1 files changed, 128 insertions, 60 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 9f780fe45..434eab898 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,6 +1,51 @@
 Unreleased
 ==========
 
+- Avoid crash in ``pserve --reload`` under Py3k, when iterating over posiibly
+  mutated ``sys.modules``.
+
+- Fixed a bug in ``UnencryptedCookieSessionFactoryConfig`` and
+  ``SignedCookieSessionFactory`` where ``timeout=None`` would cause a new
+  session to always be created. Also in ``SignedCookieSessionFactory`` a
+  ``reissue_time=None`` would cause an exception when modifying the session.
+  See https://github.com/Pylons/pyramid/issues/1247
+
+1.5b1 (2014-02-08)
+==================
+
+Features
+--------
+
+- We no longer eagerly clear ``request.exception`` and ``request.exc_info`` in
+  the exception view tween.  This makes it possible to inspect exception
+  information within a finished callback.  See
+  https://github.com/Pylons/pyramid/issues/1223.
+
+1.5a4 (2014-01-28)
+==================
+
+Features
+--------
+
+- Updated scaffolds with new theme, fixed documentation and sample project.
+
+Bug Fixes
+---------
+
+- Depend on a newer version of WebOb so that we pull in some crucial bug-fixes
+  that were showstoppers for functionality in Pyramid.
+
+- Add a trailing semicolon to the JSONP response. This fixes JavaScript syntax
+  errors for old IE versions. See https://github.com/Pylons/pyramid/pull/1205
+
+- Fix a memory leak when the configurator's ``set_request_property`` method was
+  used or when the configurator's ``add_request_method`` method was used with
+  the ``property=True`` attribute.  See
+  https://github.com/Pylons/pyramid/issues/1212 .
+
+1.5a3 (2013-12-10)
+==================
+
 Features
 --------
 
@@ -35,11 +80,13 @@ Features
   See https://github.com/Pylons/pyramid/pull/1149
 
 - Added a new ``SignedCookieSessionFactory`` which is very similar to the
-  ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on
-  signing content. The custom serializer arguments to this function should
-  only focus on serializing, unlike its predecessor which required the
-  serializer to also perform signing.
-  See https://github.com/Pylons/pyramid/pull/1142
+  ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing
+  content. The custom serializer arguments to this function should only focus
+  on serializing, unlike its predecessor which required the serializer to also
+  perform signing.  See https://github.com/Pylons/pyramid/pull/1142 .  Note
+  that cookies generated using ``SignedCookieSessionFactory`` are not
+  compatible with cookies generated using ``UnencryptedCookieSessionFactory``,
+  so existing user session data will be destroyed if you switch to it.
 
 - Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
   factory that can be used by framework implementors to create their own
@@ -48,17 +95,38 @@ Features
   timeouts, and conformance with the ``ISession`` API.
   See https://github.com/Pylons/pyramid/pull/1142
 
+- The anchor argument to ``pyramid.request.Request.route_url`` and
+  ``pyramid.request.Request.resource_url`` and their derivatives will now be
+  escaped via URL quoting to ensure minimal conformance.  See
+  https://github.com/Pylons/pyramid/pull/1183
+
+- Allow sending of ``_query`` and ``_anchor`` options to
+  ``pyramid.request.Request.static_url`` when an external URL is being
+  generated.
+  See https://github.com/Pylons/pyramid/pull/1183
+
+- You can now send a string as the ``_query`` argument to
+  ``pyramid.request.Request.route_url`` and
+  ``pyramid.request.Request.resource_url`` and their derivatives.  When a
+  string is sent instead of a list or dictionary. it is URL-quoted however it
+  does not need to be in ``k=v`` form.  This is useful if you want to be able
+  to use a different query string format than ``x-www-form-urlencoded``.  See
+  https://github.com/Pylons/pyramid/pull/1183
+
+- ``pyramid.testing.DummyRequest`` now has a ``domain`` attribute to match the
+  new WebOb 1.3 API.  Its value is ``example.com``.
+
 Bug Fixes
 ---------
 
-- Fix the ``pcreate`` script so that when the target directory name ends with a 
-  slash it does not produce a non-working project directory structure.  
-  Previously saying ``pcreate -s starter /foo/bar/`` produced different output 
+- Fix the ``pcreate`` script so that when the target directory name ends with a
+  slash it does not produce a non-working project directory structure.
+  Previously saying ``pcreate -s starter /foo/bar/`` produced different output
   than  saying ``pcreate -s starter /foo/bar``.  The former did not work
   properly.
 
