Recent releases for kinto 2024-05-06T06:23:26.901266+00:00 python-feedgen kinto 6.0.6 kinto 6.0.6 2017-04-26T12:11:39+00:00 **Bug fixes** - Return a 400 Bad Request instead of crashing when the querystring contains bad characters. (fixes #1195) - Fixed Postgresql errors when specifying empty values in querystring numeric filters. (fixes #1194) - Upgrade the kinto-admin to v1.13.3 2017-04-26T12:11:39+00:00 kinto 6.0.7 kinto 6.0.7 2017-04-27T12:53:43+00:00 **Bug fixes** - Upgrade kinto-admin with kinto-http@4.3.3. 2017-04-27T12:53:43+00:00 kinto 6.0.8 kinto 6.0.8 2017-05-04T09:08:08+00:00 **Bug fixes** - Prevent PostgreSQL backend from deleting records of the same name in other buckets and collections when deleting a bucket. (fixes #1209) **Documentation** - Fix installation instructions (#1204) **Internal changes** - Fix tests with Pyramid 1.9a (#1208) 2017-05-04T09:08:08+00:00 kinto 7.0.0 kinto 7.0.0 2017-05-15T12:37:45+00:00 **Breaking changes** - The flush endpoint is now a built-in plugin at ``kinto.plugins.flush`` and should be enabled using the ``includes`` section of the configuration file. ``KINTO_FLUSH_ENDPOINT_ENABLED`` environment variable is no longer supported. (#1147) - Settings with ``cliquet.`` prefix are not supported anymore. - Logging configuration now relies on standard Python logging module (#1150) Before: ```ini kinto.logging_renderer = kinto.core.logs.ClassicLogRenderer ``` Now: ```ini [handler_console] ... formatter = color [formatters] keys = color [formatter_color] class = logging_color_formatter.ColorFormatter ``` - Forbid storing bytes in the cache backend. (#1143) - ``kinto.core.api`` was renamed to ``kinto.core.openapi`` (#1145) - Logging extra information on message must be done using the ``extra`` keyword (eg. ``'msg', extra={a=1})`` instead of ``'msg', a=1)``) (#1110, #1150) - Cache entries must now always have a TTL. The ``ttl`` parameter of ``cache.set()`` is now mandatory (fixes #960). - ``get_app_settings()`` from ``kinto.core.testing.BaseWebTest`` is now a class method (#1144) **Protocol** - Groups can now be created with a simple ``PUT`` (fixes #793) - Batch requests now raise ``400`` on unknown attributes (#1163). Protocol is now at version **1.16**. See `API changelog`_. **New features** - Enforce the permission endpoint when the admin plugin is included (fixes #1059) - Access control failures are logged with WARN level (fixes #1074) - Added an experimental :ref:`Accounts API <api-accounts>` which allow users to sign-up modify their password or delete their account (fixes #795) **Bug fixes** - Fix Memory backend sometimes show empty permissions (#1045) - Allow to create default bucket with a PUT request and an empty body (fixes #1080) - Fix PostgreSQL backend when excluding a list of numeric values (fixes #1093) - Fix ``ignore_conflict`` storage backend create method parameter to keep the existing rather than overriding it. (#1134) - Fix impacted records of events generated by implicit creation in default bucket (#1137) - Removed Structlog binding and bottlenecks (fixes #603) - Fixed Swagger output with subpath and regex in pyramid routes (fixes #1180) - Fixed Postgresql errors when specifying empty values in querystring numeric filters. (fixes #1194) - Return a 400 Bad Request instead of crashing when the querystring contains bad characters. (fixes #1195) - Fix PostgreSQL backend from deleting records of the same name in other buckets and collections when deleting a bucket. (fixes #1209) - Fix race conditions on deletions with upsert in PostgreSQL ``storage.update()`` (fixes #1202) - Fix PostgreSQL backend race condition when replacing permissions of an object (fixes #1210) - Fix crash when deleting multiple buckets with quotas plugin enabled (fixes #1201) **Internal changes** - Do not keep the whole Kinto Admin bundle in the repo (fixes #1012) - Remove the email example from the custom code event listener tutorial (fixes #420) - Removed useless logging info from resource (ref #603) - Make sure prefixed userid is always first in principals - Run functional tests on PostgreSQL - Fix tests with Pyramid 1.9a - Removed useless deletions in quota plugin - Upgraded the kinto-admin to version 1.13.2 2017-05-15T12:37:45+00:00 kinto 7.0.1 kinto 7.0.1 2017-05-17T08:50:35+00:00 **Bug fixes** - Fix missing package.json file in package. (#1222) **Internal changes** - Upgraded the kinto-admin to [version 1.13.3]( 2017-05-17T08:50:35+00:00 kinto 6.1.0 kinto 6.1.0 2017-05-25T15:38:39+00:00 Backporting a bunch of things to the 6.X branch. **New feature** - ``kinto rebuild-quotas`` script was written that can be run to repair the damage caused by #1226 (fixes #1230). **Bug fixes** - The ``default_bucket`` plugin no longer sends spurious "created" events for buckets and collections that already exist. This causes the ``quotas`` plugin to no longer leak "quota" when used with the ``default_bucket`` plugin. (#1226) - Fix race conditions on deletions with upsert in PostgreSQL ``storage.update()`` (fixes #1202). - Fix PostgreSQL backend race condition when replacing permissions of an object (fixes #1210) - Fix missing package.json file in