Recent releases for kinto

kinto 6.0.6

2017-04-26T12:11:39+00:00

**Bug fixes** - Return a 400 Bad Request instead of crashing when the querystring contains bad characters. (fixes #1195) - Fixed Postgresql errors when specifying empty values in querystring numeric filters. (fixes #1194) - Upgrade the kinto-admin to v1.13.3

kinto 6.0.7

2017-04-27T12:53:43+00:00

**Bug fixes** - Upgrade kinto-admin with kinto-http@4.3.3.

kinto 6.0.8

2017-05-04T09:08:08+00:00

**Bug fixes** - Prevent PostgreSQL backend from deleting records of the same name in other buckets and collections when deleting a bucket. (fixes #1209) **Documentation** - Fix installation instructions (#1204) **Internal changes** - Fix tests with Pyramid 1.9a (#1208)

kinto 7.0.0

2017-05-15T12:37:45+00:00

**Breaking changes** - The flush endpoint is now a built-in plugin at ``kinto.plugins.flush`` and should be enabled using the ``includes`` section of the configuration file. ``KINTO_FLUSH_ENDPOINT_ENABLED`` environment variable is no longer supported. (#1147) - Settings with ``cliquet.`` prefix are not supported anymore. - Logging configuration now relies on standard Python logging module (#1150) Before: ```ini kinto.logging_renderer = kinto.core.logs.ClassicLogRenderer ``` Now: ```ini [handler_console] ... formatter = color [formatters] keys = color [formatter_color] class = logging_color_formatter.ColorFormatter ``` - Forbid storing bytes in the cache backend. (#1143) - ``kinto.core.api`` was renamed to ``kinto.core.openapi`` (#1145) - Logging extra information on message must be done using the ``extra`` keyword (eg. ``logger.info('msg', extra={a=1})`` instead of ``logger.info('msg', a=1)``) (#1110, #1150) - Cache entries must now always have a TTL. The ``ttl`` parameter of ``cache.set()`` is now mandatory (fixes #960). - ``get_app_settings()`` from ``kinto.core.testing.BaseWebTest`` is now a class method (#1144) **Protocol** - Groups can now be created with a simple ``PUT`` (fixes #793) - Batch requests now raise ``400`` on unknown attributes (#1163). Protocol is now at version **1.16**. See `API changelog`_. **New features** - Enforce the permission endpoint when the admin plugin is included (fixes #1059) - Access control failures are logged with WARN level (fixes #1074) - Added an experimental :ref:`Accounts API ` which allow users to sign-up modify their password or delete their account (fixes #795) **Bug fixes** - Fix Memory backend sometimes show empty permissions (#1045) - Allow to create default bucket with a PUT request and an empty body (fixes #1080) - Fix PostgreSQL backend when excluding a list of numeric values (fixes #1093) - Fix ``ignore_conflict`` storage backend create method parameter to keep the existing rather than overriding it. (#1134) - Fix impacted records of events generated by implicit creation in default bucket (#1137) - Removed Structlog binding and bottlenecks (fixes #603) - Fixed Swagger output with subpath and regex in pyramid routes (fixes #1180) - Fixed Postgresql errors when specifying empty values in querystring numeric filters. (fixes #1194) - Return a 400 Bad Request instead of crashing when the querystring contains bad characters. (fixes #1195) - Fix PostgreSQL backend from deleting records of the same name in other buckets and collections when deleting a bucket. (fixes #1209) - Fix race conditions on deletions with upsert in PostgreSQL ``storage.update()`` (fixes #1202) - Fix PostgreSQL backend race condition when replacing permissions of an object (fixes #1210) - Fix crash when deleting multiple buckets with quotas plugin enabled (fixes #1201) **Internal changes** - Do not keep the whole Kinto Admin bundle in the repo (fixes #1012) - Remove the email example from the custom code event listener tutorial (fixes #420) - Removed useless logging info from resource (ref #603) - Make sure prefixed userid is always first in principals - Run functional tests on PostgreSQL - Fix tests with Pyramid 1.9a - Removed useless deletions in quota plugin - Upgraded the kinto-admin to version 1.13.2

