kinto

Bug fixes

• Make sure we redirect endpoints with trailing slashes with the default bucket plugin. (#848)
• Fix group association when members contains system.Authenticated (fixes #776)
• Raise an error when members contains system.Everyone or a group ID (#850)
• Fix StatsD view counter with 404 responses (#853)

Protocol

• Fix error response consistency with safe creations if the create permission
  is granted (fixes #792). The server now returns a 412 instead of a 403 if
  the If-None-Match: * header is provided and the create permission is granted.
• The permissions attribute is now empty in the response if the user has not the permission
  to write on the object (fixes #123)
• Filtering records now works the same on the memory and postgresql backends:
  if we're comparing to a number, the filter will now filter out records that
  don't have this field. If we're comparing to anything else, the record
  without such a field is treated as if it had '' as the value for this field.
  (fixes #815)
• Parent attributes are now readable if children creation is allowed. That means for example
  that collection attributes are now readable to users with record:create permission.
  Same applies to bucket attributes and collection:create and group:create (fixes #803)
• Return an empty list on the plural endpoint instead of 403 if the create
  permission is allowed

Protocol is now at version 1.11. See API changelog

Bug fixes

• Fix crash in history plugin when target had no explicit permission defined (fixes #805, #842)

New features

• The storage backend now allows parent_id pattern matching in kinto.core.storage.get_all. (#821)
• The history and quotas plugins execution time is now monitored on StatsD (kinto.plugins.quotas
  and kinto.plugins.history) (#832)
• Add new kinto.version_json_path setting (fixes #830)

Internal changes

• Fixed a failing pypy test by changing the way it was mocking
  transaction.manager.commit (fixes #755)
• Moved storage/cache/permissions base tests to kinto.core.*.testing (fixes #801)
• Now fails with an explicit error when StatsD is configured but not installed.
• Remove redundant fields from data column in PostgreSQL records table (fixes #762)

Protocol

• Support for filtering records based on a text search (#791)

Protocol is now at version 1.10. See API changelog.

Bug fixes

• Fix concurrent writes in the memory backend (fixes #759)
• Fix heartbeat transaction locks with PostgreSQL backends (fixes #804)
• Fix crash with PostgreSQL storage backend when filtering with integer on
  a missing field (fixes #813)

Bug fixes

• Fix heartbeat transaction locks with PostgreSQL backends (fixes #804)

Bug fixes

• Fix kinto init input function (#796)

New features

• Show warning when http_scheme is not set to https (#706, thanks @Prashant-Surya)

Bug fixes

• Fix sorting/filtering history entries by date field
• On subobject filtering, return a 400 error response only if first level field
  is unknown (on resources with strict schema)

Bug fixes

• Return 400 error response when history is filtered with unknown field
• Fix crash on permissions endpoint when history is enabled (#774)
• Fix crash on history when interacting via the bucket plural endpoint (/buckets) (fixes #773)

Internal changes

• Fix documentation of errors codes (fixes #766)
• kinto.id_generator was removed from documentation since it does not
  behave as expected (fixes #757, thanks @doplumi)
  folder and a kinto.core.testing module was introduced for tests helpers
  (fixes #605)
• In documentation, link the notion of principals to the permissions page instead
  of glossary
• Add details about PATCH behaviour (fixes #566)

Breaking changes

• kinto --version was renamed kinto version
• ResourceChanged and AfterResourceChanged events now return
  old and new records for the delete action. (#751)
• Redis backends are not part of the core anymore. (#712).
  Use kinto_redis.cache instead of kinto.core.cache.redis
  Use kinto_redis.storage instead of kinto.core.storage.redis
  Use kinto_redis.permission instead of kinto.core.permission.redis
• Redis listener is not part of the core anymore. (#712)
  Use kinto.event_listeners.redis.use = kinto_redis.listeners instead of
  kinto.event_listeners.redis.use = kinto.core.listeners.redis
• Notion of unique fields was dropped from kinto.core resources.

