kinto

Bug fixes

• Upgrade the kinto-admin to v1.12.0.

Bug fixes

• Upgrade the kinto-admin to v1.11.2.

Bug fixes

• Fix Memory backend sometimes show empty permissions (#1045)
• Allow to create default bucket with a PUT request and an empty body (fixes #1080)
• Fix PostgreSQL backend when excluding a list of numeric values (fixes #1093)
• Fix ignore_conflict storage backend create method parameter to
  keep the existing rather than overriding it. (#1134)
• Fix impacted records of events generated by implicit creation in default
  bucket (#1137)

Breaking changes

• Remove Python 2.7 support and upgrade to Python 3.5. (#1050)
• Upgraded minimal PostgreSQL support to PostgreSQL 9.5 (#1056)
• The --ini parameter is now after the subcommand name (#1095)

Protocol

• Fixed If-Match behavior to match the RFC 2616 specification (#1102).
• A 409 Conflict error response is now returned when some backend integrity
  constraint is violated (instead of 503) (ref #602)

Protocol is now at version 1.15. See API changelog_.

Bug fixes

• Prevent injections in the PostgreSQL permission backend (#1061)
• Fix crash on If-Match: * (#1064)
• Handle Integer overflow in querystring parameters. (#1076)
• Flush endpoint now returns an empty JSON object instad of an HTML page (#1098)
• Fix nested sorting key breaks pagination token. (#1116)
• Remove deleted field from PUT requests over tombstones. (#1115)
• Fix crash when preconditions are used on the permission endpoint (fixes #1066)
• Fixed resource timestamp upsert in PostgreSQL backend (#1125)
• Fix pserve argument ordering with Pyramid 1.8 (#1095)

Internal changes

• Update the upsert query to use an INSERT or UPDATE on CONFLICT behavior (fixes #1055)
• Remove pypy supports. (#1049)
• Permission schema children fields are now set during initialization instead of on
  deserialization (#1046).
• Request schemas (including validation and deserialization) are now isolated by method
  and endpoint type (#1047).
• Move generic API schemas (e.g TimeStamps and HeaderFields) from kinto.core.resource.schema
  to a sepate file on kinto.core.schema. (#1054)
• Upgraded the kinto-admin to version 1.10.0 (#1086, #1128)
• Upgrade to Pyramid 1.8 (#1087)
• Replace old loadtests with functional tests (#1085)
• Use Cornice Swagger <https://github.com/Cornices/cornice.ext.swagger>_ rather than
  merging YAML files to generate the OpenAPI spec.
• Gracefully handle UnicityError with the default_bucket plugin and
  the PostgreSQL backend using PostgreSQL 9.5+ ON CONFLICT clause. (#1122)

Fix unexpected references on the swagger spec that failed validation. (#1108)

• Upgraded the kinto-admin to version 1.9.0 (#1086)

Bug fixes

• Fix crash on If-Match: * (Kinto/kinto#1064)
• Handle Integer overflow in querystring parameters. (Kinto/kinto#1076)

Bug fixes

• Prevent injections in the PostgreSQL permission backend (#1061)

Bug fixes

• Update the cache backend to use the new upsert behavior from PostgreSQL 9.5 (fixes #1055)

Bug fixes

• Retries to set value in PostgreSQL cache backend in case of BackendError (fixes #1052)

Bug fixes

• Retries to set value in PostgreSQL cache backend in case of IntegrityError (fixes #1035)

Internal changes

• Remove JSON Patch content-type from accepted types on the viewset, since it is handled
  in a separate view (#1031).
• Upgraded to Kinto-Admin 1.8.1
• Configure the Kinto Admin auth methods from the server configuration (#1042)

Bug fixes

• Fix crash with batch endpoint when list of requests contains trailing comma (fixes #1024)

Internal changes

• Cache backend transactions are not bound to the request/response cycle anymore (fixes #879)
• Quick mention of PostgreSQL commands to run tests locally in contributing docs.
• Use YAML safe_load for the swagger file. (#1022)
• Request headers and querystrings are now validated using cornice schemas (#873).
• JSON Patch format is now validated using cornice (#880).
• Upgraded to Kinto-Admin 1.8.0

Protocol

• Add an OpenAPI specification <https://kinto.readthedocs.io/en/latest/api/1.x/openapi.html>_
  for the HTTP API on /__api__ (#997)

Protocol is now at version 1.14. See API changelog_.

New features

• When admin is enabled, /v1/admin does not return 404 anymore, but now redirects to
  /v1/admin/ (with trailing slash).

