From a5b23b06b9dcd6157b9e97bfd65ff9ced0299afd Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 14 Nov 2012 01:09:40 -0500 Subject: remove duplicate whatsnew entry (forward port from 1.3 branch --- docs/whatsnew-1.3.rst | 7 ------- 1 file changed, 7 deletions(-) (limited to 'docs') diff --git a/docs/whatsnew-1.3.rst b/docs/whatsnew-1.3.rst index 14db1fe15..f32053202 100644 --- a/docs/whatsnew-1.3.rst +++ b/docs/whatsnew-1.3.rst @@ -289,13 +289,6 @@ Minor Feature Additions not a new feature, it just provides an API for adding a resource url adapter without needing to use the ZCA API. -- The :meth:`pyramid.config.Configurator.scan` method can now be passed an - ``ignore`` argument, which can be a string, a callable, or a list - consisting of strings and/or callables. This feature allows submodules, - subpackages, and global objects from being scanned. See - http://readthedocs.org/docs/venusian/en/latest/#ignore-scan-argument for - more information about how to use the ``ignore`` argument to ``scan``. - - Better error messages when a view callable returns a value that cannot be converted to a response (for example, when a view callable returns a dictionary without a renderer defined, or doesn't return any value at all). -- cgit v1.2.3 From 2063ed6d4882ad69257ce90bdc44c2e883b09c61 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 14 Nov 2012 02:47:54 -0500 Subject: update for release --- docs/whatsnew-1.4.rst | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/whatsnew-1.4.rst b/docs/whatsnew-1.4.rst index 59e1f7a96..5da28bb03 100644 --- a/docs/whatsnew-1.4.rst +++ b/docs/whatsnew-1.4.rst @@ -77,6 +77,11 @@ Subrequest Support Minor Feature Additions ----------------------- +- :class:`pyramid.authentication.AuthTktAuthenticationPolicy` has been updated + to support newer hashing algorithms such as ``sha512``. Existing applications + should consider updating if possible for improved security over the default + md5 hashing. + - :meth:`pyramid.config.Configurator.add_directive` now accepts arbitrary callables like partials or objects implementing ``__call__`` which don't have ``__name__`` and ``__doc__`` attributes. See @@ -182,7 +187,6 @@ Minor Feature Additions :meth:`pyramid.config.testing_securitypolicy` now sets a ``forgotten`` value on the policy (the value ``True``) when its ``forget`` method is called. - - The DummySecurityPolicy created by :meth:`pyramid.config.testing_securitypolicy` now sets a ``remembered`` value on the policy, which is the value of the ``principal`` @@ -196,6 +200,31 @@ Minor Feature Additions view when some object is traversed to, but you can't be sure about what kind of object it will be, so you can't use the ``context`` predicate. +- Added an ``effective_principals`` route and view predicate. + +- Do not allow the userid returned from the + :func:`pyramid.security.authenticated_userid` or the userid that is one of the + list of principals returned by :func:`pyramid.security.effective_principals` + to be either of the strings ``system.Everyone`` or ``system.Authenticated`` + when any of the built-in authorization policies that live in + :mod:`pyramid.authentication` are in use. These two strings are reserved for + internal usage by Pyramid and they will no longer be accepted as valid + userids. + +- Allow a ``_depth`` argument to :class:`pyramid.view.view_config`, which will + permit limited composition reuse of the decorator by other software that + wants to provide custom decorators that are much like view_config. + +- Allow an iterable of decorators to be passed to + :meth:`pyramid.config.Configurator.add_view`. This allows views to be wrapped + by more than one decorator without requiring combining the decorators + yourself. + +- :func:`pyramid.security.view_execution_permitted` used to return `True` if no + view could be found. It now raises a :exc:`TypeError` exception in that case, + as it doesn't make sense to assert that a nonexistent view is + execution-permitted. See https://github.com/Pylons/pyramid/issues/299. + Backwards Incompatibilities --------------------------- @@ -289,6 +318,12 @@ Deprecations used in its place (it has all of the same capabilities but can also extend the request object with methods). +- :class:`pyramid.authentication.AuthTktAuthenticationPolicy` will emit a + deprecation warning if an application is using the policy without explicitly + passing a ``hashalg`` argument. This is because the default is "md5" which is + considered theoretically subject to collision attacks. If you really want + "md5" then you must specify it explicitly to get rid of the warning. + Documentation Enhancements -------------------------- @@ -299,6 +334,10 @@ Documentation Enhancements - Added a :ref:`subrequest_chapter` chapter to the narrative documentation. +- All of the tutorials that use + :class:`pyramid.authentication.AuthTktAuthenticationPolicy` now explicitly + pass ``sha512`` as a ``hashalg`` argument. + - Many cleanups and improvements to narrative and API docs. Dependency Changes -- cgit v1.2.3 From 948068688561806a321a17bfc15c87446a577b5b Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 14 Nov 2012 02:49:16 -0500 Subject: prep for release --- docs/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/conf.py b/docs/conf.py index 9bda4c798..5e17de18a 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -81,7 +81,7 @@ copyright = '%s, Agendaless Consulting' % datetime.datetime.now().year # other places throughout the built documents. # # The short X.Y version. -version = '1.4a3' +version = '1.4a4' # The full version, including alpha/beta/rc tags. release = version -- cgit v1.2.3