Merge branch 'main' into fix-csrf-400-status

author: Michael Merickel <michael@merickel.org> 2024-01-28 22:48:32 -0700
committer: Michael Merickel <michael@merickel.org> 2024-01-28 22:48:32 -0700
commit: 3abbab66159286e98a32a53e9b3a6c4705c69679 (patch)
tree: 569b1b1d53415f7f8fc692c632926f08611cccf9 /CHANGES.rst
parent: f3da484e6a3550ce1dd5d3f1f34e058e82c21aa5 (diff)
parent: 8de7b1f2b5df9a9225c514b2cfc5e5e0919daac2 (diff)
download: pyramid-3abbab66159286e98a32a53e9b3a6c4705c69679.tar.gz
pyramid-3abbab66159286e98a32a53e9b3a6c4705c69679.tar.bz2
pyramid-3abbab66159286e98a32a53e9b3a6c4705c69679.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst
index d1cf0717d..f27be0253 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -36,6 +36,14 @@ Bug Fixes
 
   Thanks to Masashi Yamane of LAC Co., Ltd for reporting this issue.
 
+- Fix issues where permissions may be checked on exception views. This is not
+  supposed to happen in normal circumstances.
+
+  This also prevents issues where a ``request.url`` fails to be decoded when
+  logging info when ``pyramid.debug_authorization`` is enabled.
+
+  See https://github.com/Pylons/pyramid/pull/3741/files
+
 - Applications raising ``pyramid.exceptions.BadCSRFToken`` and
   ``pyramid.exceptions.BadCSRFOrigin`` were returning invalid HTTP status
   lines with values like ``400 Bad CSRF Origin`` instead of
author	Michael Merickel <michael@merickel.org>	2024-01-28 22:48:32 -0700
committer	Michael Merickel <michael@merickel.org>	2024-01-28 22:48:32 -0700
commit	3abbab66159286e98a32a53e9b3a6c4705c69679 (patch)
tree	569b1b1d53415f7f8fc692c632926f08611cccf9 /CHANGES.rst
parent	f3da484e6a3550ce1dd5d3f1f34e058e82c21aa5 (diff)
parent	8de7b1f2b5df9a9225c514b2cfc5e5e0919daac2 (diff)
download	pyramid-3abbab66159286e98a32a53e9b3a6c4705c69679.tar.gz pyramid-3abbab66159286e98a32a53e9b3a6c4705c69679.tar.bz2 pyramid-3abbab66159286e98a32a53e9b3a6c4705c69679.zip