • :github_user:tnir
  • GDR!

.. _version-4.0.0:


:release-date: 2016-11-04 02:00 P.M PDT
:release-by: Ask Solem

See :ref:whatsnew-4.0 (in :file:docs/whatsnew-4.0.rst).

.. _version-4.0.0rc7:


:release-date: 2016-11-02 01:30 P.M PDT

Important notes

  • Database result backend related setting names changed from
    sqlalchemy_* -> database_*.

The sqlalchemy_ named settings won't work at all in this
version so you need to rename them. This is a last minute change,
and as they were not supported in 3.1 we will not be providing

  • chain(A, B, C) now works the same way as A | B | C.

This means calling chain() might not actually return a chain,
it can return a group or any other type depending on how the
workflow can be optimized.

arrow 0.6.0 -> 0.10.0


  • [FIX] Fix getattr off by one for quarter
  • [FIX] Fix negative offset for UTC
  • [FIX] Update


  • [NEW] Remove duplicate code
  • [NEW] Support gnu date iso 8601
  • [NEW] Add support for universal wheels
  • [NEW] Slovenian locale
  • [NEW] Slovak locale
  • [NEW] Romanian locale
  • [FIX] respect limit even if end is defined range
  • [FIX] Separate replace & shift functions
  • [NEW] Added tox
  • [FIX] Fix supported Python versions in documentation
  • [NEW] Azerbaijani locale added, locale issue fixed in Turkish.
  • [FIX] Format ParserError's raise message


  • []


  • [NEW] Esperanto locale (batisteo)


  • [FIX] Parse localized strings 228 (swistakm)
  • [FIX] Modify tzinfo parameter in get api 221 (bottleimp)
  • [FIX] Fix Czech locale (PrehistoricTeam)
  • [FIX] Raise TypeError when adding/subtracting non-dates (itsmeolivia)
  • [FIX] Fix pytz conversion error (Kudo)
  • [FIX] Fix overzealous time truncation in span_range (kdeldycke)
  • [NEW] Humanize for time duration 232 (ybrs)
  • [NEW] Add Thai locale (sipp11)
  • [NEW] Adding Belarusian (be) locale (oire)
  • [NEW] Search date in strings (beenje)
  • [NEW] Note that arrow's tokens differ from strptime's. (offby1)

Jinja2 2.8 -> 2.9.5


(bugfix release, released on January 28th 2017)

  • Restored the original repr of the internal _GroupTuple because this
    caused issues with ansible and it was an unintended change. (654)
  • Added back support for custom contexts that override the old resolve
    method since it was hard for people to spot that this could cause a
  • Correctly use the buffer for the else block of for loops. This caused
    invalid syntax errors to be caused on 2.x and completely wrong behavior
    on Python 3 (669)
  • Resolve an issue where the {% extends %} tag could not be used with
    async environments. (668)
  • Reduce memory footprint slightly by reducing our unicode database dump
    we use for identifier matching on Python 3 (666)
  • Fixed autoescaping not working for macros in async compilation mode. (671)


(bugfix release, released on January 10th 2017)

  • Solved some warnings for string literals. (646)
  • Increment the bytecode cache version which was not done due to an
    oversight before.
  • Corrected bad code generation and scoping for filtered loops. (649)
  • Resolved an issue where top-level output silencing after known extend
    blocks could generate invalid code when blocks where contained in if
    statements. (651)
  • Made the truncate.leeway default configurable to improve compatibility
    with older templates.


(bugfix release, released on January 8th 2017)

  • Restored the use of blocks in macros to the extend that was possible
    before. On Python 3 it would render a generator repr instead of
    the block contents. (645)
  • Set a consistent behavior for assigning of variables in inner scopes
    when the variable is also read from an outer scope. This now sets the
    intended behavior in all situations however it does not restore the
    old behavior where limited assignments to outer scopes was possible.
    For more information and a discussion see 641
  • Resolved an issue where block scoped would not take advantage of the
    new scoping rules. In some more exotic cases a variable overriden in a
    local scope would not make it into a block.
  • Change the code generation of the with statement to be in line with the
    new scoping rules. This resolves some unlikely bugs in edge cases. This
    also introduces a new internal With node that can be used by extensions.


