Mark changelogs as ReST, for better Github rendering.

1 files changed, 5773 insertions, 0 deletions

diff --git a/HISTORY.rst b/HISTORY.rst
new file mode 100644
index 000000000..8a92eadcc
--- /dev/null
+++ b/HISTORY.rst
@@ -0,0 +1,5773 @@
+1.9 (2017-06-26)
+================
+
+- No major changes from 1.9b1.
+
+- Updated documentation links for ``docs.pylonsproject.org`` to use HTTPS.
+
+1.9b1 (2017-06-19)
+==================
+
+- Add an informative error message when unknown predicates are supplied. The
+  new message suggests alternatives based on the list of known predicates.
+  See https://github.com/Pylons/pyramid/pull/3054
+
+- Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and
+  resulting source files in tutorials.
+  See https://github.com/Pylons/pyramid/issues/2548
+
+- Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to
+  use shortcut.
+  See https://github.com/Pylons/pyramid/issues/3042
+
+- Ensure the correct threadlocals are pushed during view execution when
+  invoked from ``request.invoke_exception_view``.
+  See https://github.com/Pylons/pyramid/pull/3060
+
+- Fix a bug in which ``pyramid.security.ALL_PERMISSIONS`` failed to return
+  a valid iterator in its ``__iter__`` implementation.
+  See https://github.com/Pylons/pyramid/pull/3074
+
+- Normalize the permission results to a proper class hierarchy.
+  ``pyramid.security.ACLAllowed`` is now a subclass of
+  ``pyramid.security.Allowed`` and ``pyramid.security.ACLDenied`` is now a
+  subclass of ``pyramid.security.Denied``.
+  See https://github.com/Pylons/pyramid/pull/3084
+
+- Add a ``quote_via`` argument to ``pyramid.encode.urlencode`` to follow
+  the stdlib's version and enable custom quoting functions.
+  See https://github.com/Pylons/pyramid/pull/3088
+
+- Support `_query=None` and `_anchor=None` in ``request.route_url`` as well
+  as ``query=None`` and ``anchor=None`` in ``request.resource_url``.
+  Previously this would cause an `?` and a `#`, respectively, in the url
+  with nothing after it. Now the unnecessary parts are dropped from the
+  generated URL. See https://github.com/Pylons/pyramid/pull/3034
+
+- Revamp the ``IRouter`` API used by ``IExecutionPolicy`` to force
+  pushing/popping the request threadlocals. The
+  ``IRouter.make_request(environ)`` API has been replaced by
+  ``IRouter.request_context(environ)`` which should be used as a context
+  manager. See https://github.com/Pylons/pyramid/pull/3086
+
+1.9a2 (2017-05-09)
+==================
+
+Backward Incompatibilities
+--------------------------
+
+- ``request.exception`` and ``request.exc_info`` will only be set if the
+  response was generated by the EXCVIEW tween. This is to avoid any confusion
+  where a response was generated elsewhere in the pipeline and not in
+  direct relation to the original exception. If anyone upstream wants to
+  catch and render responses for exceptions they should set
+  ``request.exception`` and ``request.exc_info`` themselves to indicate
+  the exception that was squashed when generating the response.
+
+  Similar behavior occurs with ``request.invoke_exception_view`` in which
+  the exception properties are set to reflect the exception if a response
+  is successfully generated by the method.
+
+  This is a very minor incompatibility. Most tweens right now would give
+  priority to the raised exception and ignore ``request.exception``. This
+  change just improves and clarifies that bookkeeping by trying to be
+  more clear about the relationship between the response and its squashed
+  exception. See https://github.com/Pylons/pyramid/pull/3029 and
+  https://github.com/Pylons/pyramid/pull/3031
+
+1.9a1 (2017-05-01)
+==================
+
+Major Features
+--------------
+
+- The file format used by all ``p*`` command line scripts such as ``pserve``
+  and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function
+  is now replaceable thanks to a new dependency on
+  `plaster <https://docs.pylonsproject.org/projects/plaster/en/latest/>`_.
+
+  For now, Pyramid is still shipping with integrated support for the
+  PasteDeploy INI format by depending on the
+  `plaster_pastedeploy <https://github.com/Pylons/plaster_pastedeploy>`_
+  binding library. This may change in the future.
+
+  See https://github.com/Pylons/pyramid/pull/2985
+
+- Added an execution policy hook to the request pipeline. An execution
+  policy has the ability to control creation and execution of the request
+  objects before they enter the rest of the pipeline. This means for a single
+  request environ the policy may create more than one request object.
+
+  The first library to use this feature is
+  `pyramid_retry
+  <https://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_.
+
+  See https://github.com/Pylons/pyramid/pull/2964
+
+- CSRF support has been refactored out of sessions and into its own
+  independent API in the ``pyramid.csrf`` module. It supports a pluggable
+  ``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your
+  own mechanism for generating and validating CSRF tokens. By default,
+  Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy``
+  that uses the ``request.session.get_csrf_token`` and
+  ``request.session.new_csrf_token`` APIs under the hood to preserve
+  compatibility. Two new policies are shipped as well,
+  ``pyramid.csrf.SessionCSRFStoragePolicy`` and
+  ``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens
+  in the session and in a standalone cookie, respectively. The storage policy
+  can be changed by using the new
+  ``pyramid.config.Configurator.set_csrf_storage_policy`` config directive.
+
+  CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``,
+  ``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs
+  in order to continue working if the storage policy is changed. Also, the
+  ``pyramid.csrf.get_csrf_token`` function is injected into templates to be
+  used conveniently in UI code.
+
+  See https://github.com/Pylons/pyramid/pull/2854 and
+  https://github.com/Pylons/pyramid/pull/3019
+
+Minor Features
+--------------
+
+- Support an ``open_url`` config setting in the ``pserve`` section of the
+  config file. This url is used to open a web browser when ``pserve --browser``
+  is invoked. When this setting is unavailable the ``pserve`` script will
+  attempt to guess the port the server is using from the
+  ``server:<server_name>`` section of the config file but there is no
+  requirement that the server is being run in this format so it may fail.
+  See https://github.com/Pylons/pyramid/pull/2984
+
+- The ``pyramid.config.Configurator`` can now be used as a context manager
+  which will automatically push/pop threadlocals (similar to
+  ``config.begin()`` and ``config.end()``). It will also automatically perform
+  a ``config.commit()`` and thus it is only recommended to be used at the
+  top-level of your app. See https://github.com/Pylons/pyramid/pull/2874
+
+- The threadlocals are now available inside any function invoked via
+  ``config.include``. This means the only config-time code that cannot rely
+  on threadlocals is code executed from non-actions inside the main. This
+  can be alleviated by invoking ``config.begin()`` and ``config.end()``
+  appropriately or using the new context manager feature of the configurator.
+  See https://github.com/Pylons/pyramid/pull/2989
+
+Bug Fixes
+---------
+
+- HTTPException's accepts a detail kwarg that may be used to pass additional
+  details to the exception. You may now pass objects so long as they have a
+  valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951
+
+- Fix a reference cycle causing memory leaks in which the registry
+  would keep a ``Configurator`` instance alive even after the configurator
+  was discarded. Another fix was also added for the ``global_registries``
+  object in which the registry was stored in a closure preventing it from
+  being deallocated. See https://github.com/Pylons/pyramid/pull/2967
+
+- Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the
+  ``--reload`` option in which ``sys.argv`` is always used in the subprocess
+  instead of the supplied ``argv``.
+  See https://github.com/Pylons/pyramid/pull/2962
+
+Deprecations
+------------
+
+- Pyramid currently depends on ``plaster_pastedeploy`` to simplify the
+  transition to ``plaster`` by maintaining integrated support for INI files.
+  This dependency on ``plaster_pastedeploy`` should be considered subject to
+  Pyramid's deprecation policy and may be removed in the future.
+  Applications should depend on the appropriate plaster binding to satisfy
+  their needs.
+
+- Retrieving CSRF token from the session has been deprecated in favor of
+  equivalent methods in the ``pyramid.csrf`` module. The CSRF methods
+  (``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer
+  required on the ``ISession`` interface except when using the default
+  ``pyramid.csrf.LegacySessionCSRFStoragePolicy``.
+
+  Also, ``pyramid.session.check_csrf_token`` is now located at
+  ``pyramid.csrf.check_csrf_token``.
+
+  See https://github.com/Pylons/pyramid/pull/2854 and
+  https://github.com/Pylons/pyramid/pull/3019
+
+Documentation Changes
+---------------------
+
+- Added the execution policy to the routing diagram in the Request Processing
+  chapter. See https://github.com/Pylons/pyramid/pull/2993
+
+1.8 (2017-01-21)
+================
+
+- No major changes from 1.8b1.
+
+1.8b1 (2017-01-17)
+==================
+
+Features
+--------
+
+- Added an ``override`` option to ``config.add_translation_dirs`` to allow
+  later calls to place translation directories at a higher priority than
+  earlier calls. See https://github.com/Pylons/pyramid/pull/2902
+
+Documentation Changes
+---------------------
+
+- Improve registry documentation to discuss uses as a component registry
+  and as a dictionary. See https://github.com/Pylons/pyramid/pull/2893
+
+- Quick Tour, Quick Tutorial, and most other remaining documentation updated to
+  use cookiecutters instead of pcreate and scaffolds.
+  See https://github.com/Pylons/pyramid/pull/2888 and
+  https://github.com/Pylons/pyramid/pull/2889
+
+- Fix unittests in wiki2 to work without different dependencies between
+  py2 and py3. See https://github.com/Pylons/pyramid/pull/2899
+
+- Update Windows documentation to track newer Python 3 improvements to the
+  installer. See https://github.com/Pylons/pyramid/pull/2900
+
+- Updated the ``mod_wsgi`` tutorial to use cookiecutters and Apache 2.4+.
+  See https://github.com/Pylons/pyramid/pull/2901
+
+1.8a1 (2016-12-25)
+==================
+
+Backward Incompatibilities
+--------------------------
+
+- Support for the ``IContextURL`` interface that was deprecated in Pyramid 1.3
+  has been removed.  See https://github.com/Pylons/pyramid/pull/2822
+
+- Following the Pyramid deprecation period (1.6 -> 1.8),
+  daemon support for pserve has been removed. This includes removing the
+  daemon commands (start, stop, restart, status) as well as the following
+  arguments: ``--daemon``, ``--pid-file``, ``--log-file``,
+  ``--monitor-restart``, ``--status``, ``--user``, ``--group``,
+  ``--stop-daemon``
+
+  To run your server as a daemon you should use a process manager instead of
+  pserve.
+
+  See https://github.com/Pylons/pyramid/pull/2615
+
+- ``pcreate`` is now interactive by default. You will be prompted if a file
+  already exists with different content. Previously if there were similar
+  files it would silently skip them unless you specified ``--interactive``
+  or ``--overwrite``.
+  See https://github.com/Pylons/pyramid/pull/2775
+
+- Removed undocumented argument ``cachebust_match`` from
+  ``pyramid.static.static_view``. This argument was shipped accidentally
+  in Pyramid 1.6. See https://github.com/Pylons/pyramid/pull/2681
+
+- Change static view to avoid setting the ``Content-Encoding`` response header
+  to an encoding guessed using Python's ``mimetypes`` module. This was causing
+  clients to decode the content of gzipped files when downloading them. The
+  client would end up with a ``foo.txt.gz`` file on disk that was already
+  decoded, thus should really be ``foo.txt``. Also, the ``Content-Encoding``
+  should only have been used if the client itself broadcast support for the
+  encoding via ``Accept-Encoding`` request headers.
+  See https://github.com/Pylons/pyramid/pull/2810
+
+- Settings are no longer accessible as attributes on the settings object
+  (e.g. ``request.registry.settings.foo``). This was deprecated in Pyramid 1.2.
+  See https://github.com/Pylons/pyramid/pull/2823
+
+Features
+--------
+
+- Python 3.6 compatibility.
+  https://github.com/Pylons/pyramid/issues/2835
+
+- ``pcreate`` learned about ``--package-name`` to allow you to create a new
+  project in an existing folder with a different package name than the project
+  name. See https://github.com/Pylons/pyramid/pull/2783
+
+- The ``_get_credentials`` private method of ``BasicAuthAuthenticationPolicy``
+  has been extracted into standalone function ``extract_http_basic_credentials``
+  in ``pyramid.authentication`` module, this function extracts HTTP Basic
+  credentials from a ``request`` object, and returns them as a named tuple.
+  See https://github.com/Pylons/pyramid/pull/2662
+
+- Pyramid 1.4 silently dropped a feature of the configurator that has been
+  restored. It's again possible for action discriminators to conflict across
+  different action orders.
+  See https://github.com/Pylons/pyramid/pull/2757
+
+- ``pyramid.paster.bootstrap`` and its sibling ``pyramid.scripting.prepare``
+  can now be used as context managers to automatically invoke the ``closer``
+  and pop threadlocals off of the stack to prevent memory leaks.
+  See https://github.com/Pylons/pyramid/pull/2760
+
+- Added ``pyramid.config.Configurator.add_exception_view`` and the
+  ``pyramid.view.exception_view_config`` decorator. It is now possible using
+  these methods or via the new ``exception_only=True`` option to ``add_view``
+  to add a view which will only be matched when handling an exception.
+  Previously any exception views were also registered for a traversal
+  context that inherited from the exception class which prevented any
+  exception-only optimizations.
+  See https://github.com/Pylons/pyramid/pull/2660
+
+- Added the ``exception_only`` boolean to
+  ``pyramid.interfaces.IViewDeriverInfo`` which can be used by view derivers
+  to determine if they are wrapping a view which only handles exceptions.
+  This means that it is no longer necessary to perform request-time checks
+  for ``request.exception`` to determine if the view is handling an exception
+  - the pipeline can be optimized at config-time.
+  See https://github.com/Pylons/pyramid/pull/2660
+
+- ``pserve`` should now work with ``gevent`` and other workers that need
+  to monkeypatch the process, assuming the server and / or the app do so
+  as soon as possible before importing the rest of pyramid.
+  See https://github.com/Pylons/pyramid/pull/2797
+
+- Pyramid no longer copies the settings object passed to the
+  ``pyramid.config.Configurator(settings=)``. The original ``dict`` is kept.
+  See https://github.com/Pylons/pyramid/pull/2823
+
+- The csrf trusted origins setting may now be a whitespace-separated list of
+  domains. Previously only a python list was allowed. Also, it can now be set
+  using the ``PYRAMID_CSRF_TRUSTED_ORIGINS`` environment variable similar to
+  other settings. See https://github.com/Pylons/pyramid/pull/2823
+
+- ``pserve --reload`` now uses the
+  `hupper <http://docs.pylonsproject.org/projects/hupper/en/latest/>`
+  library to monitor file changes. This comes with many improvements:
+
+  - If the `watchdog <http://pythonhosted.org/watchdog/>`_ package is
+    installed then monitoring will be done using inotify instead of
+    cpu and disk-intensive polling.
+
+  - The monitor is now a separate process that will not crash and starts up
+    before any of your code.
+
+  - The monitor will not restart the process after a crash until a file is
+    saved.
+
+  - The monitor works on windows.
+
+  - You can now trigger a reload manually from a pyramid view or any other
+    code via ``hupper.get_reloader().trigger_reload()``. Kind of neat.
+
+  - You can trigger a reload by issuing a ``SIGHUP`` to the monitor process.
+
+  See https://github.com/Pylons/pyramid/pull/2805
+
+- A new ``[pserve]`` section is supported in your config files with a
+  ``watch_files`` key that can configure ``pserve --reload`` to monitor custom
+  file paths. See https://github.com/Pylons/pyramid/pull/2827
+
+- Allow streaming responses to be made from subclasses of
+  ``pyramid.httpexceptions.HTTPException``. Previously the response would
+  be unrolled while testing for a body, making it impossible to stream
+  a response.
+  See https://github.com/Pylons/pyramid/pull/2863
+
+- Update starter, alchemy and zodb scaffolds to support IPv6 by using the
+  new ``listen`` directives in waitress.
+  See https://github.com/Pylons/pyramid/pull/2853
+
+- All p* scripts now use argparse instead of optparse. This improves their
+  ``--help`` output as well as enabling nicer documentation of their options.
+  See https://github.com/Pylons/pyramid/pull/2864
+
+- Any deferred configuration action registered via ``config.action`` may now
+  depend on threadlocal state, such as asset overrides, being active when
+  the action is executed.
+  See https://github.com/Pylons/pyramid/pull/2873
+
+- Asset specifications for directories passed to
+  ``config.add_translation_dirs`` now support overriding the entire asset
+  specification, including the folder name. Previously only the package name
+  was supported and the folder would always need to have the same name.
+  See https://github.com/Pylons/pyramid/pull/2873
+
+- ``config.begin()`` will propagate the current threadlocal request through
+  as long as the registry is the same. For example:
+
+  .. code-block:: python
+
+     request = Request.blank(...)
+     config.begin(request)  # pushes a request
+     config.begin()         # propagates the previous request through unchanged
+     assert get_current_request() is request
+
+  See https://github.com/Pylons/pyramid/pull/2873
+
+- Added a new ``callback`` option to ``config.set_default_csrf_options`` which
+  can be used to determine per-request whether CSRF checking should be enabled
+  to allow for a mix authentication methods. Only cookie-based methods
+  generally require CSRF checking.
+  See https://github.com/Pylons/pyramid/pull/2778
+
+Bug Fixes
+---------
+
+- Fixed bug in ``proutes`` such that it now shows the correct view when a
+  class and ``attr`` is involved.
+  See: https://github.com/Pylons/pyramid/pull/2687
+
+- Fix a ``FutureWarning`` in Python 3.5 when using ``re.split`` on the
+  ``format`` setting to the ``proutes`` script.
+  See https://github.com/Pylons/pyramid/pull/2714
+
+- Fix a ``RuntimeWarning`` emitted by WebOb when using arbitrary objects
+  as the ``userid`` in the ``AuthTktAuthenticationPolicy``. This is now caught
+  by the policy and the object is serialized as a base64 string to avoid
+  the cryptic warning. Since the userid will be read back as a string on
+  subsequent requests a more useful warning is emitted encouraging you to
+  use a primitive type instead.
+  See https://github.com/Pylons/pyramid/pull/2715
+
+- Pyramid 1.6 introduced the ability for an action to invoke another action.
+  There was a bug in the way that ``config.add_view`` would interact with
+  custom view derivers introduced in Pyramid 1.7 because the view's
+  discriminator cannot be computed until view derivers and view predicates
+  have been created in earlier orders. Invoking an action from another action
+  would trigger an unrolling of the pipeline and would compute discriminators
+  before they were ready. The new behavior respects the ``order`` of the action
+  and ensures the discriminators are not computed until dependent actions
+  from previous orders have executed.
+  See https://github.com/Pylons/pyramid/pull/2757
+
+- Fix bug in i18n where the default domain would always use the Germanic plural
+  style, even if a different plural function is defined in the relevant
+  messages file. See https://github.com/Pylons/pyramid/pull/2859
+
+- The ``config.override_asset`` method now occurs during
+  ``pyramid.config.PHASE1_CONFIG`` such that it is ordered to execute before
+  any calls to ``config.add_translation_dirs``.
+  See https://github.com/Pylons/pyramid/pull/2873
+
+Deprecations
+------------
+
+- The ``pcreate`` script and related scaffolds have been deprecated in favor
+  of the popular
+  `cookiecutter <https://cookiecutter.readthedocs.io/en/latest/>`_ project.
+
+  All of Pyramid's official scaffolds as well as the tutorials have been
+  ported to cookiecutters:
+
+  - `pyramid-cookiecutter-starter
+    <https://github.com/Pylons/pyramid-cookiecutter-starter>`_
+
+  - `pyramid-cookiecutter-alchemy
+    <https://github.com/Pylons/pyramid-cookiecutter-alchemy>`_
+
+  - `pyramid-cookiecutter-zodb
+    <https://github.com/Pylons/pyramid-cookiecutter-zodb>`_
+
+  See https://github.com/Pylons/pyramid/pull/2780
+
+Documentation Changes
+---------------------
+
+- Update Typographical Conventions.
+  https://github.com/Pylons/pyramid/pull/2838
+
+- Add `pyramid_nacl_session
+  <http://docs.pylonsproject.org/projects/pyramid-nacl-session/en/latest/>`_
+  to session factories. See https://github.com/Pylons/pyramid/issues/2791
+
+- Update ``HACKING.txt`` from stale branch that was never merged to master.
+  See https://github.com/Pylons/pyramid/pull/2782
+
+- Updated Windows installation instructions and related bits.
+  See https://github.com/Pylons/pyramid/issues/2661
+
+- Fix an inconsistency in the documentation between view predicates and
+  route predicates and highlight the differences in their APIs.
+  See https://github.com/Pylons/pyramid/pull/2764
+
+- Clarify a possible misuse of the ``headers`` kwarg to subclasses of
+  ``pyramid.httpexceptions.HTTPException`` in which more appropriate
+  kwargs from the parent class ``pyramid.response.Response`` should be
+  used instead. See https://github.com/Pylons/pyramid/pull/2750
+
+- The SQLAlchemy + URL Dispatch + Jinja2 (``wiki2``) and
+  ZODB + Traversal + Chameleon (``wiki``) tutorials have been updated to
+  utilize the new cookiecutters and drop support for the ``pcreate``
+  scaffolds.
+
+  See https://github.com/Pylons/pyramid/pull/2881 and
+  https://github.com/Pylons/pyramid/pull/2883.
+
+- Improve output of p* script descriptions for help.
+  See https://github.com/Pylons/pyramid/pull/2886
+
+- Quick Tour updated to use cookiecutters instead of pcreate and scaffolds.
+  See https://github.com/Pylons/pyramid/pull/2888
+
+1.7 (2016-05-19)
+================
+
+- Fix a bug in the wiki2 tutorial where bcrypt is always expecting byte
+  strings. See https://github.com/Pylons/pyramid/pull/2576
+
+- Simplify windows detection code and remove some duplicated data.
+  See https://github.com/Pylons/pyramid/pull/2585 and
+  https://github.com/Pylons/pyramid/pull/2586
+
+1.7b4 (2016-05-12)
+==================
+
+- Fixed the exception view tween to re-raise the original exception if
+  no exception view could be found to handle the exception. This better
+  allows tweens further up the chain to handle exceptions that were
+  left unhandled. Previously they would be converted into a
+  ``PredicateMismatch`` exception if predicates failed to allow the view to
+  handle the exception.
+  See https://github.com/Pylons/pyramid/pull/2567
+
+- Exposed the ``pyramid.interfaces.IRequestFactory`` interface to mirror
+  the public ``pyramid.interfaces.IResponseFactory`` interface.
+
+1.7b3 (2016-05-10)
+==================
+
+- Fix ``request.invoke_exception_view`` to raise an ``HTTPNotFound``
+  exception if no view is matched. Previously ``None`` would be returned
+  if no views were matched and a ``PredicateMismatch`` would be raised if
+  a view "almost" matched (a view was found matching the context).
+  See https://github.com/Pylons/pyramid/pull/2564
+
+- Add defaults for py.test configuration and coverage to all three scaffolds,
+  and update documentation accordingly.
+  See https://github.com/Pylons/pyramid/pull/2550
+
+- Add ``linkcheck`` to ``Makefile`` for Sphinx. To check the documentation for
+  broken links, use the command ``make linkcheck
+  SPHINXBUILD=$VENV/bin/sphinx-build``. Also removed and fixed dozens of broken
+  external links.
+
+- Fix the internal runner for scaffold tests to ensure they work with pip
+  and py.test.
+  See https://github.com/Pylons/pyramid/pull/2565
+
+1.7b2 (2016-05-01)
+==================
+
+- Removed inclusion of pyramid_tm in development.ini for alchemy scaffold
+  See https://github.com/Pylons/pyramid/issues/2538
+
+- A default permission set via ``config.set_default_permission`` will no
+  longer be enforced on an exception view. This has been the case for a while
+  with the default exception views (``config.add_notfound_view`` and
+  ``config.add_forbidden_view``), however for any other exception view a
+  developer had to remember to set ``permission=NO_PERMISSION_REQUIRED`` or
+  be surprised when things didn't work. It is still possible to force a
+  permission check on an exception view by setting the ``permission`` argument
+  manually to ``config.add_view``. This behavior is consistent with the new
+  CSRF features added in the 1.7 series.
+  See https://github.com/Pylons/pyramid/pull/2534
+
+1.7b1 (2016-04-25)
+==================
+
+- This release announces the beta period for 1.7.
+
+- Fix an issue where some files were being included in the alchemy scafffold
+  which had been removed from the 1.7 series.
+  See https://github.com/Pylons/pyramid/issues/2525
+
+1.7a2 (2016-04-19)
+==================
+
+Features
+--------
+
+- Automatic CSRF checks are now disabled by default on exception views. They
+  can be turned back on by setting the appropriate `require_csrf` option on
+  the view.
+  See https://github.com/Pylons/pyramid/pull/2517
+
+- The automatic CSRF API was reworked to use a config directive for
+  setting the options. The ``pyramid.require_default_csrf`` setting is
+  no longer supported. Instead, a new ``config.set_default_csrf_options``
+  directive has been introduced that allows the developer to specify
+  the default value for ``require_csrf`` as well as change the CSRF token,
+  header and safe request methods. The ``pyramid.csrf_trusted_origins``
+  setting is still supported.
+  See https://github.com/Pylons/pyramid/pull/2518
+
+Bug fixes
+---------
+
+- CSRF origin checks had a bug causing the checks to always fail.
+  See https://github.com/Pylons/pyramid/pull/2512
+
+- Fix the test suite to pass on windows.
+  See https://github.com/Pylons/pyramid/pull/2520
+
+1.7a1 (2016-04-16)
+==================
+
+Backward Incompatibilities
+--------------------------
+
+- Following the Pyramid deprecation period (1.4 -> 1.6),
+  AuthTktAuthenticationPolicy's default hashing algorithm is changing from md5
+  to sha512. If you are using the authentication policy and need to continue
+  using md5, please explicitly set hashalg to 'md5'.
+
+  This change does mean that any existing auth tickets (and associated cookies)
+  will no longer be valid, and users will no longer be logged in, and have to
+  login to their accounts again.
+
+  See https://github.com/Pylons/pyramid/pull/2496
+
+- The ``check_csrf_token`` function no longer validates a csrf token in the
+  query string of a request. Only headers and request bodies are supported.
+  See https://github.com/Pylons/pyramid/pull/2500
+
+Features
+--------
+
+- Added a new setting, ``pyramid.require_default_csrf`` which may be used
+  to turn on CSRF checks globally for every POST request in the application.
+  This should be considered a good default for websites built on Pyramid.
+  It is possible to opt-out of CSRF checks on a per-view basis by setting
+  ``require_csrf=False`` on those views.
+  See https://github.com/Pylons/pyramid/pull/2413
+
+- Added a ``require_csrf`` view option which will enforce CSRF checks on any
+  request with an unsafe method as defined by RFC2616. If the CSRF check fails
+  a ``BadCSRFToken`` exception will be raised and may be caught by exception
+  views (the default response is a ``400 Bad Request``). This option should be
+  used in place of the deprecated ``check_csrf`` view predicate which would
+  normally result in unexpected ``404 Not Found`` response to the client
+  instead of a catchable exception.  See
+  https://github.com/Pylons/pyramid/pull/2413 and
+  https://github.com/Pylons/pyramid/pull/2500
+
+- Added an additional CSRF validation that checks the origin/referrer of a
+  request and makes sure it matches the current ``request.domain``. This
+  particular check is only active when accessing a site over HTTPS as otherwise
+  browsers don't always send the required information. If this additional CSRF
+  validation fails a ``BadCSRFOrigin`` exception will be raised and may be
+  caught by exception views (the default response is ``400 Bad Request``).
+  Additional allowed origins may be configured by setting
+  ``pyramid.csrf_trusted_origins`` to a list of domain names (with ports if on
+  a non standard port) to allow. Subdomains are not allowed unless the domain
+  name has been prefixed with a ``.``. See
+  https://github.com/Pylons/pyramid/pull/2501
+
+- Added a new ``pyramid.session.check_csrf_origin`` API for validating the
+  origin or referrer headers against the request's domain.
+  See https://github.com/Pylons/pyramid/pull/2501
+
+- Pyramid HTTPExceptions will now take into account the best match for the
+  clients Accept header, and depending on what is requested will return
+  text/html, application/json or text/plain. The default for */* is still
+  text/html, but if application/json is explicitly mentioned it will now
+  receive a valid JSON response. See
+  https://github.com/Pylons/pyramid/pull/2489
+
+- A new event and interface (BeforeTraversal) has been introduced that will
+  notify listeners before traversal starts in the router. See
+  https://github.com/Pylons/pyramid/pull/2469 and
+  https://github.com/Pylons/pyramid/pull/1876
+
+- Add a new "view deriver" concept to Pyramid to allow framework authors to
+  inject elements into the standard Pyramid view pipeline and affect all
+  views in an application. This is similar to a decorator except that it
+  has access to options passed to ``config.add_view`` and can affect other
+  stages of the pipeline such as the raw response from a view or prior to
+  security checks. See https://github.com/Pylons/pyramid/pull/2021
+
+- Allow a leading ``=`` on the key of the request param predicate.
+  For example, '=abc=1' is equivalent down to
+  ``request.params['=abc'] == '1'``.