Protocol

• Added a /__version__ endpoint with the version that has been deployed. (#747)
• Allow sub-object filtering on plural endpoints (e.g ?person.name=Eliot) (#345)
• Allow sub-object sorting on plural endpoints (e.g ?_sort=person.name) (#345)

Protocol is now at version 1.9. See API changelog_.

New features

• Added a new built-in plugin kinto.plugins.history that keeps track of every action
  that occured within a bucket and serves a stream of changes that can be synced.
  See API documentation.
• Added a new --dry-run option to command-line script migrate that will simulate
  migration operation without executing on the backend (thanks @lavish205! #685)
• Added ability to plug custom StatsD backend implementations via a new kinto.statsd_backend
  setting. Useful for Datadog™ integration for example (fixes #626).
• Added a delete-collection action to the kinto command. (#727)
• Added verbosity options to the kinto command. (#745)
• Added a built-in plugin that allows to define quotas per bucket or collection. (#752)

Bug fixes

• Fix bug where the resource events of a request targetting two groups/collection
  from different buckets would be grouped together.
• Fix crash when an invalid UTF-8 character is provided in URL
• Fix crash when provided last_modified field is not divisible (e.g. string)

Internal changes

• Huge rework of documentation after the merge of Cliquet into kinto.core (#731)
• Improve the documentation about generating docs (fixes #615)
• Switch from cliquet-pusher to kinto-pusher in Dockerfile and tutorial.
• List posssible response status on every endpoint documentation (#736)
• Remove duplicated and confusing docs about generic resources
• Replace the term protocol by API in documentation (fixes #664)
• Add load tests presets (exhaustive, read, write) in addition to the existing random. Switched integration test make loadtest-check-simulation to run the exhaustive one (fixes #258)
• Remove former Cliquet load tests (#733)
• Add a flag to to run simulation load tests on default bucket. Uses blog
  bucket by default (#733)
• Add command-line documentation (#727)
• The --backend command-line option for kinto init is not accepted as first
  parameter anymore
• Improved parts of the FAQ (#744)
• Improve 404 and 403 error handling to make them customizable. (#748)
• kinto.core resources are now schemaless by default (fixes #719)

Bug fixes

• Fix bug where the resource events of a request targetting two groups/collection
  from different buckets would be grouped together (#728)

Bug fixes

• Fix Redis get_accessible_object implementation (#725)
• Fix bug where the resource events of a request targetting two groups/collection
  from different buckets would be grouped together (#728)

Protocol

• Add the permissions_endpoint capability when the kinto.experimental_permissions_endpoint is set. (#722)

Protocol

• Add new experimental endpoint GET /v1/permissions to retrieve the list of permissions
  granted on every kind of object (#600).
  Requires setting kinto.experimental_permissions_endpoint to be set to true.

Protocol is now at version 1.8. See API changelog.

Bug fixes

• Fix crash in authorization policy when requesting GET /buckets/collections (fixes #695)
• Fix crash with PostgreSQL storage backend when provided id in POST is an integer (#688).
  Regression introduced in 3.2.0 with #655.
• Fix crash with PostgreSQL storage backend is configured as read-only and reaching
  the records endpoint of an unknown collection (fixes #693, related #558)
• Fix events payloads for actions in the default bucket (fixes #704)
• Fix bug in object permissions with memory backend
• Make sure the tombstone is deleted when the record is created with PUT. (#715)
• Allow filtering and sorting by any attribute on buckets, collections and groups list endpoints
• Fix crash in memory backend with Python3 when filtering on unknown field

Internal changes

• Resource events constructors signatures were changed. The event payload is now
  built immediately when event is fired instead of during transactoin commit (#704).
• Fix crash when a resource is registered without record path.
• Changed behaviour of accessible objects in permissions backend when list of
  bound permissions is empty.
• Bump last_modified on record when provided value is equal to previous
  in storage update() method (#713)
• Add ability to delete records and purge tombstones with just the parent_id
  parameter (#711)
• Buckets deletion is now a lot more efficient, since every sub-objects are
  deleted with a single operation on storage backend (#711)
• Added get_objects_permissions() method in permission backend (#714)
• Changed get_accessible_objects(), get_authorized_principals() methods
  in permission backend (#714)
• Simplified and improved the code quality of kinto.core.authorization,
  mainly by keeping usage of get_bound_permissions callback in one place only.