(bugfix release, released on January 8th 2017)

  • Fixed a regression that caused for loops to not be able to use the same
    variable for the target as well as source iterator. (640)
  • Add support for a previously unknown behavior of macros. It used to be
    possible in some circumstances to explicitly provide a caller argument
    to macros. While badly buggy and unintended it turns out that this is a
    common case that gets copy pasted around. To not completely break backwards
    compatibility with the most common cases it's now possible to provide an
    explicit keyword argument for caller if it's given an explicit default.


(bugfix release, released on January 7th 2017)

  • Resolved a regression with call block scoping for macros. Nested caller
    blocks that used the same identifiers as outer macros could refer to the
    wrong variable incorrectly.


(codename Derivation, released on January 7th 2017)

  • Change cache key definition in environment. This fixes a performance
    regression introduced in 2.8.
  • Added support for generator_stop on supported Python versions
    (Python 3.5 and later)
  • Corrected a long standing issue with operator precedence of math operations
    not being what was expected.
  • Added support for Python 3.6 async iterators through a new async mode.
  • Added policies for filter defaults and similar things.
  • urlize now sets "rel noopener" by default.
  • Support attribute fallback for old-style classes in 2.x.
  • Support toplevel set statements in extend situations.
  • Restored behavior of Cycler for Python 3 users.
  • Subtraction now follows the same behavior as other operators on undefined
  • map and friends will now give better error messages if you forgot to
    quote the parameter.
  • Depend on MarkupSafe 0.23 or higher.
  • Improved the truncate filter to support better truncation in case
    the string is barely truncated at all.
  • Change the logic for macro autoescaping to be based on the runtime
    autoescaping information at call time instead of macro define time.
  • Ported a modified version of the tojson filter from Flask to Jinja2
    and hooked it up with the new policy framework.
  • Block sets are now marked safe by default.
  • On Python 2 the asciification of ASCII strings can now be disabled with
    the compiler.ascii_str policy.
  • Tests now no longer accept an arbitrary expression as first argument but
    a restricted one. This means that you can now properly use multiple
    tests in one expression without extra parentheses. In particular you can
    now write foo is divisibleby 2 or foo is divisibleby 3
    as you would expect.
  • Greatly changed the scoping system to be more consistent with what template
    designers and developers expect. There is now no more magic difference
    between the different include and import constructs. Context is now always
    propagated the same way. The only remaining differences is the defaults
    for with context and without context.
  • The with and autoescape tags are now built-in.
  • Added the new select_autoescape function which helps configuring better
    autoescaping easier.


(bugfix release, unreleased)

  • Fixed a runtime error in the sandbox when attributes of async generators
    were accessed.


(bugfix release, released on December 29th 2016)

  • Fixed the for_qs flag for urlencode.
  • Fixed regression when applying int to non-string values.
  • SECURITY: if the sandbox mode is used format expressions are now sandboxed
    with the same rules as in Jinja. This solves various information leakage
    problems that can occur with format strings.

parsedatetime 1.5 -> 2.2


v2.2 bump

Issue 156 parsedatetime 2.0 doesn't work on py26

PR 157 unwrap dictionary comprehensions to allow for python 2.6 to work - Issue 156

29 Feb 2016 - bear


Issue 155 Relative times containing years fail when computed from a leap day
Issue 145 cal.parse('2015-11-18') returns November 19th 2015
Issue 143 What is the second value returned by parse?
Issue 141 Bad test case in TestComplexDateTimes
Issue 123 update supporting files for v2.0 release
Issue 124 Put locales into config-files (yaml)
Issue 125 Remove extra files
Issue 137 Year is parsed wrongly if the date is of format MMM DD, YYxx xx:SS bug
Issue 136 Why I see 2016 instead of 2015?
Issue 133 Bug: "2015-01-01" is parsed as the current date.
Issue 126 "Unresolved attribute reference 'parse' for class 'object'... " in Pycharm IDE. bug