package. (#1222) - Fix removal of timestamps when parent object is deleted (fixes #1233) 2017-05-25T15:38:39+00:00 kinto 7.1.0 kinto 7.1.0 2017-06-01T13:40:59+00:00 **New features** - ``delete()`` method from cache backend now returns the deleted value (fixes #1231) - ``kinto rebuild-quotas`` script was written that can be run to repair the damage caused by #1226 (fixes #1230). **Bug fixes** - The ``default_bucket`` plugin no longer sends spurious "created" events for buckets and collections that already exist. This causes the ``quotas`` plugin to no longer leak "quota" when used with the ``default_bucket`` plugin. (#1226) - Fix removal of timestamps when parent object is deleted (fixes #1233) - Do not allow to reuse deletion tokens (fixes #1171) - ``accounts`` plugin: fix exception on authentication. (#1224) - Fix crash with JSONSchema validation of unknown required properties (fixes #1243) - Fix bug on bucket deletion where other buckets could be deleted too if their id started with the same id - Fix permissions of accounts created with PUT by admin (ref #1248) - Fix ownership of accounts created with POST by admin (fixes #1248) **Internal changes** - Make memory storage consistent with PostgreSQL with regard to bytes (#1237) - Some minor cleanups about the use of kinto.readonly (#1241) 2017-06-01T13:40:59+00:00 kinto 7.2.0 kinto 7.2.0 2017-06-15T08:51:21+00:00 **API** - Filtering with like can now contain wild chars (eg. ``?like_nobody=*you*``). It is thus now impossible to search for the ``*`` character with this operator. - Handle querystring parameters as JSON encoded values to avoid treating number as number where they should be strings. (#1217) - Introduce ``has_`` filter operator (fixes #344). API is now at version **1.17**. See [API changelog]( **Bug fixes** - Several changes to the handling of NULLs and how the full range of JSON values is compared in a storage backend (PR #1258). Combined with #1252, this should fix #1215, #1216, #1217 and #1257, as well as possibly some others. - Fix requests output when running with make serve (fixes #1242) - Fix pagination on permissions endpoint (fixes #1157) - Fix pagination when max fetch storage is reached (fixes #1266) - Fix schema validation when internal fields like ``id`` or ``last_modified`` are marked as required (fixes #1244) - Restore error format for JSON schema validation errors (which was changed in #1245). **Internal changes** - Add check on account plugin to avoid conflict with default ``basicauth`` policy (fixes #1177) - Add documentation about Kinto Admin plugin (fixes #858) 2017-06-15T08:51:21+00:00 kinto 7.2.1 kinto 7.2.1 2017-06-22T07:55:19+00:00 **Bug fixes** - Fix missing ``collection_count`` field in the rebuild-quotas script. - Fix bug causing validation to always succeed if no required fields are present. **Internal changes** - Upgraded to Pyramid-tm 2 (fixes #1187) 2017-06-22T07:55:19+00:00 kinto 7.2.2 kinto 7.2.2 2017-06-22T08:01:02+00:00 **Bug fixes** - Fix permissions endpoint when using account plugin (fixes #1276) 2017-06-22T08:01:02+00:00 kinto 7.3.0 kinto 7.3.0 2017-06-27T16:20:08+00:00 **New features** - Account plugin now allows account IDs to be email addresses (fixes #1283). **Bug fixes** - Make it illegal for a principal to be present in ``account_create_principals`` without also being in ``account_write_principals``. Restricting creation of accounts to specified users only makes sense if those users are "admins", which means they're in ``account_write_principals``. (Fixes #1281.) - Fix a 500 when accounts without an ID are created (fixes #1280). - Fix StatsD unparseable metric packets for the unique user counter (fixes #1282) **Internal changes** - Upgraded the kinto-admin to version 1.14.0 2017-06-27T16:20:08+00:00 kinto 7.3.1 kinto 7.3.1 2017-07-03T15:23:09+00:00 **Bug fixes** - Fix bug in Postgres backend regarding the handling of combining filters and NULL values. (See #1291.) 2017-07-03T15:23:09+00:00 kinto 7.3.2 kinto 7.3.2 2017-08-14T15:13:35+00:00 **Bug fixes** - The PostgreSQL cache backend now orders deletes according to keys, which are a well-defined order that never changes. (Fixes #1308.) **Internal changes** - Now all configuration options appear as commented lines on the configuration template (#895) - Added task on PR template about updating the configuration template if a new configuration setting is added. - Use json instead of ujson in storage in tests (#1255) - Improve Docker container to follow Dockerflow recommendations (fixes #998) 2017-08-14T15:13:35+00:00 kinto 7.4.0 kinto 7.4.0 2017-09-01T12:35:43+00:00 **New features** - Add a `create-user` kinto command (#1315) **Bug fixes** - Fix pagination token generation on optional fields (#1253) 2017-09-01T12:35:43+00:00 kinto 7.4.1 kinto 7.4.1 2017-09-01T12:35:55+00:00 - Failed to publish Kinto Admin 2017-09-01T12:35:55+00:00 kinto 7.5.0 kinto 7.5.0 2017-09-28T08:30:51+00:00 - Add a memcached cache backend (#1332) 2017-09-28T08:30:51+00:00 kinto 7.5.1 kinto 7.5.1 2017-10-03T14:59:28+00:00 **Bug fixes** - Use the ``KINTO_INI`` env variable to findout the configuration file. (#1339) - Fix ``create-user`` command for