Bug fixes

• Add missing Total-Records field on DELETE header with plural endpoints (fixes #1000)

Internal changes

• Changed default listening address from 0.0.0.0 to 127.0.0.1 (#949, thanks @PeriGK)
• Upgrade to Kinto-Admin 1.7.0

Protocol

• Add a basicauth capability when activated on the server (#937)
• Add ability to delete history entries using DELETE (#958)

Protocol is now at version 1.13. See API changelog

Bug fixes

• Permissions are now correctly removed from permission backend when a parent
  object is deleted (fixes #898)
• Heartbeat of storage backend does not leave tombstones (fixes #985)
• Fix record_id attribute in history entries when several records are
  modified via a batch request (fixes #942)
• Fix crash on redirection when path contains control characters (fixes #962)
• Fix crash on redirection when path contains unicode characters (#982)
• Fix performance issue when fetching shared objects from plural endpoints (fixes #965)
• Fix JSON-Merge validation (fixes #979)
• Fix crash when If-Match or If-None-Match headers contain invalid
  unicode data (fixes #983)
• Add missing ETag and Last-Modified headers on POST and DELETE
  responses (#980)
• Return 404 on non-existing objects for users with read permissions (fixes #918)
• Fix pagination with DELETE on plural endpoints (fixes #987)

New features

• Activate basicauth in Kinto Admin by default. (#943)
• Add a setting to limit the maximum number of bytes cached in the memory backend (#610)
• Add a setting to exclude certain resources from being tracked by history (fixes #964)

Backend changes

• storage.delete_all() now accepts sorting, pagination_rules and limit
  parameters (#997)
• permissions.get_accessible_objects() does not support Regexp and now accepts
  a with_children parameter (#975)
• cache.set() now logs a warning if ttl is None (#967)

Internal changes

• Remove usage of assert (fixes #954)
• The delete_object_permissions() of the permission backend now supports
  URI patterns (eg. /bucket/id*)
• Refactor handling of prefixed user id among request principals
• Add a warning when a cache entry is set without TTL (ref #960)
• Replaced insecure use of random.random() and random.choice(...) with
  more secure random.SystemRandom().random() and
  random.SystemRandom().choice(...). (#955)
• Removed usage of pattern matching in PostgreSQL when not necessary (ref #907, fixes #974)
• Insist about authentication in concepts documentation (ref #976)
• Upgrade to Kinto-Admin 1.6.0

• Fix record_id attribute in history entries when several records are
  modified via a batch request (fixes #942)

Bug fixes

• Add deletion of multiple groups in API docs (#928)
• Fix crash in permission endpoint when merging permissions from settings and from
  permissions backend (fixes #926)
• Fix crash in PostgreSQL backend when specified bound permissions is empty (fixes #906)
• Fix response status for OPTION request on version redirection (fixes #852)
• Fix crash in authorization policy when object ids contain unicode (fixes #931)
• Permissions are now correctly removed from permission backend when a parent
  object is deleted (fixes #898)

Breaking changes

• Upgraded to Cornice 2.0 (#790)

Protocol

• Add support for JSON-Patch (RFC 6902).
• Add support for JSON-Merge (RFC 7396).
• Added a principals list to hello view when authenticated.
• Added details attribute to 404 errors. (#818)

Protocol is now at version 1.12. See API changelog.

New features

• Added a new built-in plugin kinto.plugins.admin to serve the kinto admin.
• Added a new parse_resource utility to kinto.core.utils

Bug fixes

• Fixed showing of backend type twice in StatsD backend keys (fixes #857)
• Fix crash when querystring parameter contains null string (fixes #882)
• Fix crash when redirection path contains CRLF character (fixes #887)
• Fix response status for OPTION request on version redirection (fixes #852)
• Fix crash in PostgreSQL backend when specified bound permissions is empty (fixes #906)
• Permissions endpoint now exposes the user permissions defined in settings (fixes #909)
• Fix bug when two subfields are selected in partial responses (fixes #920)
• Fix crash in permission endpoint when merging permissions from settings and from
  permissions backend (fixes #926)
• Fix crash in authorization policy when object ids contain unicode (fixes #931)

Internal changes

• Resource mapping attribute is now deprecated, use schema instead (#790)
• Clarify implicit permissions when allowed to create child objects (#884)
• Upgrade built-in admin plugin to Kinto Admin 1.5.0
• Do not bump timestamps in PostgreSQL storage backend when non-data columns
  are modified.
• Add some specifications for the permissions endpoint with regards to inherited
  permissions
• Add deletion of multiple groups in API docs (#928)

Thanks to all contributors, with a special big-up for @gabisurita!

• Fix bug when two subfields are selected in partial responses (fixes #920)

Bug fixes

• Fix crash when querystring parameter contains null string (fixes #882)
• Permissions endpoint now exposes the user permissions defined in settings (fixes #909)
• Fix crash when redirection path contains CRLF character (fixes #887)

Bug fixes

• Remove Cornice 2 from supported version range
• Fixes filtering on ids with numeric values. (fixes #851, thanks @gabisurita!)