PR 153 Fix/day of week offsets
PR 146 Test failure: eom is correct, but expectation is wrong
PR 142 Fixed all PyICU test failure
PR 138 bug(date3): rely on comparison of hour and year strings but not strict char position
PR 135 update manifest, clean up and move historical text files
PR 130 Refactoring of pdt_locales
PR 134 Uses codecov to generate coverage report
PR 128 Master
PR 127 Issue 126 - removed inheritance from object and removed return value…

20 Sep 2015 - bear
bump version to v2.0 because of the fix for Issue 120

Issue 120 the pdt_locales/ file uses en_A for the localID instead of en_AU
Issue 114 Dates in the format 'YYYY-MM-DD HH:MM' give the incorrect month and day
Issue 112 Document getting a time from parsedatetime into a standard Python structure
Issue 110 AttributeError when running in the context of an HTTP request
Issue 109 YearParseStyle is ignored for dates in MM/DD style
Issue 107 yyyy/mm/dd date format
Issue 105 "this week" is not parsed
Issue 103 get UTC times from parseDT - trouble with at 9:30 clock times being interpreted directly in UTC
Issue 100 Fractional deltas result in incoherent results.

PR 118 ADD: improve russian locale
PR 117 ADD: Russian Locale
PR 116 Fix spelling of "separator".
PR 115 Update README.rst
PR 113 Add datetime example to readme.
PR 111 Allowed real number appear in text like "5.5 days ago"

25 Jun 2015 - bear
Issue 73 add Makefile

bump version to v1.6

pillow 2.9.0 -> 4.0.0


  • Refactor out postprocessing hack to load_end in PcdImageFile
  • Add center and translate option to Image.rotate. 2328

  • Test: Relax WMF test condition, fixes 2323

  • Allow 0 size images, Fixes 2259, Reverts to pre-3.4 behavior.