+  See https://github.com/Pylons/pyramid/pull/1370
+
+- A new ``request.invoke_exception_view(...)`` method which can be used to
+  invoke an exception view and get back a response. This is useful for
+  rendering an exception view outside of the context of the excview tween
+  where you may need more control over the request.
+  See https://github.com/Pylons/pyramid/pull/2393
+
+- Allow using variable substitutions like ``%(LOGGING_LOGGER_ROOT_LEVEL)s``
+  for logging sections of the .ini file and populate these variables from
+  the ``pserve`` command line -- e.g.:
+  ``pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG``
+  See https://github.com/Pylons/pyramid/pull/2399
+
+Documentation Changes
+---------------------
+
+- A complete overhaul of the docs:
+
+  - Use pip instead of easy_install.
+  - Become opinionated by preferring Python 3.4 or greater to simplify
+    installation of Python and its required packaging tools.
+  - Use venv for the tool, and virtual environment for the thing created,
+    instead of virtualenv.
+  - Use py.test and pytest-cov instead of nose and coverage.
+  - Further updates to the scaffolds as well as tutorials and their src files.
+
+  See https://github.com/Pylons/pyramid/pull/2468
+
+- A complete overhaul of the ``alchemy`` scaffold as well as the
+  Wiki2 SQLAlchemy + URLDispatch tutorial to introduce more modern features
+  into the usage of SQLAlchemy with Pyramid and provide a better starting
+  point for new projects.
+  See https://github.com/Pylons/pyramid/pull/2024
+
+Bug Fixes
+---------
+
+- Fix ``pserve --browser`` to use the ``--server-name`` instead of the
+  app name when selecting a section to use. This was only working for people
+  who had server and app sections with the same name, for example
+  ``[app:main]`` and ``[server:main]``.
+  See https://github.com/Pylons/pyramid/pull/2292
+
+Deprecations
+------------
+
+- The ``check_csrf`` view predicate has been deprecated. Use the
+  new ``require_csrf`` option or the ``pyramid.require_default_csrf`` setting
+  to ensure that the ``BadCSRFToken`` exception is raised.
+  See https://github.com/Pylons/pyramid/pull/2413
+
+- Support for Python 3.3 will be removed in Pyramid 1.8.
+  https://github.com/Pylons/pyramid/issues/2477
+
+- Python 2.6 is no longer supported by Pyramid. See
+  https://github.com/Pylons/pyramid/issues/2368
+
+- Dropped Python 3.2 support.
+  See https://github.com/Pylons/pyramid/pull/2256
+
+1.6 (2016-01-03)
+================
+
+Deprecations
+------------
+
+- Continue removal of ``pserve`` daemon/process management features
+  by deprecating ``--user`` and ``--group`` options.
+  See https://github.com/Pylons/pyramid/pull/2190
+
+1.6b3 (2015-12-17)
+==================
+
+Backward Incompatibilities
+--------------------------
+
+- Remove the ``cachebust`` option from ``config.add_static_view``. See
+  ``config.add_cache_buster`` for the new way to attach cache busters to
+  static assets.
+  See https://github.com/Pylons/pyramid/pull/2186
+
+- Modify the ``pyramid.interfaces.ICacheBuster`` API to be a simple callable
+  instead of an object with ``match`` and ``pregenerate`` methods. Cache
+  busters are now focused solely on generation. Matching has been dropped.
+
+  Note this affects usage of ``pyramid.static.QueryStringCacheBuster`` and
+  ``pyramid.static.ManifestCacheBuster``.
+
+  See https://github.com/Pylons/pyramid/pull/2186
+
+Features
+--------
+
+- Add a new ``config.add_cache_buster`` API for attaching cache busters to
+  static assets. See https://github.com/Pylons/pyramid/pull/2186
+
+Bug Fixes
+---------
+
+- Ensure that ``IAssetDescriptor.abspath`` always returns an absolute path.
+  There were cases depending on the process CWD that a relative path would
+  be returned. See https://github.com/Pylons/pyramid/issues/2188
+
+1.6b2 (2015-10-15)
+==================
+
+Features
+--------
+
+- Allow asset specifications to be supplied to
+  ``pyramid.static.ManifestCacheBuster`` instead of requiring a
+  filesystem path.
+
+1.6b1 (2015-10-15)
+==================
+
+Backward Incompatibilities
+--------------------------
+
+- IPython and BPython support have been removed from pshell in the core.
+  To continue using them on Pyramid 1.6+ you must install the binding
+  packages explicitly::
+
+    $ pip install pyramid_ipython
+
+    or
+
+    $ pip install pyramid_bpython
+
+- Remove default cache busters introduced in 1.6a1 including
+  ``PathSegmentCacheBuster``, ``PathSegmentMd5CacheBuster``, and
+  ``QueryStringMd5CacheBuster``.
+  See https://github.com/Pylons/pyramid/pull/2116
+
+Features
+--------
+
+- Additional shells for ``pshell`` can now be registered as entrypoints. See
+  https://github.com/Pylons/pyramid/pull/1891 and
+  https://github.com/Pylons/pyramid/pull/2012
+
+- The variables injected into ``pshell`` are now displayed with their
+  docstrings instead of the default ``str(obj)`` when possible.
+  See https://github.com/Pylons/pyramid/pull/1929
+
+- Add new ``pyramid.static.ManifestCacheBuster`` for use with external
+  asset pipelines as well as examples of common usages in the narrative.
+  See https://github.com/Pylons/pyramid/pull/2116
+
+- Fix ``pserve --reload`` to not crash on syntax errors!!!
+  See https://github.com/Pylons/pyramid/pull/2125
+
+- Fix an issue when user passes unparsed strings to ``pyramid.session.CookieSession``
+  and ``pyramid.authentication.AuthTktCookieHelper`` for time related parameters
+  ``timeout``, ``reissue_time``, ``max_age`` that expect an integer value.
+  See https://github.com/Pylons/pyramid/pull/2050
+
+Bug Fixes
+---------
+
+- ``pyramid.httpexceptions.HTTPException`` now defaults to
+  ``520 Unknown Error`` instead of ``None None`` to conform with changes in
+  WebOb 1.5.
+  See https://github.com/Pylons/pyramid/pull/1865
+
+- ``pshell`` will now preserve the capitalization of variables in the
+  ``[pshell]`` section of the INI file. This makes exposing classes to the
+  shell a little more straightfoward.
+  See https://github.com/Pylons/pyramid/pull/1883
+
+- Fixed usage of ``pserve --monitor-restart --daemon`` which would fail in
+  horrible ways. See https://github.com/Pylons/pyramid/pull/2118
+
+- Explicitly prevent ``pserve --reload --daemon`` from being used. It's never
+  been supported but would work and fail in weird ways.
+  See https://github.com/Pylons/pyramid/pull/2119
+
+- Fix an issue on Windows when running ``pserve --reload`` in which the
+  process failed to fork because it could not find the pserve script to
+  run. See https://github.com/Pylons/pyramid/pull/2138
+
+Deprecations
+------------
+
+- Deprecate ``pserve --monitor-restart`` in favor of user's using a real
+  process manager such as Systemd or Upstart as well as Python-based
+  solutions like Circus and Supervisor.
+  See https://github.com/Pylons/pyramid/pull/2120
+
+1.6a2 (2015-06-30)
+==================
+
+Bug Fixes
+---------
+
+- Ensure that ``pyramid.httpexceptions.exception_response`` returns the
+  appropriate "concrete" class for ``400`` and ``500`` status codes.
+  See https://github.com/Pylons/pyramid/issues/1832
+
+- Fix an infinite recursion bug introduced in 1.6a1 when
+  ``pyramid.view.render_view_to_response`` was called directly or indirectly.
+  See https://github.com/Pylons/pyramid/issues/1643
+
+- Further fix the JSONP renderer by prefixing the returned content with
+  a comment. This should mitigate attacks from Flash (See CVE-2014-4671).
+  See https://github.com/Pylons/pyramid/pull/1649
+
+- Allow periods and brackets (``[]``) in the JSONP callback. The original
+  fix was overly-restrictive and broke Angular.
+  See https://github.com/Pylons/pyramid/pull/1649
+
+1.6a1 (2015-04-15)
+==================
+
+Features
+--------
+
+- pcreate will now ask for confirmation if invoked with
+  an argument for a project name that already exists or
+  is importable in the current environment.
+  See https://github.com/Pylons/pyramid/issues/1357 and
+  https://github.com/Pylons/pyramid/pull/1837
+
+- Make it possible to subclass ``pyramid.request.Request`` and also use
+  ``pyramid.request.Request.add_request.method``.  See
+  https://github.com/Pylons/pyramid/issues/1529
+
+- The ``pyramid.config.Configurator`` has grown the ability to allow
+  actions to call other actions during a commit-cycle. This enables much more
+  logic to be placed into actions, such as the ability to invoke other actions
+  or group them for improved conflict detection. We have also exposed and
+  documented the config phases that Pyramid uses in order to further assist
+  in building conforming addons.
+  See https://github.com/Pylons/pyramid/pull/1513
+
+- Add ``pyramid.request.apply_request_extensions`` function which can be
+  used in testing to apply any request extensions configured via
+  ``config.add_request_method``. Previously it was only possible to test
+  the extensions by going through Pyramid's router.
+  See https://github.com/Pylons/pyramid/pull/1581
+
+- pcreate when run without a scaffold argument will now print information on
+  the missing flag, as well as a list of available scaffolds.
+  See https://github.com/Pylons/pyramid/pull/1566 and
+  https://github.com/Pylons/pyramid/issues/1297
+
+- Added support / testing for 'pypy3' under Tox and Travis.
+  See https://github.com/Pylons/pyramid/pull/1469
+
+- Automate code coverage metrics across py2 and py3 instead of just py2.
+  See https://github.com/Pylons/pyramid/pull/1471
+
+- Cache busting for static resources has been added and is available via a new
+  argument to ``pyramid.config.Configurator.add_static_view``: ``cachebust``.
+  Core APIs are shipped for both cache busting via query strings and
+  path segments and may be extended to fit into custom asset pipelines.
+  See https://github.com/Pylons/pyramid/pull/1380 and
+  https://github.com/Pylons/pyramid/pull/1583
+
+- Add ``pyramid.config.Configurator.root_package`` attribute and init
+  parameter to assist with includeable packages that wish to resolve
+  resources relative to the package in which the ``Configurator`` was created.
+  This is especially useful for addons that need to load asset specs from
+  settings, in which case it is may be natural for a developer to define
+  imports or assets relative to the top-level package.
+  See https://github.com/Pylons/pyramid/pull/1337
+
+- Added line numbers to the log formatters in the scaffolds to assist with
+  debugging. See https://github.com/Pylons/pyramid/pull/1326
+
+- Add new HTTP exception objects for status codes
+  ``428 Precondition Required``, ``429 Too Many Requests`` and
+  ``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``.
+  See https://github.com/Pylons/pyramid/pull/1372/files
+
+- The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is
+  defined in the environment prior to launching the interpreter.
+  See https://github.com/Pylons/pyramid/pull/1448
+
+- Make it simple to define notfound and forbidden views that wish to use
+  the default exception-response view but with altered predicates and other
+  configuration options. The ``view`` argument is now optional in
+  ``config.add_notfound_view`` and ``config.add_forbidden_view``..
+  See https://github.com/Pylons/pyramid/issues/494
+
+- Greatly improve the readability of the ``pcreate`` shell script output.
+  See https://github.com/Pylons/pyramid/pull/1453
+
+- Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and
+  the ``SignedCookieSessionFactory`` classes by using the stdlib's
+  ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+).
+  See https://github.com/Pylons/pyramid/pull/1457
+
+- Assets can now be overidden by an absolute path on the filesystem when using
+  the ``config.override_asset`` API. This makes it possible to fully support
+  serving up static content from a mutable directory while still being able
+  to use the ``request.static_url`` API and ``config.add_static_view``.
+  Previously it was not possible to use ``config.add_static_view`` with an
+  absolute path **and** generate urls to the content. This change replaces
+  the call, ``config.add_static_view('/abs/path', 'static')``, with
+  ``config.add_static_view('myapp:static', 'static')`` and
+  ``config.override_asset(to_override='myapp:static/',
+  override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely
+  made up and does not need to exist - it is used for generating urls
+  via ``request.static_url('myapp:static/foo.png')``.
+  See https://github.com/Pylons/pyramid/issues/1252
+
+- Added ``pyramid.config.Configurator.set_response_factory`` and the
+  ``response_factory`` keyword argument to the ``Configurator`` for defining
+  a factory that will return a custom ``Response`` class.
+  See https://github.com/Pylons/pyramid/pull/1499
+
+- Allow an iterator to be returned from a renderer. Previously it was only
+  possible to return bytes or unicode.
+  See https://github.com/Pylons/pyramid/pull/1417
+
+- ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server
+  URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533
+
+- Overall improvments for the ``proutes`` command. Added ``--format`` and
+  ``--glob`` arguments to the command, introduced the ``method``
+  column for displaying available request methods, and improved the ``view``
+  output by showing the module instead of just ``__repr__``.
+  See https://github.com/Pylons/pyramid/pull/1488
+
+- Support keyword-only arguments and function annotations in views in
+  Python 3. See https://github.com/Pylons/pyramid/pull/1556
+
+- ``request.response`` will no longer be mutated when using the
+  ``pyramid.renderers.render_to_response()`` API.  It is now necessary to
+  pass in a ``response=`` argument to ``render_to_response`` if you wish to
+  supply the renderer with a custom response object for it to use. If you
+  do not pass one then a response object will be created using the
+  application's ``IResponseFactory``. Almost all renderers
+  mutate the ``request.response`` response object (for example, the JSON
+  renderer sets ``request.response.content_type`` to ``application/json``).
+  However, when invoking ``render_to_response`` it is not expected that the
+  response object being returned would be the same one used later in the
+  request. The response object returned from ``render_to_response`` is now
+  explicitly different from ``request.response``. This does not change the
+  API of a renderer. See https://github.com/Pylons/pyramid/pull/1563
+
+- The ``append_slash`` argument of ```Configurator().add_notfound_view()`` will
+  now accept anything that implements the ``IResponse`` interface and will use
+  that as the response class instead of the default ``HTTPFound``.  See
+  https://github.com/Pylons/pyramid/pull/1610
+
+Bug Fixes
+---------
+
+- The JSONP renderer created JavaScript code in such a way that a callback
+  variable could be used to arbitrarily inject javascript into the response
+  object. https://github.com/Pylons/pyramid/pull/1627
+
+- Work around an issue where ``pserve --reload`` would leave terminal echo
+  disabled if it reloaded during a pdb session.
+  See https://github.com/Pylons/pyramid/pull/1577,
+  https://github.com/Pylons/pyramid/pull/1592
+
+- ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise
+  ``ValueError`` when accidentally passed ``None``.
+  See https://github.com/Pylons/pyramid/pull/1320
+
+- Fix an issue whereby predicates would be resolved as maybe_dotted in the
+  introspectable but not when passed for registration. This would mean that
+  ``add_route_predicate`` for example can not take a string and turn it into
+  the actual callable function.
+  See https://github.com/Pylons/pyramid/pull/1306
+
+- Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper
+  package. Previously it was not possible to do package-relative includes
+  using the returned ``Configurator`` during testing. There is now a
+  ``package`` argument that can override this behavior as well.
+  See https://github.com/Pylons/pyramid/pull/1322
+
+- Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset
+  where it does not belong. See https://github.com/Pylons/pyramid/pull/1251
+
+- Work around a bug introduced in Python 2.7.7 on Windows where
+  ``mimetypes.guess_type`` returns Unicode rather than str for the content
+  type, unlike any previous version of Python.  See
+  https://github.com/Pylons/pyramid/issues/1360 for more information.
+
+- ``pcreate`` now normalizes the package name by converting hyphens to
+  underscores. See https://github.com/Pylons/pyramid/pull/1376
+
+- Fix an issue with the final response/finished callback being unable to
+  add another callback to the list. See
+  https://github.com/Pylons/pyramid/pull/1373
+
+- Fix a failing unittest caused by differing mimetypes across various OSs.
+  See https://github.com/Pylons/pyramid/issues/1405
+
+- Fix route generation for static view asset specifications having no path.
+  See https://github.com/Pylons/pyramid/pull/1377
+
+- Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no
+  valid request object. In this case it will not wrap the object in a
+  callback and thus behave just like the ``pyramid.renderers.JSON`` renderer.
+  See https://github.com/Pylons/pyramid/pull/1561
+
+- Prevent "parameters to load are deprecated" ``DeprecationWarning``
+  from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541
+
+- Avoiding sharing the ``IRenderer`` objects across threads when attached to
+  a view using the `renderer=` argument. These renderers were instantiated
+  at time of first render and shared between requests, causing potentially
+  subtle effects like `pyramid.reload_templates = true` failing to work
+  in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575
+  and https://github.com/Pylons/pyramid/issues/1268
+
+- Avoiding timing attacks against CSRF tokens.
+  See https://github.com/Pylons/pyramid/pull/1574
+
+- ``request.finished_callbacks`` and ``request.response_callbacks`` now
+  default to an iterable instead of ``None``. It may be checked for a length
+  of 0. This was the behavior in 1.5.
+
+Deprecations
+------------
+
+- The ``pserve`` command's daemonization features have been deprecated. This
+  includes the ``[start,stop,restart,status]`` subcommands as well as the
+  ``--daemon``, ``--stop-server``, ``--pid-file``, and ``--status`` flags.
+
+  Please use a real process manager in the future instead of relying on the
+  ``pserve`` to daemonize itself. Many options exist including your Operating
+  System's services such as Systemd or Upstart, as well as Python-based
+  solutions like Circus and Supervisor.
+
+  See https://github.com/Pylons/pyramid/pull/1641
+
+- Renamed the ``principal`` argument to ``pyramid.security.remember()`` to
+  ``userid`` in order to clarify its intended purpose.
+  See https://github.com/Pylons/pyramid/pull/1399
+
+Docs
+----
+
+- Moved the documentation for ``accept`` on ``Configurator.add_view`` to no
+  longer be part of the predicate list. See
+  https://github.com/Pylons/pyramid/issues/1391 for a bug report stating
+  ``not_`` was failing on ``accept``. Discussion with @mcdonc led to the
+  conclusion that it should not be documented as a predicate.
+  See https://github.com/Pylons/pyramid/pull/1487 for this PR
+
+- Removed logging configuration from Quick Tutorial ini files except for
+  scaffolding- and logging-related chapters to avoid needing to explain it too
+  early.
+
+- Clarify a previously-implied detail of the ``ISession.invalidate`` API
+  documentation.
+
+- Improve and clarify the documentation on what Pyramid defines as a
+  ``principal`` and a ``userid`` in its security APIs.
+  See https://github.com/Pylons/pyramid/pull/1399
+
+- Add documentation of command line programs (``p*`` scripts). See
+  https://github.com/Pylons/pyramid/pull/2191
+
+Scaffolds
+---------
+
+- Update scaffold generating machinery to return the version of pyramid and
+  pyramid docs for use in scaffolds. Updated starter, alchemy and zodb
+  templates to have links to correctly versioned documentation and reflect
+  which pyramid was used to generate the scaffold.
+
+- Removed non-ascii copyright symbol from templates, as this was
+  causing the scaffolds to fail for project generation.
+
+- You can now run the scaffolding func tests via ``tox py2-scaffolds`` and
+  ``tox py3-scaffolds``.
+
+
+1.5 (2014-04-08)
+================
+
+- Python 3.4 compatibility.
+
+- Avoid crash in ``pserve --reload`` under Py3k, when iterating over possibly
+  mutated ``sys.modules``.
+
+- ``UnencryptedCookieSessionFactoryConfig`` failed if the secret contained
+  higher order characters. See https://github.com/Pylons/pyramid/issues/1246
+
+- Fixed a bug in ``UnencryptedCookieSessionFactoryConfig`` and
+  ``SignedCookieSessionFactory`` where ``timeout=None`` would cause a new
+  session to always be created. Also in ``SignedCookieSessionFactory`` a
+  ``reissue_time=None`` would cause an exception when modifying the session.
+  See https://github.com/Pylons/pyramid/issues/1247
+
+- Updated docs and scaffolds to keep in step with new 2.0 release of
+  ``Lingua``.  This included removing all ``setup.cfg`` files from scaffolds
+  and documentation environments.
+
+1.5b1 (2014-02-08)
+==================
+
+Features
+--------
+
+- We no longer eagerly clear ``request.exception`` and ``request.exc_info`` in
+  the exception view tween.  This makes it possible to inspect exception
+  information within a finished callback.  See
+  https://github.com/Pylons/pyramid/issues/1223.
+
+1.5a4 (2014-01-28)
+==================
+
+Features
+--------
+
+- Updated scaffolds with new theme, fixed documentation and sample project.
+
+Bug Fixes
+---------
+
+- Depend on a newer version of WebOb so that we pull in some crucial bug-fixes
+  that were showstoppers for functionality in Pyramid.
+
+- Add a trailing semicolon to the JSONP response. This fixes JavaScript syntax
+  errors for old IE versions. See https://github.com/Pylons/pyramid/pull/1205
+
+- Fix a memory leak when the configurator's ``set_request_property`` method was
+  used or when the configurator's ``add_request_method`` method was used with
+  the ``property=True`` attribute.  See
+  https://github.com/Pylons/pyramid/issues/1212 .
+
+1.5a3 (2013-12-10)
+==================
+
+Features
+--------
+
+- An authorization API has been added as a method of the
+  request: ``request.has_permission``.
+
+  ``request.has_permission`` is a method-based alternative to the
+  ``pyramid.security.has_permission`` API and works exactly the same.  The
+  older API is now deprecated.
+
+- Property API attributes have been added to the request for easier access to
+  authentication data: ``request.authenticated_userid``,
+  ``request.unauthenticated_userid``, and ``request.effective_principals``.
+
+  These are analogues, respectively, of
+  ``pyramid.security.authenticated_userid``,
+  ``pyramid.security.unauthenticated_userid``, and
+  ``pyramid.security.effective_principals``.  They operate exactly the same,
+  except they are attributes of the request instead of functions accepting a
+  request.  They are properties, so they cannot be assigned to.  The older
+  function-based APIs are now deprecated.
+
+- Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run
+  directly, allowing custom arguments to be sent to the python interpreter
+  at runtime. For example::
+
+      python -3 -m pyramid.scripts.pserve development.ini
+
+- Added a specific subclass of ``HTTPBadRequest`` named
+  ``pyramid.exceptions.BadCSRFToken`` which will now be raised in response
+  to failures in ``check_csrf_token``.
+  See https://github.com/Pylons/pyramid/pull/1149
+
+- Added a new ``SignedCookieSessionFactory`` which is very similar to the
+  ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing
+  content. The custom serializer arguments to this function should only focus
+  on serializing, unlike its predecessor which required the serializer to also
+  perform signing.  See https://github.com/Pylons/pyramid/pull/1142 .  Note
+  that cookies generated using ``SignedCookieSessionFactory`` are not
+  compatible with cookies generated using ``UnencryptedCookieSessionFactory``,
+  so existing user session data will be destroyed if you switch to it.
+
+- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
+  factory that can be used by framework implementors to create their own
+  session implementations. It provides a reusable API which focuses strictly
+  on providing a dictionary-like object that properly handles renewals,
+  timeouts, and conformance with the ``ISession`` API.
+  See https://github.com/Pylons/pyramid/pull/1142
+
+- The anchor argument to ``pyramid.request.Request.route_url`` and
+  ``pyramid.request.Request.resource_url`` and their derivatives will now be
+  escaped via URL quoting to ensure minimal conformance.  See
+  https://github.com/Pylons/pyramid/pull/1183
+
+- Allow sending of ``_query`` and ``_anchor`` options to
+  ``pyramid.request.Request.static_url`` when an external URL is being
+  generated.
+  See https://github.com/Pylons/pyramid/pull/1183
+
+- You can now send a string as the ``_query`` argument to
+  ``pyramid.request.Request.route_url`` and
+  ``pyramid.request.Request.resource_url`` and their derivatives.  When a
+  string is sent instead of a list or dictionary. it is URL-quoted however it
+  does not need to be in ``k=v`` form.  This is useful if you want to be able
+  to use a different query string format than ``x-www-form-urlencoded``.  See
+  https://github.com/Pylons/pyramid/pull/1183
+
+- ``pyramid.testing.DummyRequest`` now has a ``domain`` attribute to match the
+  new WebOb 1.3 API.  Its value is ``example.com``.
+
+Bug Fixes
+---------
+
+- Fix the ``pcreate`` script so that when the target directory name ends with a
+  slash it does not produce a non-working project directory structure.
+  Previously saying ``pcreate -s starter /foo/bar/`` produced different output
+  than  saying ``pcreate -s starter /foo/bar``.  The former did not work
+  properly.
+
+- Fix the ``principals_allowed_by_permission`` method of
+  ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__``
+  on resources.  Previously it did not try to call the ``__acl__``
+  if it was callable.
+
+- The ``pviews`` script did not work when a url required custom request
+  methods in order to perform traversal. Custom methods and descriptors added
+  via ``pyramid.config.Configurator.add_request_method`` will now be present,
+  allowing traversal to continue.
+  See https://github.com/Pylons/pyramid/issues/1104
+
+- Remove unused ``renderer`` argument from ``Configurator.add_route``.
+
+- Allow the ``BasicAuthenticationPolicy`` to work with non-ascii usernames
+  and passwords. The charset is not passed as part of the header and different
+  browsers alternate between UTF-8 and Latin-1, so the policy now attempts
+  to decode with UTF-8 first, and will fallback to Latin-1.
+  See https://github.com/Pylons/pyramid/pull/1170
+
+- The ``@view_defaults`` now apply to notfound and forbidden views
+  that are defined as methods of a decorated class.
+  See https://github.com/Pylons/pyramid/issues/1173
+
+Documentation
+-------------
+
+- Added a "Quick Tutorial" to go with the Quick Tour
+
+- Removed mention of ``pyramid_beaker`` from docs.  Beaker is no longer
+  maintained.  Point people at ``pyramid_redis_sessions`` instead.
+
+- Add documentation for ``pyramid.interfaces.IRendererFactory`` and
+  ``pyramid.interfaces.IRenderer``.
+
+Backwards Incompatibilities
+---------------------------
+
+- The key/values in the ``_query`` parameter of ``request.route_url`` and the
+  ``query`` parameter of ``request.resource_url`` (and their variants), used
+  to encode a value of ``None`` as the string ``'None'``, leaving the resulting
+  query string to be ``a=b&key=None``. The value is now dropped in this
+  situation, leaving a query string of ``a=b&key=``.
+  See https://github.com/Pylons/pyramid/issues/1119
+
+Deprecations
+------------
+
+- Deprecate the ``pyramid.interfaces.ITemplateRenderer`` interface. It was
+  ill-defined and became unused when Mako and Chameleon template bindings were
+  split into their own packages.
+
+- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been
+  deprecated and is superseded by the
+  ``pyramid.session.SignedCookieSessionFactory``.  Note that while the cookies
+  generated by the ``UnencryptedCookieSessionFactoryConfig``
+  are compatible with cookies generated by old releases, cookies generated by
+  the SignedCookieSessionFactory are not. See
+  https://github.com/Pylons/pyramid/pull/1142
+
+- The ``pyramid.security.has_permission`` API is now deprecated.  Instead, use
+  the newly-added ``has_permission`` method of the request object.
+
+- The ``pyramid.security.effective_principals`` API is now deprecated.
+  Instead, use the newly-added ``effective_principals`` attribute of the
+  request object.
+
+- The ``pyramid.security.authenticated_userid`` API is now deprecated.
+  Instead, use the newly-added ``authenticated_userid`` attribute of the
+  request object.
+
+- The ``pyramid.security.unauthenticated_userid`` API is now deprecated.
+  Instead, use the newly-added ``unauthenticated_userid`` attribute of the
+  request object.
+
+Dependencies
+------------
+
+- Pyramid now depends on WebOb>=1.3 (it uses ``webob.cookies.CookieProfile``
+  from 1.3+).
+
+1.5a2 (2013-09-22)
+==================
+
+Features
+--------
+
+- Users can now provide dotted Python names to as the ``factory`` argument
+  the Configurator methods named ``add_{view,route,subscriber}_predicate``
+  (instead of passing the predicate factory directly, you can pass a
+  dotted name which refers to the factory).
+
+Bug Fixes
+---------
+
+- Fix an exception in ``pyramid.path.package_name`` when resolving the package
+  name for namespace packages that had no ``__file__`` attribute.
+
+Backwards Incompatibilities
+---------------------------
+
+- Pyramid no longer depends on or configures the Mako and Chameleon templating
+  system renderers by default.  Disincluding these templating systems by
+  default means that the Pyramid core has fewer dependencies and can run on
+  future platforms without immediate concern for the compatibility of its
+  templating add-ons.  It also makes maintenance slightly more effective, as
+  different people can maintain the templating system add-ons that they
+  understand and care about without needing commit access to the Pyramid core,
+  and it allows users who just don't want to see any packages they don't use
+  come along for the ride when they install Pyramid.
+
+  This means that upon upgrading to Pyramid 1.5a2+, projects that use either
+  of these templating systems will see a traceback that ends something like
+  this when their application attempts to render a Chameleon or Mako template::
+
+     ValueError: No such renderer factory .pt
+
+  Or::
+
+     ValueError: No such renderer factory .mako
+
+  Or::
+
+     ValueError: No such renderer factory .mak
+
+  Support for Mako templating has been moved into an add-on package named
+  ``pyramid_mako``, and support for Chameleon templating has been moved into
+  an add-on package named ``pyramid_chameleon``.  These packages are drop-in
+  replacements for the old built-in support for these templating langauges.