kinto 7.0.1

2017-05-17T08:50:35+00:00

**Bug fixes** - Fix missing package.json file in package. (#1222) **Internal changes** - Upgraded the kinto-admin to [version 1.13.3](https://github.com/Kinto/kinto-admin/releases/tag/v1.13.3)

kinto 6.1.0

2017-05-25T15:38:39+00:00

Backporting a bunch of things to the 6.X branch. **New feature** - ``kinto rebuild-quotas`` script was written that can be run to repair the damage caused by #1226 (fixes #1230). **Bug fixes** - The ``default_bucket`` plugin no longer sends spurious "created" events for buckets and collections that already exist. This causes the ``quotas`` plugin to no longer leak "quota" when used with the ``default_bucket`` plugin. (#1226) - Fix race conditions on deletions with upsert in PostgreSQL ``storage.update()`` (fixes #1202). - Fix PostgreSQL backend race condition when replacing permissions of an object (fixes #1210) - Fix missing package.json file in package. (#1222) - Fix removal of timestamps when parent object is deleted (fixes #1233)

kinto 7.1.0

2017-06-01T13:40:59+00:00

**New features** - ``delete()`` method from cache backend now returns the deleted value (fixes #1231) - ``kinto rebuild-quotas`` script was written that can be run to repair the damage caused by #1226 (fixes #1230). **Bug fixes** - The ``default_bucket`` plugin no longer sends spurious "created" events for buckets and collections that already exist. This causes the ``quotas`` plugin to no longer leak "quota" when used with the ``default_bucket`` plugin. (#1226) - Fix removal of timestamps when parent object is deleted (fixes #1233) - Do not allow to reuse deletion tokens (fixes #1171) - ``accounts`` plugin: fix exception on authentication. (#1224) - Fix crash with JSONSchema validation of unknown required properties (fixes #1243) - Fix bug on bucket deletion where other buckets could be deleted too if their id started with the same id - Fix permissions of accounts created with PUT by admin (ref #1248) - Fix ownership of accounts created with POST by admin (fixes #1248) **Internal changes** - Make memory storage consistent with PostgreSQL with regard to bytes (#1237) - Some minor cleanups about the use of kinto.readonly (#1241)

kinto 7.2.0

2017-06-15T08:51:21+00:00

**API** - Filtering with like can now contain wild chars (eg. ``?like_nobody=*you*``). It is thus now impossible to search for the ``*`` character with this operator. - Handle querystring parameters as JSON encoded values to avoid treating number as number where they should be strings. (#1217) - Introduce ``has_`` filter operator (fixes #344). API is now at version **1.17**. See [API changelog](https://kinto.readthedocs.io/en/latest/api/) **Bug fixes** - Several changes to the handling of NULLs and how the full range of JSON values is compared in a storage backend (PR #1258). Combined with #1252, this should fix #1215, #1216, #1217 and #1257, as well as possibly some others. - Fix requests output when running with make serve (fixes #1242) - Fix pagination on permissions endpoint (fixes #1157) - Fix pagination when max fetch storage is reached (fixes #1266) - Fix schema validation when internal fields like ``id`` or ``last_modified`` are marked as required (fixes #1244) - Restore error format for JSON schema validation errors (which was changed in #1245). **Internal changes** - Add check on account plugin to avoid conflict with default ``basicauth`` policy (fixes #1177) - Add documentation about Kinto Admin plugin (fixes #858)

kinto 7.2.1

2017-06-22T07:55:19+00:00

**Bug fixes** - Fix missing ``collection_count`` field in the rebuild-quotas script. - Fix bug causing validation to always succeed if no required fields are present. **Internal changes** - Upgraded to Pyramid-tm 2 (fixes #1187)