-- Fix the ``principals_allowed_by_permission`` method of 
-  ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__`` 
+- Fix the ``principals_allowed_by_permission`` method of
+  ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__``
   on resources.  Previously it did not try to call the ``__acl__``
   if it was callable.
 
@@ -85,7 +153,7 @@ Documentation
 
 - Added a "Quick Tutorial" to go with the Quick Tour
 
-- Removed mention of ``pyramid_beaker`` from docs.  Beaker is no longer 
+- Removed mention of ``pyramid_beaker`` from docs.  Beaker is no longer
   maintained.  Point people at ``pyramid_redis_sessions`` instead.
 
 - Add documentation for ``pyramid.interfaces.IRendererFactory`` and
@@ -108,23 +176,17 @@ Deprecations
   ill-defined and became unused when Mako and Chameleon template bindings were
   split into their own packages.
 
-- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been 
-  deprecated and is superseded by the 
+- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been
+  deprecated and is superseded by the
   ``pyramid.session.SignedCookieSessionFactory``.  Note that while the cookies
   generated by the ``UnencryptedCookieSessionFactoryConfig``
   are compatible with cookies generated by old releases, cookies generated by
-  the SignedCookieSessionFactory are not. See 
+  the SignedCookieSessionFactory are not. See
   https://github.com/Pylons/pyramid/pull/1142
 
 - The ``pyramid.security.has_permission`` API is now deprecated.  Instead, use
   the newly-added ``has_permission`` method of the request object.
 
-- The ``pyramid.security.forget`` API is now deprecated.  Instead, use
-  the newly-added ``forget_userid`` method of the request object.
-
-- The ``pyramid.security.remember`` API is now deprecated.  Instead, use
-  the newly-added ``remember_userid`` method of the request object.
-
 - The ``pyramid.security.effective_principals`` API is now deprecated.
   Instead, use the newly-added ``effective_principals`` attribute of the
   request object.
@@ -137,6 +199,12 @@ Deprecations
   Instead, use the newly-added ``unauthenticated_userid`` attribute of the
   request object.
 
+Dependencies
+------------
+
+- Pyramid now depends on WebOb>=1.3 (it uses ``webob.cookies.CookieProfile``
+  from 1.3+).
+
 1.5a2 (2013-09-22)
 ==================
 
@@ -144,8 +212,8 @@ Features
 --------
 
 - Users can now provide dotted Python names to as the ``factory`` argument
-  the Configurator methods named ``add_{view,route,subscriber}_predicate`` 
-  (instead of passing the predicate factory directly, you can pass a 
+  the Configurator methods named ``add_{view,route,subscriber}_predicate``
+  (instead of passing the predicate factory directly, you can pass a
   dotted name which refers to the factory).
 
 Bug Fixes
@@ -181,10 +249,10 @@ Backwards Incompatibilities
 
      ValueError: No such renderer factory .mak
 
-  Support for Mako templating has been moved into an add-on package named 
-  ``pyramid_mako``, and support for Chameleon templating has been moved into 
-  an add-on package named ``pyramid_chameleon``.  These packages are drop-in 
-  replacements for the old built-in support for these templating langauges. 
+  Support for Mako templating has been moved into an add-on package named
+  ``pyramid_mako``, and support for Chameleon templating has been moved into
+  an add-on package named ``pyramid_chameleon``.  These packages are drop-in
+  replacements for the old built-in support for these templating langauges.
   All you have to do is install them and make them active in your configuration
   to register renderer factories for ``.pt`` and/or ``.mako`` (or ``.mak``) to
   make your application work again.
@@ -207,9 +275,9 @@ Backwards Incompatibilities
             ],
         )
 
