Merge branch 'master' of https://github.com/Pylons/pyramid

4 files changed, 6 insertions, 69 deletions

diff --git a/docs/narr/install.rst b/docs/narr/install.rst
index 23bf0cfd3..1801f3c9a 100644
--- a/docs/narr/install.rst
+++ b/docs/narr/install.rst
@@ -5,7 +5,7 @@ Installing :app:`Pyramid`
 
 .. note::
 
-    This installation guide emphasizes the use of Python 3.5 and greater for
+    This installation guide emphasizes the use of Python 3.6 and greater for
     simplicity.
 
 
@@ -15,13 +15,13 @@ Installing :app:`Pyramid`
 Before You Install Pyramid
 --------------------------
 
-Install Python version 3.5 or greater for your operating system, and satisfy
+Install Python version 3.6 or greater for your operating system, and satisfy
 the :ref:`requirements-for-installing-packages`, as described in
 the following sections.
 
 .. sidebar:: Python Versions
 
-    As of this writing, :app:`Pyramid` is tested against Python 3.5, 3.6, 3.7, 3.8, and 3.9 and PyPy3.
+    As of this writing, :app:`Pyramid` is tested against Python 3.6, 3.7, 3.8, and 3.9 and PyPy3.
 
 :app:`Pyramid` is known to run on all popular Unix-like systems such as Linux,
 macOS, and FreeBSD, as well as on Windows platforms.  It is also known to
diff --git a/docs/narr/project.rst b/docs/narr/project.rst
index 6493f0fe7..ee75587e9 100644
--- a/docs/narr/project.rst
+++ b/docs/narr/project.rst
@@ -1173,8 +1173,8 @@ One popular production alternative to the default Waitress server is
 using the Apache web server rather than any "pure-Python" server like Waitress.
 It is fast and featureful.  See :ref:`modwsgi_tutorial` for details.
 
-Another good production alternative is :term:`Green Unicorn` (aka
-``gunicorn``).  It's faster than Waitress and slightly easier to configure than
+Another good production alternative is :term:`gunicorn`.
+It's faster than Waitress and slightly easier to configure than
 ``mod_wsgi``, although it depends, in its default configuration, on having a
 buffering HTTP proxy in front of it.  It does not, as of this writing, work on
 Windows.
diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst
index 2da524d4c..03ad5c8d2 100644
--- a/docs/narr/sessions.rst
+++ b/docs/narr/sessions.rst
@@ -73,68 +73,6 @@ using the :meth:`pyramid.config.Configurator.set_session_factory` method.
    In short, use a different session factory implementation (preferably one which keeps session data on the server) for anything but the most basic of applications where "session security doesn't matter", you are sure your application has no cross-site scripting vulnerabilities, and you are confident your secret key will not be exposed.
 
 .. index::
-    triple: pickle deprecation; JSON-serializable; ISession interface
-
-.. _pickle_session_deprecation:
-
-Changes to ISession in Pyramid 2.0
-----------------------------------
-
-In :app:`Pyramid` 2.0 the :class:`pyramid.interfaces.ISession` interface was changed to require that session implementations only need to support JSON-serializable data types.
-This is a stricter contract than the previous requirement that all objects be pickleable and it is being done for security purposes.
-This is a backward-incompatible change.
-Previously, if a client-side session implementation was compromised, it left the application vulnerable to remote code execution attacks using specially-crafted sessions that execute code when deserialized.
-
-Please reference the following tickets if detailed information on these changes is needed:
-
-* `2.0 feature request: Require that sessions are JSON serializable #2709 <https://github.com/pylons/pyramid/issues/2709>`_.
-* `deprecate pickleable sessions, recommend json #3353 <https://github.com/pylons/pyramid/pull/3353>`_.
-* `change to use JSONSerializer for SignedCookieSessionFactory #3413 <https://github.com/pylons/pyramid/pull/3413>`_.
-
-For users with compatibility concerns, it's possible to craft a serializer that can handle both formats until you are satisfied that clients have had time to reasonably upgrade.
-Remember that sessions should be short-lived and thus the number of clients affected should be small (no longer than an auth token, at a maximum). An example serializer:
-
-.. code-block:: python
-    :linenos:
-
-    import pickle
-    from pyramid.session import JSONSerializer
-    from pyramid.session import SignedCookieSessionFactory
-
-
-    class JSONSerializerWithPickleFallback(object):
-        def __init__(self):
-            self.json = JSONSerializer()
-
-        def dumps(self, appstruct):
-            """
-            Accept a Python object and return bytes.
-
-            During a migration, you may want to catch serialization errors here,
-            and keep using pickle while finding spots in your app that are not
-            storing JSON-serializable objects. You may also want to integrate
-            a fall-back to pickle serialization here as well.
-            """
-            return self.json.dumps(appstruct)
-
-        def loads(self, bstruct):
-            """Accept bytes and return a Python object."""
-            try:
-                return self.json.loads(bstruct)
-            except ValueError:
-                try:
-                    return pickle.loads(bstruct)
-                except Exception:
-                    # this block should catch at least:
-                    # ValueError, AttributeError, ImportError; but more to be safe
-                    raise ValueError
-
-    # somewhere in your configuration code
-    serializer = JSONSerializerWithPickleFallback()
-    session_factory = SignedCookieSessionFactory(..., serializer=serializer)
-    config.set_session_factory(session_factory)
-
-.. index::
    single: session object
 
 Using a Session Object
@@ -193,7 +131,7 @@ Some gotchas:
 - Keys and values of session data must be JSON-serializable.
   This means, typically, that they are instances of basic types of objects, such as strings, lists, dictionaries, tuples, integers, etc.
   If you place an object in a session data key or value that is not JSON-serializable, an error will be raised when the session is serialized.
-  Please also see :ref:`pickle_session_deprecation`.
+  Please also see :ref:`upgrading_session_20`.
 
 - If you place a mutable value (for example, a list or a dictionary) in a
   session object, and you subsequently mutate that value, you must call the
diff --git a/docs/narr/upgrading.rst b/docs/narr/upgrading.rst
index e5541e248..d6882809a 100644
--- a/docs/narr/upgrading.rst
+++ b/docs/narr/upgrading.rst
@@ -86,7 +86,6 @@ At the time of a Pyramid version release, each supports all versions of Python
 through the end of their lifespans. The end-of-life for a given version of
 Python is when security updates are no longer released.
 
-- `Python 3.5 Lifespan <https://devguide.python.org/#status-of-python-branches>`_ 2020-09-13.
 - `Python 3.6 Lifespan <https://devguide.python.org/#status-of-python-branches>`_ 2021-12-23.
 - `Python 3.7 Lifespan <https://devguide.python.org/#status-of-python-branches>`_ 2023-06-27.
 - `Python 3.8 Lifespan <https://devguide.python.org/#status-of-python-branches>`_ 2024-10-??.