flip master to 1.8

1 files changed, 2 insertions, 124 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index d316594bc..c0681053d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -4,136 +4,14 @@ unreleased
 Backward Incompatibilities
 --------------------------
 
-- Following the Pyramid deprecation period (1.4 -> 1.6),
-  AuthTktAuthenticationPolicy's default hashing algorithm is changing from md5
-  to sha512. If you are using the authentication policy and need to continue
-  using md5, please explicitly set hashalg to 'md5'.
-
-  This change does mean that any existing auth tickets (and associated cookies)
-  will no longer be valid, and users will no longer be logged in, and have to
-  login to their accounts again.
-
-  See https://github.com/Pylons/pyramid/pull/2496
-
-- The ``check_csrf_token`` function no longer validates a csrf token in the
-  query string of a request. Only headers and request bodies are supported.
-  See https://github.com/Pylons/pyramid/pull/2500
-
 Features
 --------
 
-- Added a new setting, ``pyramid.require_default_csrf`` which may be used
-  to turn on CSRF checks globally for every POST request in the application.
-  This should be considered a good default for websites built on Pyramid.
-  It is possible to opt-out of CSRF checks on a per-view basis by setting
-  ``require_csrf=False`` on those views.
-  See https://github.com/Pylons/pyramid/pull/2413
-
-- Added a ``require_csrf`` view option which will enforce CSRF checks on any
-  request with an unsafe method as defined by RFC2616. If the CSRF check fails
-  a ``BadCSRFToken`` exception will be raised and may be caught by exception
-  views (the default response is a ``400 Bad Request``). This option should be
-  used in place of the deprecated ``check_csrf`` view predicate which would
-  normally result in unexpected ``404 Not Found`` response to the client
-  instead of a catchable exception.  See
-  https://github.com/Pylons/pyramid/pull/2413 and
-  https://github.com/Pylons/pyramid/pull/2500
-
-- Added an additional CSRF validation that checks the origin/referrer of a
-  request and makes sure it matches the current ``request.domain``. This
-  particular check is only active when accessing a site over HTTPS as otherwise
-  browsers don't always send the required information. If this additional CSRF
-  validation fails a ``BadCSRFOrigin`` exception will be raised and may be
-  caught by exception views (the default response is ``400 Bad Request``).
-  Additional allowed origins may be configured by setting
-  ``pyramid.csrf_trusted_origins`` to a list of domain names (with ports if on
-  a non standard port) to allow. Subdomains are not allowed unless the domain
-  name has been prefixed with a ``.``. See
-  https://github.com/Pylons/pyramid/pull/2501
-
-- Added a new ``pyramid.session.check_csrf_origin`` API for validating the
-  origin or referrer headers against the request's domain.
-  See https://github.com/Pylons/pyramid/pull/2501
-
-- Pyramid HTTPExceptions will now take into account the best match for the
-  clients Accept header, and depending on what is requested will return
-  text/html, application/json or text/plain. The default for */* is still
-  text/html, but if application/json is explicitly mentioned it will now
-  receive a valid JSON response. See
-  https://github.com/Pylons/pyramid/pull/2489
-
-- A new event and interface (BeforeTraversal) has been introduced that will
-  notify listeners before traversal starts in the router. See
-  https://github.com/Pylons/pyramid/pull/2469 and
-  https://github.com/Pylons/pyramid/pull/1876
-
-- Add a new "view deriver" concept to Pyramid to allow framework authors to
-  inject elements into the standard Pyramid view pipeline and affect all
-  views in an application. This is similar to a decorator except that it
-  has access to options passed to ``config.add_view`` and can affect other
-  stages of the pipeline such as the raw response from a view or prior to
-  security checks. See https://github.com/Pylons/pyramid/pull/2021
-
-- Allow a leading ``=`` on the key of the request param predicate.
-  For example, '=abc=1' is equivalent down to
-  ``request.params['=abc'] == '1'``.
-  See https://github.com/Pylons/pyramid/pull/1370
-
-- A new ``request.invoke_exception_view(...)`` method which can be used to
-  invoke an exception view and get back a response. This is useful for
-  rendering an exception view outside of the context of the excview tween
-  where you may need more control over the request.
-  See https://github.com/Pylons/pyramid/pull/2393
-
-- Allow using variable substitutions like ``%(LOGGING_LOGGER_ROOT_LEVEL)s``
-  for logging sections of the .ini file and populate these variables from
-  the ``pserve`` command line -- e.g.:
-  ``pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG``
-  See https://github.com/Pylons/pyramid/pull/2399
-
-Documentation Changes
----------------------
-
-- A complete overhaul of the docs:
-
-  - Use pip instead of easy_install.
-  - Become opinionated by preferring Python 3.4 or greater to simplify
-    installation of Python and its required packaging tools.
-  - Use venv for the tool, and virtual environment for the thing created,
-    instead of virtualenv.
-  - Use py.test and pytest-cov instead of nose and coverage.
-  - Further updates to the scaffolds as well as tutorials and their src files.
-
-  See https://github.com/Pylons/pyramid/pull/2468
-
-- A complete overhaul of the ``alchemy`` scaffold as well as the
-  Wiki2 SQLAlchemy + URLDispatch tutorial to introduce more modern features
-  into the usage of SQLAlchemy with Pyramid and provide a better starting
-  point for new projects.
-  See https://github.com/Pylons/pyramid/pull/2024
-
 Bug Fixes
 ---------
 
-- Fix ``pserve --browser`` to use the ``--server-name`` instead of the
-  app name when selecting a section to use. This was only working for people
-  who had server and app sections with the same name, for example
-  ``[app:main]`` and ``[server:main]``.
-  See https://github.com/Pylons/pyramid/pull/2292
-
 Deprecations
 ------------
 
-- The ``check_csrf`` view predicate has been deprecated. Use the
-  new ``require_csrf`` option or the ``pyramid.require_default_csrf`` setting
-  to ensure that the ``BadCSRFToken`` exception is raised.
-  See https://github.com/Pylons/pyramid/pull/2413
-
-- Support for Python 3.3 will be removed in Pyramid 1.8.
-  https://github.com/Pylons/pyramid/issues/2477
-
-- Python 2.6 is no longer supported by Pyramid. See
-  https://github.com/Pylons/pyramid/issues/2368
-
-- Dropped Python 3.2 support.
-  See https://github.com/Pylons/pyramid/pull/2256
+Documentation Changes
+---------------------