1 files changed, 73 insertions, 0 deletions
diff --git a/docs/whatsnew-1.5.rst b/docs/whatsnew-1.5.rst
index 57f93cbff..23613896a 100644
--- a/docs/whatsnew-1.5.rst
+++ b/docs/whatsnew-1.5.rst
@@ -316,6 +316,48 @@ The feature additions in Pyramid 1.5 follow.
 - :func:`pyramid.path.package_name` no longer thows an exception when resolving 
   the package name for namespace packages that have no ``__file__`` attribute.
 
+- An authorization API has been added as a method of the request:
+  :meth:`pyramid.request.Request.has_permission`.  It is a method-based
+  alternative to the :func:`pyramid.security.has_permission` API and works
+  exactly the same.  The older API is now deprecated.
+
+- Property API attributes have been added to the request for easier access to
+  authentication data: :attr:`pyramid.request.Request.authenticated_userid`,
+  :attr:`pyramid.request.Request.unauthenticated_userid`, and
+  :attr:`pyramid.request.Request.effective_principals`.  These are analogues,
+  respectively, of :func:`pyramid.security.authenticated_userid`,
+  :func:`pyramid.security.unauthenticated_userid`, and
+  :func:`pyramid.security.effective_principals`.  They operate exactly the
+  same, except they are attributes of the request instead of functions
+  accepting a request.  They are properties, so they cannot be assigned to.
+  The older function-based APIs are now deprecated.
+
+- Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run
+  directly, allowing custom arguments to be sent to the python interpreter
+  at runtime. For example::
+
+      python -3 -m pyramid.scripts.pserve development.ini
+
+- Added a specific subclass of :class:`pyramid.httpexceptions.HTTPBadRequest`
+  named :class:`pyramid.exceptions.BadCSRFToken` which will now be raised in
+  response to failures in the ``check_csrf_token`` view predicate.  See
+  https://github.com/Pylons/pyramid/pull/1149
+
+- Added a new ``SignedCookieSessionFactory`` which is very similar to the
+  ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on
+  signing content. The custom serializer arguments to this function should
+  only focus on serializing, unlike its predecessor which required the
+  serializer to also perform signing.
+  See https://github.com/Pylons/pyramid/pull/1142
+
+- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
+  factory that can be used by framework implementors to create their own
+  session implementations. It provides a reusable API which focuses strictly
+  on providing a dictionary-like object that properly handles renewals,
+  timeouts, and conformance with the ``ISession`` API.
+  See https://github.com/Pylons/pyramid/pull/1142
+
+
 Other Backwards Incompatibilities
 ---------------------------------
 
@@ -404,6 +446,13 @@ Other Backwards Incompatibilities
   Pyramid narrative documentation instead of providing renderer globals values
   to the configurator.
 
+- The key/values in the ``_query`` parameter of
+  :meth:`pyramid.request.Request.route_url` and the ``query`` parameter of
+  :meth:`pyramid.request.Request.resource_url` (and their variants), used to
+  encode a value of ``None`` as the string ``'None'``, leaving the resulting
+  query string to be ``a=b&key=None``. The value is now dropped in this
+  situation, leaving a query string of ``a=b&key=``.  See
+  https://github.com/Pylons/pyramid/issues/1119
 
 Deprecations
 ------------
@@ -417,12 +466,36 @@ Deprecations
   a deprecation warning when used.  It had been docs-deprecated in 1.4
   but did not issue a deprecation warning when used.
 
+- :func:`pyramid.security.has_permission` is now deprecated in favor of using
+  :meth:`pyramid.request.Request.has_permission`.
+
+- The :func:`pyramid.security.authenticated_userid`,
+  :func:`pyramid.security.unauthenticated_userid`, and
+  :func:`pyramid.security.effective_principals` functions have been
+  deprecated. Use :attr:`pyramid.request.Request.authenticated_userid`,
+  :attr:`pyramid.request.Request.unauthenticated_userid` and
+  :attr:`pyramid.request.Request.effective_principals` instead.
+
+- Deprecate the ``pyramid.interfaces.ITemplateRenderer`` interface. It was
+  ill-defined and became unused when Mako and Chameleon template bindings were
+  split into their own packages.
+
+- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been 
+  deprecated and is superseded by the 
+  ``pyramid.session.SignedCookieSessionFactory``.  Note that while the cookies
+  generated by the ``UnencryptedCookieSessionFactoryConfig``
+  are compatible with cookies generated by old releases, cookies generated by
+  the SignedCookieSessionFactory are not. See 
+  https://github.com/Pylons/pyramid/pull/1142
+
 Documentation Enhancements
 --------------------------
 
 - A new documentation chapter named :ref:`quick_tour` was added.  It describes
   starting out with Pyramid from a high level.
 
+- Added a :ref:`quick_tutorial` to go with the Quick Tour
+
 - Many other enhancements.