From 39ef68dbc196824f66796fa91ea1eeeaa96d7471 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 14 Nov 2012 02:39:08 -0500 Subject: rearrange deck chairs --- CHANGES.txt | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 16e3d8586..16dad95f1 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -6,7 +6,8 @@ Features - ``pyramid.authentication.AuthTktAuthenticationPolicy`` has been updated to support newer hashing algorithms such as ``sha512``. Existing applications - should consider updating if possible. + should consider updating if possible for improved security over the default + md5 hashing. - Added an ``effective_principals`` route and view predicate. @@ -21,18 +22,11 @@ Features - Slightly better debug logging from ``pyramid.authentication.RepozeWho1AuthenticationPolicy``. -- ``pyramid.security.view_execution_permitted`` used to return `True` if no +- ``pyramid.security.view_execution_permitted`` used to return ``True`` if no view could be found. It now raises a ``TypeError`` exception in that case, as it doesn't make sense to assert that a nonexistent view is execution-permitted. See https://github.com/Pylons/pyramid/issues/299. -- Get rid of shady monkeypatching of ``pyramid.request.Request`` and - ``pyramid.response.Response`` done within the ``__init__.py`` of Pyramid. - Webob no longer relies on this being done. Instead, the ResponseClass - attribute of the Pyramid Request class is assigned to the Pyramid response - class; that's enough to satisfy WebOb and behave as it did before with the - monkeypatching. - - Allow a ``_depth`` argument to ``pyramid.view.view_config``, which will permit limited composition reuse of the decorator by other software that wants to provide custom decorators that are much like view_config. @@ -61,18 +55,26 @@ Bug Fixes ``physical_path`` predicate implementations; instead of raising an exception, return False. -- :func:`pyramid.view.render_view` was not functioning properly under - Python 3.x due to a byte/unicode discrepancy. See +- ``pyramid.view.render_view`` was not functioning properly under Python 3.x + due to a byte/unicode discrepancy. See http://github.com/Pylons/pyramid/issues/721 Deprecations ------------ -- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning - if an application is using the policy without explicitly setting the - ``hashalg``. This is because the default is "md5" which is considered - insecure. If you really want "md5" then you must specify it explicitly to - get rid of the warning. +- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning if + an application is using the policy without explicitly passing a ``hashalg`` + argument. This is because the default is "md5" which is considered + theoretically subject to collision attacks. If you really want "md5" then you + must specify it explicitly to get rid of the warning. + +Documentation +------------- + +- All of the tutorials that use + ``pyramid.authentication.AuthTktAuthenticationPolicy`` now explicitly pass + ``sha512`` as a ``hashalg`` argument. + Internals --------- @@ -85,6 +87,13 @@ Internals because that package should never be imported from non-Pyramid code. TopologicalSorter is still not an API, but may become one. +- Get rid of shady monkeypatching of ``pyramid.request.Request`` and + ``pyramid.response.Response`` done within the ``__init__.py`` of Pyramid. + Webob no longer relies on this being done. Instead, the ResponseClass + attribute of the Pyramid Request class is assigned to the Pyramid response + class; that's enough to satisfy WebOb and behave as it did before with the + monkeypatching. + 1.4a3 (2012-10-26) ================== -- cgit v1.2.3 From 948068688561806a321a17bfc15c87446a577b5b Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 14 Nov 2012 02:49:16 -0500 Subject: prep for release --- CHANGES.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 16dad95f1..9f5ce064f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,5 +1,5 @@ -Next release -============ +1.4a4 (2012-11-14) +================== Features -------- -- cgit v1.2.3 From 0ccdc23f6ec53548bb1f81f3b528f2a8be0a5467 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sun, 18 Nov 2012 21:47:32 -0500 Subject: - A failure when trying to locate the attribute ``__text__`` on route and view predicates existed when the ``debug_routematch`` setting was true or when the ``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727 Closes #727. --- CHANGES.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 9f5ce064f..f5c5c9449 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,13 @@ +Next release +============ + +Bug Fixes +--------- + +- A failure when trying to locate the attribute ``__text__`` on route and view + predicates existed when the ``debug_routematch`` setting was true or when the + ``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727 + 1.4a4 (2012-11-14) ================== -- cgit v1.2.3 From 71cd93bd78015285db9aaadaa63a5ac9042f6843 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Tue, 20 Nov 2012 18:36:56 -0500 Subject: - Small microspeed enhancement which anticipates that a ``pyramid.response.Response`` object is likely to be returned from a view. Some code is shortcut if the class of the object returned by a view is this class. A similar microoptimization was done to ``pyramid.request.Request.is_response``. --- CHANGES.txt | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index f5c5c9449..22abf63d9 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,6 +1,15 @@ Next release ============ +Features +-------- + +- Small microspeed enhancement which anticipates that a + ``pyramid.response.Response`` object is likely to be returned from a view. + Some code is shortcut if the class of the object returned by a view is this + class. A similar microoptimization was done to + ``pyramid.request.Request.is_response``. + Bug Fixes --------- -- cgit v1.2.3 From b5e4443dd28f3d4ed6e767e06d658838575d159e Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Tue, 20 Nov 2012 22:02:06 -0500 Subject: garden --- CHANGES.txt | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 22abf63d9..51266d15f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -17,6 +17,12 @@ Bug Fixes predicates existed when the ``debug_routematch`` setting was true or when the ``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727 +Documentation +------------- + +- Sync up tutorial source files with the files that are rendered by the + scaffold that each uses. + 1.4a4 (2012-11-14) ================== -- cgit v1.2.3