blob: 53bf0ab60cef234cf41b86261facdfc7c8dbe9e1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
unreleased
==========
Features
--------
- Changed the default ``serializer`` on
``pyramid.session.SignedCookieSessionFactory`` to use
``pyramid.session.JSONSerializer`` instead of
``pyramid.session.PickleSerializer``. Read
"Changes to ISession in Pyramid 2.0" in the "Sessions" chapter of the
documentation for more information about why this change was made.
See https://github.com/Pylons/pyramid/pull/3413
- It is now possible to declare a route to not contain a trailing slash
when it is mounted via ``config.include(..., route_prefix=...)`` or via
``with config.route_prefix_context(...)`` by specifying a ``pattern`` of
``''``. This change is backward incompatible, see the notes below.
See https://github.com/Pylons/pyramid/pull/3414
Bug Fixes
---------
Deprecations
------------
Backward Incompatibilities
--------------------------
- ``pcreate`` and the builtin scaffolds have been removed in favor of
using the ``cookiecutter`` tool and the ``pyramid-cookiecutter-starter``
cookiecutter. The script and scaffolds were deprecated in Pyramid 1.8.
See https://github.com/Pylons/pyramid/pull/3406
- Removed ``pyramid.interfaces.ITemplateRenderer``. This interface was
deprecated since Pyramid 1.5 and was an interface
used by libraries like ``pyramid_mako`` and ``pyramid_chameleon`` but
provided no functionality within Pyramid itself.
See https://github.com/Pylons/pyramid/pull/3409
- Removed ``pyramid.security.has_permission``,
``pyramid.security.authenticated_userid``,
``pyramid.security.unauthenticated_userid``, and
``pyramid.security.effective_principals``. These methods were deprecated
in Pyramid 1.5 and all have equivalents available as properties on the
request. For example, ``request.authenticated_userid``.
See https://github.com/Pylons/pyramid/pull/3410
- Removed support for supplying a media range to the ``accept`` predicate of
both ``pyramid.config.Configurator.add_view`` and
``pyramid.config.Configurator.add_route``. These options were deprecated
in Pyramid 1.10 and WebOb 1.8 because they resulted in uncontrollable
matching that was not compliant with the RFC.
See https://github.com/Pylons/pyramid/pull/3411
- Removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. This
session factory was replaced with
``pyramid.session.SignedCookieSessionFactory`` in Pyramid 1.5 and has been
deprecated since then.
See https://github.com/Pylons/pyramid/pull/3412
- Removed ``pyramid.session.signed_serialize``, and
``pyramid.session.signed_deserialize``. These methods were only used by
the now-removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``
and were coupled to the vulnerable pickle serialization format which could
lead to remove code execution if the secret key is compromised.
See https://github.com/Pylons/pyramid/pull/3412
- Changed the default ``serializer`` on
``pyramid.session.SignedCookieSessionFactory`` to use
``pyramid.session.JSONSerializer`` instead of
``pyramid.session.PickleSerializer``. Read
"Changes to ISession in Pyramid 2.0" in the "Sessions" chapter of the
documentation for more information about why this change was made.
See https://github.com/Pylons/pyramid/pull/3413
- Changed the URL generation and matching for a route with a ``pattern`` of
``''`` when the route is mounted with a ``route_prefix`` via either
``config.include(..., route_prefix=...)`` or
``with config.route_prefix_context(...)``. This route will now match a bare
URL without a trailing slash. To preserve the old behavior, set the
``pattern`` to ``'/'`` instead of the empty string and the URL will contain
a trailing slash. This only affects mounted routes using ``route_prefix``.
See https://github.com/Pylons/pyramid/pull/3414
Documentation Changes
---------------------
|