PostgreSQL backend (#1340) - Make sure ``create-user`` command updates password (#1336) 2017-10-03T14:59:28+00:00 kinto 7.6.0 kinto 7.6.0 2017-11-16T15:26:13+00:00 **Protocol** - When a record is pushed with an older timestamp, the collection timestamps is not bumped anymore. (#1361) **New features** - A new custom logging formatter is available in ``kinto.core``. It fixes the issues of `mozilla-cloud-services-logger <>`_. Consider migrating your logging settings to : ```ini [formatter_json] class = kinto.core.JsonLogFormatter ``` **Bug fixes** - Do not log empty context values (ref #1363) - Fixed some attributes in logging of errors (ref #1363) - Fixed logging of method/path of batch subrequests (ref #1363) - Fix removing permissions with Json Merge (#1322). **Internal changes** - Moved PostgreSQL helper function to Python code (ref #1358) 2017-11-16T15:26:13+00:00 kinto 7.6.1 kinto 7.6.1 2017-11-17T14:23:21+00:00 **Bug fixes** - Fix kinto-admin loading. 2017-11-17T14:23:21+00:00 kinto 7.6.2 kinto 7.6.2 2017-11-29T09:02:05+00:00 **Operational concerns** - *The schema for the Postgres ``storage`` backend has changed.* This lets us prevent a race condition where deleting and creating a thing at the same time can leave it in an inconsistent state (#1386). You will have to run the ``kinto migrate`` command in order to migrate the schema. **Bug fixes** - Document how to create an account using the ``POST /accounts`` endpoint (#1385). **Internal changes** - Update dependency on pytest to move to 3.3.0 (#1403). - Update other dependencies: setuptools to 38.2.1 (#1380, #1381, #1392, #1395), jsonpatch to 1.20 (#1393), zest.releaser to 6.13.2 (#1397), paste-deploy to 0.4.2 (#1384), webob to 1.7.4 (#1383), simplejson to 3.13.2 (#1389, #1390). - Undo workaround for broken kinto-http.js in the kinto-admin plugin (#1382). 2017-11-29T09:02:05+00:00 kinto 8.0.0 kinto 8.0.0 2017-11-29T20:30:10+00:00 **Breaking changes** - Storage backends no longer support the ``ignore_conflict`` argument (#1401). Instead of using this argument, consider catching the ``UnicityError`` and handling it. ``ignore_conflict`` was only ever used in one place, in the ``default_bucket`` plugin, and was eventually backed out in favor of catching and handling a ``UnicityError``. **Bug fixes** - Fix a TOCTOU bug in the Postgres storage backend where a transaction doing a `create()` would fail because a row had been inserted after the transaction had checked for it (#1376). 2017-11-29T20:30:10+00:00 kinto 7.6.3 kinto 7.6.3 2017-12-06T23:43:20+00:00 **Internal changes** - Optimize the Postgres collection_timestamp method by one query. It now only makes two queries instead of three. 2017-12-06T23:43:20+00:00 kinto 7.6.4 kinto 7.6.4 2017-12-07T18:09:29+00:00 **Internal changes** - Remove the ``FOR UPDATE`` locking from the delete_all query, on the off chance that it's somehow related to the increased CPU utilization we're seeing. 2017-12-07T18:09:29+00:00 kinto 8.1.0 kinto 8.1.0 2018-01-09T17:29:54+00:00 **Internal changes** - Update the Docker compose configuration to use memcache for the cache backend (#1405) - Refactor the way ignores settings (#1410) **Operational concerns** - *The schema for the Postgres storage backend has changed.* This changes some ID columns to use the "C" collation, which will make ``delete_all`` queries faster. (See e.g., which says "If you do use the C locale, you do not need the xxx_pattern_ops operator classes, because an index with the default operator class is usable for pattern-matching queries in the C locale.") This may change the default sort order and grouping of record IDs. **New features** - New setting ``kinto.backoff_percentage`` to only set the backoff header a portion of the time. - ``make tdd`` allows development in a TDD style by rerunning tests every time a file is changed. **Bug fixes** - Optimize the Postgres collection_timestamp method by one query. It now only makes two queries instead of three. - Update other dependencies: newrelic to (#1409), setuptools to 38.4.0 (#1411, #1429, #1438, #1440), pytest to 3.3.2 (#1412, #1437), raven to 6.4.0 (#1421), werkzeug to 0.14.1 (#1418, #1434), python-memcached to 1.59 (#1423), zest.releaser to 6.13.3 (#1427), bravado_core to 4.11.2 (#1426, #1441), statsd to 3.2.2 (#1422), jsonpatch to 1.21 (#1432), sqlalchemy to 1.2.0 (#1430), sphinx to 1.6.6 (#1442). 2018-01-09T17:29:54+00:00 kinto 7.6.5 kinto 7.6.5 2018-01-09T17:31:10+00:00 **Internal changes** - Introduce an experimental setting, ``experimental_disable_purge_deleted``, which can be used to try to diagnose excessive CPU usage in production. 2018-01-09T17:31:10+00:00 kinto 8.1.1 kinto 8.1.1 2018-01-18T19:47:20+00:00 **Operational concerns** - *The schema for the Postgres storage backend has changed.* This changes some more ID columns to use the "C" collation, which fixes a bug where the ``bump_timestamps`` trigger was very slow. 2018-01-18T19:47:20+00:00 kinto 8.1.2 kinto 8.1.2 2018-01-24T18:57:54+00:00 **Bug fixes** - Flushing a server no longer breaks migration of the storage backend (#1460). If you have ever flushed a server in the past, migration may be broken. This version of Kinto tries to guess what version of the schema you're running, but may guess wrong. See for some additional information. **Internal changes** - We now allow migration of the permission backend's schema. **Operational concerns** - *The schema for the Postgres permission backend has changed.