  • SGI: Save uncompressed SGI/BW/RGB/RGBA files 2325

  • Depends: Updated pngquant to 2.8.2 2319

  • Test: Added correctness tests for opening SGI images 2324
  • Allow passing a list or tuple of individual frame durations when saving a GIF 2298
  • Unified different GIF optimize conditions 2196
  • Build: Refactor dependency installation 2305
  • Test: Add python 3.6 to travis, tox 2304
  • Test: Fix coveralls coverage for Python+C 2300
  • Remove executable bit and shebang from 2308
    [jwilk, radarhere]
  • PyPy: Buffer interface workaround 2294
  • Test: Switch to Ubuntu Trusty 14.04 on Travis CI 2294
  • Remove vendored version of olefile Python package in favor of upstream 2199
  • Updated comments to use print as a function 2234
  • Set executable flag on, and added shebang line 2282, 2277
    [radarhere, homm]
  • Test: Increase epsilon for FreeType 2.7 as rendering is slightly different. 2286
  • Test: Faster assert_image_similar 2279
  • Removed depreciated internal "stretch" method 2276
  • Removed the handles_eof flag in decode.c 2223
  • Tiff: Fix for writing Tiff to BytesIO using libtiff 2263
  • Doc: Design docs 2269
  • Test: Move tests requiring libtiff to test_file_libtiff 2273
  • Update Maxblock heuristic 2275
  • Fix for 2-bit palette corruption 2274
    [pdknsk, wiredfool]
  • Tiff: Update info.icc_profile when using libtiff reader. 2193
  • Test: Fix bug in test_ifd_rational_save when libtiff is not available 2270
  • ICO: Only save relevant sizes 2267
  • ICO: Allow saving .ico files of 256x256 instead of 255x255 2265
  • Fix TIFFImagePlugin ICC color profile saving. 2087
  • Doc: Improved description of ImageOps.deform resample parameter 2256
  • EMF: support negative bounding box coordinates 2249
  • Close file if opened in WalImageFile 2216
  • Use Image._new() instead of _makeself() 2248
  • SunImagePlugin fixes 2241
  • Use minimal scale for jpeg drafts 2240
  • Updated dependency scripts to use FreeType 2.7, OpenJpeg 2.1.2, WebP 0.5.2 and Tcl/Tk 8.6.6 2235, 2236, 2237, 2290, 2302
  • Fix "invalid escape sequence" bytestring warnings in Python 3.6 2186
  • Removed support for Python 2.6 and Python 3.2 2192
  • Setup: Raise custom exceptions when required/requested dependencies are not found 2213
  • Use a context manager in to ensure file is always closed 2226
  • Fixed bug in saving to fp-objects in Python >= 3.4 2227
  • Use a context manager in ImageFont._load_pilfont() to ensure file is always closed 2232
  • Use generator expressions instead of list comprehension 2225
  • Close file after reading in ImagePalette.load() 2215
  • Changed behaviour of default box argument for paste method to match docs 2211
  • Add support for another BMP bitfield 2221
  • Added missing top-level test main 2222
  • Replaced range(len()) 2197
  • Fix for ImageQt Segfault, fixes 1370 2182
  • Setup: Close file in after finished reading 2208
  • Setup: optionally use pkg-config (when present) to detect dependencies 2074
  • Search for tkinter first in builtins 2210
  • Tests: Replace try/except/fail pattern with TestCase.assertRaises() 2200
  • Tests: Remove unused, open files at top level of tests 2188
  • Replace type() equality checks with isinstance 2184
  • Doc: Move ICO out of the list of read-only file formats 2180
  • Doc: Fix formatting, too-short title underlines and malformed table 2175
  • Fix BytesWarnings 2172
  • Use Integer division to eliminate deprecation warning. 2168
  • Doc: Update compatibility matrix
    [daavve, wiredfool]


  • Fix Resample coefficient calculation 2161


  • Allow lists as arguments for 2149
  • Fix fix for map.c overflow 2151 (also in 3.3.3)


  • Removed Image.core.open_ppm, added negative image size checks in 2146
  • Windows build: fetch dependencies from pillow-depends 2095
  • Add TIFF save_all writer. 2140
    [lambdafu, vashek]
  • Move libtiff fd duplication to _load_libtiff 2141
  • Speed up GIF save optimization step, fixes 2093. 2133
  • Fix for ImageCms Segfault, Issue 2037. 2131
  • Make Image.crop an immediate operation, not lazy. 2138
  • Skip empty values in ImageFileDirectory 2024
  • Force reloading palette when using mmap in ImageFile. 2139
  • Fix "invalid escape sequence" warning in Python 3.6 2136
  • Update documentation about drafts 2137
  • Converted documentation parameter format, comments to docstrings 2021
  • Fixed typos 2128 2142
  • Renamed references to OS X to macOS 2125 2130
  • Use truth value when checking for progressive and optimize option on save 2115, 2129
  • Convert DPI to ints when saving as JPEG 2102
  • Added append_images parameter to GIF saving 2103
  • Speedup paste with masks up to 80% 2015
  • Rewrite DDS decoders in C, add DXT3 and BC7 decoders 2068
  • Fix PyArg_ParseTuple format in getink() 2070
  • Fix saving originally missing TIFF tags. 2111
  • Allow pathlib.Path in on Python 2.7 2110
  • Use modern base64 interface over deprecated 2121
  • ImageColor.getrgb hexadecimal RGBA 2114
  • Test fix for bigendian machines 2092
  • Resampling lookups, trailing empty coefficients, precision 2008
  • Add (un)packing between RGBA and BGRa 2057
  • Added return for J2k (and fpx) Load to return a pixel access object 2061
  • Skip failing numpy tests on Pypy <= 5.3.1 2090
  • Show warning when trying to save RGBA image as JPEG 2010
  • Respect pixel centers during transform 2022
  • TOC for supported file formats 2056
  • Fix conversion of bit images to numpy arrays Fixes 350, 2058
  • Add ImageOps.scale to expand or contract a PIL image by a factor 2011
  • Flake8 fixes 2050
  • Updated freetype to 2.6.5 on Appveyor builds 2035
  • PCX encoder fixes 2023, pr 2041
  • Docs: Windows console prompts are > 2031
  • Expose Pillow package version as PIL.version 2027
  • Add Box and Hamming filters for resampling 1959
  • Retain a reference to core image object in PyAccess 2009


