From 2063ed6d4882ad69257ce90bdc44c2e883b09c61 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Wed, 14 Nov 2012 02:47:54 -0500
Subject: update for release

---
 docs/whatsnew-1.4.rst | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/docs/whatsnew-1.4.rst b/docs/whatsnew-1.4.rst
index 59e1f7a96..5da28bb03 100644
--- a/docs/whatsnew-1.4.rst
+++ b/docs/whatsnew-1.4.rst
@@ -77,6 +77,11 @@ Subrequest Support
 Minor Feature Additions
 -----------------------
 
+- :class:`pyramid.authentication.AuthTktAuthenticationPolicy` has been updated
+  to support newer hashing algorithms such as ``sha512``. Existing applications
+  should consider updating if possible for improved security over the default
+  md5 hashing.
+
 - :meth:`pyramid.config.Configurator.add_directive` now accepts arbitrary
   callables like partials or objects implementing ``__call__`` which don't
   have ``__name__`` and ``__doc__`` attributes.  See
@@ -182,7 +187,6 @@ Minor Feature Additions
   :meth:`pyramid.config.testing_securitypolicy` now sets a ``forgotten`` value 
   on the policy (the value ``True``) when its ``forget`` method is called.
 
-
 - The DummySecurityPolicy created by
   :meth:`pyramid.config.testing_securitypolicy` now sets a
   ``remembered`` value on the policy, which is the value of the ``principal``
@@ -196,6 +200,31 @@ Minor Feature Additions
   view when some object is traversed to, but you can't be sure about what kind
   of object it will be, so you can't use the ``context`` predicate.  
 
+- Added an ``effective_principals`` route and view predicate.
+
+- Do not allow the userid returned from the
+  :func:`pyramid.security.authenticated_userid` or the userid that is one of the
+  list of principals returned by :func:`pyramid.security.effective_principals`
+  to be either of the strings ``system.Everyone`` or ``system.Authenticated``
+  when any of the built-in authorization policies that live in
+  :mod:`pyramid.authentication` are in use.  These two strings are reserved for
+  internal usage by Pyramid and they will no longer be accepted as valid
+  userids.
+
+- Allow a ``_depth`` argument to :class:`pyramid.view.view_config`, which will
+  permit limited composition reuse of the decorator by other software that
+  wants to provide custom decorators that are much like view_config.
+
+- Allow an iterable of decorators to be passed to
+  :meth:`pyramid.config.Configurator.add_view`. This allows views to be wrapped
+  by more than one decorator without requiring combining the decorators 
+  yourself.
+
+- :func:`pyramid.security.view_execution_permitted` used to return `True` if no
+  view could be found. It now raises a :exc:`TypeError` exception in that case,
+  as it doesn't make sense to assert that a nonexistent view is
+  execution-permitted. See https://github.com/Pylons/pyramid/issues/299.
+
 Backwards Incompatibilities
 ---------------------------
 
@@ -289,6 +318,12 @@ Deprecations
   used in its place (it has all of the same capabilities but can also extend
   the request object with methods).
 
+- :class:`pyramid.authentication.AuthTktAuthenticationPolicy` will emit a
+  deprecation warning if an application is using the policy without explicitly
+  passing a ``hashalg`` argument. This is because the default is "md5" which is
+  considered theoretically subject to collision attacks. If you really want
+  "md5" then you must specify it explicitly to get rid of the warning.
+
 Documentation Enhancements
 --------------------------
 
@@ -299,6 +334,10 @@ Documentation Enhancements
 
 - Added a :ref:`subrequest_chapter` chapter to the narrative documentation.
 
+- All of the tutorials that use
+  :class:`pyramid.authentication.AuthTktAuthenticationPolicy` now explicitly 
+  pass ``sha512`` as a ``hashalg`` argument.
+
 - Many cleanups and improvements to narrative and API docs.
 
 Dependency Changes
-- 
cgit v1.2.3


From 948068688561806a321a17bfc15c87446a577b5b Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Wed, 14 Nov 2012 02:49:16 -0500
Subject: prep for release

---
 CHANGES.txt  | 4 ++--
 docs/conf.py | 2 +-
 setup.py     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 16dad95f1..9f5ce064f 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,5 +1,5 @@
-Next release
-============
+1.4a4 (2012-11-14)
+==================
 
 Features
 --------
diff --git a/docs/conf.py b/docs/conf.py
index 9bda4c798..5e17de18a 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -81,7 +81,7 @@ copyright = '%s, Agendaless Consulting' % datetime.datetime.now().year
 # other places throughout the built documents.
 #
 # The short X.Y version.
-version = '1.4a3'
+version = '1.4a4'
 
 # The full version, including alpha/beta/rc tags.
 release = version
diff --git a/setup.py b/setup.py
index 4ea63a3ee..2356e76ac 100644
--- a/setup.py
+++ b/setup.py
@@ -68,7 +68,7 @@ testing_extras = tests_require + [
     ]
 
 setup(name='pyramid',
-      version='1.4a3',
+      version='1.4a4',
       description=('The Pyramid web application development framework, a '
                    'Pylons project'),
       long_description=README + '\n\n' +  CHANGES,
-- 
cgit v1.2.3