-  * Within the portion of your application which instantiates a Pyramid 
-    ``pyramid.config.Configurator`` (often the ``main()`` function in 
-    your project's ``__init__.py`` file), tell Pyramid to include the 
+  * Within the portion of your application which instantiates a Pyramid
+    ``pyramid.config.Configurator`` (often the ``main()`` function in
+    your project's ``__init__.py`` file), tell Pyramid to include the
     ``pyramid_mako`` includeme::
 
         config = Configurator(.....)
@@ -219,7 +287,7 @@ Backwards Incompatibilities
 
   * Make sure the ``pyramid_chameleon`` package is installed.  One way to do
     this is by adding ``pyramid_chameleon`` to the ``install_requires`` section
-    of your package's ``setup.py`` file and afterwards rerunning 
+    of your package's ``setup.py`` file and afterwards rerunning
     ``setup.py develop``::
 
         setup(
@@ -231,9 +299,9 @@ Backwards Incompatibilities
             ],
         )
 
-  * Within the portion of your application which instantiates a Pyramid 
-    ``~pyramid.config.Configurator`` (often the ``main()`` function in 
-    your project's ``__init__.py`` file), tell Pyramid to include the 
+  * Within the portion of your application which instantiates a Pyramid
+    ``~pyramid.config.Configurator`` (often the ``main()`` function in
+    your project's ``__init__.py`` file), tell Pyramid to include the
     ``pyramid_chameleon`` includeme::
 
         config = Configurator(.....)
@@ -246,10 +314,10 @@ Backwards Incompatibilities
   compatibility when you eventually do upgrade to Pyramid 1.5.
 
   With the removal of Mako and Chameleon support from the core, some
-  unit tests that use the ``pyramid.renderers.render*`` methods may begin to 
-  fail.  If any of your unit tests are invoking either 
+  unit tests that use the ``pyramid.renderers.render*`` methods may begin to
+  fail.  If any of your unit tests are invoking either
   ``pyramid.renderers.render()``  or ``pyramid.renderers.render_to_response()``
-  with either Mako or Chameleon templates then the 
+  with either Mako or Chameleon templates then the
   ``pyramid.config.Configurator`` instance in effect during
   the unit test should be also be updated to include the addons, as shown
   above. For example::
@@ -273,17 +341,17 @@ Backwards Incompatibilities
                 result = pyramid.renderers.render('mypkg:templates/home.pt', {})
 
 - If you're using the Pyramid debug toolbar, when you upgrade Pyramid to
-  1.5a2+, you'll also need to upgrade the ``pyramid_debugtoolbar`` package to 
-  at least version 1.0.8, as older toolbar versions are not compatible with 
-  Pyramid 1.5a2+ due to the removal of Mako support from the core.  It's 
+  1.5a2+, you'll also need to upgrade the ``pyramid_debugtoolbar`` package to
+  at least version 1.0.8, as older toolbar versions are not compatible with
+  Pyramid 1.5a2+ due to the removal of Mako support from the core.  It's
   fine to use this newer version of the toolbar code with older Pyramids too.
 
 - Removed the ``request.response_*`` varying attributes. These attributes
   have been deprecated since Pyramid 1.1, and as per the deprecation policy,
   have now been removed.
 
-- ``request.response`` will no longer be mutated when using the 
-  ``pyramid.renderers.render()`` API.  Almost all renderers mutate the 
+- ``request.response`` will no longer be mutated when using the
+  ``pyramid.renderers.render()`` API.  Almost all renderers mutate the
   ``request.response`` response object (for example, the JSON renderer sets
   ``request.response.content_type`` to ``application/json``), but this is
   only necessary when the renderer is generating a response; it was a bug
@@ -291,7 +359,7 @@ Backwards Incompatibilities
 
 - Removed the ``bfg2pyramid`` fixer script.
 
-- The ``pyramid.events.NewResponse`` event is now sent **after** response 
+- The ``pyramid.events.NewResponse`` event is now sent **after** response
   callbacks are executed.  It previously executed before response callbacks
   were executed.  Rationale: it's more useful to be able to inspect the response
   after response callbacks have done their jobs instead of before.
@@ -350,24 +418,24 @@ Features
 
 - A new http exception subclass named ``pyramid.httpexceptions.HTTPSuccessful``
   was added.  You can use this class as the ``context`` of an exception
-  view to catch all 200-series "exceptions" (e.g. "raise HTTPOk").  This 
+  view to catch all 200-series "exceptions" (e.g. "raise HTTPOk").  This
   also allows you to catch *only* the ``HTTPOk`` exception itself; previously
-  this was impossible because a number of other exceptions 
+  this was impossible because a number of other exceptions
   (such as ``HTTPNoContent``) inherited from ``HTTPOk``, but now they do not.
 
