1 files changed, 227 insertions, 8 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index adf448945..41ecbde0f 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,222 @@
+Next Release
+============
+
+Features
+--------
+
+- It is now possible to escape double braces in Pyramid scaffolds (unescaped, 
+  these represent replacement values).  You can use ``\{\{a\}\}`` to
+  represent a "bare" ``{{a}}``.  See 
+  https://github.com/Pylons/pyramid/pull/862
+
+- Add ``localizer`` property (reified) to the request.
+  See https://github.com/Pylons/pyramid/issues/508.
+
+- Add ``pdistreport`` script, which prints the Python version in use, the
+  Pyramid version in use, and the version number and location of all Python
+  distributions currently installed.
+
+- Add the ability to invert the result of any view, route, or subscriber
+  predicate using the ``not_`` class.  For example::
+
+     from pyramid.config import not_
+
+     @view_config(route_name='myroute', request_method=not_('POST'))
+     def myview(request): ...
+
+  The above example will ensure that the view is called if the request method
+  is not POST (at least if no other view is more specific).
+
+  The :class:`pyramid.config.not_` class can be used against any value that is
+  a predicate value passed in any of these contexts:
+
+  - ``pyramid.config.Configurator.add_view``
+
+  - ``pyramid.config.Configurator.add_route``
+
+  - ``pyramid.config.Configurator.add_subscriber``
+
+  - ``pyramid.view.view_config``
+
+  - ``pyramid.events.subscriber``
+
+- ``scripts/prequest.py``: add support for submitting ``PUT`` and ``PATCH``
+  requests.  See https://github.com/Pylons/pyramid/pull/1033.  add support for
+  submitting ``OPTIONS`` and ``PROPFIND`` requests, and  allow users to specify
+  basic authentication credentials in the request via a ``--login`` argument to
+  the script.  See https://github.com/Pylons/pyramid/pull/1039.
+
+- ``ACLAuthorizationPolicy`` supports ``__acl__`` as a callable. This
+  removes the ambiguity between the potential ``AttributeError`` that would
+  be raised on the ``context`` when the property was not defined and the
+  ``AttributeError`` that could be raised from any user-defined code within
+  a dynamic property. It is recommended to define a dynamic ACL as a callable
+  to avoid this ambiguity. See https://github.com/Pylons/pyramid/issues/735.
+
+- Allow a protocol-relative URL (e.g. ``//example.com/images``) to be passed to
+  ``pyramid.config.Configurator.add_static_view``. This allows
+  externally-hosted static URLs to be generated based on the current protocol.
+
+- The ``AuthTktAuthenticationPolicy`` has two new options to configure its
+  domain usage: 
+
+  * ``parent_domain``: if set the authentication cookie is set on
+    the parent domain. This is useful if you have multiple sites sharing the
+    same domain.
+  * ``domain``: if provided the cookie is always set for this domain, bypassing
+    all usual logic.
+
+  See https://github.com/Pylons/pyramid/pull/1028,
+  https://github.com/Pylons/pyramid/pull/1072 and
+  https://github.com/Pylons/pyramid/pull/1078.
+
+- The ``AuthTktAuthenticationPolicy`` now supports IPv6 addresses when using
+  the ``include_ip=True`` option. This is possibly incompatible with
+  alternative ``auth_tkt`` implementations, as the specification does not
+  define how to properly handle IPv6. See
+  https://github.com/Pylons/pyramid/issues/831.
+
+- Make it possible to use variable arguments via
+  ``pyramid.paster.get_appsettings``. This also allowed the generated
+  ``initialize_db`` script from the ``alchemy`` scaffold to grow support
+  for options in the form ``a=1 b=2`` so you can fill in
+  values in a parameterized ``.ini`` file, e.g.
+  ``initialize_myapp_db etc/development.ini a=1 b=2``.
+  See https://github.com/Pylons/pyramid/pull/911
+
+- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view
+  predicate now take into account the value of the HTTP header named
+  ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they
+  always did).  The header is tried when the form parameter does not exist.
+
+- View lookup will now search for valid views based on the inheritance
+  hierarchy of the context. It tries to find views based on the most
+  specific context first, and upon predicate failure, will move up the
+  inheritance chain to test views found by the super-type of the context.
+  In the past, only the most specific type containing views would be checked
+  and if no matching view could be found then a PredicateMismatch would be
+  raised. Now predicate mismatches don't hide valid views registered on
+  super-types. Here's an example that now works:
+
+  .. code-block:: python
+
+     class IResource(Interface):