* This changes another ID column to use the "C" collation, which should speed up the `delete_object_permissions` query when deleting a bucket. 2018-01-24T18:57:54+00:00 kinto 8.1.3 kinto 8.1.3 2018-01-26T15:12:25+00:00 **Bug fixes** - Optimize the PostgreSQL permission backend's ``delete_object_permissions`` function in the case where we are only matching one object_id (or object_id prefix). 2018-01-26T15:12:25+00:00 kinto 8.1.4 kinto 8.1.4 2018-01-31T21:09:20+00:00 **Bug fixes** - Allow inherited resources to set a custom model instance before instantiating (fixes #1472) - Fix collection timestamp retrieval when the stack is configured as readonly (fixes #1474) 2018-01-31T21:09:20+00:00 kinto 8.1.5 kinto 8.1.5 2018-02-09T17:17:12+00:00 **Bug fixes** - Restore "look before you leap" behavior in the Postgres storage backend create() method to check whether a record exists before running the INSERT query (#1487). This check is "optimistic" in the sense that we can still fail to INSERT after the check succeeded, but it can reduce write load in configurations where there are a lot of create()s (i.e. when using the default_bucket plugin). 2018-02-09T17:17:12+00:00 kinto 8.2.0 kinto 8.2.0 2018-03-01T17:44:26+00:00 **New features** - Add Openid connect support (#939, #1425). See [demo]( - Account plugin now caches authentication verification (#1413) **Bug fixes** - Fix missing principals from user info in root URL when default bucket plugin is enabled (fixes #1495) - Fix crash in Postgresql when the value of url param is empty (fixes #1305) **Internal changes** - Upgraded the kinto-admin to version [1.15.0]( 2018-03-01T17:44:26+00:00 kinto 8.2.1 kinto 8.2.1 2018-03-28T19:40:26+00:00 **Internal changes** - Upgraded the kinto-admin to version [1.15.1]( - Upgraded newrelic to []( 2018-03-28T19:40:26+00:00 kinto 8.2.2 kinto 8.2.2 2018-03-28T20:20:52+00:00 **Internal changes** - Fix kinto-admin dependency error in 8.2.1 to actually really upgrade it to [1.15.1]( 2018-03-28T20:20:52+00:00 kinto 8.3.0 kinto 8.3.0 2018-04-06T12:01:38+00:00 **Security fix** - Validate the account user password even when the session is cached (fixes #1583). Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration. **New features** - Add bucket and account creation permissions in the permissions endpoint (fixes #1510) **Bug fixes** - Reduce the OpenID state string length to fit in the PostgreSQL cache backend (fixes #1566) **Documentation** - Improve OpenID settings and API documentation **Internal Changes** - Now fully rely on (or contributors) to update the versions in the `requirements.txt` file (fixes #1512) - Move from importing pip to running it in a subprocess (see - Remove useless print when using the OpenID policy (ref #1509) - Try to recover from the race condition where two requests can delete the same record. (Fix #1557; refs #1407.) 2018-04-06T12:01:38+00:00 kinto 8.2.3 kinto 8.2.3 2018-04-06T12:37:40+00:00 **Security fix** - Validate the account user password even when the session is cached (fixes #1583). Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration. 2018-04-06T12:37:40+00:00 kinto 9.0.0 kinto 9.0.0 2018-04-26T08:28:40+00:00 **API** - Introduce ``contains`` and ``contains_any`` filter operators (fixes #343). API is now at version **1.19**. See [API changelog]( **Breaking changes** - The storage class now exposes ``bump_timestamp()`` and ``bump_and_store_timestamp()`` methods so that memory based storage backends can use them. (#1596) **Internal changes** - Authentication policies can now hard code and override the name specified in settings **Documentation** - Version number is taken from package in order to ease release process (#1594) - Copyright year is now dynamic (#1595) **Internal changes** - Upgrade the kinto-admin UI to [1.17.0]( 2018-04-26T08:28:40+00:00 kinto 9.1.0 kinto 9.1.0 2018-05-21T19:27:11+00:00 ## API - Batch endpoint now checks for and aborts any parent request if subrequest encounters 409 constraint violation (fixes #1569) ## Bug fixes - Fix a bug where you could not reach the last records via Next-Header when deleting with pagination (fixes #1170) - Slight optimizations on the ``get_all`` query in the Postgres storage backend which should make it faster for result sets that have a lot of records (#1622). This is the first change meant to address #1507, though more can still be done. - Fix a bug where the batch route accepted all content-types (fixes #1529) ## Internal changes - Upgrage to kinto-admin v1.17.1 2018-05-21T19:27:11+00:00 kinto 9.1.1 kinto 9.1.1 2018-05-23T09:07:32+00:00 **Internal changes** - Correct spelling of GitHub. - Upgrade to kinto-admin v1.17.2 2018-05-23T09:07:32+00:00 kinto 9.1.2 kinto 9.1.2 2018-05-31T13:35:39+00:00 **Security fix** - OpenID plugin used the same cache key for every access-token (fixes #1660) 2018-05-31T13:35:39+00:00 