kinto 7.2.2

2017-06-22T08:01:02+00:00

**Bug fixes** - Fix permissions endpoint when using account plugin (fixes #1276)

kinto 7.3.0

2017-06-27T16:20:08+00:00

**New features** - Account plugin now allows account IDs to be email addresses (fixes #1283). **Bug fixes** - Make it illegal for a principal to be present in ``account_create_principals`` without also being in ``account_write_principals``. Restricting creation of accounts to specified users only makes sense if those users are "admins", which means they're in ``account_write_principals``. (Fixes #1281.) - Fix a 500 when accounts without an ID are created (fixes #1280). - Fix StatsD unparseable metric packets for the unique user counter (fixes #1282) **Internal changes** - Upgraded the kinto-admin to version 1.14.0

kinto 7.3.1

2017-07-03T15:23:09+00:00

**Bug fixes** - Fix bug in Postgres backend regarding the handling of combining filters and NULL values. (See #1291.)

kinto 7.3.2

2017-08-14T15:13:35+00:00

**Bug fixes** - The PostgreSQL cache backend now orders deletes according to keys, which are a well-defined order that never changes. (Fixes #1308.) **Internal changes** - Now all configuration options appear as commented lines on the configuration template (#895) - Added task on PR template about updating the configuration template if a new configuration setting is added. - Use json instead of ujson in storage in tests (#1255) - Improve Docker container to follow Dockerflow recommendations (fixes #998)

kinto 7.4.0

2017-09-01T12:35:43+00:00

**New features** - Add a `create-user` kinto command (#1315) **Bug fixes** - Fix pagination token generation on optional fields (#1253)

kinto 7.4.1

2017-09-01T12:35:55+00:00

- Failed to publish Kinto Admin

kinto 7.5.0

2017-09-28T08:30:51+00:00

- Add a memcached cache backend (#1332)

kinto 7.5.1

2017-10-03T14:59:28+00:00

**Bug fixes** - Use the ``KINTO_INI`` env variable to findout the configuration file. (#1339) - Fix ``create-user`` command for PostgreSQL backend (#1340) - Make sure ``create-user`` command updates password (#1336)

kinto 7.6.0

2017-11-16T15:26:13+00:00

**Protocol** - When a record is pushed with an older timestamp, the collection timestamps is not bumped anymore. (#1361) **New features** - A new custom logging formatter is available in ``kinto.core``. It fixes the issues of `mozilla-cloud-services-logger `_. Consider migrating your logging settings to : ```ini [formatter_json] class = kinto.core.JsonLogFormatter ``` **Bug fixes** - Do not log empty context values (ref #1363) - Fixed some attributes in logging of errors (ref #1363) - Fixed logging of method/path of batch subrequests (ref #1363) - Fix removing permissions with Json Merge (#1322). **Internal changes** - Moved PostgreSQL helper function to Python code (ref #1358)

kinto 7.6.1

2017-11-17T14:23:21+00:00

**Bug fixes** - Fix kinto-admin loading.

kinto 7.6.2

2017-11-29T09:02:05+00:00

**Operational concerns** - *The schema for the Postgres ``storage`` backend has changed.* This lets us prevent a race condition where deleting and creating a thing at the same time can leave it in an inconsistent state (#1386). You will have to run the ``kinto migrate`` command in order to migrate the schema. **Bug fixes** - Document how to create an account using the ``POST /accounts`` endpoint (#1385). **Internal changes** - Update dependency on pytest to move to 3.3.0 (#1403). - Update other dependencies: setuptools to 38.2.1 (#1380, #1381, #1392, #1395), jsonpatch to 1.20 (#1393), zest.releaser to 6.13.2 (#1397), paste-deploy to 0.4.2 (#1384), webob to 1.7.4 (#1383), simplejson to 3.13.2 (#1389, #1390). - Undo workaround for broken kinto-http.js in the kinto-admin plugin (#1382).

kinto 8.0.0

2017-11-29T20:30:10+00:00

**Breaking changes** - Storage backends no longer support the ``ignore_conflict`` argument (#1401). Instead of using this argument, consider catching the ``UnicityError`` and handling it. ``ignore_conflict`` was only ever used in one place, in the ``default_bucket`` plugin, and was eventually backed out in favor of catching and handling a ``UnicityError``. **Bug fixes** - Fix a TOCTOU bug in the Postgres storage backend where a transaction doing a `create()` would fail because a row had been inserted after the transaction had checked for it (#1376).