+
+         ...
+
+     @view_config(context=IResource)
+     def get(context, request):
+
+         ...
+
+     @view_config(context=IResource, request_method='POST')
+     def post(context, request):
+
+         ...
+
+     @view_config(context=IResource, request_method='DELETE')
+     def delete(context, request):
+
+         ...
+
+     @implementor(IResource)
+     class MyResource:
+
+         ...
+
+     @view_config(context=MyResource, request_method='POST')
+     def override_post(context, request):
+
+         ...
+
+  Previously the override_post view registration would hide the get
+  and delete views in the context of MyResource -- leading to a
+  predicate mismatch error when trying to use GET or DELETE
+  methods. Now the views are found and no predicate mismatch is
+  raised.
+  See https://github.com/Pylons/pyramid/pull/786 and
+  https://github.com/Pylons/pyramid/pull/1004 and
+  https://github.com/Pylons/pyramid/pull/1046
+
+- The ``pserve`` command now takes a ``-v`` (or ``--verbose``) flag and a
+  ``-q`` (or ``--quiet``) flag.  Output from running ``pserve`` can be
+  controlled using these flags.  ``-v`` can be specified multiple times to
+  increase verbosity.  ``-q`` sets verbosity to ``0`` unconditionally.  The
+  default verbosity level is ``1``.
+
+- The ``alchemy`` scaffold tests now provide better coverage.  See
+  https://github.com/Pylons/pyramid/pull/1029
+
+- The ``pyramid.config.Configurator.add_route`` method now supports being
+  called with an external URL as pattern. See
+  https://github.com/Pylons/pyramid/issues/611 for more information.
+
+Bug Fixes
+---------
+
+- Fix an obscure problem when combining a virtual root with a route with a 
+  ``*traverse`` in its pattern.  Now the traversal path generated in
+  such a configuration will be correct, instead of an element missing
+  a leading slash.
+
+- Fixed a Mako renderer bug returning a tuple with a previous defname value
+  in some circumstances. See https://github.com/Pylons/pyramid/issues/1037
+  for more information.
+
+- Make the ``pyramid.config.assets.PackageOverrides`` object implement the API
+  for ``__loader__`` objects specified in PEP 302.  Proxies to the
+  ``__loader__`` set by the importer, if present; otherwise, raises
+  ``NotImplementedError``.  This makes Pyramid static view overrides work
+  properly under Python 3.3 (previously they would not).  See
+  https://github.com/Pylons/pyramid/pull/1015 for more information.
+
+- ``mako_templating``: added defensive workaround for non-importability of
+  ``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support.  Mako
+  templating will no longer work under the combination of MarkupSafe 0.17 and
+  Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any
+  supported Python 2 version will work OK).
+
+- Spaces and dots may now be in mako renderer template paths. This was
+  broken when support for the new makodef syntax was added in 1.4a1.
+  See https://github.com/Pylons/pyramid/issues/950
+
+- ``pyramid.debug_authorization=true`` will now correctly print out
+  ``Allowed`` for views registered with ``NO_PERMISSION_REQUIRED`` instead
+  of invoking the ``permits`` method of the authorization policy.
+  See https://github.com/Pylons/pyramid/issues/954
+
+- Pyramid failed to install on some systems due to being packaged with
+  some test files containing higher order characters in their names. These
+  files have now been removed. See
+  https://github.com/Pylons/pyramid/issues/981
+
+- ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under
+  Python 3 would use ``__len__`` to find truthiness; this usually caused an
+  instance of DummyResource to be "falsy" instead of "truthy".  See
+  https://github.com/Pylons/pyramid/pull/1032
+
+- The ``alchemy`` scaffold would break when the database was MySQL during
+  tables creation.  See https://github.com/Pylons/pyramid/pull/1049
+
+- The ``current_route_url`` method now attaches the query string to the URL by
+  default. See
+  https://github.com/Pylons/pyramid/issues/1040
+
+- Make ``pserve.cherrypy_server_runner`` Python 3 compatible. See
+  https://github.com/Pylons/pyramid/issues/718
+
+Backwards Incompatibilities
+---------------------------
+
+- Modified the ``current_route_url`` method in pyramid.Request. The method
+  previously returned the URL without the query string by default, it now does
+  attach the query string unless it is overriden.
+
+- The ``route_url`` and ``route_path`` APIs no longer quote ``/`` 
+  to ``%2F`` when a replacement value contains a ``/``.  This was pointless,
+  as WSGI servers always unquote the slash anyway, and Pyramid never sees the 
+  quoted value.
+
 1.4 (2012-12-18)
 ================
 