+  All you have to do is install them and make them active in your configuration
+  to register renderer factories for ``.pt`` and/or ``.mako`` (or ``.mak``) to
+  make your application work again.
+
+  To re-add support for Chameleon and/or Mako template renderers into your
+  existing projects, follow the below steps.
+
+  If you depend on Mako templates:
+
+  * Make sure the ``pyramid_mako`` package is installed.  One way to do this
+    is by adding ``pyramid_mako`` to the ``install_requires`` section of your
+    package's ``setup.py`` file and afterwards rerunning ``setup.py develop``::
+
+        setup(
+            #...
+            install_requires=[
+                'pyramid_mako',         # new dependency
+                'pyramid',
+                #...
+            ],
+        )
+
+  * Within the portion of your application which instantiates a Pyramid
+    ``pyramid.config.Configurator`` (often the ``main()`` function in
+    your project's ``__init__.py`` file), tell Pyramid to include the
+    ``pyramid_mako`` includeme::
+
+        config = Configurator(.....)
+        config.include('pyramid_mako')
+
+  If you depend on Chameleon templates:
+
+  * Make sure the ``pyramid_chameleon`` package is installed.  One way to do
+    this is by adding ``pyramid_chameleon`` to the ``install_requires`` section
+    of your package's ``setup.py`` file and afterwards rerunning
+    ``setup.py develop``::
+
+        setup(
+            #...
+            install_requires=[
+                'pyramid_chameleon',         # new dependency
+                'pyramid',
+                #...
+            ],
+        )
+
+  * Within the portion of your application which instantiates a Pyramid
+    ``~pyramid.config.Configurator`` (often the ``main()`` function in
+    your project's ``__init__.py`` file), tell Pyramid to include the
+    ``pyramid_chameleon`` includeme::
+
+        config = Configurator(.....)
+        config.include('pyramid_chameleon')
+
+  Note that it's also fine to install these packages into *older* Pyramids for
+  forward compatibility purposes.  Even if you don't upgrade to Pyramid 1.5
+  immediately, performing the above steps in a Pyramid 1.4 installation is
+  perfectly fine, won't cause any difference, and will give you forward
+  compatibility when you eventually do upgrade to Pyramid 1.5.
+
+  With the removal of Mako and Chameleon support from the core, some
+  unit tests that use the ``pyramid.renderers.render*`` methods may begin to
+  fail.  If any of your unit tests are invoking either
+  ``pyramid.renderers.render()``  or ``pyramid.renderers.render_to_response()``
+  with either Mako or Chameleon templates then the
+  ``pyramid.config.Configurator`` instance in effect during
+  the unit test should be also be updated to include the addons, as shown
+  above. For example::
+
+        class ATest(unittest.TestCase):
+            def setUp(self):
+                self.config = pyramid.testing.setUp()
+                self.config.include('pyramid_mako')
+
+            def test_it(self):
+                result = pyramid.renderers.render('mypkg:templates/home.mako', {})
+
+  Or::
+
+        class ATest(unittest.TestCase):
+            def setUp(self):
+                self.config = pyramid.testing.setUp()
+                self.config.include('pyramid_chameleon')
+
+            def test_it(self):
+                result = pyramid.renderers.render('mypkg:templates/home.pt', {})
+
+- If you're using the Pyramid debug toolbar, when you upgrade Pyramid to
+  1.5a2+, you'll also need to upgrade the ``pyramid_debugtoolbar`` package to
+  at least version 1.0.8, as older toolbar versions are not compatible with
+  Pyramid 1.5a2+ due to the removal of Mako support from the core.  It's
+  fine to use this newer version of the toolbar code with older Pyramids too.
+
+- Removed the ``request.response_*`` varying attributes. These attributes
+  have been deprecated since Pyramid 1.1, and as per the deprecation policy,
+  have now been removed.
+
+- ``request.response`` will no longer be mutated when using the
+  ``pyramid.renderers.render()`` API.  Almost all renderers mutate the
+  ``request.response`` response object (for example, the JSON renderer sets
+  ``request.response.content_type`` to ``application/json``), but this is
+  only necessary when the renderer is generating a response; it was a bug
+  when it was done as a side effect of calling ``pyramid.renderers.render()``.
+
+- Removed the ``bfg2pyramid`` fixer script.
+
+- The ``pyramid.events.NewResponse`` event is now sent **after** response
+  callbacks are executed.  It previously executed before response callbacks
+  were executed.  Rationale: it's more useful to be able to inspect the response
+  after response callbacks have done their jobs instead of before.
+
+- Removed the class named ``pyramid.view.static`` that had been deprecated
+  since Pyramid 1.1.  Instead use ``pyramid.static.static_view`` with
+  ``use_subpath=True`` argument.
+
+- Removed the ``pyramid.view.is_response`` function that had been deprecated
+  since Pyramid 1.1.  Use the ``pyramid.request.Request.is_response`` method
+  instead.
+
+- Removed the ability to pass the following arguments to
+  ``pyramid.config.Configurator.add_route``: ``view``, ``view_context``.
+  ``view_for``, ``view_permission``, ``view_renderer``, and ``view_attr``.
+  Using these arguments had been deprecated since Pyramid 1.1.  Instead of
+  passing view-related arguments to ``add_route``, use a separate call to
+  ``pyramid.config.Configurator.add_view`` to associate a view with a route
+  using its ``route_name`` argument.  Note that this impacts the
+  ``pyramid.config.Configurator.add_static_view`` function too, because it
+  delegates to ``add_route``.
+
+- Removed the ability to influence and query a ``pyramid.request.Request``
+  object as if it were a dictionary.  Previously it was possible to use methods
+  like ``__getitem__``, ``get``, ``items``, and other dictlike methods to
+  access values in the WSGI environment.  This behavior had been deprecated
+  since Pyramid 1.1.  Use methods of ``request.environ`` (a real dictionary)
+  instead.
+
+- Removed ancient backwards compatibily hack in
+  ``pyramid.traversal.DefaultRootFactory`` which populated the ``__dict__`` of
+  the factory with the matchdict values for compatibility with BFG 0.9.
+
+- The ``renderer_globals_factory`` argument to the
+  ``pyramid.config.Configurator` constructor and its ``setup_registry`` method
+  has been removed.  The ``set_renderer_globals_factory`` method of
+  ``pyramid.config.Configurator`` has also been removed.  The (internal)
+  ``pyramid.interfaces.IRendererGlobals`` interface was also removed.  These
+  arguments, methods and interfaces had been deprecated since 1.1.  Use a
+  ``BeforeRender`` event subscriber as documented in the "Hooks" chapter of the
+  Pyramid narrative documentation instead of providing renderer globals values
+  to the configurator.
+
+Deprecations
+------------
+
+- The ``pyramid.config.Configurator.set_request_property`` method now issues
+  a deprecation warning when used.  It had been docs-deprecated in 1.4
+  but did not issue a deprecation warning when used.
+
+1.5a1 (2013-08-30)
+==================
+
+Features
+--------
+
+- A new http exception subclass named ``pyramid.httpexceptions.HTTPSuccessful``
+  was added.  You can use this class as the ``context`` of an exception
+  view to catch all 200-series "exceptions" (e.g. "raise HTTPOk").  This
+  also allows you to catch *only* the ``HTTPOk`` exception itself; previously
+  this was impossible because a number of other exceptions
+  (such as ``HTTPNoContent``) inherited from ``HTTPOk``, but now they do not.
+
+- You can now generate "hybrid" urldispatch/traversal URLs more easily
+  by using the new ``route_name``, ``route_kw`` and ``route_remainder_name``
+  arguments to  ``request.resource_url`` and ``request.resource_path``.  See
+  the new section of the "Combining Traversal and URL Dispatch" documentation
+  chapter entitled  "Hybrid URL Generation".
+
+- It is now possible to escape double braces in Pyramid scaffolds (unescaped,
+  these represent replacement values).  You can use ``\{\{a\}\}`` to
+  represent a "bare" ``{{a}}``.  See
+  https://github.com/Pylons/pyramid/pull/862
+
+- Add ``localizer`` and ``locale_name`` properties (reified) to the request.
+  See https://github.com/Pylons/pyramid/issues/508.  Note that the
+  ``pyramid.i18n.get_localizer`` and ``pyramid.i18n.get_locale_name`` functions
+  now simply look up these properties on the request.
+
+- Add ``pdistreport`` script, which prints the Python version in use, the
+  Pyramid version in use, and the version number and location of all Python
+  distributions currently installed.
+
+- Add the ability to invert the result of any view, route, or subscriber
+  predicate using the ``not_`` class.  For example::
+
+     from pyramid.config import not_
+
+     @view_config(route_name='myroute', request_method=not_('POST'))
+     def myview(request): ...
+
+  The above example will ensure that the view is called if the request method
+  is not POST (at least if no other view is more specific).
+
+  The ``pyramid.config.not_`` class can be used against any value that is
+  a predicate value passed in any of these contexts:
+
+  - ``pyramid.config.Configurator.add_view``
+
+  - ``pyramid.config.Configurator.add_route``
+
+  - ``pyramid.config.Configurator.add_subscriber``
+
+  - ``pyramid.view.view_config``
+
+  - ``pyramid.events.subscriber``
+
+- ``scripts/prequest.py``: add support for submitting ``PUT`` and ``PATCH``
+  requests.  See https://github.com/Pylons/pyramid/pull/1033.  add support for
+  submitting ``OPTIONS`` and ``PROPFIND`` requests, and  allow users to specify
+  basic authentication credentials in the request via a ``--login`` argument to
+  the script.  See https://github.com/Pylons/pyramid/pull/1039.
+
+- ``ACLAuthorizationPolicy`` supports ``__acl__`` as a callable. This
+  removes the ambiguity between the potential ``AttributeError`` that would
+  be raised on the ``context`` when the property was not defined and the
+  ``AttributeError`` that could be raised from any user-defined code within
+  a dynamic property. It is recommended to define a dynamic ACL as a callable
+  to avoid this ambiguity. See https://github.com/Pylons/pyramid/issues/735.
+
+- Allow a protocol-relative URL (e.g. ``//example.com/images``) to be passed to
+  ``pyramid.config.Configurator.add_static_view``. This allows
+  externally-hosted static URLs to be generated based on the current protocol.
+
+- The ``AuthTktAuthenticationPolicy`` has two new options to configure its
+  domain usage:
+
+  * ``parent_domain``: if set the authentication cookie is set on
+    the parent domain. This is useful if you have multiple sites sharing the
+    same domain.
+  * ``domain``: if provided the cookie is always set for this domain, bypassing
+    all usual logic.
+
+  See https://github.com/Pylons/pyramid/pull/1028,
+  https://github.com/Pylons/pyramid/pull/1072 and
+  https://github.com/Pylons/pyramid/pull/1078.
+
+- The ``AuthTktAuthenticationPolicy`` now supports IPv6 addresses when using
+  the ``include_ip=True`` option. This is possibly incompatible with
+  alternative ``auth_tkt`` implementations, as the specification does not
+  define how to properly handle IPv6. See
+  https://github.com/Pylons/pyramid/issues/831.
+
+- Make it possible to use variable arguments via
+  ``pyramid.paster.get_appsettings``. This also allowed the generated
+  ``initialize_db`` script from the ``alchemy`` scaffold to grow support
+  for options in the form ``a=1 b=2`` so you can fill in
+  values in a parameterized ``.ini`` file, e.g.
+  ``initialize_myapp_db etc/development.ini a=1 b=2``.
+  See https://github.com/Pylons/pyramid/pull/911
+
+- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view
+  predicate now take into account the value of the HTTP header named
+  ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they
+  always did).  The header is tried when the form parameter does not exist.
+
+- View lookup will now search for valid views based on the inheritance
+  hierarchy of the context. It tries to find views based on the most
+  specific context first, and upon predicate failure, will move up the
+  inheritance chain to test views found by the super-type of the context.
+  In the past, only the most specific type containing views would be checked
+  and if no matching view could be found then a PredicateMismatch would be
+  raised. Now predicate mismatches don't hide valid views registered on
+  super-types. Here's an example that now works::
+
+     class IResource(Interface):
+
+         ...
+
+     @view_config(context=IResource)
+     def get(context, request):
+
+         ...
+
+     @view_config(context=IResource, request_method='POST')
+     def post(context, request):
+
+         ...
+
+     @view_config(context=IResource, request_method='DELETE')
+     def delete(context, request):
+
+         ...
+
+     @implementer(IResource)
+     class MyResource:
+
+         ...
+
+     @view_config(context=MyResource, request_method='POST')
+     def override_post(context, request):
+
+         ...
+
+  Previously the override_post view registration would hide the get
+  and delete views in the context of MyResource -- leading to a
+  predicate mismatch error when trying to use GET or DELETE
+  methods. Now the views are found and no predicate mismatch is
+  raised.
+  See https://github.com/Pylons/pyramid/pull/786 and
+  https://github.com/Pylons/pyramid/pull/1004 and
+  https://github.com/Pylons/pyramid/pull/1046
+
+- The ``pserve`` command now takes a ``-v`` (or ``--verbose``) flag and a
+  ``-q`` (or ``--quiet``) flag.  Output from running ``pserve`` can be
+  controlled using these flags.  ``-v`` can be specified multiple times to
+  increase verbosity.  ``-q`` sets verbosity to ``0`` unconditionally.  The
+  default verbosity level is ``1``.
+
+- The ``alchemy`` scaffold tests now provide better coverage.  See
+  https://github.com/Pylons/pyramid/pull/1029
+
+- The ``pyramid.config.Configurator.add_route`` method now supports being
+  called with an external URL as pattern. See
+  https://github.com/Pylons/pyramid/issues/611 and the documentation section
+  in the "URL Dispatch" chapter entitled "External Routes" for more information.
+
+Bug Fixes
+---------
+
+- It was not possible to use ``pyramid.httpexceptions.HTTPException`` as
+  the ``context`` of an exception view as very general catchall for
+  http-related exceptions when you wanted that exception view to override the
+  default exception view.  See https://github.com/Pylons/pyramid/issues/985
+
+- When the ``pyramid.reload_templates`` setting was true, and a Chameleon
+  template was reloaded, and the renderer specification named a macro
+  (e.g. ``foo#macroname.pt``), renderings of the template after the template
+  was reloaded due to a file change would produce the entire template body
+  instead of just a rendering of the macro.  See
+  https://github.com/Pylons/pyramid/issues/1013.
+
+- Fix an obscure problem when combining a virtual root with a route with a
+  ``*traverse`` in its pattern.  Now the traversal path generated in
+  such a configuration will be correct, instead of an element missing
+  a leading slash.
+
+- Fixed a Mako renderer bug returning a tuple with a previous defname value
+  in some circumstances. See https://github.com/Pylons/pyramid/issues/1037
+  for more information.
+
+- Make the ``pyramid.config.assets.PackageOverrides`` object implement the API
+  for ``__loader__`` objects specified in PEP 302.  Proxies to the
+  ``__loader__`` set by the importer, if present; otherwise, raises
+  ``NotImplementedError``.  This makes Pyramid static view overrides work
+  properly under Python 3.3 (previously they would not).  See
+  https://github.com/Pylons/pyramid/pull/1015 for more information.
+
+- ``mako_templating``: added defensive workaround for non-importability of
+  ``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support.  Mako
+  templating will no longer work under the combination of MarkupSafe 0.17 and
+  Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any
+  supported Python 2 version will work OK).
+
+- Spaces and dots may now be in mako renderer template paths. This was
+  broken when support for the new makodef syntax was added in 1.4a1.
+  See https://github.com/Pylons/pyramid/issues/950
+
+- ``pyramid.debug_authorization=true`` will now correctly print out
+  ``Allowed`` for views registered with ``NO_PERMISSION_REQUIRED`` instead
+  of invoking the ``permits`` method of the authorization policy.
+  See https://github.com/Pylons/pyramid/issues/954
+
+- Pyramid failed to install on some systems due to being packaged with
+  some test files containing higher order characters in their names. These
+  files have now been removed. See
+  https://github.com/Pylons/pyramid/issues/981
+
+- ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under
+  Python 3 would use ``__len__`` to find truthiness; this usually caused an
+  instance of DummyResource to be "falsy" instead of "truthy".  See
+  https://github.com/Pylons/pyramid/pull/1032
+
+- The ``alchemy`` scaffold would break when the database was MySQL during
+  tables creation.  See https://github.com/Pylons/pyramid/pull/1049
+
+- The ``current_route_url`` method now attaches the query string to the URL by
+  default. See
+  https://github.com/Pylons/pyramid/issues/1040
+
+- Make ``pserve.cherrypy_server_runner`` Python 3 compatible. See
+  https://github.com/Pylons/pyramid/issues/718
+
+Backwards Incompatibilities
+---------------------------
+
+- Modified the ``current_route_url`` method in pyramid.Request. The method
+  previously returned the URL without the query string by default, it now does
+  attach the query string unless it is overriden.
+
+- The ``route_url`` and ``route_path`` APIs no longer quote ``/``
+  to ``%2F`` when a replacement value contains a ``/``.  This was pointless,
+  as WSGI servers always unquote the slash anyway, and Pyramid never sees the
+  quoted value.
+
+- It is no longer possible to set a ``locale_name`` attribute of the request,
+  nor is it possible to set a ``localizer`` attribute of the request.  These
+  are now "reified" properties that look up a locale name and localizer
+  respectively using the machinery described in the "Internationalization"
+  chapter of the documentation.
+
+- If you send an ``X-Vhm-Root`` header with a value that ends with a slash (or
+  any number of slashes), the trailing slash(es) will be removed before a URL
+  is generated when you use use ``request.resource_url`` or
+  ``request.resource_path``.  Previously the virtual root path would not have
+  trailing slashes stripped, which would influence URL generation.
+
+- The ``pyramid.interfaces.IResourceURL`` interface has now grown two new
+  attributes: ``virtual_path_tuple`` and ``physical_path_tuple``.  These should
+  be the tuple form of the resource's path (physical and virtual).
+
+1.4 (2012-12-18)
+================
+
+Docs
+----
+
+- Fix functional tests in the ZODB tutorial
+
+1.4b3 (2012-12-10)
+==================
+
+- Packaging release only, no code changes.  1.4b2 was a brownbag release due to
+  missing directories in the tarball.
+
+1.4b2 (2012-12-10)
+==================
+
+Docs
+----
+
+- Scaffolding is now PEP-8 compliant (at least for a brief shining moment).
+
+- Tutorial improvements.
+
+Backwards Incompatibilities
+---------------------------
+
+- Modified the ``_depth`` argument to ``pyramid.view.view_config`` to accept
+  a value relative to the invocation of ``view_config`` itself. Thus, when it
+  was previously expecting a value of ``1`` or greater, to reflect that
+  the caller of ``view_config`` is 1 stack frame away from ``venusian.attach``,
+  this implementation detail is now hidden.
+
+- Modified the ``_backframes`` argument to ``pyramid.util.action_method`` in a
+  similar way to the changes described to ``_depth`` above.  This argument
+  remains undocumented, but might be used in the wild by some insane person.
+
+1.4b1 (2012-11-21)
+==================
+
+Features
+--------
+
+- Small microspeed enhancement which anticipates that a
+  ``pyramid.response.Response`` object is likely to be returned from a view.
+  Some code is shortcut if the class of the object returned by a view is this
+  class.  A similar microoptimization was done to
+  ``pyramid.request.Request.is_response``.
+
+- Make it possible to use variable arguments on ``p*`` commands (``pserve``,
+  ``pshell``, ``pviews``, etc) in the form ``a=1 b=2`` so you can fill in
+  values in parameterized ``.ini`` file, e.g. ``pshell etc/development.ini
+  http_port=8080``.  See https://github.com/Pylons/pyramid/pull/714
+
+- A somewhat advanced and obscure feature of Pyramid event handlers is their
+  ability to handle "multi-interface" notifications.  These notifications have
+  traditionally presented multiple objects to the subscriber callable.  For
+  instance, if an event was sent by code like this::
+
+     registry.notify(event, context)
+
+  In the past, in order to catch such an event, you were obligated to write and
+  register an event subscriber that mentioned both the event and the context in
+  its argument list::
+
+     @subscriber([SomeEvent, SomeContextType])
+     def asubscriber(event, context):
+         pass
+
+  In many subscriber callables registered this way, it was common for the logic
+  in the subscriber callable to completely ignore the second and following
+  arguments (e.g. ``context`` in the above example might be ignored), because
+  they usually existed as attributes of the event anyway.  You could usually
+  get the same value by doing ``event.context`` or similar.
+
+  The fact that you needed to put an extra argument which you usually ignored
+  in the subscriber callable body was only a minor annoyance until we added
+  "subscriber predicates", used to narrow the set of circumstances under which
+  a subscriber will be executed, in a prior 1.4 alpha release.  Once those were
+  added, the annoyance was escalated, because subscriber predicates needed to
+  accept the same argument list and arity as the subscriber callables that they
+  were configured against.  So, for example, if you had these two subscriber
+  registrations in your code::
+
+     @subscriber([SomeEvent, SomeContextType])
+     def asubscriber(event, context):
+         pass
+
+     @subscriber(SomeOtherEvent)
+     def asubscriber(event):
+         pass
+
+  And you wanted to use a subscriber predicate::
+
+     @subscriber([SomeEvent, SomeContextType], mypredicate=True)
+     def asubscriber1(event, context):
+         pass
+
+     @subscriber(SomeOtherEvent, mypredicate=True)
+     def asubscriber2(event):
+         pass
+
+  If an existing ``mypredicate`` subscriber predicate had been written in such
+  a way that it accepted only one argument in its ``__call__``, you could not
+  use it against a subscription which named more than one interface in its
+  subscriber interface list.  Similarly, if you had written a subscriber
+  predicate that accepted two arguments, you couldn't use it against a
+  registration that named only a single interface type.
+
+  For example, if you created this predicate::
+
+    class MyPredicate(object):
+        # portions elided...
+        def __call__(self, event):
+            return self.val == event.context.foo
+
+  It would not work against a multi-interface-registered subscription, so in
+  the above example, when you attempted to use it against ``asubscriber1``, it
+  would fail at runtime with a TypeError, claiming something was attempting to
+  call it with too many arguments.
+
+  To hack around this limitation, you were obligated to design the
+  ``mypredicate`` predicate to expect to receive in its ``__call__`` either a
+  single ``event`` argument (a SomeOtherEvent object) *or* a pair of arguments
+  (a SomeEvent object and a SomeContextType object), presumably by doing
+  something like this::
+
+    class MyPredicate(object):
+        # portions elided...
+        def __call__(self, event, context=None):
+            return self.val == event.context.foo
+
+  This was confusing and bad.
+
+  In order to allow people to ignore unused arguments to subscriber callables
+  and to normalize the relationship between event subscribers and subscriber
+  predicates, we now allow both subscribers and subscriber predicates to accept
+  only a single ``event`` argument even if they've been subscribed for
+  notifications that involve multiple interfaces.  Subscribers and subscriber
+  predicates that accept only one argument will receive the first object passed
+  to ``notify``; this is typically (but not always) the event object.  The
+  other objects involved in the subscription lookup will be discarded.  You can
+  now write an event subscriber that accepts only ``event`` even if it
+  subscribes to multiple interfaces::
+
+     @subscriber([SomeEvent, SomeContextType])
+     def asubscriber(event):
+         # this will work!
+
+  This prevents you from needing to match the subscriber callable parameters to
+  the subscription type unnecessarily, especially when you don't make use of
+  any argument in your subscribers except for the event object itself.
+
+  Note, however, that if the event object is not the first
+  object in the call to ``notify``, you'll run into trouble.  For example, if
+  notify is called with the context argument first::
+
+     registry.notify(context, event)
+
+  You won't be able to take advantage of the event-only feature.  It will
+  "work", but the object received by your event handler won't be the event
+  object, it will be the context object, which won't be very useful::
+
+     @subscriber([SomeContextType, SomeEvent])
+     def asubscriber(event):
+         # bzzt! you'll be getting the context here as ``event``, and it'll
+         # be useless
+
+  Existing multiple-argument subscribers continue to work without issue, so you
+  should continue use those if your system notifies using multiple interfaces
+  and the first interface is not the event interface.  For example::
+
+     @subscriber([SomeContextType, SomeEvent])
+     def asubscriber(context, event):
+         # this will still work!
+
+  The event-only feature makes it possible to use a subscriber predicate that
+  accepts only a request argument within both multiple-interface subscriber
+  registrations and single-interface subscriber registrations.  You needn't
+  make slightly different variations of predicates depending on the
+  subscription type arguments.  Instead, just write all your subscriber
+  predicates so they only accept ``event`` in their ``__call__`` and they'll be
+  useful across all registrations for subscriptions that use an event as their
+  first argument, even ones which accept more than just ``event``.
+
+  However, the same caveat applies to predicates as to subscriber callables: if
+  you're subscribing to a multi-interface event, and the first interface is not
+  the event interface, the predicate won't work properly.  In such a case,
+  you'll need to match the predicate ``__call__`` argument ordering and
+  composition to the ordering of the interfaces.  For example, if the
+  registration for the subscription uses ``[SomeContext, SomeEvent]``, you'll
+  need to reflect that in the ordering of the parameters of the predicate's
+  ``__call__`` method::
+
+        def __call__(self, context, event):
+            return event.request.path.startswith(self.val)
+
+  tl;dr: 1) When using multi-interface subscriptions, always use the event type
+  as the first subscription registration argument and 2) When 1 is true, use
+  only ``event`` in your subscriber and subscriber predicate parameter lists,
+  no matter how many interfaces the subscriber is notified with.  This
+  combination will result in the maximum amount of reusability of subscriber
+  predicates and the least amount of thought on your part.  Drink responsibly.
+
+Bug Fixes
+---------
+
+- A failure when trying to locate the attribute ``__text__`` on route and view
+  predicates existed when the ``debug_routematch`` setting was true or when the
+  ``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727
+
+Documentation
+-------------
+
+- Sync up tutorial source files with the files that are rendered by the
+  scaffold that each uses.
+
+1.4a4 (2012-11-14)
+==================
+
+Features
+--------
+
+- ``pyramid.authentication.AuthTktAuthenticationPolicy`` has been updated to
+  support newer hashing algorithms such as ``sha512``. Existing applications
+  should consider updating if possible for improved security over the default
+  md5 hashing.
+
+- Added an ``effective_principals`` route and view predicate.
+
+- Do not allow the userid returned from the ``authenticated_userid`` or the
+  userid that is one of the list of principals returned by
+  ``effective_principals`` to be either of the strings ``system.Everyone`` or
+  ``system.Authenticated`` when any of the built-in authorization policies that
+  live in ``pyramid.authentication`` are in use.  These two strings are
+  reserved for internal usage by Pyramid and they will not be accepted as valid
+  userids.
+
+- Slightly better debug logging from
+  ``pyramid.authentication.RepozeWho1AuthenticationPolicy``.
+
+- ``pyramid.security.view_execution_permitted`` used to return ``True`` if no
+  view could be found. It now raises a ``TypeError`` exception in that case, as
+  it doesn't make sense to assert that a nonexistent view is
+  execution-permitted. See https://github.com/Pylons/pyramid/issues/299.
+
+- Allow a ``_depth`` argument to ``pyramid.view.view_config``, which will
+  permit limited composition reuse of the decorator by other software that
+  wants to provide custom decorators that are much like view_config.
+
+- Allow an iterable of decorators to be passed to
+  ``pyramid.config.Configurator.add_view``. This allows views to be wrapped
+  by more than one decorator without requiring combining the decorators
+  yourself.
+
+Bug Fixes
+---------
+
+- In the past if a renderer returned ``None``, the body of the resulting
+  response would be set explicitly to the empty string.  Instead, now, the body
+  is left unchanged, which allows the renderer to set a body itself by using
+  e.g. ``request.response.body = b'foo'``.  The body set by the renderer will
+  be unmolested on the way out.  See
+  https://github.com/Pylons/pyramid/issues/709
+
+- In uncommon cases, the ``pyramid_excview_tween_factory`` might have
+  inadvertently raised a ``KeyError`` looking for ``request_iface`` as an
+  attribute of the request.  It no longer fails in this case.  See
+  https://github.com/Pylons/pyramid/issues/700
+
+- Be more tolerant of potential error conditions in ``match_param`` and
+  ``physical_path`` predicate implementations; instead of raising an exception,
+  return False.
+
+- ``pyramid.view.render_view`` was not functioning properly under Python 3.x
+  due to a byte/unicode discrepancy. See
+  https://github.com/Pylons/pyramid/issues/721
+
+Deprecations
+------------
+
+- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning if
+  an application is using the policy without explicitly passing a ``hashalg``
+  argument. This is because the default is "md5" which is considered
+  theoretically subject to collision attacks. If you really want "md5" then you
+  must specify it explicitly to get rid of the warning.
+
+Documentation
+-------------
+
+- All of the tutorials that use
+  ``pyramid.authentication.AuthTktAuthenticationPolicy`` now explicitly pass
+  ``sha512`` as a ``hashalg`` argument.
+
+
+Internals
+---------
+
+- Move ``TopologicalSorter`` from ``pyramid.config.util`` to ``pyramid.util``,
+  move ``CyclicDependencyError`` from ``pyramid.config.util`` to
+  ``pyramid.exceptions``, rename ``Singleton`` to ``Sentinel`` and move from
+  ``pyramid.config.util`` to ``pyramid.util``; this is in an effort to
+  move that stuff that may be an API one day out of ``pyramid.config.util``,
+  because that package should never be imported from non-Pyramid code.