kinto 9.2.0 kinto 9.2.0 2018-06-07T13:32:59+00:00 **API** - JSON schemas can now be defined in the bucket metadata and will apply to every underlying collection, group or record (fixes #1555) API is now at version **1.20**. See [API changelog]( **New features** - Kinto Admin plugin now supports OpenID Connect - Limit network requests to current domain in Kinto Admin using `Content-Security Policies <>`_ - Prompt for cache backend type in ``kinto init`` (#1653) - kinto.core.utils now has new features ``route_path_registry`` and ``instance_uri_registry``, suitable for use when you don't necessarily have a ``request`` object around. The existing functions will remain in place. - openid plugin will carry ``prompt=none`` querystring parameter if appended to authorize endpoint. **Internal changes** - Upgrade to kinto-admin v1.18.0 2018-06-07T13:32:59+00:00 kinto 9.2.1 kinto 9.2.1 2018-06-26T14:32:59+00:00 **Bug fixes** - Fixed bug where unresolved JSON pointers would crash server (fixes #1685) **Internal changes** - Update the Dockerfile with the new kinto --cache-backend option. (#1686) - Upgrade to kinto-admin v1.19.0 2018-06-26T14:32:59+00:00 kinto 9.2.2 kinto 9.2.2 2018-06-28T15:14:06+00:00 **Internal changes** - Upgrade to kinto-admin v1.19.1 2018-06-28T15:14:06+00:00 kinto 9.2.3 kinto 9.2.3 2018-07-05T14:28:32+00:00 **Internal changes** - Upgrade to kinto-admin v1.19.2 2018-07-05T14:28:32+00:00 kinto 10.0.0 kinto 10.0.0 2018-09-03T12:40:30+00:00 10.0.0 (2018-08-16) ------------------- **Breaking changes** - ```` now returns a generator rather than a list. **New features** - Include Python 3.7 support. - ```` now supports ``resource_name`` and ``resource_data``. These are useful when emitting events from one view "as though" they came from another view. - Resource events can now trigger other resource events, which are handled correctly. This might be handy if one resource wants to simulate events on another "virtual" resource, as in ``kinto-changes``. **Bug fixes** - Raise a configuration error if the ``kinto.plugin.accounts`` is included without being enabled in policies. Without this *kinto-admin* would present a confusing login experience (fixes #1734). **Internal changes** - Upgrade kinto-admin to v1.20.0 2018-09-03T12:40:30+00:00 kinto 10.1.0 kinto 10.1.0 2018-09-17T22:22:39+00:00 ## Bug fixes - Deleting a collection doesn't delete access_control_entrries for its children (fixes #1647) ## New features - The registry now has a "command" attribute during one-off commands such as ``kinto migrate``. This can be useful for plugins that want to behave differently during a migration, for instance. (#1762) 2018-09-17T22:22:39+00:00 kinto 10.1.1 kinto 10.1.1 2018-09-21T16:34:41+00:00 ## Bug fixes - Fix for adding extra OpenId providers (fixes #1509) - Change the meaning of `event.payload["timestamp"]`. Previously it was `@reify`d, which meant that it was calculated from before whatever thing triggered the event. Now we use a "fresh" timestamp. (Fixes #1469.) 2018-09-21T16:34:41+00:00 kinto 10.1.2 kinto 10.1.2 2018-10-03T13:28:04+00:00 **Bug fixes** - Fix OpenID login in Kinto-Admin (Kinto/kinto-admin#641) **Internal changes** - Upgrade kinto-admin to v1.20.2 2018-10-03T13:28:04+00:00 kinto 11.0.0 kinto 11.0.0 2018-10-09T13:30:07+00:00 **Breaking changes** - The ``basicauth`` policy is not used by default anymore (#1736) If your application relies on this specific behaviour, you now have to add explicitly settings: ```ini multiauth.policies = basicauth ``` But **it is recommended** to use other authentication policies like the *OpenID Connect* or the *accounts* plugin instead. ```ini # Enable plugin. kinto.includes = kinto.plugins.accounts # Enable authenticated policy. multiauth.policies = account multiauth.policy.account.use = kinto.plugins.accounts.AccountsPolicy # Allow anyone to create their own account. kinto.account_create_principals = system.Everyone ``` You will find more details the [authentication settings section of the documentation]( **Bug fixes** - Fix crash when querystring filter contains NUL (0x00) character (fixes #1704) - Many bugs were fixed in the Kinto Admin UI (see [v1.21.0]( **Documentation** - Huge refactor of documentation about authentication (#1736) **Internal changes** - Upgrade kinto-admin to v1.21.0 - Deprecate assertEquals and use assertEqual (fixes #1780) - Set schema to an instance instead of class (fixes #1781) - Fix DeprecationWarning for unrecognized backslash escapes (#1758) 2018-10-09T13:30:07+00:00 kinto 11.1.0 kinto 11.1.0 2018-10-25T17:07:05+00:00 **New features** - Add ability to configure the ``project_name`` in settings, shown in the [root URL]( (fixes #1809) - Use ``.