kinto 7.6.3

2017-12-06T23:43:20+00:00

**Internal changes** - Optimize the Postgres collection_timestamp method by one query. It now only makes two queries instead of three.

kinto 7.6.4

2017-12-07T18:09:29+00:00

**Internal changes** - Remove the ``FOR UPDATE`` locking from the delete_all query, on the off chance that it's somehow related to the increased CPU utilization we're seeing.

kinto 8.1.0

2018-01-09T17:29:54+00:00

**Internal changes** - Update the Docker compose configuration to use memcache for the cache backend (#1405) - Refactor the way postgresql.storage.create_from_settings ignores settings (#1410) **Operational concerns** - *The schema for the Postgres storage backend has changed.* This changes some ID columns to use the "C" collation, which will make ``delete_all`` queries faster. (See e.g. https://www.postgresql.org/docs/9.6/static/indexes-opclass.html, which says "If you do use the C locale, you do not need the xxx_pattern_ops operator classes, because an index with the default operator class is usable for pattern-matching queries in the C locale.") This may change the default sort order and grouping of record IDs. **New features** - New setting ``kinto.backoff_percentage`` to only set the backoff header a portion of the time. - ``make tdd`` allows development in a TDD style by rerunning tests every time a file is changed. **Bug fixes** - Optimize the Postgres collection_timestamp method by one query. It now only makes two queries instead of three. - Update other dependencies: newrelic to 2.98.0.81 (#1409), setuptools to 38.4.0 (#1411, #1429, #1438, #1440), pytest to 3.3.2 (#1412, #1437), raven to 6.4.0 (#1421), werkzeug to 0.14.1 (#1418, #1434), python-memcached to 1.59 (#1423), zest.releaser to 6.13.3 (#1427), bravado_core to 4.11.2 (#1426, #1441), statsd to 3.2.2 (#1422), jsonpatch to 1.21 (#1432), sqlalchemy to 1.2.0 (#1430), sphinx to 1.6.6 (#1442).

kinto 7.6.5

2018-01-09T17:31:10+00:00

**Internal changes** - Introduce an experimental setting, ``experimental_disable_purge_deleted``, which can be used to try to diagnose excessive CPU usage in production.

kinto 8.1.1

2018-01-18T19:47:20+00:00

**Operational concerns** - *The schema for the Postgres storage backend has changed.* This changes some more ID columns to use the "C" collation, which fixes a bug where the ``bump_timestamps`` trigger was very slow.

kinto 8.1.2

2018-01-24T18:57:54+00:00

**Bug fixes** - Flushing a server no longer breaks migration of the storage backend (#1460). If you have ever flushed a server in the past, migration may be broken. This version of Kinto tries to guess what version of the schema you're running, but may guess wrong. See https://github.com/Kinto/kinto/wiki/Schema-versions for some additional information. **Internal changes** - We now allow migration of the permission backend's schema. **Operational concerns** - *The schema for the Postgres permission backend has changed.* This changes another ID column to use the "C" collation, which should speed up the `delete_object_permissions` query when deleting a bucket.

kinto 8.1.3

2018-01-26T15:12:25+00:00

**Bug fixes** - Optimize the PostgreSQL permission backend's ``delete_object_permissions`` function in the case where we are only matching one object_id (or object_id prefix).

kinto 8.1.4

2018-01-31T21:09:20+00:00

**Bug fixes** - Allow inherited resources to set a custom model instance before instantiating (fixes #1472) - Fix collection timestamp retrieval when the stack is configured as readonly (fixes #1474)

kinto 8.1.5

2018-02-09T17:17:12+00:00

**Bug fixes** - Restore "look before you leap" behavior in the Postgres storage backend create() method to check whether a record exists before running the INSERT query (#1487). This check is "optimistic" in the sense that we can still fail to INSERT after the check succeeded, but it can reduce write load in configurations where there are a lot of create()s (i.e. when using the default_bucket plugin).