+  TopologicalSorter is still not an API, but may become one.
+
+- Get rid of shady monkeypatching of ``pyramid.request.Request`` and
+  ``pyramid.response.Response`` done within the ``__init__.py`` of Pyramid.
+  Webob no longer relies on this being done.  Instead, the ResponseClass
+  attribute of the Pyramid Request class is assigned to the Pyramid response
+  class; that's enough to satisfy WebOb and behave as it did before with the
+  monkeypatching.
+
+1.4a3 (2012-10-26)
+==================
+
+Bug Fixes
+---------
+
+- The match_param predicate's text method was fixed to sort its values.
+  Part of https://github.com/Pylons/pyramid/pull/705
+
+- 1.4a ``pyramid.scripting.prepare`` behaved differently than 1.3 series
+  function of same name.  In particular, if passed a request, it would not
+  set the ``registry`` attribute of the request like 1.3 did.  A symptom
+  would be that passing a request to ``pyramid.paster.bootstrap`` (which uses
+  the function) that did not have a ``registry`` attribute could assume that
+  the registry would be attached to the request by Pyramid.  This assumption
+  could be made in 1.3, but not in 1.4.  The assumption can now be made in
+  1.4 too (a registry is attached to a request passed to bootstrap or
+  prepare).
+
+- When registering a view configuration that named a Chameleon ZPT renderer
+  with a macro name in it (e.g. ``renderer='some/template#somemacro.pt``) as
+  well as a view configuration without a macro name in it that pointed to the
+  same template (e.g. ``renderer='some/template.pt'``), internal caching could
+  confuse the two, and your code might have rendered one instead of the
+  other.
+
+Features
+--------
+
+- Allow multiple values to be specified to the ``request_param`` view/route
+  predicate as a sequence.  Previously only a single string value was allowed.
+  See https://github.com/Pylons/pyramid/pull/705
+
+- Comments with references to documentation sections placed in scaffold
+  ``.ini`` files.
+
+- Added an HTTP Basic authentication policy
+  at ``pyramid.authentication.BasicAuthAuthenticationPolicy``.
+
+- The Configurator ``testing_securitypolicy`` method now returns the policy
+  object it creates.
+
+- The Configurator ``testing_securitypolicy`` method accepts two new
+  arguments: ``remember_result`` and ``forget_result``.  If supplied, these
+  values influence the result of the policy's ``remember`` and ``forget``
+  methods, respectively.
+
+- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
+  ``forgotten`` value on the policy (the value ``True``) when its ``forget``
+  method is called.
+
+- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
+  ``remembered`` value on the policy, which is the value of the ``principal``
+  argument it's called with when its ``remember`` method is called.
+
+- New ``physical_path`` view predicate.  If specified, this value should be a
+  string or a tuple representing the physical traversal path of the context
+  found via traversal for this predicate to match as true.  For example:
+  ``physical_path='/'`` or ``physical_path='/a/b/c'`` or ``physical_path=('',
+  'a', 'b', 'c')``.  This is not a path prefix match or a regex, it's a
+  whole-path match.  It's useful when you want to always potentially show a
+  view when some object is traversed to, but you can't be sure about what kind
+  of object it will be, so you can't use the ``context`` predicate.  The
+  individual path elements inbetween slash characters or in tuple elements
+  should be the Unicode representation of the name of the resource and should
+  not be encoded in any way.
+
+1.4a2 (2012-09-27)
+==================
+
+Bug Fixes
+---------
+
+- When trying to determine Mako defnames and Chameleon macro names in asset
+  specifications, take into account that the filename may have a hyphen in
+  it.  See https://github.com/Pylons/pyramid/pull/692
+
+Features
+--------
+
+- A new ``pyramid.session.check_csrf_token`` convenience function was added.
+
+- A ``check_csrf`` view predicate was added.  For example, you can now do
+  ``config.add_view(someview, check_csrf=True)``.  When the predicate is
+  checked, if the ``csrf_token`` value in ``request.params`` matches the CSRF
+  token in the request's session, the view will be permitted to execute.
+  Otherwise, it will not be permitted to execute.
+
+- Add ``Base.metadata.bind = engine`` to alchemy template, so that tables
+  defined imperatively will work.
+
+Documentation
+-------------
+
+- update wiki2 SQLA tutorial with the changes required after inserting
+  ``Base.metadata.bind = engine`` into the alchemy scaffold.
+
+1.4a1 (2012-09-16)
+==================
+
+Bug Fixes
+---------
+
+- Forward port from 1.3 branch: When no authentication policy was configured,
+  a call to ``pyramid.security.effective_principals`` would unconditionally
+  return the empty list.  This was incorrect, it should have unconditionally
+  returned ``[Everyone]``, and now does.
+
+- Explicit url dispatch regexes can now contain colons.
+  https://github.com/Pylons/pyramid/issues/629
+
+- On at least one 64-bit Ubuntu system under Python 3.2, using the
+  ``view_config`` decorator caused a ``RuntimeError: dictionary changed size
+  during iteration`` exception.  It no longer does.  See
+  https://github.com/Pylons/pyramid/issues/635 for more information.
+
+- In Mako Templates lookup, check if the uri is already adjusted and bring
+  it back to an asset spec. Normally occurs with inherited templates or
+  included components.
+  https://github.com/Pylons/pyramid/issues/606
+  https://github.com/Pylons/pyramid/issues/607
+
+- In Mako Templates lookup, check for absolute uri (using mako directories)
+  when mixing up inheritance with asset specs.
+  https://github.com/Pylons/pyramid/issues/662
+
+- HTTP Accept headers were not being normalized causing potentially
+  conflicting view registrations to go unnoticed. Two views that only
+  differ in the case ('text/html' vs. 'text/HTML') will now raise an error.
+  https://github.com/Pylons/pyramid/pull/620
+
+- Forward-port from 1.3 branch: when registering multiple views with an
+  ``accept`` predicate in a Pyramid application runing under Python 3, you
+  might have received a ``TypeError: unorderable types: function() <
+  function()`` exception.
+
+Features
+--------
+
+- Python 3.3 compatibility.
+
+- Configurator.add_directive now accepts arbitrary callables like partials or
+  objects implementing ``__call__`` which dont have ``__name__`` and
+  ``__doc__`` attributes.  See https://github.com/Pylons/pyramid/issues/621
+  and https://github.com/Pylons/pyramid/pull/647.
+
+- Third-party custom view, route, and subscriber predicates can now be added
+  for use by view authors via
+  ``pyramid.config.Configurator.add_view_predicate``,
+  ``pyramid.config.Configurator.add_route_predicate`` and
+  ``pyramid.config.Configurator.add_subscriber_predicate``.  So, for example,
+  doing this::
+
+     config.add_view_predicate('abc', my.package.ABCPredicate)
+
+  Might allow a view author to do this in an application that configured that
+  predicate::
+
+     @view_config(abc=1)
+
+  Similar features exist for ``add_route``, and ``add_subscriber``.  See
+  "Adding A Third Party View, Route, or Subscriber Predicate" in the Hooks
+  chapter for more information.
+
+  Note that changes made to support the above feature now means that only
+  actions registered using the same "order" can conflict with one another.
+  It used to be the case that actions registered at different orders could
+  potentially conflict, but to my knowledge nothing ever depended on this
+  behavior (it was a bit silly).
+
+- Custom objects can be made easily JSON-serializable in Pyramid by defining
+  a ``__json__`` method on the object's class. This method should return
+  values natively serializable by ``json.dumps`` (such as ints, lists,
+  dictionaries, strings, and so forth).
+
+- The JSON renderer now allows for the definition of custom type adapters to
+  convert unknown objects to JSON serializations.
+
+- As of this release, the ``request_method`` predicate, when used, will also
+  imply that ``HEAD`` is implied when you use ``GET``.  For example, using
+  ``@view_config(request_method='GET')`` is equivalent to using
+  ``@view_config(request_method=('GET', 'HEAD'))``.  Using
+  ``@view_config(request_method=('GET', 'POST')`` is equivalent to using
+  ``@view_config(request_method=('GET', 'HEAD', 'POST')``.  This is because
+  HEAD is a variant of GET that omits the body, and WebOb has special support
+  to return an empty body when a HEAD is used.
+
+- ``config.add_request_method`` has been introduced to support extending
+  request objects with arbitrary callables. This method expands on the
+  previous ``config.set_request_property`` by supporting methods as well as
+  properties. This method now causes less code to be executed at
+  request construction time than ``config.set_request_property`` in
+  version 1.3.
+
+- Don't add a ``?`` to URLs generated by ``request.resource_url`` if the
+  ``query`` argument is provided but empty.
+
+- Don't add a ``?`` to URLs generated by ``request.route_url`` if the
+  ``_query`` argument is provided but empty.
+
+- The static view machinery now raises (rather than returns) ``HTTPNotFound``
+  and ``HTTPMovedPermanently`` exceptions, so these can be caught by the
+  Not Found View (and other exception views).
+
+- The Mako renderer now supports a def name in an asset spec.  When the def
+  name is present in the asset spec, the system will render the template def
+  within the template and will return the result. An example asset spec is
+  ``package:path/to/template#defname.mako``. This will render the def named
+  ``defname`` inside the ``template.mako`` template instead of rendering the
+  entire template.  The old way of returning a tuple in the form
+  ``('defname', {})`` from the view is supported for backward compatibility,
+
+- The Chameleon ZPT renderer now accepts a macro name in an asset spec.  When
+  the macro name is present in the asset spec, the system will render the
+  macro listed as a ``define-macro`` and return the result instead of
+  rendering the entire template.  An example asset spec:
+  ``package:path/to/template#macroname.pt``.  This will render the macro
+  defined as ``macroname`` within the ``template.pt`` template instead of the
+  entire templae.
+
+- When there is a predicate mismatch exception (seen when no view matches for
+  a given request due to predicates not working), the exception now contains
+  a textual description of the predicate which didn't match.
+
+- An ``add_permission`` directive method was added to the Configurator.  This
+  directive registers a free-standing permission introspectable into the
+  Pyramid introspection system.  Frameworks built atop Pyramid can thus use
+  the ``permissions`` introspectable category data to build a
+  comprehensive list of permissions supported by a running system.  Before
+  this method was added, permissions were already registered in this
+  introspectable category as a side effect of naming them in an ``add_view``
+  call, this method just makes it possible to arrange for a permission to be
+  put into the ``permissions`` introspectable category without naming it
+  along with an associated view.  Here's an example of usage of
+  ``add_permission``::
+
+      config = Configurator()
+      config.add_permission('view')
+
+- The ``UnencryptedCookieSessionFactoryConfig`` now accepts
+  ``signed_serialize`` and ``signed_deserialize`` hooks which may be used
+  to influence how the sessions are marshalled (by default this is done
+  with HMAC+pickle).
+
+- ``pyramid.testing.DummyRequest`` now supports methods supplied by the
+  ``pyramid.util.InstancePropertyMixin`` class such as ``set_property``.
+
+- Request properties and methods added via ``config.set_request_property`` or
+  ``config.add_request_method`` are now available to tweens.
+
+- Request properties and methods added via ``config.set_request_property`` or
+  ``config.add_request_method`` are now available in the request object
+  returned from ``pyramid.paster.bootstrap``.
+
+- ``request.context`` of environment request during ``bootstrap`` is now the
+  root object if a context isn't already set on a provided request.
+
+- The ``pyramid.decorator.reify`` function is now an API, and was added to
+  the API documentation.
+
+- Added the ``pyramid.testing.testConfig`` context manager, which can be used
+  to generate a configurator in a test, e.g. ``with testing.testConfig(...):``.
+
+- Users can now invoke a subrequest from within view code using a new
+  ``request.invoke_subrequest`` API.
+
+Deprecations
+------------
+
+- The ``pyramid.config.Configurator.set_request_property`` has been
+  documentation-deprecated.  The method remains usable but the more
+  featureful ``pyramid.config.Configurator.add_request_method`` should be
+  used in its place (it has all of the same capabilities but can also extend
+  the request object with methods).
+
+Backwards Incompatibilities
+---------------------------
+
+- The Pyramid router no longer adds the values ``bfg.routes.route`` or
+  ``bfg.routes.matchdict`` to the request's WSGI environment dictionary.
+  These values were docs-deprecated in ``repoze.bfg`` 1.0 (effectively seven
+  minor releases ago).  If your code depended on these values, use
+  request.matched_route and request.matchdict instead.
+
+- It is no longer possible to pass an environ dictionary directly to
+  ``pyramid.traversal.ResourceTreeTraverser.__call__`` (aka
+  ``ModelGraphTraverser.__call__``).  Instead, you must pass a request
+  object.  Passing an environment instead of a request has generated a
+  deprecation warning since Pyramid 1.1.
+
+- Pyramid will no longer work properly if you use the
+  ``webob.request.LegacyRequest`` as a request factory.  Instances of the
+  LegacyRequest class have a ``request.path_info`` which return a string.
+  This Pyramid release assumes that ``request.path_info`` will
+  unconditionally be Unicode.
+
+- The functions from ``pyramid.chameleon_zpt`` and ``pyramid.chameleon_text``
+  named ``get_renderer``, ``get_template``, ``render_template``, and
+  ``render_template_to_response`` have been removed.  These have issued a
+  deprecation warning upon import since Pyramid 1.0.  Use
+  ``pyramid.renderers.get_renderer()``,
+  ``pyramid.renderers.get_renderer().implementation()``,
+  ``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response``
+  respectively instead of these functions.
+
+- The ``pyramid.configuration`` module was removed.  It had been deprecated
+  since Pyramid 1.0 and printed a deprecation warning upon its use.  Use
+  ``pyramid.config`` instead.
+
+- The ``pyramid.paster.PyramidTemplate`` API was removed.  It had been
+  deprecated since Pyramid 1.1 and issued a warning on import.  If your code
+  depended on this, adjust your code to import
+  ``pyramid.scaffolds.PyramidTemplate`` instead.
+
+- The ``pyramid.settings.get_settings()`` API was removed.  It had been
+  printing a deprecation warning since Pyramid 1.0.  If your code depended on
+  this API, use ``pyramid.threadlocal.get_current_registry().settings``
+  instead or use the ``settings`` attribute of the registry available from
+  the request (``request.registry.settings``).
+
+- These APIs from the ``pyramid.testing`` module were removed.  They have
+  been printing deprecation warnings since Pyramid 1.0:
+
+  * ``registerDummySecurityPolicy``, use
+    ``pyramid.config.Configurator.testing_securitypolicy`` instead.
+
+  * ``registerResources`` (aka ``registerModels``, use
+    ``pyramid.config.Configurator.testing_resources`` instead.
+
+  * ``registerEventListener``, use
+    ``pyramid.config.Configurator.testing_add_subscriber`` instead.
+
+  * ``registerTemplateRenderer`` (aka `registerDummyRenderer``), use
+    ``pyramid.config.Configurator.testing_add_template`` instead.
+
+  * ``registerView``, use ``pyramid.config.Configurator.add_view`` instead.
+
+  * ``registerUtility``, use
+    ``pyramid.config.Configurator.registry.registerUtility`` instead.
+
+  * ``registerAdapter``, use
+    ``pyramid.config.Configurator.registry.registerAdapter`` instead.
+
+  * ``registerSubscriber``, use
+    ``pyramid.config.Configurator.add_subscriber`` instead.
+
+  * ``registerRoute``, use
+    ``pyramid.config.Configurator.add_route`` instead.
+
+  * ``registerSettings``, use
+    ``pyramid.config.Configurator.add_settings`` instead.
+
+- In Pyramid 1.3 and previous, the ``__call__`` method of a Response object
+  was invoked before any finished callbacks were executed.  As of this
+  release, the ``__call__`` method of a Response object is invoked *after*
+  finished callbacks are executed.  This is in support of the
+  ``request.invoke_subrequest`` feature.
+
+- The 200-series exception responses named ``HTTPCreated``, ``HTTPAccepted``, 
+  ``HTTPNonAuthoritativeInformation``, ``HTTPNoContent``, ``HTTPResetContent``,
+  and ``HTTPPartialContent`` in ``pyramid.httpexceptions`` no longer inherit
+  from ``HTTPOk``.  Instead they inherit from a new base class named 
+  ``HTTPSuccessful``.  This will have no effect on you unless you've registered
+  an exception view for ``HTTPOk`` and expect that exception view to
+  catch all the aforementioned exceptions.
+
+Documentation
+-------------
+
+- Added an "Upgrading Pyramid" chapter to the narrative documentation.  It
+  describes how to cope with deprecations and removals of Pyramid APIs and
+  how to show Pyramid-generated deprecation warnings while running tests and
+  while running a server.
+
+- Added a "Invoking a Subrequest" chapter to the documentation.  It describes
+  how to use the new ``request.invoke_subrequest`` API.
+
+Dependencies
+------------
+
+- Pyramid now requires WebOb 1.2b3+ (the prior Pyramid release only relied on
+  1.2dev+).  This is to ensure that we obtain a version of WebOb that returns
+  ``request.path_info`` as text.
+
+1.3 (2012-03-21)
+================
+
+Bug Fixes
+---------
+
+- When ``pyramid.wsgi.wsgiapp2`` calls the downstream WSGI app, the app's
+  environ will no longer have (deprecated and potentially misleading)
+  ``bfg.routes.matchdict`` or ``bfg.routes.route`` keys in it.  A symptom of
+  this bug would be a ``wsgiapp2``-wrapped Pyramid app finding the wrong view
+  because it mistakenly detects that a route was matched when, in fact, it
+  was not.
+
+- The fix for issue https://github.com/Pylons/pyramid/issues/461 (which made
+  it possible for instance methods to be used as view callables) introduced a
+  backwards incompatibility when methods that declared only a request
+  argument were used.  See https://github.com/Pylons/pyramid/issues/503
+
+1.3b3 (2012-03-17)
+==================
+
+Bug Fixes
+---------
+
+- ``config.add_view(<aninstancemethod>)`` raised AttributeError involving
+  ``__text__``.  See https://github.com/Pylons/pyramid/issues/461
+
+- Remove references to do-nothing ``pyramid.debug_templates`` setting in all
+  Pyramid-provided ``.ini`` files.  This setting previously told Chameleon to
+  render better exceptions; now Chameleon always renders nice exceptions
+  regardless of the value of this setting.
+
+Scaffolds
+---------
+
+- The ``alchemy`` scaffold now shows an informative error message in the
+  browser if the person creating the project forgets to run the
+  initialization script.
+
+- The ``alchemy`` scaffold initialization script is now called
+  ``initialize_<projectname>_db`` instead of ``populate_<projectname>``.
+
+Documentation
+-------------
+
+- Wiki tutorials improved due to collaboration at PyCon US 2012 sprints.
+
+1.3b2 (2012-03-02)
+==================
+
+Bug Fixes
+---------
+
+- The method ``pyramid.request.Request.partial_application_url`` is no longer
+  in the API docs.  It was meant to be a private method; its publication in
+  the documentation as an API method was a mistake, and it has been renamed
+  to something private.
+
+- When a static view was registered using an absolute filesystem path on
+  Windows, the ``request.static_url`` function did not work to generate URLs
+  to its resources.  Symptom: "No static URL definition matching
+  c:\\foo\\bar\\baz".
+
+- Make all tests pass on Windows XP.
+
+- Bug in ACL authentication checking on Python 3: the ``permits`` and
+  ``principals_allowed_by_permission`` method of
+  ``pyramid.authorization.ACLAuthenticationPolicy`` could return an
+  inappropriate ``True`` value when a permission on an ACL was a string
+  rather than a sequence, and then only if the ACL permission string was a
+  substring of the ``permission`` value passed to the function.
+
+  This bug effects no Pyramid deployment under Python 2; it is a bug that
+  exists only in deployments running on Python 3.  It has existed since
+  Pyramid 1.3a1.
+
+  This bug was due to the presence of an ``__iter__`` attribute on strings
+  under Python 3 which is not present under strings in Python 2.
+
+1.3b1 (2012-02-26)
+==================
+
+Bug Fixes
+---------
+
+- ``pyramid.config.Configurator.with_package`` didn't work if the
+  Configurator was an old-style ``pyramid.configuration.Configurator``
+  instance.
+
+- Pyramid authorization policies did not show up in the introspector.
+
+Deprecations
+------------
+
+- All references to the ``tmpl_context`` request variable were removed from
+  the docs.  Its existence in Pyramid is confusing for people who were never
+  Pylons users.  It was added as a porting convenience for Pylons users in
+  Pyramid 1.0, but it never caught on because the Pyramid rendering system is
+  a lot different than Pylons' was, and alternate ways exist to do what it
+  was designed to offer in Pylons.  It will continue to exist "forever" but
+  it will not be recommended or mentioned in the docs.
+
+1.3a9 (2012-02-22)
+==================
+
+Features
+--------
+
+- Add an ``introspection`` boolean to the Configurator constructor.  If this
+  is ``True``, actions registered using the Configurator will be registered
+  with the introspector.  If it is ``False``, they won't.  The default is
+  ``True``.  Setting it to ``False`` during action processing will prevent
+  introspection for any following registration statements, and setting it to
+  ``True`` will start them up again.  This addition is to service a
+  requirement that the debug toolbar's own views and methods not show up in
+  the introspector.
+
+- New API: ``pyramid.config.Configurator.add_notfound_view``.  This is a
+  wrapper for ``pyramid.Config.configurator.add_view`` which provides easy
+  append_slash support and does the right thing about permissions.  It should
+  be preferred over calling ``add_view`` directly with
+  ``context=HTTPNotFound`` as was previously recommended.
+
+- New API: ``pyramid.view.notfound_view_config``.  This is a decorator
+  constructor like ``pyramid.view.view_config`` that calls
+  ``pyramid.config.Configurator.add_notfound_view`` when scanned.  It should
+  be preferred over using ``pyramid.view.view_config`` with
+  ``context=HTTPNotFound`` as was previously recommended.
+
+- New API: ``pyramid.config.Configurator.add_forbidden_view``.  This is a
+  wrapper for ``pyramid.Config.configurator.add_view`` which does the right
+  thing about permissions.  It should be preferred over calling ``add_view``
+  directly with ``context=HTTPForbidden`` as was previously recommended.
+
+- New API: ``pyramid.view.forbidden_view_config``.  This is a decorator
+  constructor like ``pyramid.view.view_config`` that calls
+  ``pyramid.config.Configurator.add_forbidden_view`` when scanned.  It should
+  be preferred over using ``pyramid.view.view_config`` with
+  ``context=HTTPForbidden`` as was previously recommended.
+
+- New APIs: ``pyramid.response.FileResponse`` and
+  ``pyramid.response.FileIter``, for usage in views that must serve files
+  "manually".
+
+Backwards Incompatibilities
+---------------------------
+
+- Remove ``pyramid.config.Configurator.with_context`` class method.  It was
+  never an API, it is only used by ``pyramid_zcml`` and its functionality has
+  been moved to that package's latest release.  This means that you'll need
+  to use the 0.9.2 or later release of ``pyramid_zcml`` with this release of
+  Pyramid.
+
+- The ``introspector`` argument to the ``pyramid.config.Configurator``
+  constructor API has been removed.  It has been replaced by the boolean
+  ``introspection`` flag.
+
+- The ``pyramid.registry.noop_introspector`` API object has been removed.
+
+- The older deprecated ``set_notfound_view`` Configurator method is now an
+  alias for the new ``add_notfound_view`` Configurator method.  Likewise, the
+  older deprecated ``set_forbidden_view`` is now an alias for the new
+  ``add_forbidden_view``. This has the following impact: the ``context`` sent
+  to views with a ``(context, request)`` call signature registered via the
+  ``set_notfound_view`` or ``set_forbidden_view`` will now be an exception
+  object instead of the actual resource context found.  Use
+  ``request.context`` to get the actual resource context.  It's also
+  recommended to disuse ``set_notfound_view`` in favor of
+  ``add_notfound_view``, and disuse ``set_forbidden_view`` in favor of
+  ``add_forbidden_view`` despite the aliasing.
+
+Deprecations
+------------
+
+- The API documentation for ``pyramid.view.append_slash_notfound_view`` and
+  ``pyramid.view.AppendSlashNotFoundViewFactory`` was removed.  These names
+  still exist and are still importable, but they are no longer APIs.  Use
+  ``pyramid.config.Configurator.add_notfound_view(append_slash=True)`` or
+  ``pyramid.view.notfound_view_config(append_slash=True)`` to get the same
+  behavior.
+
+- The ``set_forbidden_view`` and ``set_notfound_view`` methods of the
+  Configurator were removed from the documentation.  They have been
+  deprecated since Pyramid 1.1.
+
+Bug Fixes
+---------
+
+- The static file response object used by ``config.add_static_view`` opened
+  the static file twice, when it only needed to open it once.
+
+- The AppendSlashNotFoundViewFactory used request.path to match routes.  This
+  was wrong because request.path contains the script name, and this would
+  cause it to fail in circumstances where the script name was not empty.  It
+  should have used request.path_info, and now does.
+
+Documentation
+-------------
+
+- Updated the "Creating a Not Found View" section of the "Hooks" chapter,
+  replacing explanations of registering a view using ``add_view`` or
+  ``view_config`` with ones using ``add_notfound_view`` or
+  ``notfound_view_config``.
+
+- Updated the "Creating a Not Forbidden View" section of the "Hooks" chapter,
+  replacing explanations of registering a view using ``add_view`` or
+  ``view_config`` with ones using ``add_forbidden_view`` or
+  ``forbidden_view_config``.
+
+- Updated the "Redirecting to Slash-Appended Routes" section of the "URL
+  Dispatch" chapter, replacing explanations of registering a view using
+  ``add_view`` or ``view_config`` with ones using ``add_notfound_view`` or
+  ``notfound_view_config``
+
+- Updated all tutorials to use ``pyramid.view.forbidden_view_config`` rather
+  than ``pyramid.view.view_config`` with an HTTPForbidden context.
+
+1.3a8 (2012-02-19)
+==================
+
+Features
+--------
+
+- The ``scan`` method of a ``Configurator`` can be passed an ``ignore``
+  argument, which can be a string, a callable, or a list consisting of
+  strings and/or callables.  This feature allows submodules, subpackages, and
+  global objects from being scanned.  See
+  http://readthedocs.org/docs/venusian/en/latest/#ignore-scan-argument for
+  more information about how to use the ``ignore`` argument to ``scan``.
+
+- Better error messages when a view callable returns a value that cannot be
+  converted to a response (for example, when a view callable returns a
+  dictionary without a renderer defined, or doesn't return any value at all).
+  The error message now contains information about the view callable itself
+  as well as the result of calling it.
+
+- Better error message when a .pyc-only module is ``config.include`` -ed.
+  This is not permitted due to error reporting requirements, and a better
+  error message is shown when it is attempted.  Previously it would fail with
+  something like "AttributeError: 'NoneType' object has no attribute
+  'rfind'".
+
+- Add ``pyramid.config.Configurator.add_traverser`` API method.  See the
+  Hooks narrative documentation section entitled "Changing the Traverser" for
+  more information.  This is not a new feature, it just provides an API for
+  adding a traverser without needing to use the ZCA API.
+
+- Add ``pyramid.config.Configurator.add_resource_url_adapter`` API method.
+  See the Hooks narrative documentation section entitled "Changing How
+  pyramid.request.Request.resource_url Generates a URL" for more information.
+  This is not a new feature, it just provides an API for adding a resource
+  url adapter without needing to use the ZCA API.
+
+- The system value ``req`` is now supplied to renderers as an alias for
+  ``request``.  This means that you can now, for example, in a template, do
+  ``req.route_url(...)`` instead of ``request.route_url(...)``.  This is
+  purely a change to reduce the amount of typing required to use request
+  methods and attributes from within templates.  The value ``request`` is
+  still available too, this is just an alternative.
+
+- A new interface was added: ``pyramid.interfaces.IResourceURL``.  An adapter
+  implementing its interface can be used to override resource URL generation
+  when ``request.resource_url`` is called.  This interface replaces the
+  now-deprecated ``pyramid.interfaces.IContextURL`` interface.
+
+- The dictionary passed to a resource's ``__resource_url__`` method (see
+  "Overriding Resource URL Generation" in the "Resources" chapter) now
+  contains an ``app_url`` key, representing the application URL generated
+  during ``request.resource_url``.  It represents a potentially customized
+  URL prefix, containing potentially custom scheme, host and port information
+  passed by the user to ``request.resource_url``.  It should be used instead
+  of ``request.application_url`` where necessary.
+
+- The ``request.resource_url`` API now accepts these arguments: ``app_url``,
+  ``scheme``, ``host``, and ``port``.  The app_url argument can be used to
+  replace the URL prefix wholesale during url generation.  The ``scheme``,
+  ``host``, and ``port`` arguments can be used to replace the respective
+  default values of ``request.application_url`` partially.
+
+- A new API named ``request.resource_path`` now exists.  It works like
+  ``request.resource_url`` but produces a relative URL rather than an
+  absolute one.
+
+- The ``request.route_url`` API now accepts these arguments: ``_app_url``,
+  ``_scheme``, ``_host``, and ``_port``.  The ``_app_url`` argument can be
+  used to replace the URL prefix wholesale during url generation.  The
+  ``_scheme``, ``_host``, and ``_port`` arguments can be used to replace the
+  respective default values of ``request.application_url`` partially.
+
+Backwards Incompatibilities
+---------------------------
+
+- The ``pyramid.interfaces.IContextURL`` interface has been deprecated.