`` as bucket/collection separator in cache control settings (fixes #1815) **Bug fixes** - Fix missing favicon and inline images in kinto-admin plugin **Internal changes** - Use mock from the standard library. - Blackify the whole code base (#1799, huge thanks to @Cnidarias for this!) - Upgrade kinto-admin to v1.22 2018-10-25T17:07:05+00:00 kinto 11.2.0 kinto 11.2.0 2018-11-29T09:56:38+00:00 **New features** - Return a ``500 Internal Error`` on ``__version__`` instead of 404 if the version file cannot be found (fixes #1841) **Bug fixes** - Fix the ``http_api_version`` exposed in the ``/v1/`` endpoint. The version ``1.20`` was getting parsed as a number ``1.2``. - Fix ``record:create`` not taken into account from settings. (fixes #1813) **Internal changes** - Build the admin on the CI. (#1857) - Migrate JSON Hyper-Schema to Draft-07 (#1808) **Documentation** - Add documentation on troubleshooting Auth0 multiauth issue. (#1889) 2018-11-29T09:56:38+00:00 kinto 11.2.1 kinto 11.2.1 2018-12-10T10:42:46+00:00 - Still supports jsonschema 2.6 before 3.0 is released as a production release. (#1923) 2018-12-10T10:42:46+00:00 kinto 12.0.0 kinto 12.0.0 2019-01-11T11:40:29+00:00 **Breaking changes** - Remove Python 3.5 support and upgrade to Python 3.6. (#1886) - Remove ``record`` from `UnicityError` class (#1919). This enabled us to fix #1545. - Storage backend API has changed, notions of collection and records were replaced by the generic terms *resource* and *object*. Plugins that subclass the internal ``ShareableResource`` class may also break. - GET requests no longer include the ``Total-Records`` header. To get a count in a collection you need to do a HEAD request. And the new header name is ``Total-Objects``. (#1624) - Remove the ``UserResource`` class. And ``ShareableResource`` is now deprecated in favor of ``Resource``. - Removed ``kinto.core.utils.parse_resource()``. Use ``kinto.core.utils.view_lookup_registry()`` instead (#1828) - Remove the `delete-collection` command (#1959) API is now at version **1.21**. See [API changelog]( **New features** - Add a ``user-data`` endpoint at ``/__user_data__/`` which can be used to delete all data associated with a principal. This might be helpful for pursuing GDPR compliance, for instance. (Fixes #442.) **Bug Fixes** - Like query now returns 400 when a non string value is used. (#1899) - Record ID is validated if explicitly mentioned in the collection schema (#1942) - The Memory permission backend implementation of ``remove_principal`` is now less generous with what it removes (#1955). **Documentation** - Change PostgreSQL backend URLs to be ``postgresql://`` instead of the deprecated ``postgres://`` **Internal changes** - Remove depreciation warning for ``mapping`` (#1904) - Fix depreciated warn method (#1903) - Use f-string instead of % or format operators. (#1886) - Ignore admin plugin node_modules folder while running black (#1902) - Remove regexp py36 warnings. (#1907) - Changed psycopg2 dependency for psycopg2-binary. (#1905) - Renamed core notions (ie. record and collection) (#710) - JSON Schema validation is optimized by keeping instances of validator cached. (#1807) 2019-01-11T11:40:29+00:00 kinto 12.0.1 kinto 12.0.1 2019-01-21T15:25:02+00:00 **Bug Fixes** - Fix bumping of tombstones timestamps when deleting objects in PostgreSQL storage backend (fixes #1981) - Fix ETag header in responses of DELETE on plural endpoints (ref #1981) 2019-01-21T15:25:02+00:00 kinto 12.0.2 kinto 12.0.2 2019-01-25T17:35:50+00:00 **Bug fixes** - **security**: Fix a pagination bug in the PostgreSQL backend that could leak records between collections 2019-01-25T17:35:50+00:00 kinto 13.0.0 kinto 13.0.0 2019-01-25T17:36:32+00:00 **New features** - Expose the user_profile in the user field of the hello page with OpenID authentication (#1989) **Breaking changes** - Update Kinto OpenID plugin to redirect with a base64 JSON encoded token. (#1988). *This will work with kinto-admin 1.23* **Bug fixes** - **security**: Fix a pagination bug in the PostgreSQL backend that could leak records between collections **Internal changes** - Upgrade kinto-admin to v1.23.0 2019-01-25T17:36:32+00:00 kinto 13.0.1 kinto 13.0.1 2019-01-29T14:02:49+00:00 **Bug fixes** - Loosen up the Content-Security policies in the Kinto Admin plugin to prevent Webpack inline script to be rejected (fixes #2000) 2019-01-29T14:02:49+00:00 kinto 13.1.0 kinto 13.1.0 2019-03-21T11:29:30+00:00 **New features** - Expose the user_profile in the user field of the hello page. (#1989) - Add an "account validation" option to the accounts plugin. (#1973) - Add a ``validate`` endpoint at ``/accounts/{user id}/validate/{validation key}`` which can be used to validate an account when the [account validation]( option is enabled on the accounts plugin. - Add a ``reset-password`` endpoint at ``/accounts/(user id)/reset-password`` which can be used to reset a user's password when the account validation option is enabled on the accounts plugin. **Bug fixes** - Fixed two potential bugs relating to mutable default values. - Fix crash on validating records with errors in arrays (#1508) - Fix crash on deleting multiple accounts (#2009) **Documentation** - Fixed spelling and Filtering docs **Internal changes** - Use ``setup.cfg`` for package metadata (ref #1921) API is now at version **1.22**. See [API changelog]( 2019-03-21T11:29:30+00:00 kinto 13.1.1 kinto 13.1.1 2019-05-23T20:30:39+00:00 **Bug fixes** - Fix cache heartbeat test (fixes #2107) - Fix support of ``sqlalchemy.pool.NullPool`` for PostgreSQL backends. The default ``pool_size`` of 25 is maintained on the