  • Fix fix for map.c overflow 2151


  • Fix negative image sizes in Storage.c 2105
  • Fix integer overflow in map.c 2105


  • Fix C90 compilation error for Tcl / Tk rewrite 2033
  • Fix image loading when rotating by 0 deg 2052


  • Fixed enums for Resolution Unit and Predictor in 1998
  • Fix issue converting P mode to LA 1986
  • Moved test_j2k_overflow to check_j2k_overflow, prevent DOS of our 32bit testing machines 1995
  • Skip CRC checks in PNG files when LOAD_TRUNCATED_IMAGES is enabled 1991
  • Added CMYK mode for opening EPS files 1826
  • Docs: OSX build instruction clarification 1994
  • Docs: Filter comparison table 1993
  • Removal of pthread based Incremental.c, new interface for file decoders/encoders to access the python file. Fixes assorted J2k Hangs. 1934
  • Skip unnecessary passes when resizing 1954
  • Removed duplicate code in ImagePalette 1832
  • test_imagecms: Reduce precision of extended info due to 32 bit machine precision 1990
  • Binary Tiff Metadata/ICC profile. 1988
  • Ignore large text blocks in PNG if LOAD_TRUNCATED_IMAGES is enabled 1970
  • Replace index = index+1 in docs with +=1
  • Skip extra 0xff00 in jpeg 1977
  • Use bytearray for palette mutable storage 1985
    [radarhere, wiredfool]
  • Added additional uint modes for Image.fromarray, more extensive tests of fromarray 1984
    [mairsbw, wiredfool]
  • Fix for program importing PyQt4 when PyQt5 also installed 1942
  • Changed depends/install_*.sh urls to point to github pillow-depends repo 1983
  • Allow ICC profile from encoderinfo while saving PNGs 1909
  • Fix integer overflow on ILP32 systems (32-bit Linux). 1975
  • Change function declaration to match Tcl_CmdProc type 1966
  • Integer overflow checks on all calls to *alloc 1781
  • Change equals method on Image so it short circuits 1967
  • Runtime loading of TCL/TK libraries, eliminating build time dependency. 1932
  • Cleanup of transform methods 1941
  • Fix "Fatal Python error: UNREF invalid object" in debug builds 1936
  • Setup fixes for Alpine linux 1937
  • Split resample into horizontal + vertical passes 1933
  • Box blur with premultiplied alpha 1914
  • Add libimagequant support in quantize() 1889
  • Added internal Premultiplied luminosity (La) mode 1912
  • Fixed point integer resample 1881
  • Removed docs/BUILDME script 1924
  • Moved comments to docstrings 1926
  • Include Python.h before wchar.h so _GNU_SOURCE is set consistently 1906
  • Updated example decoder in documentation 1899
  • Added support for GIF comment extension 1896
  • Removed support for pre- 1.5.2 list form of Image info in 1897
  • Fix typos in TIFF tags 1918
  • Skip tests that require libtiff if it is not installed 1893 (fixes 1866)
  • Skip test when icc profile is not available, fixes 1887
  • Make deprecated functions raise NotImplementedError instead of Exception. 1862, 1890
    [daniel-leicht, radarhere]
  • Replaced os.system with in 1879
  • Corrected Image show documentation 1886
  • Added check for executable permissions to ImageShow 1880
  • Fixed tutorial code and added explanation 1877
  • Added OS X support for ImageGrab grabclipboard 1837
  • Combined duplicate code in ImageTk 1856
  • Added --disable-platform-guessing option to build extension 1861
  • Fixed loading Transparent PNGs with a transparent black color 1840
  • Add support for LA mode in Image.fromarray 1865
  • Make ImageFile load images in read-only mode 1864
  • Added _accept hook for XVThumbImagePlugin 1853
  • Test TIFF with LZW compression 1855, TGA RLE file 1854
  • Improved SpiderImagePlugin help text 1863
  • Updated Sphinx project description 1870
  • Remove support for Python 3.0 from _imaging.c 1851
  • Jpeg qtables are unsigned chars 1814, 1921
  • Added additional EXIF tags 1841, TIFF Tags 1821
  • Changed documentation to refer to ImageSequence Iterator 1833
  • Fix Fedora prerequisites in installation docs, depends script 1842
  • Added _accept hook for PixarImagePlugin 1843
  • Removed outdated scanner classifier 1823
  • Combined identical error messages in _imaging 1825
  • Added debug option for to trace header and library finding 1790
  • Fix doc building on travis 1820, 1844
  • Fix for DIB/BMP images 1813, 1847
  • Add PixarImagePlugin file extension 1809
  • Catch struct.errors when verifying png files 1805
  • SpiderImagePlugin: raise an error when seeking in a non-stack file 1794
    [radarhere, jmichalon]
  • Added support for 2/4 bpp Tiff grayscale images 1789
  • Removed unused variable from selftest 1788
  • Added warning for as_dict method (deprecated in 3.0.0) 1799
  • Removed powf support for older Python versions 1784
  • Health fixes 1625 1903