+  People have been instructed to use this to register a resource url adapter
+  in the "Hooks" chapter to use to influence ``request.resource_url`` URL
+  generation for resources found via custom traversers since Pyramid 1.0.
+
+  The interface still exists and registering such an adapter still works, but
+  this interface will be removed from the software after a few major Pyramid
+  releases.  You should replace it with an equivalent
+  ``pyramid.interfaces.IResourceURL`` adapter, registered using the new
+  ``pyramid.config.Configurator.add_resource_url_adapter`` API.  A
+  deprecation warning is now emitted when a
+  ``pyramid.interfaces.IContextURL`` adapter is found when
+  ``request.resource_url`` is called.
+
+Documentation
+-------------
+
+- Don't create a ``session`` instance in SQLA Wiki tutorial, use raw
+  ``DBSession`` instead (this is more common in real SQLA apps).
+
+Scaffolding
+-----------
+
+- Put ``pyramid.includes`` targets within ini files in scaffolds on separate
+  lines in order to be able to tell people to comment out only the
+  ``pyramid_debugtoolbar`` line when they want to disable the toolbar.
+
+Dependencies
+------------
+
+- Depend on ``venusian`` >= 1.0a3 to provide scan ``ignore`` support.
+
+Internal
+--------
+
+- Create a "MakoRendererFactoryHelper" that provides customizable settings
+  key prefixes.  Allows settings prefixes other than "mako." to be used to
+  create different factories that don't use the global mako settings.  This
+  will be useful for the debug toolbar, which can currently be sabotaged by
+  someone using custom mako configuration settings.
+
+1.3a7 (2012-02-07)
+==================
+
+Features
+--------
+
+- More informative error message when a ``config.include`` cannot find an
+  ``includeme``.  See https://github.com/Pylons/pyramid/pull/392.
+
+- Internal: catch unhashable discriminators early (raise an error instead of
+  allowing them to find their way into resolveConflicts).
+
+- The `match_param` view predicate now accepts a string or a tuple.
+  This replaces the broken behavior of accepting a dict. See
+  https://github.com/Pylons/pyramid/issues/425 for more information.
+
+Bug Fixes
+---------
+
+- The process will now restart when ``pserve`` is used with the ``--reload``
+  flag when the ``development.ini`` file (or any other .ini file in use) is
+  changed.  See https://github.com/Pylons/pyramid/issues/377 and
+  https://github.com/Pylons/pyramid/pull/411
+
+- The ``prequest`` script would fail when used against URLs which did not
+  return HTML or text.  See https://github.com/Pylons/pyramid/issues/381
+
+Backwards Incompatibilities
+---------------------------
+
+- The `match_param` view predicate no longer accepts a dict. This will
+  have no negative affect because the implementation was broken for
+  dict-based arguments.
+
+Documentation
+-------------
+
+- Add a traversal hello world example to the narrative docs.
+
+1.3a6 (2012-01-20)
+==================
+
+Features
+--------
+
+- New API: ``pyramid.config.Configurator.set_request_property``. Add lazy
+  property descriptors to a request without changing the request factory.
+  This method provides conflict detection and is the suggested way to add
+  properties to a request.
+
+- Responses generated by Pyramid's ``static_view`` now use
+  a ``wsgi.file_wrapper`` (see
+  http://www.python.org/dev/peps/pep-0333/#optional-platform-specific-file-handling)
+  when one is provided by the web server.
+
+Bug Fixes
+---------
+
+- Views registered with an ``accept`` could not be overridden correctly with
+  a different view that had the same predicate arguments.  See
+  https://github.com/Pylons/pyramid/pull/404 for more information.
+
+- When using a dotted name for a ``view`` argument to
+  ``Configurator.add_view`` that pointed to a class with a ``view_defaults``
+  decorator, the view defaults would not be applied.  See
+  https://github.com/Pylons/pyramid/issues/396 .
+
+- Static URL paths were URL-quoted twice.  See
+  https://github.com/Pylons/pyramid/issues/407 .
+
+1.3a5 (2012-01-09)
+==================
+
+Bug Fixes
+---------
+
+- The ``pyramid.view.view_defaults`` decorator did not work properly when
+  more than one view relied on the defaults being different for configuration
+  conflict resolution.  See https://github.com/Pylons/pyramid/issues/394.
+
+Backwards Incompatibilities
+---------------------------
+
+- The ``path_info`` route and view predicates now match against
+  ``request.upath_info`` (Unicode) rather than ``request.path_info``
+  (indeterminate value based on Python 3 vs. Python 2).  This has to be done
+  to normalize matching on Python 2 and Python 3.
+
+1.3a4 (2012-01-05)
+==================
+
+Features
+--------
+
+- New API: ``pyramid.request.Request.set_property``. Add lazy property
+  descriptors to a request without changing the request factory. New
+  properties may be reified, effectively caching the value for the lifetime
+  of the instance. Common use-cases for this would be to get a database
+  connection for the request or identify the current user.
+
+- Use the ``waitress`` WSGI server instead of ``wsgiref`` in scaffolding.
+
+Bug Fixes
+---------
+
+- The documentation of ``pyramid.events.subscriber`` indicated that using it
+  as a decorator with no arguments like this::
+
+    @subscriber()
+    def somefunc(event):
+        pass
+
+  Would register ``somefunc`` to receive all events sent via the registry,
+  but this was untrue.  Instead, it would receive no events at all.  This has
+  now been fixed and the code matches the documentation.  See also
+  https://github.com/Pylons/pyramid/issues/386
+
+- Literal portions of route patterns were not URL-quoted when ``route_url``
+  or ``route_path`` was used to generate a URL or path.
+
+- The result of ``route_path`` or ``route_url`` might have been ``unicode``
+  or ``str`` depending on the input.  It is now guaranteed to always be
+  ``str``.
+
+- URL matching when the pattern contained non-ASCII characters in literal
+  parts was indeterminate.  Now the pattern supplied to ``add_route`` is
+  assumed to be either: a ``unicode`` value, or a ``str`` value that contains
+  only ASCII characters.  If you now want to match the path info from a URL
+  that contains high order characters, you can pass the Unicode
+  representation of the decoded path portion in the pattern.
+
+- When using a ``traverse=`` route predicate, traversal would fail with a
+  URLDecodeError if there were any high-order characters in the traversal
+  pattern or in the matched dynamic segments.
+
+- Using a dynamic segment named ``traverse`` in a route pattern like this::
+
+    config.add_route('trav_route', 'traversal/{traverse:.*}')
+
+  Would cause a ``UnicodeDecodeError`` when the route was matched and the
+  matched portion of the URL contained any high-order characters.  See
+  https://github.com/Pylons/pyramid/issues/385 .
+
+- When using a ``*traverse`` stararg in a route pattern, a URL that matched
+  that possessed a ``@@`` in its name (signifying a view name) would be
+  inappropriately quoted by the traversal machinery during traversal,
+  resulting in the view not being found properly. See
+  https://github.com/Pylons/pyramid/issues/382 and
+  https://github.com/Pylons/pyramid/issues/375 .
+
+Backwards Incompatibilities
+---------------------------
+
+- String values passed to ``route_url`` or ``route_path`` that are meant to
+  replace "remainder" matches will now be URL-quoted except for embedded
+  slashes. For example::
+
+     config.add_route('remain', '/foo*remainder')
+     request.route_path('remain', remainder='abc / def')
+     # -> '/foo/abc%20/%20def'
+
+  Previously string values passed as remainder replacements were tacked on
+  untouched, without any URL-quoting.  But this doesn't really work logically
+  if the value passed is Unicode (raw unicode cannot be placed in a URL or in
+  a path) and it is inconsistent with the rest of the URL generation
+  machinery if the value is a string (it won't be quoted unless by the
+  caller).
+
+  Some folks will have been relying on the older behavior to tack on query
+  string elements and anchor portions of the URL; sorry, you'll need to
+  change your code to use the ``_query`` and/or ``_anchor`` arguments to
+  ``route_path`` or ``route_url`` to do this now.
+
+- If you pass a bytestring that contains non-ASCII characters to
+  ``add_route`` as a pattern, it will now fail at startup time.  Use Unicode
+  instead.
+
+1.3a3 (2011-12-21)
+==================
+
+Features
+--------
+
+- Added a ``prequest`` script (along the lines of ``paster request``).  It is
+  documented in the "Command-Line Pyramid" chapter in the section entitled
+  "Invoking a Request".
+
+- Add undocumented ``__discriminator__`` API to derived view callables.
+  e.g. ``adapters.lookup(...).__discriminator__(context, request)``.  It will
+  be used by superdynamic systems that require the discriminator to be used
+  for introspection after manual view lookup.
+
+Bug Fixes
+---------
+
+- Normalized exit values and ``-h`` output for all ``p*`` scripts
+  (``pviews``, ``proutes``, etc).
+
+Documentation
+-------------
+
+- Added a section named "Making Your Script into a Console Script" in the
+  "Command-Line Pyramid" chapter.
+
+- Removed the "Running Pyramid on Google App Engine" tutorial from the main
+  docs.  It survives on in the Cookbook
+  (http://docs.pylonsproject.org/projects/pyramid_cookbook/en/latest/deployment/gae.html).
+  Rationale: it provides the correct info for the Python 2.5 version of GAE
+  only, and this version of Pyramid does not support Python 2.5.
+
+1.3a2 (2011-12-14)
+==================
+
+Features
+--------
+
+- New API: ``pyramid.view.view_defaults``. If you use a class as a view, you
+  can use the new ``view_defaults`` class decorator on the class to provide
+  defaults to the view configuration information used by every
+  ``@view_config`` decorator that decorates a method of that class.  It also
+  works against view configurations involving a class made imperatively.
+
+- Added a backwards compatibility knob to ``pcreate`` to emulate ``paster
+  create`` handling for the ``--list-templates`` option.
+
+- Changed scaffolding machinery around a bit to make it easier for people who
+  want to have extension scaffolds that can work across Pyramid 1.0.X, 1.1.X,
+  1.2.X and 1.3.X.  See the new "Creating Pyramid Scaffolds" chapter in the
+  narrative documentation for more info.
+
+Documentation
+-------------
+
+- Added documentation to "View Configuration" narrative documentation chapter
+  about ``view_defaults`` class decorator.
+
+- Added API docs for ``view_defaults`` class decorator.
+
+- Added an API docs chapter for ``pyramid.scaffolds``.
+
+- Added a narrative docs chapter named "Creating Pyramid Scaffolds".
+
+Backwards Incompatibilities
+---------------------------
+
+- The ``template_renderer`` method of ``pyramid.scaffolds.PyramidScaffold``
+  was renamed to ``render_template``.  If you were overriding it, you're a
+  bad person, because it wasn't an API before now.  But we're nice so we're
+  letting you know.
+
+1.3a1 (2011-12-09)
+==================
+
+Features
+--------
+
+- Python 3.2 compatibility.
+
+- New ``pyramid.compat`` module and API documentation which provides Python
+  2/3 straddling support for Pyramid add-ons and development environments.
+
+- A ``mako.directories`` setting is no longer required to use Mako templates
+  Rationale: Mako template renderers can be specified using an absolute asset
+  spec.  An entire application can be written with such asset specs,
+  requiring no ordered lookup path.
+
+- ``bpython`` interpreter compatibility in ``pshell``.  See the "Command-Line
+  Pyramid" narrative docs chapter for more information.
+
+- Added ``get_appsettings`` API function to the ``pyramid.paster`` module.
+  This function returns the settings defined within an ``[app:...]`` section
+  in a PasteDeploy ini file.
+
+- Added ``setup_logging`` API function to the ``pyramid.paster`` module.
+  This function sets up Python logging according to the logging configuration
+  in a PasteDeploy ini file.
+
+- Configuration conflict reporting is reported in a more understandable way
+  ("Line 11 in file..." vs. a repr of a tuple of similar info).
+
+- A configuration introspection system was added; see the narrative
+  documentation chapter entitled "Pyramid Configuration Introspection" for
+  more information.  New APIs: ``pyramid.registry.Introspectable``,
+  ``pyramid.config.Configurator.introspector``,
+  ``pyramid.config.Configurator.introspectable``,
+  ``pyramid.registry.Registry.introspector``.
+
+- Allow extra keyword arguments to be passed to the
+  ``pyramid.config.Configurator.action`` method.
+
+- New APIs: ``pyramid.path.AssetResolver`` and
+  ``pyramid.path.DottedNameResolver``.  The former can be used to resolve
+  asset specifications, the latter can be used to resolve dotted names to
+  modules or packages.
+
+Bug Fixes
+---------
+
+- Make test suite pass on 32-bit systems; closes #286.  closes #306.
+  See also https://github.com/Pylons/pyramid/issues/286
+
+- The ``pyramid.view.view_config`` decorator did not accept a ``match_params``
+  predicate argument.  See https://github.com/Pylons/pyramid/pull/308
+
+- The AuthTktCookieHelper could potentially generate Unicode headers
+  inappropriately when the ``tokens`` argument to remember was used.  See 
+  https://github.com/Pylons/pyramid/pull/314.
+
+- The AuthTktAuthenticationPolicy did not use a timing-attack-aware string
+  comparator.  See https://github.com/Pylons/pyramid/pull/320 for more info.
+
+- The DummySession in ``pyramid.testing`` now generates a new CSRF token if
+  one doesn't yet exist.
+
+- ``request.static_url`` now generates URL-quoted URLs when fed a ``path``
+  argument which contains characters that are unsuitable for URLs.  See
+  https://github.com/Pylons/pyramid/issues/349 for more info.
+
+- Prevent a scaffold rendering from being named ``site`` (conflicts with
+  Python internal site.py).
+
+- Support for using instances as targets of the ``pyramid.wsgi.wsgiapp`` and
+  ``pryramid.wsgi.wsgiapp2`` functions.
+  See https://github.com/Pylons/pyramid/pull/370 for more info.
+
+Backwards Incompatibilities
+---------------------------
+
+- Pyramid no longer runs on Python 2.5 (which includes the most recent
+  release of Jython and the Python 2.5 version of GAE as of this writing).
+
+- The ``paster`` command is no longer the documented way to create projects,
+  start the server, or run debugging commands.  To create projects from
+  scaffolds, ``paster create`` is replaced by the ``pcreate`` console script.
+  To serve up a project, ``paster serve`` is replaced by the ``pserve``
+  console script.  New console scripts named ``pshell``, ``pviews``,
+  ``proutes``, and ``ptweens`` do what their ``paster <commandname>``
+  equivalents used to do.  Rationale: the Paste and PasteScript packages do
+  not run under Python 3.
+
+- The default WSGI server run as the result of ``pserve`` from newly rendered
+  scaffolding is now the ``wsgiref`` WSGI server instead of the
+  ``paste.httpserver`` server.  Rationale: Rationale: the Paste and
+  PasteScript packages do not run under Python 3.
+
+- The ``pshell`` command (see "paster pshell") no longer accepts a
+  ``--disable-ipython`` command-line argument.  Instead, it accepts a ``-p``
+  or ``--python-shell`` argument, which can be any of the values ``python``,
+  ``ipython`` or ``bpython``.
+
+- Removed the ``pyramid.renderers.renderer_from_name`` function.  It has been
+  deprecated since Pyramid 1.0, and was never an API.
+
+- To use ZCML with versions of Pyramid >= 1.3, you will need ``pyramid_zcml``
+  version >= 0.8 and ``zope.configuration`` version >= 3.8.0.  The
+  ``pyramid_zcml`` package version 0.8 is backwards compatible all the way to
+  Pyramid 1.0, so you won't be warned if you have older versions installed
+  and upgrade Pyramid "in-place"; it may simply break instead.
+
+Dependencies
+------------
+
+- Pyramid no longer depends on the ``zope.component`` package, except as a
+  testing dependency.
+
+- Pyramid now depends on a zope.interface>=3.8.0, WebOb>=1.2dev,
+  repoze.lru>=0.4, zope.deprecation>=3.5.0, translationstring>=0.4 (for
+  Python 3 compatibility purposes).  It also, as a testing dependency,
+  depends on WebTest>=1.3.1 for the same reason.
+
+- Pyramid no longer depends on the Paste or PasteScript packages.
+
+Documentation
+-------------
+
+- The SQLAlchemy Wiki tutorial has been updated.  It now uses
+  ``@view_config`` decorators and an explicit database population script.
+
+- Minor updates to the ZODB Wiki tutorial.
+
+- A narrative documentation chapter named "Extending Pyramid Configuration"
+  was added; it describes how to add a new directive, and how use the
+  ``pyramid.config.Configurator.action`` method within custom directives.  It
+  also describes how to add introspectable objects.
+
+- A narrative documentation chapter named "Pyramid Configuration
+  Introspection" was added.  It describes how to query the introspection
+  system.
+
+Scaffolds
+---------
+
+- Rendered scaffolds have now been changed to be more relocatable (fewer
+  mentions of the package name within files in the package).
+
+- The ``routesalchemy`` scaffold has been renamed ``alchemy``, replacing the
+  older (traversal-based) ``alchemy`` scaffold (which has been retired).
+
+- The ``starter`` scaffold now uses URL dispatch by default.
+
+1.2 (2011-09-12)
+================
+
+Features
+--------
+
+- Route pattern replacement marker names can now begin with an underscore.
+  See https://github.com/Pylons/pyramid/issues/276.
+
+1.2b3 (2011-09-11)
+==================
+
+Bug Fixes
+---------
+
+- The route prefix was not taken into account when a static view was added in
+  an "include".  See https://github.com/Pylons/pyramid/issues/266 .
+
+1.2b2 (2011-09-08)
+==================
+
+Bug Fixes
+---------
+
+- The 1.2b1 tarball was a brownbag (particularly for Windows users) because
+  it contained filenames with stray quotation marks in inappropriate places.
+  We depend on ``setuptools-git`` to produce release tarballs, and when it
+  was run to produce the 1.2b1 tarball, it didn't yet cope well with files
+  present in git repositories with high-order characters in their filenames.
+
+Documentation
+-------------
+
+- Minor tweaks to the "Introduction" narrative chapter example app and
+  wording.
+
+1.2b1 (2011-09-08)
+==================
+
+Bug Fixes
+---------
+
+- Sometimes falling back from territory translations (``de_DE``) to language
+  translations (``de``) would not work properly when using a localizer.  See
+  https://github.com/Pylons/pyramid/issues/263
+
+- The static file serving machinery could not serve files that started with a
+  ``.`` (dot) character.
+
+- Static files with high-order (super-ASCII) characters in their names could
+  not be served by a static view.  The static file serving machinery
+  inappropriately URL-quoted path segments in filenames when asking for files
+  from the filesystem.
+
+- Within ``pyramid.traversal.traversal_path`` , canonicalize URL segments
+  from UTF-8 to Unicode before checking whether a segment matches literally
+  one of ``.``, the empty string, or ``..`` in case there's some sneaky way
+  someone might tunnel those strings via UTF-8 that don't match the literals
+  before decoded.
+
+Documentation
+-------------
+
+- Added a "What Makes Pyramid Unique" section to the Introduction narrative
+  chapter.
+
+1.2a6 (2011-09-06)
+==================
+
+Bug Fixes
+---------
+
+- AuthTktAuthenticationPolicy with a ``reissue_time`` interfered with logout.
+  See https://github.com/Pylons/pyramid/issues/262.
+
+Internal
+--------
+
+- Internalize code previously depended upon as imports from the
+  ``paste.auth`` module (futureproof).
+
+- Replaced use of ``paste.urlparser.StaticURLParser`` with a derivative of
+  Chris Rossi's "happy" static file serving code (futureproof).
+
+- Fixed test suite; on some systems tests would fail due to indeterminate
+  test run ordering and a double-push-single-pop of a shared test variable.
+
+Behavior Differences
+--------------------
+
+- An ETag header is no longer set when serving a static file.  A
+  Last-Modified header is set instead.
+
+- Static file serving no longer supports the ``wsgi.file_wrapper`` extension.
+
+- Instead of returning a ``403 Forbidden`` error when a static file is served
+  that cannot be accessed by the Pyramid process' user due to file
+  permissions, an IOError (or similar) will be raised.
+
+Scaffolds
+---------
+
+- All scaffolds now send the ``cache_max_age`` parameter to the
+  ``add_static_view`` method.
+
+1.2a5 (2011-09-04)
+==================
+
+Bug Fixes
+---------
+
+- The ``route_prefix`` of a configurator was not properly taken into account
+  when registering routes in certain circumstances.  See
+  https://github.com/Pylons/pyramid/issues/260
+
+Dependencies
+------------
+
+- The ``zope.configuration`` package is no longer a dependency.
+
+1.2a4 (2011-09-02)
+==================
+
+Features
+--------
+
+- Support an ``onerror`` keyword argument to
+  ``pyramid.config.Configurator.scan()``.  This onerror keyword argument is
+  passed to ``venusian.Scanner.scan()`` to influence error behavior when
+  an exception is raised during scanning.
+
+- The ``request_method`` predicate argument to
+  ``pyramid.config.Configurator.add_view`` and
+  ``pyramid.config.Configurator.add_route`` is now permitted to be a tuple of
+  HTTP method names.  Previously it was restricted to being a string
+  representing a single HTTP method name.
+
+- Undeprecated ``pyramid.traversal.find_model``,
+  ``pyramid.traversal.model_path``, ``pyramid.traversal.model_path_tuple``,
+  and ``pyramid.url.model_url``, which were all deprecated in Pyramid 1.0.
+  There's just not much cost to keeping them around forever as aliases to
+  their renamed ``resource_*`` prefixed functions.
+
+- Undeprecated ``pyramid.view.bfg_view``, which was deprecated in Pyramid
+  1.0.  This is a low-cost alias to ``pyramid.view.view_config`` which we'll
+  just keep around forever.
+
+Dependencies
+------------
+
+- Pyramid now requires Venusian 1.0a1 or better to support the ``onerror``
+  keyword argument to ``pyramid.config.Configurator.scan``.
+
+1.2a3 (2011-08-29)
+==================
+
+Bug Fixes
+---------
+
+- Pyramid did not properly generate static URLs using
+  ``pyramid.url.static_url`` when passed a caller-package relative path due
+  to a refactoring done in 1.2a1.
+
+- The ``settings`` object emitted a deprecation warning any time
+  ``__getattr__`` was called upon it.  However, there are legitimate
+  situations in which ``__getattr__`` is called on arbitrary objects
+  (e.g. ``hasattr``).  Now, the ``settings`` object only emits the warning
+  upon successful lookup.
+
+Internal
+--------
+
+- Use ``config.with_package`` in view_config decorator rather than
+  manufacturing a new renderer helper (cleanup).
+
+1.2a2 (2011-08-27)
+==================
+
+Bug Fixes
+---------
+
+- When a ``renderers=`` argument is not specified to the Configurator
+  constructor, eagerly register and commit the default renderer set.  This
+  permits the overriding of the default renderers, which was broken in 1.2a1
+  without a commit directly after Configurator construction.
+
+- Mako rendering exceptions had the wrong value for an error message.
+
+- An include could not set a root factory successfully because the
+  Configurator constructor unconditionally registered one that would be
+  treated as if it were "the word of the user".
+
+Features
+--------
+
+- A session factory can now be passed in using the dotted name syntax.
+
+1.2a1 (2011-08-24)
+==================
+
+Features
+--------
+
+- The ``[pshell]`` section in an ini configuration file now treats a
+  ``setup`` key as a dotted name that points to a callable that is passed the
+  bootstrap environment.  It can mutate the environment as necessary for
+  great justice.
+
+- A new configuration setting named ``pyramid.includes`` is now available.
+  It is described in the "Environment Variables and ``.ini`` Files Settings"
+  narrative documentation chapter.
+
+- Added a ``route_prefix`` argument to the
+  ``pyramid.config.Configurator.include`` method.  This argument allows you
+  to compose URL dispatch applications together.  See the section entitled
+  "Using a Route Prefix to Compose Applications" in the "URL Dispatch"
+  narrative documentation chapter.
+
+- Added a ``pyramid.security.NO_PERMISSION_REQUIRED`` constant for use in
+  ``permission=`` statements to view configuration.  This constant has a
+  value of the string ``__no_permission_required__``.  This string value was
+  previously referred to in documentation; now the documentation uses the
+  constant.
+
+- Added a decorator-based way to configure a response adapter:
+  ``pyramid.response.response_adapter``.  This decorator has the same use as
+  ``pyramid.config.Configurator.add_response_adapter`` but it's declarative.
+
+- The ``pyramid.events.BeforeRender`` event now has an attribute named
+  ``rendering_val``.  This can be used to introspect the value returned by a
+  view in a BeforeRender subscriber.
+
+- New configurator directive: ``pyramid.config.Configurator.add_tween``.
+  This directive adds a "tween".  A "tween" is used to wrap the Pyramid
+  router's primary request handling function.  This is a feature may be used
+  by Pyramid framework extensions, to provide, for example, view timing
+  support and as a convenient place to hang bookkeeping code.
+
+  Tweens are further described in the narrative docs section in the Hooks
+  chapter, named "Registering Tweens".
+
+- New paster command ``paster ptweens``, which prints the current "tween"
+  configuration for an application.  See the section entitled "Displaying
+  Tweens" in the Command-Line Pyramid chapter of the narrative documentation
+  for more info.
+
+- The Pyramid debug logger now uses the standard logging configuration
+  (usually set up by Paste as part of startup).  This means that output from
+  e.g. ``debug_notfound``, ``debug_authorization``, etc. will go to the
+  normal logging channels.  The logger name of the debug logger will be the
+  package name of the *caller* of the Configurator's constructor.
+
+- A new attribute is available on request objects: ``exc_info``.  Its value
+  will be ``None`` until an exception is caught by the Pyramid router, after
+  which it will be the result of ``sys.exc_info()``.
+
+- ``pyramid.testing.DummyRequest`` now implements the
+  ``add_finished_callback`` and ``add_response_callback`` methods.
+
+- New methods of the ``pyramid.config.Configurator`` class:
+  ``set_authentication_policy`` and ``set_authorization_policy``.  These are
+  meant to be consumed mostly by add-on authors.
+
+- New Configurator method: ``set_root_factory``.
+
+- Pyramid no longer eagerly commits some default configuration statements at
+  Configurator construction time, which permits values passed in as
+  constructor arguments (e.g. ``authentication_policy`` and
+  ``authorization_policy``) to override the same settings obtained via an
+  "include".
+
+- Better Mako rendering exceptions via
+  ``pyramid.mako_templating.MakoRenderingException``
+
+- New request methods: ``current_route_url``, ``current_route_path``, and
+  ``static_path``.
+
+- New functions in ``pyramid.url``: ``current_route_path`` and
+  ``static_path``.
+
+- The ``pyramid.request.Request.static_url`` API (and its brethren
+  ``pyramid.request.Request.static_path``, ``pyramid.url.static_url``, and
+  ``pyramid.url.static_path``) now accept an asbolute filename as a "path"
+  argument.  This will generate a URL to an asset as long as the filename is
+  in a directory which was previously registered as a static view.
+  Previously, trying to generate a URL to an asset using an absolute file
+  path would raise a ValueError.
+
+- The ``RemoteUserAuthenticationPolicy ``, ``AuthTktAuthenticationPolicy``,
+  and ``SessionAuthenticationPolicy`` constructors now accept an additional
+  keyword argument named ``debug``.  By default, this keyword argument is
+  ``False``.  When it is ``True``, debug information will be sent to the
+  Pyramid debug logger (usually on stderr) when the ``authenticated_userid``
+  or ``effective_principals`` method is called on any of these policies.  The
+  output produced can be useful when trying to diagnose
+  authentication-related problems.
+
+- New view predicate: ``match_param``.  Example: a view added via
+  ``config.add_view(aview, match_param='action=edit')`` will be called only
+  when the ``request.matchdict`` has a value inside it named ``action`` with
+  a value of ``edit``.
+
+Internal
+--------
+
+- The Pyramid "exception view" machinery is now implemented as a "tween"
+  (``pyramid.tweens.excview_tween_factory``).
+
+- WSGIHTTPException (HTTPFound, HTTPNotFound, etc) now has a new API named
+  "prepare" which renders the body and content type when it is provided with
+  a WSGI environ.  Required for debug toolbar.
+
+- Once ``__call__`` or ``prepare`` is called on a WSGIHTTPException, the body
+  will be set, and subsequent calls to ``__call__`` will always return the
+  same body.  Delete the body attribute to rerender the exception body.
+
+- Previously the ``pyramid.events.BeforeRender`` event *wrapped* a dictionary
+  (it addressed it as its ``_system`` attribute).  Now it *is* a dictionary
+  (it inherits from ``dict``), and it's the value that is passed to templates
+  as a top-level dictionary.
+
+- The ``route_url``, ``route_path``, ``resource_url``, ``static_url``, and
+  ``current_route_url`` functions in the ``pyramid.url`` package now delegate
+  to a method on the request they've been passed, instead of the other way
+  around.  The pyramid.request.Request object now inherits from a mixin named
+  pyramid.url.URLMethodsMixin to make this possible, and all url/path
+  generation logic is embedded in this mixin.
+
+- Refactor ``pyramid.config`` into a package.
+
+- Removed the ``_set_security_policies`` method of the Configurator.
+
+- Moved the ``StaticURLInfo`` class from ``pyramid.static`` to
+  ``pyramid.config.views``.
+
+- Move the ``Settings`` class from ``pyramid.settings`` to
+  ``pyramid.config.settings``.