default pool class (``QueuePoolWithMaxBacklog``). When using custom connection pools, please refer to SQLAlchemy documentation for default values. **Internal changes** - Remove dependency to kinto-redis in core tests 2019-05-23T20:30:39+00:00 kinto 13.2.0 kinto 13.2.0 2019-06-18T23:23:20+00:00 **Internal changes** - Upgrade [kinto-admin to v1.24.0]( 2019-06-18T23:23:20+00:00 kinto 13.2.1 kinto 13.2.1 2019-06-25T08:58:12+00:00 **Internal changes** - Upgrade kinto-admin to v1.24.1 2019-06-25T08:58:12+00:00 kinto 13.2.2 kinto 13.2.2 2019-07-04T13:10:59+00:00 **Bug fixes** - Fix apparence of Admin notifications (fixes #2191) 2019-07-04T13:10:59+00:00 kinto 13.3.0 kinto 13.3.0 2019-08-15T10:07:03+00:00 **Bug fixes** - Prevent password to be modified on modification of accounts metadata (fixes #2058) - Fix unexpected exception in ``/__version__`` endpoint - Add ``Content-Type`` to default_cors_headers (refs #2220) - Fix crash with non-allowed requests on ``__user_data__`` (fixes #2063) - Fix multiple event listeners on READ action (fixes #1755) **New features** - Allow StatsD counter to be incremented by an arbitrary number 2019-08-15T10:07:03+00:00 kinto 13.4.0 kinto 13.4.0 2019-09-12T13:51:26+00:00 **Internal changes** - Upgrade kinto-admin to v1.25.0 2019-09-12T13:51:26+00:00 kinto 13.5.0 kinto 13.5.0 2019-09-26T09:52:16+00:00 **Internal changes** - Add a warning when using the accounts plugin with the memory backend. (fixes #2258) - Upgrade kinto-admin to [v1.25.1]( 2019-09-26T09:52:16+00:00 kinto 13.6.0 kinto 13.6.0 2019-10-24T13:36:57+00:00 **New Features** - Add ``Content-Security-Policy`` header and report URI (fixes #2303) **Internal Changes** - Use package-lock file for Kinto Admin packaging - Use isort for formatting imports (Fixes #2270) - Upgrade kinto-admin to v1.25.2 2019-10-24T13:36:57+00:00 kinto 13.6.1 kinto 13.6.1 2019-10-31T16:19:39+00:00 **Bug fixes** - Fix loading of Kinto Admin (#2320) 2019-10-31T16:19:39+00:00 kinto 13.6.2 kinto 13.6.2 2019-11-04T14:16:43+00:00 **Bug fixes** - Second attempt at fixing loading of Kinto Admin (#2322) 2019-11-04T14:16:43+00:00 kinto 13.6.3 kinto 13.6.3 2020-01-30T13:55:22+00:00 **Bug fixes** - History entries datetimes now carry timezone information - Fix ``kinto init`` command (#2375) - Fix float strings parsing in certain URL query parameters. (#2392) **Internal Changes** - Upgrade kinto-admin to v1.26.1 - Drop ``auth`` parameter from storage backend methods. 2020-01-30T13:55:22+00:00 kinto 13.6.4 kinto 13.6.4 2020-03-29T10:43:37+00:00 **Security fix** - Fix permission checking with POST on plural endpoints (fixes #2459) **Bug fixes** - Apply CORS headers to EOL responses (#2452) **Internal Changes** - Remove ``auth`` parameter from postgresql/memory storage backends - Removed pytest-sugar 2020-03-29T10:43:37+00:00 kinto 13.6.5 kinto 13.6.5 2020-03-31T10:37:11+00:00 **Bug fixes** - Simplify get_objects_permissions query (#2475) 2020-03-31T10:37:11+00:00 kinto 13.6.6 kinto 13.6.6 2020-06-26T08:39:44+00:00 **Bug fixes** - Fix messages duplication in logs (#2513) - Fix resource timestamp unicity (fixes #2472, #602) **Documentation** - Refer to proper terms in glossary (#2486) 2020-06-26T08:39:44+00:00 kinto 14.0.0 kinto 14.0.0 2020-09-01T08:10:43+00:00 **Breaking changes** - Drop the ``strict_json`` option, and use ``ultrajson`` everywhere **Internal Changes** - Upgrade kinto-admin to v1.26.2 2020-09-01T08:10:43+00:00 kinto 14.0.1 kinto 14.0.1 2020-09-09T11:36:48+00:00 **Bug fixes** - Do not break storage implementations (ie. kinto-redis) that rely on ``json`` class attribute (removed in v14.0.0) - Do not return 400 for ``?_since=null`` (fixes #2595) 2020-09-09T11:36:48+00:00 kinto 14.1.0 kinto 14.1.0 2020-10-27T09:05:10+00:00 **New feature** - Add ability to disable explicit permissions at object level (ref #893). Use ``kinto.explicit_permissions = false`` to only rely on inherited permissions (see settings docs) **Internal Changes** - Distinguish readonly errors in storage backend (````) - Upgrade kinto-admin to v1.27.0 - Add support to Python 3.9 2020-10-27T09:05:10+00:00 kinto 14.1.1 kinto 14.1.1 2020-11-03T21:18:33+00:00 **Bug fixes** - Fix broken Kinto admin (#2646) **Internal Changes** - Upgrade kinto-admin to v1.27.3 2020-11-03T21:18:33+00:00 kinto 14.2.0 kinto 14.2.0 2021-02-22T12:06:14+00:00 **New feature** - Allow rotation of the user password hmac secret without rotating the default bucket id hmac secret. (#2647) **Documentation** - Upgrade kinto-admin to v1.29.0 - domain is parked, replace links with (#2720) - Fix broken url in docs (#2692) **Internal changes** - Show diff on failures. (#2723) - Add GitHub Actions workflows (#2677) 2021-02-22T12:06:14+00:00 kinto 14.3.0 kinto 14.3.0 2021-06-13T13:46:05+00:00 **Documentation** - Fix documentation about disabling endpoints (#2794) **Internal changes** - Now compatible with Pyramid 2 (#2764) - Upgrade kinto-admin to v1.30.0 2021-06-13T13:46:05+00:00 kinto 14.4.0 kinto 14.4.0 2021-09-16T16:00:48+00:00 **Documentation** - Fix "negociation" typo in docs/images/architecture.svg (#2813) **Internal changes** - Replace ujson with rapidjson. (#2677) - Upgrade kinto-admin