  • Added install docs for Fedora 23 and FreeBSD 1729, 1739, 1792
    [koobs, zandermartin, wiredfool]
  • Fixed TIFF multiframe load when the frames have different compression types 1782
    [radarhere, geka000]
  • Added copy method to Image 1772
  • Updated dates in PIL license in OleFileIO README 1787
  • Corrected Tiff tag names 1786
  • Fixed documented name of JPEG property 1783
  • Fixed UnboundLocalError when loading a corrupt jpeg2k file 1780
  • Fixed integer overflow in path.c 1773
    [wiredfool, nedwill]
  • Added debug to command line help text for pilprint 1766
  • Expose many more fields in ICC Profiles 1756
  • Documentation changes, URL update, transpose, release checklist
  • Fixed saving to nonexistant files specified by pathlib.Path objects 1748 (fixes 1747)
  • Round Image.crop arguments to the nearest integer 1745 (fixes 1744)
  • Fix uninitialized variable warning in _imaging.c:getink 1663 (fixes 486)
  • Disable multiprocessing install on cygwin 1700 (fixes 1690)
  • Fix the error reported when libz is not found 1764
  • More general error check to avoid Symbol not found: _PyUnicodeUCS2_AsLatin1String on OS X 1761
  • Added py35 to tox envlist 1724
  • Fix EXIF tag name typos 1736
    [zarlant, radarhere]
  • Updated freetype to 2.6.3, Tk/Tcl to 8.6.5 and 8.5.19 1725, 1752
  • Add a loader for the FTEX format from Independence War 2: Edge of Chaos 1688
  • Improved alpha_composite documentation 1698
  • Extend ImageDraw.text method to pass on multiline_text method specific arguments 1647
  • Allow ImageSequence to seek to zero 1686
  • ImageSequence Iterator is now an iterator 1649
  • Updated windows test builds to jpeg9b 1673
  • Fixed support for .gbr version 1 im
pyup-bot added 30 commits Feb 24, 2017

@abkfenris abkfenris closed this Feb 26, 2017

@abkfenris abkfenris deleted the pyup-initial-update branch Feb 26, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.