+
+- Move the ``OverrideProvider``, ``PackageOverrides``, ``DirectoryOverride``,
+  and ``FileOverride`` classes from ``pyramid.asset`` to
+  ``pyramid.config.assets``.
+
+Deprecations
+------------
+
+- All Pyramid-related deployment settings (e.g. ``debug_all``,
+  ``debug_notfound``) are now meant to be prefixed with the prefix
+  ``pyramid.``.  For example: ``debug_all`` -> ``pyramid.debug_all``.  The
+  old non-prefixed settings will continue to work indefinitely but supplying
+  them may eventually print a deprecation warning.  All scaffolds and
+  tutorials have been changed to use prefixed settings.
+
+- The ``settings`` dictionary now raises a deprecation warning when you
+  attempt to access its values via ``__getattr__`` instead of
+  via ``__getitem__``.
+
+Backwards Incompatibilities
+---------------------------
+
+- If a string is passed as the ``debug_logger`` parameter to a Configurator,
+  that string is considered to be the name of a global Python logger rather
+  than a dotted name to an instance of a logger.
+
+- The ``pyramid.config.Configurator.include`` method now accepts only a
+  single ``callable`` argument (a sequence of callables used to be
+  permitted).  If you are passing more than one ``callable`` to
+  ``pyramid.config.Configurator.include``, it will break.  You now must now
+  instead make a separate call to the method for each callable.  This change
+  was introduced to support the ``route_prefix`` feature of include.
+
+- It may be necessary to more strictly order configuration route and view
+  statements when using an "autocommitting" Configurator.  In the past, it
+  was possible to add a view which named a route name before adding a route
+  with that name when you used an autocommitting configurator.  For example::
+
+    config = Configurator(autocommit=True)
+    config.add_view('my.pkg.someview', route_name='foo')
+    config.add_route('foo', '/foo')
+
+  The above will raise an exception when the view attempts to add itself.
+  Now you must add the route before adding the view::
+
+    config = Configurator(autocommit=True)
+    config.add_route('foo', '/foo')
+    config.add_view('my.pkg.someview', route_name='foo')
+
+  This won't effect "normal" users, only people who have legacy BFG codebases
+  that used an autommitting configurator and possibly tests that use the
+  configurator API (the configurator returned by ``pyramid.testing.setUp`` is
+  an autocommitting configurator).  The right way to get around this is to
+  use a non-autocommitting configurator (the default), which does not have
+  these directive ordering requirements.
+
+- The ``pyramid.config.Configurator.add_route`` directive no longer returns a
+  route object.  This change was required to make route vs. view
+  configuration processing work properly.
+
+Documentation
+-------------
+
+- Narrative and API documentation which used the ``route_url``,
+  ``route_path``, ``resource_url``, ``static_url``, and ``current_route_url``
+  functions in the ``pyramid.url`` package have now been changed to use
+  eponymous methods of the request instead.
+
+- Added a section entitled "Using a Route Prefix to Compose Applications" to
+  the "URL Dispatch" narrative documentation chapter.
+
+- Added a new module to the API docs: ``pyramid.tweens``.
+
+- Added a "Registering Tweens" section to the "Hooks" narrative chapter.
+
+- Added a "Displaying Tweens" section to the "Command-Line Pyramid" narrative
+  chapter.
+
+- Added documentation for the ``pyramid.tweens`` and ``pyramid.includes``
+  configuration settings to the "Environment Variables and ``.ini`` Files
+  Settings" chapter.
+
+- Added a Logging chapter to the narrative docs (based on the Pylons logging
+  docs, thanks Phil).
+
+- Added a Paste chapter to the narrative docs (moved content from the Project
+  chapter).
+
+- Added the ``pyramid.interfaces.IDict`` interface representing the methods
+  of a dictionary, for documentation purposes only (IMultiDict and
+  IBeforeRender inherit from it).
+
+- All tutorials now use - The ``route_url``, ``route_path``,
+  ``resource_url``, ``static_url``, and ``current_route_url`` methods of the
+  request rather than the function variants imported from ``pyramid.url``.
+
+- The ZODB wiki tutorial now uses the ``pyramid_zodbconn`` package rather
+  than the ``repoze.zodbconn`` package to provide ZODB integration.
+
+Dependency Changes
+------------------
+
+- Pyramid now relies on PasteScript >= 1.7.4.  This version contains a
+  feature important for allowing flexible logging configuration.
+
+Scaffolds
+----------
+
+- All scaffolds now use the ``pyramid_tm`` package rather than the
+  ``repoze.tm2`` middleware to manage transaction management.
+
+- The ZODB scaffold now uses the ``pyramid_zodbconn`` package rather than the
+  ``repoze.zodbconn`` package to provide ZODB integration.
+
+- All scaffolds now use the ``pyramid_debugtoolbar`` package rather than the
+  ``WebError`` package to provide interactive debugging features.
+
+- Projects created via a scaffold no longer depend on the ``WebError``
+  package at all; configuration in the ``production.ini`` file which used to
+  require its ``error_catcher`` middleware has been removed.  Configuring
+  error catching / email sending is now the domain of the ``pyramid_exclog``
+  package (see http://docs.pylonsproject.org/projects/pyramid_exclog/en/latest/).
+
+Bug Fixes
+---------
+
+- Fixed an issue with the default renderer not working at certain times.  See
+  https://github.com/Pylons/pyramid/issues/249
+
+
+1.1 (2011-07-22)
+================
+
+Features
+--------
+
+- Added the ``pyramid.renderers.null_renderer`` object as an API.  The null
+  renderer is an object that can be used in advanced integration cases as
+  input to the view configuration ``renderer=`` argument.  When the null
+  renderer is used as a view renderer argument, Pyramid avoids converting the
+  view callable result into a Response object.  This is useful if you want to
+  reuse the view configuration and lookup machinery outside the context of
+  its use by the Pyramid router.  This feature was added for consumption by
+  the ``pyramid_rpc`` package, which uses view configuration and lookup
+  outside the context of a router in exactly this way.  ``pyramid_rpc`` has
+  been broken under 1.1 since 1.1b1; adding it allows us to make it work
+  again.
+
+- Change all scaffolding templates that point to docs.pylonsproject.org to
+  use ``/projects/pyramid/current`` rather than ``/projects/pyramid/dev``.
+
+Internals
+---------
+
+- Remove ``compat`` code that served only the purpose of providing backwards
+  compatibility with Python 2.4.
+
+- Add a deprecation warning for non-API function
+  ``pyramid.renderers.renderer_from_name`` which has seen use in the wild.
+
+- Add a ``clone`` method to ``pyramid.renderers.RendererHelper`` for use by
+  the ``pyramid.view.view_config`` decorator.
+
+Documentation
+-------------
+
+- Fixed two typos in wiki2 (SQLA + URL Dispatch) tutorial.
+
+- Reordered chapters in narrative section for better new user friendliness.
+
+- Added more indexing markers to sections in documentation.
+
+1.1b4 (2011-07-18)
+==================
+
+Documentation
+-------------
+
+- Added a section entitled "Writing a Script" to the "Command-Line Pyramid"
+  chapter.
+
+Backwards Incompatibilities
+---------------------------
+
+- We added the ``pyramid.scripting.make_request`` API too hastily in 1.1b3.
+  It has been removed.  Sorry for any inconvenience.  Use the
+  ``pyramid.request.Request.blank`` API instead.
+
+Features
+--------
+
+- The ``paster pshell``, ``paster pviews``, and ``paster proutes`` commands
+  each now under the hood uses ``pyramid.paster.bootstrap``, which makes it
+  possible to supply an ``.ini`` file without naming the "right" section in
+  the file that points at the actual Pyramid application.  Instead, you can
+  generally just run ``paster {pshell|proutes|pviews} development.ini`` and
+  it will do mostly the right thing.
+
+Bug Fixes
+---------
+
+- Omit custom environ variables when rendering a custom exception template in
+  ``pyramid.httpexceptions.WSGIHTTPException._set_default_attrs``;
+  stringifying thse may trigger code that should not be executed; see
+  https://github.com/Pylons/pyramid/issues/239
+
+1.1b3 (2011-07-15)
+==================
+
+Features
+--------
+
+- Fix corner case to ease semifunctional testing of views: create a new
+  rendererinfo to clear out old registry on a rescan.  See
+  https://github.com/Pylons/pyramid/pull/234.
+
+- New API class: ``pyramid.static.static_view``.  This supersedes the
+  deprecated ``pyramid.view.static`` class.  ``pyramid.static.static_view``
+  by default serves up documents as the result of the request's
+  ``path_info``, attribute rather than it's ``subpath`` attribute (the
+  inverse was true of ``pyramid.view.static``, and still is).
+  ``pyramid.static.static_view`` exposes a ``use_subpath`` flag for use when
+  you want the static view to behave like the older deprecated version.
+
+- A new API function ``pyramid.paster.bootstrap`` has been added to make
+  writing scripts that bootstrap a Pyramid environment easier, e.g.::
+
+      from pyramid.paster import bootstrap
+      info = bootstrap('/path/to/my/development.ini')
+      request = info['request']
+      print request.route_url('myroute')
+
+- A new API function ``pyramid.scripting.prepare`` has been added.  It is a
+  lower-level analogue of ``pyramid.paster.boostrap`` that accepts a request
+  and a registry instead of a config file argument, and is used for the same
+  purpose::
+
+      from pyramid.scripting import prepare
+      info = prepare(registry=myregistry)
+      request = info['request']
+      print request.route_url('myroute')
+
+- A new API function ``pyramid.scripting.make_request`` has been added.  The
+  resulting request will have a ``registry`` attribute.  It is meant to be
+  used in conjunction with ``pyramid.scripting.prepare`` and/or
+  ``pyramid.paster.bootstrap`` (both of which accept a request as an
+  argument)::
+
+      from pyramid.scripting import make_request
+      request = make_request('/')
+
+- New API attribute ``pyramid.config.global_registries`` is an iterable
+  object that contains references to every Pyramid registry loaded into the
+  current process via ``pyramid.config.Configurator.make_app``.  It also has
+  a ``last`` attribute containing the last registry loaded.  This is used by
+  the scripting machinery, and is available for introspection.
+
+Deprecations
+------------
+
+- The ``pyramid.view.static`` class has been deprecated in favor of the newer
+  ``pyramid.static.static_view`` class.  A deprecation warning is raised when
+  it is used.  You should replace it with a reference to
+  ``pyramid.static.static_view`` with the ``use_subpath=True`` argument.
+
+Bug Fixes
+---------
+
+- Without a mo-file loaded for the combination of domain/locale,
+  ``pyramid.i18n.Localizer.pluralize`` run using that domain/locale
+  combination raised an inscrutable "translations object has no attr
+  'plural'" error.  Now, instead it "works" (it uses a germanic pluralization
+  by default).  It's nonsensical to try to pluralize something without
+  translations for that locale/domain available, but this behavior matches
+  the behavior of ``pyramid.i18n.Localizer.translate`` so it's at least
+  consistent; see https://github.com/Pylons/pyramid/issues/235.
+
+1.1b2 (2011-07-13)
+==================
+
+Features
+--------
+
+- New environment setting ``PYRAMID_PREVENT_HTTP_CACHE`` and new
+  configuration file value ``prevent_http_cache``.  These are synomymous and
+  allow you to prevent HTTP cache headers from being set by Pyramid's
+  ``http_cache`` machinery globally in a process.  see the "Influencing HTTP
+  Caching" section of the "View Configuration" narrative chapter and the
+  detailed documentation for this setting in the "Environment Variables and
+  Configuration Settings" narrative chapter.
+
+Behavior Changes
+----------------
+
+- Previously, If a ``BeforeRender`` event subscriber added a value via the
+  ``__setitem__`` or ``update`` methods of the event object with a key that
+  already existed in the renderer globals dictionary, a ``KeyError`` was
+  raised.  With the deprecation of the "add_renderer_globals" feature of the
+  configurator, there was no way to override an existing value in the
+  renderer globals dictionary that already existed.  Now, the event object
+  will overwrite an older value that is already in the globals dictionary
+  when its ``__setitem__`` or ``update`` is called (as well as the new
+  ``setdefault`` method), just like a plain old dictionary.  As a result, for
+  maximum interoperability with other third-party subscribers, if you write
+  an event subscriber meant to be used as a BeforeRender subscriber, your
+  subscriber code will now need to (using ``.get`` or ``__contains__`` of the
+  event object) ensure no value already exists in the renderer globals
+  dictionary before setting an overriding value.
+
+Bug Fixes
+---------
+
+- The ``Configurator.add_route`` method allowed two routes with the same
+  route to be added without an intermediate ``config.commit()``.  If you now
+  receive a ``ConfigurationError`` at startup time that appears to be
+  ``add_route`` related, you'll need to either a) ensure that all of your
+  route names are unique or b) call ``config.commit()`` before adding a
+  second route with the name of a previously added name or c) use a
+  Configurator that works in ``autocommit`` mode.
+
+- The ``pyramid_routesalchemy`` and ``pyramid_alchemy`` scaffolds
+  inappropriately used ``DBSession.rollback()`` instead of
+  ``transaction.abort()`` in one place.
+
+- We now clear ``request.response`` before we invoke an exception view; an
+  exception view will be working with a request.response that has not been
+  touched by any code prior to the exception.
+
+- Views associated with routes with spaces in the route name may not have
+  been looked up correctly when using Pyramid with ``zope.interface`` 3.6.4
+  and better.  See https://github.com/Pylons/pyramid/issues/232.
+
+Documentation
+-------------
+
+- Wiki2 (SQLAlchemy + URL Dispatch) tutorial ``models.initialize_sql`` didn't
+  match the ``pyramid_routesalchemy`` scaffold function of the same name; it
+  didn't get synchronized when it was changed in the scaffold.
+
+- New documentation section in View Configuration narrative chapter:
+  "Influencing HTTP Caching".
+
+1.1b1 (2011-07-10)
+==================
+
+Features
+--------
+
+- It is now possible to invoke ``paster pshell`` even if the paste ini file
+  section name pointed to in its argument is not actually a Pyramid WSGI
+  application.  The shell will work in a degraded mode, and will warn the
+  user.  See "The Interactive Shell" in the "Creating a Pyramid Project"
+  narrative documentation section.
+
+- ``paster pshell`` now offers more built-in global variables by default
+  (including ``app`` and ``settings``).  See "The Interactive Shell" in the
+  "Creating a Pyramid Project" narrative documentation section.
+
+- It is now possible to add a ``[pshell]`` section to your application's .ini
+  configuration file, which influences the global names available to a pshell
+  session.  See "Extending the Shell" in the "Creating a Pyramid Project"
+  narrative documentation chapter.
+
+- The ``config.scan`` method has grown a ``**kw`` argument.  ``kw`` argument
+  represents a set of keyword arguments to pass to the Venusian ``Scanner``
+  object created by Pyramid.  (See the Venusian documentation for more
+  information about ``Scanner``).
+
+- New request property: ``json_body``. This property will return the
+  JSON-decoded variant of the request body.  If the request body is not
+  well-formed JSON, this property will raise an exception.
+
+- A new value ``http_cache`` can be used as a view configuration
+  parameter.
+
+  When you supply an ``http_cache`` value to a view configuration, the
+  ``Expires`` and ``Cache-Control`` headers of a response generated by the
+  associated view callable are modified.  The value for ``http_cache`` may be
+  one of the following:
+
+  - A nonzero integer.  If it's a nonzero integer, it's treated as a number
+    of seconds.  This number of seconds will be used to compute the
+    ``Expires`` header and the ``Cache-Control: max-age`` parameter of
+    responses to requests which call this view.  For example:
+    ``http_cache=3600`` instructs the requesting browser to 'cache this
+    response for an hour, please'.
+
+  - A ``datetime.timedelta`` instance.  If it's a ``datetime.timedelta``
+    instance, it will be converted into a number of seconds, and that number
+    of seconds will be used to compute the ``Expires`` header and the
+    ``Cache-Control: max-age`` parameter of responses to requests which call
+    this view.  For example: ``http_cache=datetime.timedelta(days=1)``
+    instructs the requesting browser to 'cache this response for a day,
+    please'.
+
+  - Zero (``0``).  If the value is zero, the ``Cache-Control`` and
+    ``Expires`` headers present in all responses from this view will be
+    composed such that client browser cache (and any intermediate caches) are
+    instructed to never cache the response.
+
+  - A two-tuple.  If it's a two tuple (e.g. ``http_cache=(1,
+    {'public':True})``), the first value in the tuple may be a nonzero
+    integer or a ``datetime.timedelta`` instance; in either case this value
+    will be used as the number of seconds to cache the response.  The second
+    value in the tuple must be a dictionary.  The values present in the
+    dictionary will be used as input to the ``Cache-Control`` response
+    header.  For example: ``http_cache=(3600, {'public':True})`` means 'cache
+    for an hour, and add ``public`` to the Cache-Control header of the
+    response'.  All keys and values supported by the
+    ``webob.cachecontrol.CacheControl`` interface may be added to the
+    dictionary.  Supplying ``{'public':True}`` is equivalent to calling
+    ``response.cache_control.public = True``.
+
+  Providing a non-tuple value as ``http_cache`` is equivalent to calling
+  ``response.cache_expires(value)`` within your view's body.
+
+  Providing a two-tuple value as ``http_cache`` is equivalent to calling
+  ``response.cache_expires(value[0], **value[1])`` within your view's body.
+
+  If you wish to avoid influencing, the ``Expires`` header, and instead wish
+  to only influence ``Cache-Control`` headers, pass a tuple as ``http_cache``
+  with the first element of ``None``, e.g.: ``(None, {'public':True})``.
+
+Bug Fixes
+---------
+
+- Framework wrappers of the original view (such as http_cached and so on)
+  relied on being able to trust that the response they were receiving was an
+  IResponse.  It wasn't always, because the response was resolved by the
+  router instead of early in the view wrapping process.  This has been fixed.
+
+Documentation
+-------------
+
+- Added a section in the "Webob" chapter named "Dealing With A JSON-Encoded
+  Request Body" (usage of ``request.json_body``).
+
+Behavior Changes
+----------------
+
+- The ``paster pshell``, ``paster proutes``, and ``paster pviews`` commands
+  now take a single argument in the form ``/path/to/config.ini#sectionname``
+  rather than the previous 2-argument spelling ``/path/to/config.ini
+  sectionname``.  ``#sectionname`` may be omitted, in which case ``#main`` is
+  assumed.
+
+1.1a4 (2011-07-01)
+==================
+
+Bug Fixes
+---------
+
+- ``pyramid.testing.DummyRequest`` now raises deprecation warnings when
+  attributes deprecated for ``pyramid.request.Request`` are accessed (like
+  ``response_content_type``).  This is for the benefit of folks running unit
+  tests which use DummyRequest instead of a "real" request, so they know
+  things are deprecated without necessarily needing a functional test suite.
+
+- The ``pyramid.events.subscriber`` directive behaved contrary to the
+  documentation when passed more than one interface object to its
+  constructor.  For example, when the following listener was registered::
+
+     @subscriber(IFoo, IBar)
+     def expects_ifoo_events_and_ibar_events(event):
+         print event
+
+  The Events chapter docs claimed that the listener would be registered and
+  listening for both ``IFoo`` and ``IBar`` events.  Instead, it registered an
+  "object event" subscriber which would only be called if an IObjectEvent was
+  emitted where the object interface was ``IFoo`` and the event interface was
+  ``IBar``.
+
+  The behavior now matches the documentation. If you were relying on the
+  buggy behavior of the 1.0 ``subscriber`` directive in order to register an
+  object event subscriber, you must now pass a sequence to indicate you'd
+  like to register a subscriber for an object event. e.g.::
+
+     @subscriber([IFoo, IBar])
+     def expects_object_event(object, event):
+         print object, event
+
+Features
+--------
+
+- Add JSONP renderer (see "JSONP renderer" in the Renderers chapter of the
+  documentation).
+
+Deprecations
+------------
+
+- Deprecated the ``set_renderer_globals_factory`` method of the Configurator
+  and the ``renderer_globals`` Configurator constructor parameter.
+
+Documentation
+-------------
+
+- The Wiki and Wiki2 tutorial "Tests" chapters each had two bugs: neither did
+  told the user to depend on WebTest, and 2 tests failed in each as the
+  result of changes to Pyramid itself.  These issues have been fixed.
+
+- Move 1.0.X CHANGES.txt entries to HISTORY.txt.
+
+1.1a3 (2011-06-26)
+==================
+
+Features
+--------
+
+- Added ``mako.preprocessor`` config file parameter; allows for a Mako
+  preprocessor to be specified as a Python callable or Python dotted name.
+  See https://github.com/Pylons/pyramid/pull/183 for rationale.
+
+Bug fixes
+---------
+
+- Pyramid would raise an AttributeError in the Configurator when attempting
+  to set a ``__text__`` attribute on a custom predicate that was actually a
+  classmethod.  See https://github.com/Pylons/pyramid/pull/217 .
+
+- Accessing or setting deprecated response_* attrs on request
+  (e.g. ``response_content_type``) now issues a deprecation warning at access
+  time rather than at rendering time.
+
+1.1a2 (2011-06-22)
+==================
+
+Bug Fixes
+---------
+
+- 1.1a1 broke Akhet by not providing a backwards compatibility import shim
+  for ``pyramid.paster.PyramidTemplate``.  Now one has been added, although a
+  deprecation warning is emitted when Akhet imports it.
+
+- If multiple specs were provided in a single call to
+  ``config.add_translation_dirs``, the directories were inserted into the
+  beginning of the directory list in the wrong order: they were inserted in
+  the reverse of the order they were provided in the ``*specs`` list (items
+  later in the list were added before ones earlier in the list).  This is now
+  fixed.
+
+Backwards Incompatibilities
+---------------------------
+
+- The pyramid Router attempted to set a value into the key
+  ``environ['repoze.bfg.message']`` when it caught a view-related exception
+  for backwards compatibility with applications written for ``repoze.bfg``
+  during error handling.  It did this by using code that looked like so::
+
+                    # "why" is an exception object
+                    try: 
+                        msg = why[0]
+                    except:
+                        msg = ''
+
+                    environ['repoze.bfg.message'] = msg
+
+  Use of the value ``environ['repoze.bfg.message']`` was docs-deprecated in
+  Pyramid 1.0.  Our standing policy is to not remove features after a
+  deprecation for two full major releases, so this code was originally slated
+  to be removed in Pyramid 1.2.  However, computing the
+  ``repoze.bfg.message`` value was the source of at least one bug found in
+  the wild (https://github.com/Pylons/pyramid/issues/199), and there isn't a
+  foolproof way to both preserve backwards compatibility and to fix the bug.
+  Therefore, the code which sets the value has been removed in this release.
+  Code in exception views which relies on this value's presence in the
+  environment should now use the ``exception`` attribute of the request
+  (e.g. ``request.exception[0]``) to retrieve the message instead of relying
+  on ``request.environ['repoze.bfg.message']``.
+
+1.1a1 (2011-06-20)
+==================
+
+Documentation
+-------------
+
+- The term "template" used to refer to both "paster templates" and "rendered
+  templates" (templates created by a rendering engine.  i.e. Mako, Chameleon,
+  Jinja, etc.).  "Paster templates" will now be refered to as "scaffolds",
+  whereas the name for "rendered templates" will remain as "templates."
+
+- The ``wiki`` (ZODB+Traversal) tutorial was updated slightly.
+
+- The ``wiki2`` (SQLA+URL Dispatch) tutorial was updated slightly.
+
+- Make ``pyramid.interfaces.IAuthenticationPolicy`` and
+  ``pyramid.interfaces.IAuthorizationPolicy`` public interfaces, and refer to
+  them within the ``pyramid.authentication`` and ``pyramid.authorization``
+  API docs.
+
+- Render the function definitions for each exposed interface in
+  ``pyramid.interfaces``.
+
+- Add missing docs reference to
+  ``pyramid.config.Configurator.set_view_mapper`` and refer to it within
+  Hooks chapter section named "Using a View Mapper".
+
+- Added section to the "Environment Variables and ``.ini`` File Settings"
+  chapter in the narrative documentation section entitled "Adding a Custom
+  Setting".
+
+- Added documentation for a "multidict" (e.g. the API of ``request.POST``) as
+  interface API documentation.
+
+- Added a section to the "URL Dispatch" narrative chapter regarding the new
+  "static" route feature.
+
+- Added "What's New in Pyramid 1.1" to HTML rendering of documentation.
+
+- Added API docs for ``pyramid.authentication.SessionAuthenticationPolicy``.
+
+- Added API docs for ``pyramid.httpexceptions.exception_response``.
+
+- Added "HTTP Exceptions" section to Views narrative chapter including a
+  description of ``pyramid.httpexceptions.exception_response``.
+
+Features
+--------
+
+- Add support for language fallbacks: when trying to translate for a
+  specific territory (such as ``en_GB``) fall back to translations
+  for the language (ie ``en``). This brings the translation behaviour in line
+  with GNU gettext and fixes partially translated texts when using C
+  extensions.
+
+- New authentication policy:
+  ``pyramid.authentication.SessionAuthenticationPolicy``, which uses a session
+  to store credentials.
+
+- Accessing the ``response`` attribute of a ``pyramid.request.Request``
+  object (e.g. ``request.response`` within a view) now produces a new
+  ``pyramid.response.Response`` object.  This feature is meant to be used
+  mainly when a view configured with a renderer needs to set response
+  attributes: all renderers will use the Response object implied by
+  ``request.response`` as the response object returned to the router.
+
+  ``request.response`` can also be used by code in a view that does not use a
+  renderer, however the response object that is produced by
+  ``request.response`` must be returned when a renderer is not in play (it is
+  not a "global" response).
+
+- Integers and longs passed as ``elements`` to ``pyramid.url.resource_url``
+  or ``pyramid.request.Request.resource_url`` e.g. ``resource_url(context,
+  request, 1, 2)`` (``1`` and ``2`` are the ``elements``) will now be
+  converted implicitly to strings in the result.  Previously passing integers
+  or longs as elements would cause a TypeError.
+
+- ``pyramid_alchemy`` paster template now uses ``query.get`` rather than
+  ``query.filter_by`` to take better advantage of identity map caching.
+
+- ``pyramid_alchemy`` paster template now has unit tests.
+
+- Added ``pyramid.i18n.make_localizer`` API (broken out from
+  ``get_localizer`` guts).
+
+- An exception raised by a NewRequest event subscriber can now be caught by
+  an exception view.
+
+- It is now possible to get information about why Pyramid raised a Forbidden
+  exception from within an exception view.  The ``ACLDenied`` object returned
+  by the ``permits`` method of each stock authorization policy
+  (``pyramid.interfaces.IAuthorizationPolicy.permits``) is now attached to
+  the Forbidden exception as its ``result`` attribute.  Therefore, if you've
+  created a Forbidden exception view, you can see the ACE, ACL, permission,
+  and principals involved in the request as
+  eg. ``context.result.permission``, ``context.result.acl``, etc within the
+  logic of the Forbidden exception view.
+
+- Don't explicitly prevent the ``timeout`` from being lower than the
+  ``reissue_time`` when setting up an ``AuthTktAuthenticationPolicy``
+  (previously such a configuration would raise a ``ValueError``, now it's
+  allowed, although typically nonsensical).  Allowing the nonsensical
+  configuration made the code more understandable and required fewer tests.
+
+- A new paster command named ``paster pviews`` was added.  This command
+  prints a summary of potentially matching views for a given path.  See the
+  section entitled "Displaying Matching Views for a Given URL" in the "View
+  Configuration" chapter of the narrative documentation for more information.
+
+- The ``add_route`` method of the Configurator now accepts a ``static``
+  argument.  If this argument is ``True``, the added route will never be
+  considered for matching when a request is handled.  Instead, it will only
+  be useful for URL generation via ``route_url`` and ``route_path``.  See the
+  section entitled "Static Routes" in the URL Dispatch narrative chapter for
+  more information.
+
+- A default exception view for the context
+  ``pyramid.interfaces.IExceptionResponse`` is now registered by default.
+  This means that an instance of any exception response class imported from
+  ``pyramid.httpexceptions`` (such as ``HTTPFound``) can now be raised from
+  within view code; when raised, this exception view will render the
+  exception to a response.
+
+- A function named ``pyramid.httpexceptions.exception_response`` is a
+  shortcut that can be used to create HTTP exception response objects using
+  an HTTP integer status code.
+
+- The Configurator now accepts an additional keyword argument named
+  ``exceptionresponse_view``.  By default, this argument is populated with a
+  default exception view function that will be used when a response is raised
+  as an exception. When ``None`` is passed for this value, an exception view
+  for responses will not be registered.  Passing ``None`` returns the
+  behavior of raising an HTTP exception to that of Pyramid 1.0 (the exception
+  will propagate to middleware and to the WSGI server).
+
+- The ``pyramid.request.Request`` class now has a ``ResponseClass`` interface
+  which points at ``pyramid.response.Response``.
+
+- The ``pyramid.response.Response`` class now has a ``RequestClass``
+  interface which points at ``pyramid.request.Request``.
+
+- It is now possible to return an arbitrary object from a Pyramid view
+  callable even if a renderer is not used, as long as a suitable adapter to
+  ``pyramid.interfaces.IResponse`` is registered for the type of the returned
+  object by using the new
+  ``pyramid.config.Configurator.add_response_adapter`` API.  See the section
+  in the Hooks chapter of the documentation entitled "Changing How Pyramid
+  Treats View Responses".