to v1.30.2 2021-09-16T16:00:48+00:00 kinto 14.4.1 kinto 14.4.1 2021-09-20T13:56:19+00:00 **Bug fixes** - Fix bundle of kinto-admin, using same versions of React as upstream package 2021-09-20T13:56:19+00:00 kinto 14.5.0 kinto 14.5.0 2021-10-08T11:38:43+00:00 **New feature** - Add ``kinto.version_prefix_redirect_ttl_seconds`` setting in order to send ``Cache-Control`` response headers on version prefix redirects (fixes #2874) 2021-10-08T11:38:43+00:00 kinto 14.6.1 kinto 14.6.1 2022-02-03T16:02:23+00:00 **Bug Fixes** - Fix crash in ``/permissions`` endpoint when a setting is misinterpreted as resource permission (e.g. ``signer.auto_create_resources_principals``) **Internal Changes** - Update `Dockerfile` & `docker-compose` for faster, usable builds (#2942) - Add a file (fixes #2912) (#2918) - Fix support (#2921) - Remove duplicated dependencies (#2922) 2022-02-03T16:02:23+00:00 kinto 14.7.0 kinto 14.7.0 2022-03-30T20:16:28+00:00 **Internal Changes** * Add alwaysdata Marketplace link. * Test package description formatting in CI * Build Kinto Admin from source <details> <summary markdown="span">Dependabot Updates</summary> * Bump pytest from 6.2.5 to 7.0.0 * Bump pytest from 7.0.0 to 7.0.1 * Bump werkzeug from 2.0.2 to 2.0.3 * Bump python-rapidjson from 1.5 to 1.6 * Bump waitress from 2.0.0 to 2.1.0 * Bump sqlalchemy from 1.4.31 to 1.4.32 * Bump selenium from 4.1.0 to 4.1.2 * Bump newrelic from to * Bump pytest from 7.0.1 to 7.1.0 * Bump selenium from 4.1.2 to 4.1.3 * Bump pyramid-tm from 2.4 to 2.5 * Bump waitress from 2.1.0 to 2.1.1 * Bump pytest from 7.1.0 to 7.1.1 </details> ### Kinto Admin **Bug Fixes** - Downgrade to history v4 (Kinto/kinto-admin#2180) - Fix crash on incorrect auth credentials (Kinto/kinto-admin#2119) For a complete log of Kinto Admin changes, see [v1.31.0...v2.0.0]( **Full Changelog**: 2022-03-30T20:16:28+00:00 kinto 14.7.1 kinto 14.7.1 2022-03-31T00:17:52+00:00 **Bug Fixes** - Include Kinto Admin VERSION file in package **Internal Changes** - Exclude tests from built package 2022-03-31T00:17:52+00:00 kinto 14.7.2 kinto 14.7.2 2022-04-13T15:01:55+00:00 **Bug Fixes** - Prevents merging of `ResourceChanged` events if they were triggered from events listeners (cascade) (see mozilla/remote-settings#203) 2022-04-13T15:01:55+00:00 kinto 14.8.0 kinto 14.8.0 2022-10-06T13:42:04+00:00 **New Features** - Add ``Cache-Control`` response header in root URL endpoint (``/v1/``) when the instance is configured as read-only. 2022-10-06T13:42:04+00:00 kinto 15.0.0 kinto 15.0.0 2023-02-04T00:20:16+00:00 **Breaking Changes** - ``raven`` is not installed by default anymore (fixes #3054). Sentry reporting is now enabled via settings (or environment variables). In order to migrate from Kinto <14 to Kinto 15, remove the mention of ``sentry`` and ``raven`` from your logging configuration: ```diff # kinto.ini [logger_root] level = INFO - handlers = console, sentry + handlers = console [handlers] - keys = console, sentry + keys = console - [handler_sentry] - class = raven.handlers.logging.SentryHandler - args = ('https://<key>:<secret><project>',) - level = WARNING - formatter = generic ``` And add the following settings: ```ini kinto.sentry_dsn = kinto.sentry_env = prod ``` For more information, see [Settings documentation]( **Documentation** - Fix ``/batch`` endpoint documentation about required authentication. 2023-02-04T00:20:16+00:00 kinto 15.1.0 kinto 15.1.0 2023-02-09T01:47:45+00:00 **New features** - Enable SQLAlchemy integration for Sentry **Internal Changes** - Force SQLAlchemy version to 1.X 2023-02-09T01:47:45+00:00 kinto 15.1.1 kinto 15.1.1 2023-02-09T16:26:19+00:00 **Bug Fixes** - Use correct import path for SQLAlchemy Sentry integration 2023-02-09T16:26:19+00:00 kinto 16.0.0 kinto 16.0.0 2023-05-30T15:26:55+00:00 **Breaking Changes** - Drop support of Python 3.7 (end-of-life 2023-06-27) **New features** - Add request id to ``request.summary`` logs (read from ``X-Request-Id`` header and defaults to 16 hex string) **Documentation** - Fix typos on the Concepts page (#3151) 2023-05-30T15:26:55+00:00 kinto 16.1.0 kinto 16.1.0 2023-09-06T20:52:45+00:00 **New features** - Send logging warnings to Sentry, with logging debugs as breadcrumbs. Configure levels with ``kinto.sentry_breadcrumbs_min_level`` and ``kinto.sentry_events_min_level`` settings (#3262) 2023-09-06T20:52:45+00:00 kinto 16.2.1 kinto 16.2.1 2023-09-13T14:46:50+00:00 **Bug fixes** - Keep warning level for server-side logging (#3263) > Note: version 16.2.0 does not exist. 2023-09-13T14:46:50+00:00 kinto 16.2.2 kinto 16.2.2 2023-11-22T15:22:20+00:00 Upgrading kinto-admin to [v2.1.0]( 2023-11-22T15:22:20+00:00 kinto 16.2.3 kinto 16.2.3 2023-12-05T17:42:06+00:00 - Upgraded Kinto Admin to [v2.1.1]( 2023-12-05T17:42:06+00:00 kinto 16.3.0 kinto 16.3.0 2024-01-15T13:17:05+00:00 **New features** - Add a new ``kinto.admin_assets_path`` setting to specify the location on the Admin UI assets. **Internal Changes** - Publish to docker hub on tag (#3329) - Publish to Pypi on tag (#3328) - Switch to ruff insteaf of therapist+flake8+black+isort (#3321) - Upgrade to SQLAlchemy 2 (fixes #3128) 2024-01-15T13:17:05+00:00