@@ -89,7 +308,7 @@ Features
      @subscriber(SomeOtherEvent)
      def asubscriber(event):
          pass
- 
+
   And you wanted to use a subscriber predicate::
 
      @subscriber([SomeEvent, SomeContextType], mypredicate=True)
@@ -163,7 +382,7 @@ Features
 
      @subscriber([SomeContextType, SomeEvent])
      def asubscriber(event):
-         # bzzt! you'll be getting the context here as ``event``, and it'll 
+         # bzzt! you'll be getting the context here as ``event``, and it'll
          # be useless
 
   Existing multiple-argument subscribers continue to work without issue, so you
@@ -274,7 +493,7 @@ Bug Fixes
 
 - ``pyramid.view.render_view`` was not functioning properly under Python 3.x
   due to a byte/unicode discrepancy. See
-  http://github.com/Pylons/pyramid/issues/721
+  https://github.com/Pylons/pyramid/issues/721
 
 Deprecations
 ------------
@@ -433,7 +652,7 @@ Bug Fixes
   https://github.com/Pylons/pyramid/issues/606
   https://github.com/Pylons/pyramid/issues/607
 
-- In Mako Templates lookup, check for absolute uri (using mako directories) 
+- In Mako Templates lookup, check for absolute uri (using mako directories)
   when mixing up inheritance with asset specs.
   https://github.com/Pylons/pyramid/issues/662
 
@@ -511,7 +730,7 @@ Features
 
 - The static view machinery now raises (rather than returns) ``HTTPNotFound``
   and ``HTTPMovedPermanently`` exceptions, so these can be caught by the
-  NotFound view (and other exception views).
+  Not Found View (and other exception views).
 
 - The Mako renderer now supports a def name in an asset spec.  When the def
   name is present in the asset spec, the system will render the template def
@@ -652,13 +871,13 @@ Backwards Incompatibilities
   * ``registerAdapter``, use
     ``pyramid.config.Configurator.registry.registerAdapter`` instead.
 
-  * ``registerSubscriber``, use 
+  * ``registerSubscriber``, use
     ``pyramid.config.Configurator.add_subscriber`` instead.
 
-  * ``registerRoute``, use 
+  * ``registerRoute``, use
     ``pyramid.config.Configurator.add_route`` instead.
 
-  * ``registerSettings``, use 
+  * ``registerSettings``, use
     ``pyramid.config.Configurator.add_settings`` instead.
 
 - In Pyramid 1.3 and previous, the ``__call__`` method of a Response object