+
+- The Pyramid router will now, by default, call the ``__call__`` method of
+  WebOb response objects when returning a WSGI response.  This means that,
+  among other things, the ``conditional_response`` feature of WebOb response
+  objects will now behave properly.
+
+- New method named ``pyramid.request.Request.is_response``.  This method
+  should be used instead of the ``pyramid.view.is_response`` function, which
+  has been deprecated.
+
+Bug Fixes
+---------
+
+- URL pattern markers used in URL dispatch are permitted to specify a custom
+  regex. For example, the pattern ``/{foo:\d+}`` means to match ``/12345``
+  (foo==12345 in the match dictionary) but not ``/abc``. However, custom
+  regexes in a pattern marker which used squiggly brackets did not work. For
+  example, ``/{foo:\d{4}}`` would fail to match ``/1234`` and
+  ``/{foo:\d{1,2}}`` would fail to match ``/1`` or ``/11``. One level of
+  inner squiggly brackets is now recognized so that the prior two patterns
+  given as examples now work. See also
+  https://github.com/Pylons/pyramid/issues/#issue/123.
+
+- Don't send port numbers along with domain information in cookies set by
+  AuthTktCookieHelper (see https://github.com/Pylons/pyramid/issues/131).
+
+- ``pyramid.url.route_path`` (and the shortcut
+  ``pyramid.request.Request.route_url`` method) now include the WSGI
+  SCRIPT_NAME at the front of the path if it is not empty (see
+  https://github.com/Pylons/pyramid/issues/135).
+
+- ``pyramid.testing.DummyRequest`` now has a ``script_name`` attribute (the
+  empty string).
+
+- Don't quote ``:@&+$,`` symbols in ``*elements`` passed to
+  ``pyramid.url.route_url`` or ``pyramid.url.resource_url`` (see
+  https://github.com/Pylons/pyramid/issues#issue/141).
+
+- Include SCRIPT_NAME in redirects issued by
+  ``pyramid.view.append_slash_notfound_view`` (see
+  https://github.com/Pylons/pyramid/issues#issue/149).
+
+- Static views registered with ``config.add_static_view`` which also included
+  a ``permission`` keyword argument would not work as expected, because
+  ``add_static_view`` also registered a route factory internally.  Because a
+  route factory was registered internally, the context checked by the Pyramid
+  permission machinery never had an ACL.  ``add_static_view`` no longer
+  registers a route with a factory, so the default root factory will be used.
+
+- ``config.add_static_view`` now passes extra keyword arguments it receives
+  to ``config.add_route`` (calling add_static_view is mostly logically
+  equivalent to adding a view of the type ``pyramid.static.static_view``
+  hooked up to a route with a subpath).  This makes it possible to pass e.g.,
+  ``factory=`` to ``add_static_view`` to protect a particular static view
+  with a custom ACL.
+
+- ``testing.DummyRequest`` used the wrong registry (the global registry) as
+  ``self.registry`` if a dummy request was created *before* ``testing.setUp``
+  was executed (``testing.setUp`` pushes a local registry onto the
+  threadlocal stack). Fixed by implementing ``registry`` as a property for
+  DummyRequest instead of eagerly assigning an attribute.
+  See also https://github.com/Pylons/pyramid/issues/165
+
+- When visiting a URL that represented a static view which resolved to a
+  subdirectory, the ``index.html`` of that subdirectory would not be served
+  properly.  Instead, a redirect to ``/subdir`` would be issued.  This has
+  been fixed, and now visiting a subdirectory that contains an ``index.html``
+  within a static view returns the index.html properly.  See also
+  https://github.com/Pylons/pyramid/issues/67.
+
+- Redirects issued by a static view did not take into account any existing
+  ``SCRIPT_NAME`` (such as one set by a url mapping composite).  Now they do.
+
+- The ``pyramid.wsgi.wsgiapp2`` decorator did not take into account the
+  ``SCRIPT_NAME`` in the origin request.
+
+- The ``pyramid.wsgi.wsgiapp2`` decorator effectively only worked when it
+  decorated a view found via traversal; it ignored the ``PATH_INFO`` that was
+  part of a url-dispatch-matched view.
+
+Deprecations
+------------
+
+- Deprecated all assignments to ``request.response_*`` attributes (for
+  example ``request.response_content_type = 'foo'`` is now deprecated).
+  Assignments and mutations of assignable request attributes that were
+  considered by the framework for response influence are now deprecated:
+  ``response_content_type``, ``response_headerlist``, ``response_status``,
+  ``response_charset``, and ``response_cache_for``.  Instead of assigning
+  these to the request object for later detection by the rendering machinery,
+  users should use the appropriate API of the Response object created by
+  accessing ``request.response`` (e.g. code which does
+  ``request.response_content_type = 'abc'`` should be changed to
+  ``request.response.content_type = 'abc'``).
+
+- Passing view-related parameters to
+  ``pyramid.config.Configurator.add_route`` is now deprecated.  Previously, a
+  view was permitted to be connected to a route using a set of ``view*``
+  parameters passed to the ``add_route`` method of the Configurator.  This
+  was a shorthand which replaced the need to perform a subsequent call to
+  ``add_view``. For example, it was valid (and often recommended) to do::
+
+     config.add_route('home', '/', view='mypackage.views.myview',
+                       view_renderer='some/renderer.pt')
+
+  Passing ``view*`` arguments to ``add_route`` is now deprecated in favor of
+  connecting a view to a predefined route via ``Configurator.add_view`` using
+  the route's ``route_name`` parameter.  As a result, the above example
+  should now be spelled::
+
+     config.add_route('home', '/')
+     config.add_view('mypackage.views.myview', route_name='home')
+                     renderer='some/renderer.pt')
+
+  This deprecation was done to reduce confusion observed in IRC, as well as
+  to (eventually) reduce documentation burden (see also
+  https://github.com/Pylons/pyramid/issues/164).  A deprecation warning is
+  now issued when any view-related parameter is passed to
+  ``Configurator.add_route``.
+
+- Passing an ``environ`` dictionary to the ``__call__`` method of a
+  "traverser" (e.g. an object that implements
+  ``pyramid.interfaces.ITraverser`` such as an instance of
+  ``pyramid.traversal.ResourceTreeTraverser``) as its ``request`` argument
+  now causes a deprecation warning to be emitted.  Consumer code should pass a
+  ``request`` object instead.  The fact that passing an environ dict is
+  permitted has been documentation-deprecated since ``repoze.bfg`` 1.1, and
+  this capability will be removed entirely in a future version.
+
+- The following (undocumented, dictionary-like) methods of the
+  ``pyramid.request.Request`` object have been deprecated: ``__contains__``,
+  ``__delitem__``, ``__getitem__``, ``__iter__``, ``__setitem__``, ``get``,
+  ``has_key``, ``items``, ``iteritems``, ``itervalues``, ``keys``, ``pop``,
+  ``popitem``, ``setdefault``, ``update``, and ``values``.  Usage of any of
+  these methods will cause a deprecation warning to be emitted.  These
+  methods were added for internal compatibility in ``repoze.bfg`` 1.1 (code
+  that currently expects a request object expected an environ object in BFG
+  1.0 and before).  In a future version, these methods will be removed
+  entirely.
+
+- Deprecated ``pyramid.view.is_response`` function in favor of (newly-added)
+  ``pyramid.request.Request.is_response`` method.  Determining if an object
+  is truly a valid response object now requires access to the registry, which
+  is only easily available as a request attribute.  The
+  ``pyramid.view.is_response`` function will still work until it is removed,
+  but now may return an incorrect answer under some (very uncommon)
+  circumstances.
+
+Behavior Changes
+----------------
+
+- The default Mako renderer is now configured to escape all HTML in
+  expression tags. This is intended to help prevent XSS attacks caused by
+  rendering unsanitized input from users. To revert this behavior in user's
+  templates, they need to filter the expression through the 'n' filter.
+  For example, ${ myhtml | n }.
+  See https://github.com/Pylons/pyramid/issues/193.
+
+- A custom request factory is now required to return a request object that
+  has a ``response`` attribute (or "reified"/lazy property) if they the
+  request is meant to be used in a view that uses a renderer.  This
+  ``response`` attribute should be an instance of the class
+  ``pyramid.response.Response``.
+
+- The JSON and string renderer factories now assign to
+  ``request.response.content_type`` rather than
+  ``request.response_content_type``.
+
+- Each built-in renderer factory now determines whether it should change the
+  content type of the response by comparing the response's content type
+  against the response's default content type; if the content type is the
+  default content type (usually ``text/html``), the renderer changes the
+  content type (to ``application/json`` or ``text/plain`` for JSON and string
+  renderers respectively).
+
+- The ``pyramid.wsgi.wsgiapp2`` now uses a slightly different method of
+  figuring out how to "fix" ``SCRIPT_NAME`` and ``PATH_INFO`` for the
+  downstream application.  As a result, those values may differ slightly from
+  the perspective of the downstream application (for example, ``SCRIPT_NAME``
+  will now never possess a trailing slash).
+
+- Previously, ``pyramid.request.Request`` inherited from
+  ``webob.request.Request`` and implemented ``__getattr__``, ``__setattr__``
+  and ``__delattr__`` itself in order to overidde "adhoc attr" WebOb behavior
+  where attributes of the request are stored in the environ.  Now,
+  ``pyramid.request.Request`` object inherits from (the more recent)
+  ``webob.request.BaseRequest`` instead of ``webob.request.Request``, which
+  provides the same behavior.  ``pyramid.request.Request`` no longer
+  implements its own ``__getattr__``, ``__setattr__`` or ``__delattr__`` as a
+  result.
+
+- ``pyramid.response.Response`` is now a *subclass* of
+  ``webob.response.Response`` (in order to directly implement the
+  ``pyramid.interfaces.IResponse`` interface).
+
+- The "exception response" objects importable from ``pyramid.httpexceptions``
+  (e.g. ``HTTPNotFound``) are no longer just import aliases for classes that
+  actually live in ``webob.exc``.  Instead, we've defined our own exception
+  classes within the module that mirror and emulate the ``webob.exc``
+  exception response objects almost entirely.  See the "Design Defense" doc
+  section named "Pyramid Uses its Own HTTP Exception Classes" for more
+  information.
+
+Backwards Incompatibilities
+---------------------------
+
+- Pyramid no longer supports Python 2.4.  Python 2.5 or better is required to
+  run Pyramid 1.1+.
+
+- The Pyramid router now, by default, expects response objects returned from
+  view callables to implement the ``pyramid.interfaces.IResponse`` interface.
+  Unlike the Pyramid 1.0 version of this interface, objects which implement
+  IResponse now must define a ``__call__`` method that accepts ``environ``
+  and ``start_response``, and which returns an ``app_iter`` iterable, among
+  other things.  Previously, it was possible to return any object which had
+  the three WebOb ``app_iter``, ``headerlist``, and ``status`` attributes as
+  a response, so this is a backwards incompatibility.  It is possible to get
+  backwards compatibility back by registering an adapter to IResponse from
+  the type of object you're now returning from view callables.  See the
+  section in the Hooks chapter of the documentation entitled "Changing How
+  Pyramid Treats View Responses".
+
+- The ``pyramid.interfaces.IResponse`` interface is now much more extensive.
+  Previously it defined only ``app_iter``, ``status`` and ``headerlist``; now
+  it is basically intended to directly mirror the ``webob.Response`` API,
+  which has many methods and attributes.
+
+- The ``pyramid.httpexceptions`` classes named ``HTTPFound``,
+  ``HTTPMultipleChoices``, ``HTTPMovedPermanently``, ``HTTPSeeOther``,
+  ``HTTPUseProxy``, and ``HTTPTemporaryRedirect`` now accept ``location`` as
+  their first positional argument rather than ``detail``.  This means that
+  you can do, e.g. ``return pyramid.httpexceptions.HTTPFound('http://foo')``
+  rather than ``return
+  pyramid.httpexceptions.HTTPFound(location='http//foo')`` (the latter will
+  of course continue to work).
+
+Dependencies
+------------
+
+- Pyramid now depends on WebOb >= 1.0.2 as tests depend on the bugfix in that
+  release: "Fix handling of WSGI environs with missing ``SCRIPT_NAME``".
+  (Note that in reality, everyone should probably be using 1.0.4 or better
+  though, as WebOb 1.0.2 and 1.0.3 were effectively brownbag releases.)
+
+1.0 (2011-01-30)
+================
+
+Documentation
+-------------
+
+- Fixed bug in ZODB Wiki tutorial (missing dependency on ``docutils`` in
+  "models" step within ``setup.py``).
+
+- Removed API documentation for ``pyramid.testing`` APIs named
+  ``registerDummySecurityPolicy``, ``registerResources``, ``registerModels``,
+  ``registerEventListener``, ``registerTemplateRenderer``,
+  ``registerDummyRenderer``, ``registerView``, ``registerUtility``,
+  ``registerAdapter``, ``registerSubscriber``, ``registerRoute``,
+  and ``registerSettings``.
+
+- Moved "Using ZODB With ZEO" and "Using repoze.catalog Within Pyramid"
+  tutorials out of core documentation and into the Pyramid Tutorials site
+  (http://docs.pylonsproject.org/projects/pyramid_tutorials/en/latest/).
+
+- Changed "Cleaning up After a Request" section in the URL Dispatch chapter
+  to use ``request.add_finished_callback`` instead of jamming an object with
+  a ``__del__`` into the WSGI environment.
+
+- Remove duplication of ``add_route`` API documentation from URL Dispatch
+  narrative chapter.
+
+- Remove duplication of API and narrative documentation in
+  ``pyramid.view.view_config`` API docs by pointing to
+  ``pyramid.config.add_view`` documentation and narrative chapter
+  documentation.
+
+- Removed some API documentation duplicated in narrative portions of
+  documentation 
+
+- Removed "Overall Flow of Authentication" from SQLAlchemy + URL Dispatch
+  wiki tutorial due to print space concerns (moved to Pyramid Tutorials
+  site).
+
+Bug Fixes
+---------
+
+- Deprecated-since-BFG-1.2 APIs from ``pyramid.testing`` now properly emit
+  deprecation warnings.
+
+- Added ``egg:repoze.retry#retry`` middleware to the WSGI pipeline in ZODB
+  templates (retry ZODB conflict errors which occur in normal operations).
+
+- Removed duplicate implementations of ``is_response``.  Two competing
+  implementations existed: one in ``pyramid.config`` and one in
+  ``pyramid.view``.  Now the one defined in ``pyramid.view`` is used
+  internally by ``pyramid.config`` and continues to be advertised as an API.
+
+1.0b3 (2011-01-28)
+==================
+
+Bug Fixes
+---------
+
+- Use &copy; instead of copyright symbol in paster templates / tutorial
+  templates for the benefit of folks who cutnpaste and save to a non-UTF8
+  format.
+
+- ``pyramid.view.append_slash_notfound_view`` now preserves GET query
+  parameters across redirects.
+
+Documentation
+-------------
+
+- Beef up documentation related to ``set_default_permission``: explicitly
+  mention that default permissions also protect exception views.
+
+- Paster templates and tutorials now use spaces instead of tabs in their HTML
+  templates.
+
+1.0b2 (2011-01-24)
+==================
+
+Bug Fixes
+---------
+
+- The ``production.ini`` generated by all paster templates now have an
+  effective logging level of WARN, which prevents e.g. SQLAlchemy statement
+  logging and other inappropriate output.
+
+- The ``production.ini`` of the ``pyramid_routesalchemy`` and
+  ``pyramid_alchemy`` paster templates did not have a ``sqlalchemy`` logger
+  section, preventing ``paster serve production.ini`` from working.
+
+- The ``pyramid_routesalchemy`` and ``pyramid_alchemy`` paster templates used
+  the ``{{package}}`` variable in a place where it should have used the
+  ``{{project}}`` variable, causing applications created with uppercase
+  letters e.g. ``paster create -t pyramid_routesalchemy Dibbus`` to fail to
+  start when ``paster serve development.ini`` was used against the result.
+  See https://github.com/Pylons/pyramid/issues/#issue/107
+
+- The ``render_view`` method of ``pyramid.renderers.RendererHelper`` passed
+  an incorrect value into the renderer for ``renderer_info``.  It now passes
+  an instance of ``RendererHelper`` instead of a dictionary, which is
+  consistent with other usages.  See
+  https://github.com/Pylons/pyramid/issues#issue/106
+
+- A bug existed in the ``pyramid.authentication.AuthTktCookieHelper`` which
+  would break any usage of an AuthTktAuthenticationPolicy when one was
+  configured to reissue its tokens (``reissue_time`` < ``timeout`` /
+  ``max_age``). Symptom: ``ValueError: ('Invalid token %r', '')``.  See
+  https://github.com/Pylons/pyramid/issues#issue/108.
+
+1.0b1 (2011-01-21)
+==================
+
+Features
+--------
+
+- The AuthTktAuthenticationPolicy now accepts a ``tokens`` parameter via
+  ``pyramid.security.remember``.  The value must be a sequence of strings.
+  Tokens are placed into the auth_tkt "tokens" field and returned in the
+  auth_tkt cookie.
+
+- Add ``wild_domain`` argument to AuthTktAuthenticationPolicy, which defaults
+  to ``True``.  If it is set to ``False``, the feature of the policy which
+  sets a cookie with a wildcard domain will be turned off.
+
+- Add a ``MANIFEST.in`` file to each paster template. See
+  https://github.com/Pylons/pyramid/issues#issue/95
+
+Bug Fixes
+---------
+
+- ``testing.setUp`` now adds a ``settings`` attribute to the registry (both
+  when it's passed a registry without any settings and when it creates one).
+
+- The ``testing.setUp`` function now takes a ``settings`` argument, which
+  should be a dictionary.  Its values will subsequently be available on the
+  returned ``config`` object as ``config.registry.settings``.
+
+Documentation
+-------------
+
+- Added "What's New in Pyramid 1.0" chapter to HTML rendering of
+  documentation.
+
+- Merged caseman-master narrative editing branch, many wording fixes and
+  extensions.
+
+- Fix deprecated example showing ``chameleon_zpt`` API call in testing
+  narrative chapter.
+
+- Added "Adding Methods to the Configurator via ``add_directive``" section to
+  Advanced Configuration narrative chapter.
+
+- Add docs for ``add_finished_callback``, ``add_response_callback``,
+  ``route_path``, ``route_url``, and ``static_url`` methods to
+  ``pyramid.request.Request`` API docs.
+
+- Add (minimal) documentation about using I18N within Mako templates to
+  "Internationalization and Localization" narrative chapter.
+
+- Move content of "Forms" chapter back to "Views" chapter; I can't think of a
+  better place to put it.
+
+- Slightly improved interface docs for ``IAuthorizationPolicy``.
+
+- Minimally explain usage of custom regular expressions in URL dispatch
+  replacement markers within URL Dispatch chapter.
+
+Deprecations
+-------------
+
+- Using the ``pyramid.view.bfg_view`` alias for ``pyramid.view.view_config``
+  (a backwards compatibility shim) now issues a deprecation warning.
+
+Backwards Incompatibilities
+---------------------------
+
+- Using ``testing.setUp`` now registers an ISettings utility as a side
+  effect.  Some test code which queries for this utility after
+  ``testing.setUp`` via queryAdapter will expect a return value of ``None``.
+  This code will need to be changed.
+
+- When a ``pyramid.exceptions.Forbidden`` error is raised, its status code
+  now ``403 Forbidden``.  It was previously ``401 Unauthorized``, for
+  backwards compatibility purposes with ``repoze.bfg``.  This change will
+  cause problems for users of Pyramid with ``repoze.who``, which intercepts
+  ``401 Unauthorized`` by default, but allows ``403 Forbidden`` to pass
+  through.  Those deployments will need to configure ``repoze.who`` to also
+  react to ``403 Forbidden``.
+
+- The default value for the ``cookie_on_exception`` parameter to
+  ``pyramid.session.UnencyrptedCookieSessionFactory`` is now ``True``.  This
+  means that when view code causes an exception to be raised, and the session
+  has been mutated, a cookie will be sent back in the response.  Previously
+  its default value was ``False``.
+
+Paster Templates
+----------------
+
+- The ``pyramid_zodb``, ``pyramid_routesalchemy`` and ``pyramid_alchemy``
+  paster templates now use a default "commit veto" hook when configuring the
+  ``repoze.tm2`` transaction manager in ``development.ini``.  This prevents a
+  transaction from being committed when the response status code is within
+  the 400 or 500 ranges.  See also
+  http://docs.repoze.org/tm2/#using-a-commit-veto.
+
+1.0a10 (2011-01-18)
+===================
+
+Bug Fixes
+---------
+
+- URL dispatch now properly handles a ``.*`` or ``*`` appearing in a regex
+  match when used inside brackets.  Resolves issue #90.
+
+Backwards Incompatibilities
+---------------------------
+
+- The ``add_handler`` method of a Configurator has been removed from the
+  Pyramid core.  Handlers are now a feature of the ``pyramid_handlers``
+  package, which can be downloaded from PyPI.  Documentation for the package
+  should be available via
+  http://docs.pylonsproject.org/projects/pyramid_handlers/en/latest/,
+  which describes how
+  to add a configuration statement to your ``main`` block to reobtain this
+  method.  You will also need to add an ``install_requires`` dependency upon
+  ``pyramid_handlers`` to your ``setup.py`` file.
+
+- The ``load_zcml`` method of a Configurator has been removed from the
+  Pyramid core.  Loading ZCML is now a feature of the ``pyramid_zcml``
+  package, which can be downloaded from PyPI.  Documentation for the package
+  should be available via
+  http://docs.pylonsproject.org/projects/pyramid_zcml/en/latest/,
+  which describes how
+  to add a configuration statement to your ``main`` block to reobtain this
+  method.  You will also need to add an ``install_requires`` dependency upon
+  ``pyramid_zcml`` to your ``setup.py`` file.
+
+- The ``pyramid.includes`` subpackage has been removed.  ZCML files which use
+  include the package ``pyramid.includes`` (e.g. ``<include
+  package="pyramid.includes"/>``) now must include the ``pyramid_zcml``
+  package instead (e.g. ``<include package="pyramid_zcml"/>``).
+
+- The ``pyramid.view.action`` decorator has been removed from the Pyramid
+  core.  Handlers are now a feature of the ``pyramid_handlers`` package.  It
+  should now be imported from ``pyramid_handlers`` e.g. ``from
+  pyramid_handlers import action``.
+
+- The ``handler`` ZCML directive has been removed.  It is now a feature of
+  the ``pyramid_handlers`` package.
+
+- The ``pylons_minimal``, ``pylons_basic`` and ``pylons_sqla`` paster
+  templates were removed.  Use ``pyramid_sqla`` (available from PyPI) as a
+  generic replacement for Pylons-esque development.
+
+- The ``make_app`` function has been removed from the ``pyramid.router``
+  module.  It continues life within the ``pyramid_zcml`` package.  This
+  leaves the ``pyramid.router`` module without any API functions.
+
+- The ``configure_zcml`` setting within the deployment settings (within
+  ``**settings`` passed to a Pyramid ``main`` function) has ceased to have any
+  meaning.
+
+Features
+--------
+
+- ``pyramid.testing.setUp`` and ``pyramid.testing.tearDown`` have been
+  undeprecated.  They are now the canonical setup and teardown APIs for test
+  configuration, replacing "direct" creation of a Configurator.  This is a
+  change designed to provide a facade that will protect against any future
+  Configurator deprecations.
+
+- Add ``charset`` attribute to ``pyramid.testing.DummyRequest``
+  (unconditionally ``UTF-8``).
+
+- Add ``add_directive`` method to configurator, which allows framework
+  extenders to add methods to the configurator (ala ZCML directives).
+
+- When ``Configurator.include`` is passed a *module* as an argument, it
+  defaults to attempting to find and use a callable named ``includeme``
+  within that module.  This makes it possible to use
+  ``config.include('some.module')`` rather than
+  ``config.include('some.module.somefunc')`` as long as the include function
+  within ``some.module`` is named ``includeme``.
+
+- The ``bfg2pyramid`` script now converts ZCML include tags that have
+  ``repoze.bfg.includes`` as a package attribute to the value
+  ``pyramid_zcml``.  For example, ``<include package="repoze.bfg.includes">``
+  will be converted to ``<include package="pyramid_zcml">``.
+
+Paster Templates
+----------------
+
+- All paster templates now use ``pyramid.testing.setUp`` and
+  ``pyramid.testing.tearDown`` rather than creating a Configurator "by hand"
+  within their ``tests.py`` module, as per decision in features above.
+
+- The ``starter_zcml`` paster template has been moved to the ``pyramid_zcml``
+  package.
+
+Documentation
+-------------
+
+- The wiki and wiki2 tutorials now use ``pyramid.testing.setUp`` and
+  ``pyramid.testing.tearDown`` rather than creating a Configurator "by hand",
+  as per decision in features above.
+
+- The "Testing" narrative chapter now explains ``pyramid.testing.setUp`` and
+  ``pyramid.testing.tearDown`` instead of Configurator creation and
+  ``Configurator.begin()`` and ``Configurator.end()``.
+
+- Document the ``request.override_renderer`` attribute within the narrative
+  "Renderers" chapter in a section named "Overriding A Renderer at Runtime".
+
+- The "Declarative Configuration" narrative chapter has been removed (it was
+  moved to the ``pyramid_zcml`` package).
+
+- Most references to ZCML in narrative chapters have been removed or
+  redirected to ``pyramid_zcml`` locations.
+
+Deprecations
+------------
+
+- Deprecation warnings related to import of the following API functions were
+  added: ``pyramid.traversal.find_model``, ``pyramid.traversal.model_path``,
+  ``pyramid.traversal.model_path_tuple``, ``pyramid.url.model_url``.  The
+  instructions emitted by the deprecation warnings instruct the developer to
+  change these method spellings to their ``resource`` equivalents.  This is a
+  consequence of the mass concept rename of "model" to "resource" performed
+  in 1.0a7.
+
+1.0a9 (2011-01-08)
+==================
+
+Bug Fixes
+---------
+
+- The ``proutes`` command tried too hard to resolve the view for printing,
+  resulting in exceptions when an exceptional root factory was encountered.
+  Instead of trying to resolve the view, if it cannot, it will now just print
+  ``<unknown>``.
+
+- The `self` argument was included in new methods of the ``ISession`` interface
+  signature, causing ``pyramid_beaker`` tests to fail.
+
+- Readd ``pyramid.traversal.model_path_tuple`` as an alias for
+  ``pyramid.traversal.resource_path_tuple`` for backwards compatibility.
+
+Features
+--------
+
+- Add a new API ``pyramid.url.current_route_url``, which computes a URL based
+  on the "current" route (if any) and its matchdict values.
+
+- ``config.add_view`` now accepts a ``decorator`` keyword argument, a callable
+  which will decorate the view callable before it is added to the registry.
+
+- If a handler class provides an ``__action_decorator__`` attribute (usually
+  a classmethod or staticmethod), use that as the decorator for each view
+  registration for that handler.
+
+- The ``pyramid.interfaces.IAuthenticationPolicy`` interface now specifies an
+  ``unauthenticated_userid`` method.  This method supports an important
+  optimization required by people who are using persistent storages which do
+  not support object caching and whom want to create a "user object" as a
+  request attribute.
+
+- A new API has been added to the ``pyramid.security`` module named
+  ``unauthenticated_userid``.  This API function calls the
+  ``unauthenticated_userid`` method of the effective security policy.
+
+- An ``unauthenticated_userid`` method has been added to the dummy
+  authentication policy returned by
+  ``pyramid.config.Configurator.testing_securitypolicy``.  It returns the
+  same thing as that the dummy authentication policy's
+  ``authenticated_userid`` method.
+
+- The class ``pyramid.authentication.AuthTktCookieHelper`` is now an API.
+  This class can be used by third-party authentication policy developers to
+  help in the mechanics of authentication cookie-setting.
+
+- New constructor argument to Configurator: ``default_view_mapper``.  Useful
+  to create systems that have alternate view calling conventions.  A view
+  mapper allows objects that are meant to be used as view callables to have
+  an arbitrary argument list and an arbitrary result.  The object passed as
+  ``default_view_mapper`` should implement the
+  ``pyramid.interfaces.IViewMapperFactory`` interface.
+
+- add a ``set_view_mapper`` API to Configurator.  Has
+  the same result as passing ``default_view_mapper`` to the Configurator
+  constructor.
+
+- ``config.add_view`` now accepts a ``mapper`` keyword argument, which should
+  either be ``None``, a string representing a Python dotted name, or an
+  object which is an ``IViewMapperFactory``.  This feature is not useful for
+  "civilians", only for extension writers.
+
+- Allow static renderer provided during view registration to be overridden at
+  request time via a request attribute named ``override_renderer``, which
+  should be the name of a previously registered renderer.  Useful to provide
+  "omnipresent" RPC using existing rendered views.
+
+- Instances of ``pyramid.testing.DummyRequest`` now have a ``session``
+  object, which is mostly a dictionary, but also implements the other session
+  API methods for flash and CSRF.
+
+Backwards Incompatibilities
+---------------------------
+
+- Since the ``pyramid.interfaces.IAuthenticationPolicy`` interface now
+  specifies that a policy implementation must implement an
+  ``unauthenticated_userid`` method, all third-party custom authentication
+  policies now must implement this method.  It, however, will only be called
+  when the global function named ``pyramid.security.unauthenticated_userid``
+  is invoked, so if you're not invoking that, you will not notice any issues.