kinto 8.2.0

2018-03-01T17:44:26+00:00

**New features** - Add Openid connect support (#939, #1425). See [demo](https://github.com/leplatrem/kinto-oidc-demo) - Account plugin now caches authentication verification (#1413) **Bug fixes** - Fix missing principals from user info in root URL when default bucket plugin is enabled (fixes #1495) - Fix crash in Postgresql when the value of url param is empty (fixes #1305) **Internal changes** - Upgraded the kinto-admin to version [1.15.0](https://github.com/Kinto/kinto-admin/releases/tag/v1.15.0)

kinto 8.2.1

2018-03-28T19:40:26+00:00

**Internal changes** - Upgraded the kinto-admin to version [1.15.1](https://github.com/Kinto/kinto-admin/releases/tag/v1.15.1) - Upgraded newrelic to [2.106.1.88](https://docs.newrelic.com/docs/release-notes/agent-release-notes/python-release-notes/python-agent-2106188)

kinto 8.2.2

2018-03-28T20:20:52+00:00

**Internal changes** - Fix kinto-admin dependency error in 8.2.1 to actually really upgrade it to [1.15.1](https://github.com/Kinto/kinto-admin/releases/tag/v1.15.1)

kinto 8.3.0

2018-04-06T12:01:38+00:00

**Security fix** - Validate the account user password even when the session is cached (fixes #1583). Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration. **New features** - Add bucket and account creation permissions in the permissions endpoint (fixes #1510) **Bug fixes** - Reduce the OpenID state string length to fit in the PostgreSQL cache backend (fixes #1566) **Documentation** - Improve OpenID settings and API documentation **Internal Changes** - Now fully rely on Pyup.io (or contributors) to update the versions in the `requirements.txt` file (fixes #1512) - Move from importing pip to running it in a subprocess (see https://github.com/pypa/pip/issues/5081). - Remove useless print when using the OpenID policy (ref #1509) - Try to recover from the race condition where two requests can delete the same record. (Fix #1557; refs #1407.)

kinto 8.2.3

2018-04-06T12:37:40+00:00

kinto 9.0.0

2018-04-26T08:28:40+00:00

**API** - Introduce ``contains`` and ``contains_any`` filter operators (fixes #343). API is now at version **1.19**. See [API changelog](http://kinto.readthedocs.io/en/stable/api/index.html). **Breaking changes** - The storage class now exposes ``bump_timestamp()`` and ``bump_and_store_timestamp()`` methods so that memory based storage backends can use them. (#1596) **Internal changes** - Authentication policies can now hard code and override the name specified in settings **Documentation** - Version number is taken from package in order to ease release process (#1594) - Copyright year is now dynamic (#1595) **Internal changes** - Upgrade the kinto-admin UI to [1.17.0](https://github.com/Kinto/kinto-admin/releases/tag/v1.17.0)

kinto 9.1.0

2018-05-21T19:27:11+00:00

## API - Batch endpoint now checks for and aborts any parent request if subrequest encounters 409 constraint violation (fixes #1569) ## Bug fixes - Fix a bug where you could not reach the last records via Next-Header when deleting with pagination (fixes #1170) - Slight optimizations on the ``get_all`` query in the Postgres storage backend which should make it faster for result sets that have a lot of records (#1622). This is the first change meant to address #1507, though more can still be done. - Fix a bug where the batch route accepted all content-types (fixes #1529) ## Internal changes - Upgrage to kinto-admin v1.17.1

kinto 9.1.1

2018-05-23T09:07:32+00:00

**Internal changes** - Correct spelling of GitHub. - Upgrade to kinto-admin v1.17.2

kinto 9.1.2

2018-05-31T13:35:39+00:00

**Security fix** - OpenID plugin used the same cache key for every access-token (fixes #1660)

kinto 9.2.0

2018-06-07T13:32:59+00:00

**API** - JSON schemas can now be defined in the bucket metadata and will apply to every underlying collection, group or record (fixes #1555) API is now at version **1.20**. See [API changelog](http://kinto.readthedocs.io/en/stable/api/index.html) **New features** - Kinto Admin plugin now supports OpenID Connect - Limit network requests to current domain in Kinto Admin using `Content-Security Policies `_ - Prompt for cache backend type in ``kinto init`` (#1653) - kinto.core.utils now has new features ``route_path_registry`` and ``instance_uri_registry``, suitable for use when you don't necessarily have a ``request`` object around. The existing functions will remain in place. - openid plugin will carry ``prompt=none`` querystring parameter if appended to authorize endpoint. **Internal changes** - Upgrade to kinto-admin v1.18.0