 - You can now generate "hybrid" urldispatch/traversal URLs more easily
-  by using the new ``route_name``, ``route_kw`` and ``route_remainder_name`` 
+  by using the new ``route_name``, ``route_kw`` and ``route_remainder_name``
   arguments to  ``request.resource_url`` and ``request.resource_path``.  See
-  the new section of the "Combining Traversal and URL Dispatch" documentation 
+  the new section of the "Combining Traversal and URL Dispatch" documentation
   chapter entitled  "Hybrid URL Generation".
 
-- It is now possible to escape double braces in Pyramid scaffolds (unescaped, 
+- It is now possible to escape double braces in Pyramid scaffolds (unescaped,
   these represent replacement values).  You can use ``\{\{a\}\}`` to
-  represent a "bare" ``{{a}}``.  See 
+  represent a "bare" ``{{a}}``.  See
   https://github.com/Pylons/pyramid/pull/862
 
 - Add ``localizer`` and ``locale_name`` properties (reified) to the request.
-  See https://github.com/Pylons/pyramid/issues/508.  Note that the 
+  See https://github.com/Pylons/pyramid/issues/508.  Note that the
   ``pyramid.i18n.get_localizer`` and ``pyramid.i18n.get_locale_name`` functions
   now simply look up these properties on the request.
 
@@ -417,7 +485,7 @@ Features
   externally-hosted static URLs to be generated based on the current protocol.
 
 - The ``AuthTktAuthenticationPolicy`` has two new options to configure its
-  domain usage: 
+  domain usage:
 
   * ``parent_domain``: if set the authentication cookie is set on
     the parent domain. This is useful if you have multiple sites sharing the
@@ -506,7 +574,7 @@ Features
 
 - The ``pyramid.config.Configurator.add_route`` method now supports being
   called with an external URL as pattern. See
-  https://github.com/Pylons/pyramid/issues/611 and the documentation section 
+  https://github.com/Pylons/pyramid/issues/611 and the documentation section
   in the "URL Dispatch" chapter entitled "External Routes" for more information.
 
 Bug Fixes
@@ -514,17 +582,17 @@ Bug Fixes
 
 - It was not possible to use ``pyramid.httpexceptions.HTTPException`` as
   the ``context`` of an exception view as very general catchall for
-  http-related exceptions when you wanted that exception view to override the 
+  http-related exceptions when you wanted that exception view to override the
   default exception view.  See https://github.com/Pylons/pyramid/issues/985
 
-- When the ``pyramid.reload_templates`` setting was true, and a Chameleon 
-  template was reloaded, and the renderer specification named a macro 
+- When the ``pyramid.reload_templates`` setting was true, and a Chameleon
+  template was reloaded, and the renderer specification named a macro
   (e.g. ``foo#macroname.pt``), renderings of the template after the template
-  was reloaded due to a file change would produce the entire template body 
-  instead of just a rendering of the macro.  See 
+  was reloaded due to a file change would produce the entire template body
+  instead of just a rendering of the macro.  See
   https://github.com/Pylons/pyramid/issues/1013.
 
-- Fix an obscure problem when combining a virtual root with a route with a 
+- Fix an obscure problem when combining a virtual root with a route with a
   ``*traverse`` in its pattern.  Now the traversal path generated in
   such a configuration will be correct, instead of an element missing
   a leading slash.
@@ -582,12 +650,12 @@ Backwards Incompatibilities
   previously returned the URL without the query string by default, it now does
   attach the query string unless it is overriden.
 
-- The ``route_url`` and ``route_path`` APIs no longer quote ``/`` 
+- The ``route_url`` and ``route_path`` APIs no longer quote ``/``
   to ``%2F`` when a replacement value contains a ``/``.  This was pointless,
-  as WSGI servers always unquote the slash anyway, and Pyramid never sees the 
+  as WSGI servers always unquote the slash anyway, and Pyramid never sees the
   quoted value.
 
-- It is no longer possible to set a ``locale_name`` attribute of the request, 
+- It is no longer possible to set a ``locale_name`` attribute of the request,
   nor is it possible to set a ``localizer`` attribute of the request.  These
   are now "reified" properties that look up a locale name and localizer
   respectively using the machinery described in the "Internationalization"