+
+- ``pyramid.interfaces.ISession.get_csrf_token`` now mandates that an
+  implementation should return a *new* token if one doesn't already exist in
+  the session (previously it would return None).  The internal sessioning
+  implementation has been changed.
+
+Documentation
+-------------
+
+- The (weak) "Converting a CMF Application to Pyramid" tutorial has been
+  removed from the tutorials section.  It was moved to the
+  ``pyramid_tutorials`` Github repository.
+
+- The "Resource Location and View Lookup" chapter has been replaced with a
+  variant of Rob Miller's "Much Ado About Traversal" (originally published at
+  http://blog.nonsequitarian.org/2010/much-ado-about-traversal/).
+
+- Many minor wording tweaks and refactorings (merged Casey Duncan's docs
+  fork, in which he is working on general editing).
+
+- Added (weak) description of new view mapper feature to Hooks narrative
+  chapter.
+
+- Split views chapter into 2: View Callables and View Configuration.
+
+- Reorder Renderers and Templates chapters after View Callables but before
+  View Configuration.
+
+- Merge Session Objects, Cross-Site Request Forgery, and Flash Messaging
+  chapter into a single Sessions chapter.
+
+- The Wiki and Wiki2 tutorials now have much nicer CSS and graphics.
+
+Internals
+---------
+
+- The "view derivation" code is now factored into a set of classes rather
+  than a large number of standalone functions (a side effect of the
+  view mapper refactoring).
+
+- The ``pyramid.renderer.RendererHelper`` class has grown a ``render_view``
+  method, which is used by the default view mapper (a side effect of the
+  view mapper refactoring).
+
+- The object passed as ``renderer`` to the "view deriver" is now an instance
+  of ``pyramid.renderers.RendererHelper`` rather than a dictionary (a side
+  effect of view mapper refactoring).
+
+- The class used as the "page template" in ``pyramid.chameleon_text`` was
+  removed, in preference to using a Chameleon-inbuilt version.
+
+- A view callable wrapper registered in the registry now contains an
+  ``__original_view__`` attribute which references the original view callable
+  (or class).
+
+- The (non-API) method of all internal authentication policy implementations
+  previously named ``_get_userid`` is now named ``unauthenticated_userid``,
+  promoted to an API method.  If you were overriding this method, you'll now
+  need to override it as ``unauthenticated_userid`` instead.
+
+- Remove (non-API) function of config.py named _map_view.
+
+1.0a8 (2010-12-27)
+==================
+
+Bug Fixes
+---------
+
+- The name ``registry`` was not available in the ``paster pshell``
+  environment under IPython.
+
+Features
+--------
+
+- If a resource implements a ``__resource_url__`` method, it will be called
+  as the result of invoking the ``pyramid.url.resource_url`` function to
+  generate a URL, overriding the default logic.  See the new "Generating The
+  URL Of A Resource" section within the Resources narrative chapter.
+
+- Added flash messaging, as described in the "Flash Messaging" narrative
+  documentation chapter.
+
+- Added CSRF token generation, as described in the narrative chapter entitled
+  "Preventing Cross-Site Request Forgery Attacks".
+
+- Prevent misunderstanding of how the ``view`` and ``view_permission``
+  arguments to add_route work by raising an exception during configuration if
+  view-related arguments exist but no ``view`` argument is passed.
+
+- Add ``paster proute`` command which displays a summary of the routing
+  table.  See the narrative documentation section within the "URL Dispatch"
+  chapter entitled "Displaying All Application Routes".
+
+Paster Templates
+----------------
+
+- The ``pyramid_zodb`` Paster template no longer employs ZCML.  Instead, it
+  is based on scanning.
+
+Documentation
+-------------
+
+- Added "Generating The URL Of A Resource" section to the Resources narrative
+  chapter (includes information about overriding URL generation using
+  ``__resource_url__``).
+
+- Added "Generating the Path To a Resource" section to the Resources
+  narrative chapter.
+
+- Added "Finding a Resource by Path" section to the Resources narrative
+  chapter.
+
+- Added "Obtaining the Lineage of a Resource" to the Resources narrative
+  chapter.
+
+- Added "Determining if a Resource is In The Lineage of Another Resource" to
+  Resources narrative chapter.
+
+- Added "Finding the Root Resource" to Resources narrative chapter.
+
+- Added "Finding a Resource With a Class or Interface in Lineage" to
+  Resources narrative chapter.
+
+- Added a "Flash Messaging" narrative documentation chapter.
+
+- Added a narrative chapter entitled "Preventing Cross-Site Request Forgery
+  Attacks".
+
+- Changed the "ZODB + Traversal Wiki Tutorial" based on changes to
+  ``pyramid_zodb`` Paster template.
+
+- Added "Advanced Configuration" narrative chapter which documents how to
+  deal with configuration conflicts, two-phase configuration, ``include`` and
+  ``commit``.
+
+- Fix API documentation rendering for ``pyramid.view.static``
+
+- Add "Pyramid Provides More Than One Way to Do It" to Design Defense
+  documentation.
+
+- Changed "Static Assets" narrative chapter: clarify that ``name`` represents
+  a prefix unless it's a URL, added an example of a root-relative static view
+  fallback for URL dispatch, added an example of creating a simple view that
+  returns the body of a file.
+
+- Move ZCML usage in Hooks chapter to Declarative Configuration chapter.
+
+- Merge "Static Assets" chapter into the "Assets" chapter.
+
+- Added narrative documentation section within the "URL Dispatch" chapter
+  entitled "Displaying All Application Routes" (for ``paster proutes``
+  command).
+
+1.0a7 (2010-12-20)
+==================
+
+Terminology Changes
+-------------------
+
+- The Pyramid concept previously known as "model" is now known as "resource".
+  As a result:
+
+  - The following API changes have been made::
+
+      pyramid.url.model_url -> 
+                        pyramid.url.resource_url
+
+      pyramid.traversal.find_model -> 
+                        pyramid.url.find_resource
+
+      pyramid.traversal.model_path ->
+                        pyramid.traversal.resource_path
+
+      pyramid.traversal.model_path_tuple ->
+                        pyramid.traversal.resource_path_tuple
+
+      pyramid.traversal.ModelGraphTraverser -> 
+                        pyramid.traversal.ResourceTreeTraverser
+
+      pyramid.config.Configurator.testing_models ->
+                        pyramid.config.Configurator.testing_resources
+
+      pyramid.testing.registerModels ->
+                        pyramid.testing.registerResources
+
+      pyramid.testing.DummyModel ->
+                        pyramid.testing.DummyResource
+
+   - All documentation which previously referred to "model" now refers to
+     "resource".
+
+   - The ``starter`` and ``starter_zcml`` paster templates now have a
+     ``resources.py`` module instead of a ``models.py`` module.
+
+  - Positional argument names of various APIs have been changed from
+    ``model`` to ``resource``.
+
+  Backwards compatibility shims have been left in place in all cases.  They
+  will continue to work "forever".
+
+- The Pyramid concept previously known as "resource" is now known as "asset".
+  As a result:
+
+  - The (non-API) module previously known as ``pyramid.resource`` is now
+    known as ``pyramid.asset``.
+
+  - All docs that previously referred to "resource specification" now refer
+    to "asset specification".
+
+  - The following API changes were made::
+
+      pyramid.config.Configurator.absolute_resource_spec ->
+                        pyramid.config.Configurator.absolute_asset_spec
+
+      pyramid.config.Configurator.override_resource ->
+                        pyramid.config.Configurator.override_asset
+
+  - The ZCML directive previously known as ``resource`` is now known as
+    ``asset``.
+
+  - The setting previously known as ``BFG_RELOAD_RESOURCES`` (envvar) or
+    ``reload_resources`` (config file) is now known, respectively, as
+    ``PYRAMID_RELOAD_ASSETS`` and ``reload_assets``.
+
+  Backwards compatibility shims have been left in place in all cases.  They
+  will continue to work "forever".
+
+Bug Fixes
+---------
+
+- Make it possible to succesfully run all tests via ``nosetests`` command
+  directly (rather than indirectly via ``python setup.py nosetests``).
+
+- When a configuration conflict is encountered during scanning, the conflict
+  exception now shows the decorator information that caused the conflict.
+
+Features
+--------
+
+- Added ``debug_routematch`` configuration setting that logs matched routes
+  (including the matchdict and predicates).
+
+- The name ``registry`` is now available in a ``pshell`` environment by
+  default.  It is the application registry object.
+
+Environment
+-----------
+
+- All environment variables which used to be prefixed with ``BFG_`` are now
+  prefixed with ``PYRAMID_`` (e.g. ``BFG_DEBUG_NOTFOUND`` is now
+  ``PYRAMID_DEBUG_NOTFOUND``)
+
+Documentation
+-------------
+
+- Added "Debugging Route Matching" section to the urldispatch narrative
+  documentation chapter.
+
+- Added reference to ``PYRAMID_DEBUG_ROUTEMATCH`` envvar and ``debug_routematch``
+  config file setting to the Environment narrative docs chapter.
+
+- Changed "Project" chapter slightly to expand on use of ``paster pshell``.
+
+- Direct Jython users to Mako rather than Jinja2 in "Install" narrative
+  chapter.
+
+- Many changes to support terminological renaming of "model" to "resource"
+  and "resource" to "asset".
+
+- Added an example of ``WebTest`` functional testing to the testing narrative
+  chapter.
+
+- Rearranged chapter ordering by popular demand (URL dispatch first, then
+  traversal).  Put hybrid chapter after views chapter.
+
+- Split off "Renderers" as its own chapter from "Views" chapter in narrative
+  documentation.
+
+Paster Templates
+----------------
+
+- Added ``debug_routematch = false`` to all paster templates.
+
+Dependencies
+------------
+
+- Depend on Venusian >= 0.5 (for scanning conflict exception decoration).
+
+1.0a6 (2010-12-15)
+==================
+
+Bug Fixes
+---------
+
+- 1.0a5 introduced a bug when ``pyramid.config.Configurator.scan`` was used
+  without a ``package`` argument (e.g. ``config.scan()`` as opposed to
+  ``config.scan('packagename')``.  The symptoms were: lots of deprecation
+  warnings printed to the console about imports of deprecated Pyramid
+  functions and classes and non-detection of view callables decorated with
+  ``view_config`` decorators.  This has been fixed.
+
+- Tests now pass on Windows (no bugs found, but a few tests in the test suite
+  assumed UNIX path segments in filenames).
+
+Documentation
+-------------
+
+- If you followed it to-the-letter, the ZODB+Traversal Wiki tutorial would
+  instruct you to run a test which would fail because the view callable
+  generated by the ``pyramid_zodb`` tutorial used a one-arg view callable,
+  but the test in the sample code used a two-arg call.
+
+- Updated ZODB+Traversal tutorial setup.py of all steps to match what's
+  generated by ``pyramid_zodb``.
+
+- Fix reference to ``repoze.bfg.traversalwrapper`` in "Models" chapter (point
+  at ``pyramid_traversalwrapper`` instead).
+
+1.0a5 (2010-12-14)
+==================
+
+Features
+--------
+
+- Add a ``handler`` ZCML directive.  This directive does the same thing as
+  ``pyramid.configuration.add_handler``.
+
+- A new module named ``pyramid.config`` was added.  It subsumes the duties of
+  the older ``pyramid.configuration`` module.
+
+- The new ``pyramid.config.Configurator` class has API methods that the older
+  ``pyramid.configuration.Configurator`` class did not: ``with_context`` (a
+  classmethod), ``include``, ``action``, and ``commit``.  These methods exist
+  for imperative application extensibility purposes.
+
+- The ``pyramid.testing.setUp`` function now accepts an ``autocommit``
+  keyword argument, which defaults to ``True``.  If it is passed ``False``,
+  the Config object returned by ``setUp`` will be a non-autocommiting Config
+  object.
+
+- Add logging configuration to all paster templates.
+
+- ``pyramid_alchemy``, ``pyramid_routesalchemy``, and ``pylons_sqla`` paster
+  templates now use idiomatic SQLAlchemy configuration in their respective
+  ``.ini`` files and Python code.
+
+- ``pyramid.testing.DummyRequest`` now has a class variable,
+  ``query_string``, which defaults to the empty string.
+
+- Add support for json on GAE by catching NotImplementedError and importing
+  simplejson from django.utils.
+
+- The Mako renderer now accepts a resource specification for
+  ``mako.module_directory``.
+
+- New boolean Mako settings variable ``mako.strict_undefined``.  See `Mako
+  Context Variables
+  <http://www.makotemplates.org/docs/runtime.html#context-variables>`_ for
+  its meaning.
+
+Dependencies
+------------
+
+- Depend on Mako 0.3.6+ (we now require the ``strict_undefined`` feature).
+
+Bug Fixes
+---------
+
+- When creating a Configurator from within a ``paster pshell`` session, you
+  were required to pass a ``package`` argument although ``package`` is not
+  actually required.  If you didn't pass ``package``, you would receive an
+  error something like ``KeyError: '__name__'`` emanating from the
+  ``pyramid.path.caller_module`` function.  This has now been fixed.
+
+- The ``pyramid_routesalchemy`` paster template's unit tests failed
+  (``AssertionError: 'SomeProject' != 'someproject'``).  This is fixed.
+
+- Make default renderer work (renderer factory registered with no name, which
+  is active for every view unless the view names a specific renderer).
+
+- The Mako renderer did not properly turn the ``mako.imports``,
+  ``mako.default_filters``, and ``mako.imports`` settings into lists.
+
+- The Mako renderer did not properly convert the ``mako.error_handler``
+  setting from a dotted name to a callable.
+
+Documentation
+-------------
+
+- Merged many wording, readability, and correctness changes to narrative
+  documentation chapters from https://github.com/caseman/pyramid (up to and
+  including "Models" narrative chapter).
+
+- "Sample Applications" section of docs changed to note existence of Cluegun,
+  Shootout and Virginia sample applications, ported from their repoze.bfg
+  origin packages.
+
+- SQLAlchemy+URLDispatch tutorial updated to integrate changes to
+  ``pyramid_routesalchemy`` template.
+
+- Add ``pyramid.interfaces.ITemplateRenderer`` interface to Interfaces API
+  chapter (has ``implementation()`` method, required to be used when getting
+  at Chameleon macros).
+
+- Add a "Modifying Package Structure" section to the project narrative
+  documentation chapter (explain turning a module into a package).
+
+- Documentation was added for the new ``handler`` ZCML directive in the ZCML
+  section.
+
+Deprecations
+------------
+
+- ``pyramid.configuration.Configurator`` is now deprecated.  Use
+  ``pyramid.config.Configurator``, passing its constructor
+  ``autocommit=True`` instead.  The ``pyramid.configuration.Configurator``
+  alias will live for a long time, as every application uses it, but its
+  import now issues a deprecation warning.  The
+  ``pyramid.config.Configurator`` class has the same API as
+  ``pyramid.configuration.Configurator`` class, which it means to replace,
+  except by default it is a *non-autocommitting* configurator. The
+  now-deprecated ``pyramid.configuration.Configurator`` will autocommit every
+  time a configuration method is called.
+
+  The ``pyramid.configuration`` module remains, but it is deprecated.  Use
+  ``pyramid.config`` instead.
+
+1.0a4 (2010-11-21)
+==================
+
+Features
+--------
+
+- URL Dispatch now allows for replacement markers to be located anywhere
+  in the pattern, instead of immediately following a ``/``.
+
+- URL Dispatch now uses the form ``{marker}`` to denote a replace marker in
+  the route pattern instead of ``:marker``. The old colon-style marker syntax
+  is still accepted for backwards compatibility. The new format allows a
+  regular expression for that marker location to be used instead of the
+  default ``[^/]+``, for example ``{marker:\d+}`` is now valid to require the
+  marker to be digits.
+
+- Add a ``pyramid.url.route_path`` API, allowing folks to generate relative
+  URLs.  Calling ``route_path`` is the same as calling
+  ``pyramid.url.route_url`` with the argument ``_app_url`` equal to the empty
+  string.
+
+- Add a ``pyramid.request.Request.route_path`` API.  This is a convenience
+  method of the request which calls ``pyramid.url.route_url``.
+
+- Make test suite pass on Jython (requires PasteScript trunk, presumably to
+  be 1.7.4).
+
+- Make test suite pass on PyPy (Chameleon doesn't work).
+
+- Surrounding application configuration with ``config.begin()`` and
+  ``config.end()`` is no longer necessary.  All paster templates have been
+  changed to no longer call these functions.
+
+- Fix configurator to not convert ``ImportError`` to ``ConfigurationError``
+  if the import that failed was unrelated to the import requested via a
+  dotted name when resolving dotted names (such as view dotted names).
+
+Documentation
+-------------
+
+- SQLAlchemy+URLDispatch and ZODB+Traversal tutorials have been updated to
+  not call ``config.begin()`` or ``config.end()``.
+
+Bug Fixes
+---------
+
+- Add deprecation warnings to import of ``pyramid.chameleon_text`` and
+  ``pyramid.chameleon_zpt`` of ``get_renderer``, ``get_template``,
+  ``render_template``, and ``render_template_to_response``.
+
+- Add deprecation warning for import of ``pyramid.zcml.zcml_configure`` and
+  ``pyramid.zcml.file_configure``.
+
+- The ``pyramid_alchemy`` paster template had a typo, preventing an import
+  from working.
+
+- Fix apparent failures when calling ``pyramid.traversal.find_model(root,
+  path)`` or ``pyramid.traversal.traverse(path)`` when ``path`` is
+  (erroneously) a Unicode object. The user is meant to pass these APIs a
+  string object, never a Unicode object.  In practice, however, users indeed
+  pass Unicode.  Because the string that is passed must be ASCII encodeable,
+  now, if they pass a Unicode object, its data is eagerly converted to an
+  ASCII string rather than being passed along to downstream code as a
+  convenience to the user and to prevent puzzling second-order failures from
+  cropping up (all failures will occur within ``pyramid.traversal.traverse``
+  rather than later down the line as the result of calling e.g.
+  ``traversal_path``).
+
+Backwards Incompatibilities
+---------------------------
+
+- The ``pyramid.testing.zcml_configure`` API has been removed.  It had been
+  advertised as removed since repoze.bfg 1.2a1, but hadn't actually been.
+
+Deprecations
+------------
+
+- The ``pyramid.settings.get_settings`` API is now deprecated.  Use
+  ``pyramid.threadlocals.get_current_registry().settings`` instead or use the
+  ``settings`` attribute of the registry available from the request
+  (``request.registry.settings``).
+
+Documentation
+-------------
+
+- Removed ``zodbsessions`` tutorial chapter.  It's still useful, but we now
+  have a SessionFactory abstraction which competes with it, and maintaining
+  documentation on both ways to do it is a distraction.
+
+Internal
+--------
+
+- Replace Twill with WebTest in internal integration tests (avoid deprecation
+  warnings generated by Twill).
+
+1.0a3 (2010-11-16)
+==================
+
+Features
+--------
+
+- Added Mako TemplateLookup settings for ``mako.error_handler``,
+  ``mako.default_filters``, and ``mako.imports``.
+
+- Normalized all paster templates: each now uses the name ``main`` to
+  represent the function that returns a WSGI application, each now uses
+  WebError, each now has roughly the same shape of development.ini style.
+
+- Added class vars ``matchdict`` and ``matched_route`` to
+  ``pyramid.request.Request``.  Each is set to ``None``.
+
+- New API method: ``pyramid.settings.asbool``.
+
+- New API methods for ``pyramid.request.Request``: ``model_url``,
+  ``route_url``, and ``static_url``.  These are simple passthroughs for their
+  respective functions in ``pyramid.url``.
+
+- The ``settings`` object which used to be available only when
+  ``request.settings.get_settings`` was called is now available as
+  ``registry.settings`` (e.g. ``request.registry.settings`` in view code).
+
+Bug Fixes
+---------
+
+- The pylons_* paster templates erroneously used the ``{squiggly}`` routing
+  syntax as the pattern supplied to ``add_route``.  This style of routing is
+  not supported.  They were replaced with ``:colon`` style route patterns.
+
+- The pylons_* paster template used the same string
+  (``your_app_secret_string``) for the ``session.secret`` setting in the
+  generated ``development.ini``.  This was a security risk if left unchanged
+  in a project that used one of the templates to produce production
+  applications.  It now uses a randomly generated string.
+
+Documentation
+-------------
+
+- ZODB+traversal wiki (``wiki``) tutorial updated due to changes to
+  ``pyramid_zodb`` paster template.
+
+- SQLAlchemy+urldispach wiki (``wiki2``) tutorial updated due to changes to
+  ``pyramid_routesalchemy`` paster template.
+
+- Documented the ``matchdict`` and ``matched_route`` attributes of the
+  request object in the Request API documentation.
+
+Deprecations
+------------
+
+- Obtaining the ``settings`` object via
+  ``registry.{get|query}Utility(ISettings)`` is now deprecated.  Instead,
+  obtain the ``settings`` object via the ``registry.settings`` attribute.  A
+  backwards compatibility shim was added to the registry object to register
+  the settings object as an ISettings utility when ``setattr(registry,
+  'settings', foo)`` is called, but it will be removed in a later release.
+
+- Obtaining the ``settings`` object via ``pyramid.settings.get_settings`` is
+  now deprecated.  Obtain it as the ``settings`` attribute of the registry
+  now (obtain the registry via ``pyramid.threadlocal.get_registry`` or as
+  ``request.registry``).
+
+Behavior Differences
+--------------------
+
+- Internal: ZCML directives no longer call get_current_registry() if there's
+  a ``registry`` attribute on the ZCML context (kill off use of
+  threadlocals).
+
+- Internal: Chameleon template renderers now accept two arguments: ``path``
+  and ``lookup``.  ``Lookup`` will be an instance of a lookup class which
+  supplies (late-bound) arguments for debug, reload, and translate.  Any
+  third-party renderers which use (the non-API) function
+  ``pyramid.renderers.template_renderer_factory`` will need to adjust their
+  implementations to obey the new callback argument list.  This change was to
+  kill off inappropriate use of threadlocals.
+
+1.0a2 (2010-11-09)
+==================
+
+Documentation
+-------------
+
+- All references to events by interface
+  (e.g. ``pyramid.interfaces.INewRequest``) have been changed to reference
+  their concrete classes (e.g. ``pyramid.events.NewRequest``) in
+  documentation about making subscriptions.
+
+- All references to Pyramid-the-application were changed from mod-`pyramid`
+  to app-`Pyramid`.  A custom role setting was added to ``docs/conf.py`` to
+  allow for this.  (internal)
+
+1.0a1 (2010-11-05)
+==================
+
+Features (delta from BFG 1.3)
+-------------------------------
+
+- Mako templating renderer supports resource specification format for
+  template lookups and within Mako templates. Absolute filenames must
+  be used in Pyramid to avoid this lookup process.
+
+- Add ``pyramid.httpexceptions`` module, which is a facade for the
+  ``webob.exc`` module.
+
+- Direct built-in support for the Mako templating language.
+
+- A new configurator method exists: ``add_handler``.  This method adds
+  a Pylons-style "view handler" (such a thing used to be called a
+  "controller" in Pylons 1.0).
+
+- New argument to configurator: ``session_factory``.
+
+- New method on configurator: ``set_session_factory``
+
+- Using ``request.session`` now returns a (dictionary-like) session
+  object if a session factory has been configured.
+
+- The request now has a new attribute: ``tmpl_context`` for benefit of
+  Pylons users.
+
+- The decorator previously known as ``pyramid.view.bfg_view`` is now
+  known most formally as ``pyramid.view.view_config`` in docs and
+  paster templates.  An import of ``pyramid.view.bfg_view``, however,
+  will continue to work "forever".
+
+- New API methods in ``pyramid.session``: ``signed_serialize`` and
+  ``signed_deserialize``.
+
+- New interface: ``pyramid.interfaces.IRendererInfo``.  An object of this type
+  is passed to renderer factory constructors (see "Backwards
+  Incompatibilities").
+
+- New event type: ``pyramid.interfaces.IBeforeRender``.  An object of this type
+  is sent as an event before a renderer is invoked (but after the
+  application-level renderer globals factory added via
+  ``pyramid.configurator.configuration.set_renderer_globals_factory``, if any,
+  has injected its own keys).  Applications may now subscribe to the
+  ``IBeforeRender`` event type in order to introspect the and modify the set of
+  renderer globals before they are passed to a renderer.  The event object
+  iself has a dictionary-like interface that can be used for this purpose.  For
+  example::
+
+    from repoze.events import subscriber
+    from pyramid.interfaces import IRendererGlobalsEvent
+
+    @subscriber(IRendererGlobalsEvent)
+    def add_global(event):
+        event['mykey'] = 'foo'
+
+  If a subscriber attempts to add a key that already exist in the renderer
+  globals dictionary, a ``KeyError`` is raised.  This limitation is due to the
+  fact that subscribers cannot be ordered relative to each other.  The set of
+  keys added to the renderer globals dictionary by all subscribers and
+  app-level globals factories must be unique.
+
+- New class: ``pyramid.response.Response``.  This is a pure facade for
+  ``webob.Response`` (old code need not change to use this facade, it's
+  existence is mostly for vanity and documentation-generation purposes).
+
+- All preexisting paster templates (except ``zodb``) now use "imperative"
+  configuration (``starter``, ``routesalchemy``, ``alchemy``).
+
+- A new paster template named ``pyramid_starter_zcml`` exists, which uses
+  declarative configuration.
+
+Documentation (delta from BFG 1.3)
+-----------------------------------
+
+- Added a ``pyramid.httpexceptions`` API documentation chapter.
+
+- Added a ``pyramid.session`` API documentation chapter.
+
+- Added a ``Session Objects`` narrative documentation chapter.
+
+- Added an API chapter for the ``pyramid.personality`` module.
+
+- Added an API chapter for the ``pyramid.response`` module.
+
+- All documentation which previously referred to ``webob.Response`` now uses
+  ``pyramid.response.Response`` instead.
+
+- The documentation has been overhauled to use imperative configuration,
+  moving declarative configuration (ZCML) explanations to a separate
+  narrative chapter ``declarative.rst``.
+
+- The ZODB Wiki tutorial was updated to take into account changes to the
+  ``pyramid_zodb`` paster template.
+
+- The SQL Wiki tutorial was updated to take into account changes to the
+  ``pyramid_routesalchemy`` paster template.
+
+Backwards Incompatibilities (with BFG 1.3)
+------------------------------------------
+
+- There is no longer an ``IDebugLogger`` registered as a named utility
+  with the name ``repoze.bfg.debug``.
+
+- The logger which used to have the name of ``repoze.bfg.debug`` now
+  has the name ``pyramid.debug``.
+
+- The deprecated API ``pyramid.testing.registerViewPermission``
+  has been removed.
+
+- The deprecated API named ``pyramid.testing.registerRoutesMapper``
+  has been removed.
+
+- The deprecated API named ``pyramid.request.get_request`` was removed.
+
+- The deprecated API named ``pyramid.security.Unauthorized`` was
+  removed.
+
+- The deprecated API named ``pyramid.view.view_execution_permitted``
+  was removed.
+
+- The deprecated API named ``pyramid.view.NotFound`` was removed.
+
+- The ``bfgshell`` paster command is now named ``pshell``.
+
+- The Venusian "category" for all built-in Venusian decorators
+  (e.g. ``subscriber`` and ``view_config``/``bfg_view``) is now
+  ``pyramid`` instead of ``bfg``.
+
+- ``pyramid.renderers.rendered_response`` function removed; use
+  ``render_pyramid.renderers.render_to_response`` instead.
+
+- Renderer factories now accept a *renderer info object* rather than an
+  absolute resource specification or an absolute path.  The object has the
+  following attributes: ``name`` (the ``renderer=`` value), ``package`` (the
+  'current package' when the renderer configuration statement was found),
+  ``type``: the renderer type, ``registry``: the current registry, and
+  ``settings``: the deployment settings dictionary.
+
+  Third-party ``repoze.bfg`` renderer implementations that must be ported to
+  Pyramid will need to account for this.
+
+  This change was made primarily to support more flexible Mako template
+  rendering.
+
+- The presence of the key ``repoze.bfg.message`` in the WSGI environment when
+  an exception occurs is now deprecated.  Instead, code which relies on this
+  environ value should use the ``exception`` attribute of the request
+  (e.g. ``request.exception[0]``) to retrieve the message.
+
+- The values ``bfg_localizer`` and ``bfg_locale_name`` kept on the request
+  during internationalization for caching purposes were never APIs.  These
+  however have changed to ``localizer`` and ``locale_name``, respectively.
+
+- The default ``cookie_name`` value of the ``authtktauthenticationpolicy`` ZCML
+  now defaults to ``auth_tkt`` (it used to default to ``repoze.bfg.auth_tkt``).
+
+- The default ``cookie_name`` value of the
+  ``pyramid.authentication.AuthTktAuthenticationPolicy`` constructor now
+  defaults to ``auth_tkt`` (it used to default to ``repoze.bfg.auth_tkt``).
+
+- The ``request_type`` argument to the ``view`` ZCML directive, the
+  ``pyramid.configuration.Configurator.add_view`` method, or the
+  ``pyramid.view.view_config`` decorator (nee ``bfg_view``) is no longer
+  permitted to be one of the strings ``GET``, ``HEAD``, ``PUT``, ``POST`` or
+  ``DELETE``, and now must always be an interface.  Accepting the
+  method-strings as ``request_type`` was a backwards compatibility strategy
+  servicing repoze.bfg 1.0 applications.  Use the ``request_method``
+  parameter instead to specify that a view a string request-method predicate.
+