Bug fixes

• Allow filtering and sorting by any attribute on buckets, collections and groups list endpoints
• Fix crash in memory backend with Python3 when filtering on unknown field

• Fix bug in object permissions with memory backend (#708)
• Make sure the tombstone is deleted when the record is created with PUT. (#715)
• Bump last_modified on record when provided value is equal to previous
  in storage update() method (#713)

Bug fixes

• Fix HTTP API version number exposed (1.7)
• Fix crash in authorization policy when requesting GET /buckets/collections (fixes #695)
• Fix crash with PostgreSQL storage backend when provided id in POST is an integer (#688).
  Regression introduced in 3.2.0 with #655.
• Fix crash with PostgreSQL storage backend is configured as read-only and reaching
  the records endpoint of an unknown collection (fixes #693, related #558)

Protocol

• Allow record IDs to be any string instead of just UUIDs (fixes #655).

Protocol is now at version 1.7. See API changelog.

New features

• kinto start now accepts a --port option to specify which port to listen to.
  Important: Because of a limitation in Pyramid tooling,
  it won't work if the port is hard-coded in your existing .ini file. Replace
  it by %(http_port)s or regenerate a new configuration file with kinto init.
• Add support for pool_timeout option in Redis backend (fixes #620)
• Add new setting kinto.heartbeat_timeout_seconds to control the maximum duration
  of the heartbeat endpoint (fixes #601)

Bug fixes

• Fix loss of data attributes when permissions are replaced with PUT (fixes #601)
• Fix 400 response when posting data with id: "default" in default bucket.
• Fix 500 on heartbeat endpoint when a check does not follow the specs and raises instead of
  returning false.

Internal changes

• Renamed some permission backend methods for consistency with other classes (fixes #608)
• Removed some deprecated code that had been in kinto.core for too long.

Documentation

• Mention in groups documentation that the principal of a group to be used in a permissions
  definition is the full URI (e.g. "write": ["/buckets/blog/groups/authors"])
• Fix typo in Github tutorial (thanks @SwhGo_oN, #673)
• New Kinto logo (thanks @AymericFaivre, #676)
• Add a slack badge to the README (#675)
• Add new questions on FAQ (thanks @enguerran, #678)
• Fix links to examples (thanks @maxdow, #680)

Bug fixes

• Fix loss of data attributes when permissions are replaced with PUT (fixes #601)
• Fix 400 response when posting data with id: "default" in default bucket.

Protocol

• Added the GET /contribute.json endpoint for open-source information (fixes #607)

Protocol is now at version 1.6. See API changelog <http://kinto.readthedocs.io/en/latest/api/>_.

Bug fixes

• Fix internal storage filtering when an empty list of values is provided.
• Authenticated users are now allowed to obtain an empty list of buckets on
  GET /buckets even if no bucket is readable (#454)
• Fix enabling flush enpoint with KINTO_FLUSH_ENDPOINT_ENABLED environment variable (fixes #588)
• Fix reading settings for events listeners from environment variables (fixes #515)
• Fix principal added to write permission when a publicly writable object
  is created/edited (fixes #645)
• Prevent client to cache and validate authenticated requests (fixes #635)
• Fix bug that prevented startup if old Cliquet configuration values
  were still around (#633)

Documentation

• Improved documentation about running in production with uWSGI (#543, #545)

• Fix crash when a cache expires setting is set for a specific bucket or collection. (#597)
• Mark old cliquet backend settings as deprecated (but continue to support them). (#596)

Bug fixes

• Fix crash when a cache expires setting is set for a specific bucket or collection.
• Redirects version prefix to hello page when trailing_slash_redirect is enabled. (mozilla-services/cliquet#700)
• Fix crash when setting empty permission list with PostgreSQL permission backend (#575)
• Fix crash when type of values in querystring for exclude/include is wrong (#587)
• Fix crash when providing duplicated principals in permissions with PostgreSQL permission backend (#702)
• Prevent the browser to cache server responses between two sessions. (#593)