kinto 9.2.1

2018-06-26T14:32:59+00:00

**Bug fixes** - Fixed bug where unresolved JSON pointers would crash server (fixes #1685) **Internal changes** - Update the Dockerfile with the new kinto --cache-backend option. (#1686) - Upgrade to kinto-admin v1.19.0

kinto 9.2.2

2018-06-28T15:14:06+00:00

**Internal changes** - Upgrade to kinto-admin v1.19.1

kinto 9.2.3

2018-07-05T14:28:32+00:00

**Internal changes** - Upgrade to kinto-admin v1.19.2

kinto 10.0.0

2018-09-03T12:40:30+00:00

10.0.0 (2018-08-16) ------------------- **Breaking changes** - ``kinto.core.events.get_resource_events`` now returns a generator rather than a list. **New features** - Include Python 3.7 support. - ``kinto.core.events.notify_resource_event`` now supports ``resource_name`` and ``resource_data``. These are useful when emitting events from one view "as though" they came from another view. - Resource events can now trigger other resource events, which are handled correctly. This might be handy if one resource wants to simulate events on another "virtual" resource, as in ``kinto-changes``. **Bug fixes** - Raise a configuration error if the ``kinto.plugin.accounts`` is included without being enabled in policies. Without this *kinto-admin* would present a confusing login experience (fixes #1734). **Internal changes** - Upgrade kinto-admin to v1.20.0

kinto 10.1.0

2018-09-17T22:22:39+00:00

## Bug fixes - Deleting a collection doesn't delete access_control_entrries for its children (fixes #1647) ## New features - The registry now has a "command" attribute during one-off commands such as ``kinto migrate``. This can be useful for plugins that want to behave differently during a migration, for instance. (#1762)

kinto 10.1.1

2018-09-21T16:34:41+00:00

## Bug fixes - Fix for adding extra OpenId providers (fixes #1509) - Change the meaning of `event.payload["timestamp"]`. Previously it was `@reify`d, which meant that it was calculated from before whatever thing triggered the event. Now we use a "fresh" timestamp. (Fixes #1469.)

kinto 10.1.2

2018-10-03T13:28:04+00:00

**Bug fixes** - Fix OpenID login in Kinto-Admin (Kinto/kinto-admin#641) **Internal changes** - Upgrade kinto-admin to v1.20.2

kinto 11.0.0

2018-10-09T13:30:07+00:00

**Breaking changes** - The ``basicauth`` policy is not used by default anymore (#1736) If your application relies on this specific behaviour, you now have to add explicitly settings: ```ini multiauth.policies = basicauth ``` But **it is recommended** to use other authentication policies like the *OpenID Connect* or the *accounts* plugin instead. ```ini # Enable plugin. kinto.includes = kinto.plugins.accounts # Enable authenticated policy. multiauth.policies = account multiauth.policy.account.use = kinto.plugins.accounts.AccountsPolicy # Allow anyone to create their own account. kinto.account_create_principals = system.Everyone ``` You will find more details the [authentication settings section of the documentation](https://kinto.readthedocs.io/en/stable/configuration/settings.html#authentication) **Bug fixes** - Fix crash when querystring filter contains NUL (0x00) character (fixes #1704) - Many bugs were fixed in the Kinto Admin UI (see [v1.21.0](https://github.com/Kinto/kinto-admin/releases/tag/v1.21.0)) **Documentation** - Huge refactor of documentation about authentication (#1736) **Internal changes** - Upgrade kinto-admin to v1.21.0 - Deprecate assertEquals and use assertEqual (fixes #1780) - Set schema to an instance instead of class (fixes #1781) - Fix DeprecationWarning for unrecognized backslash escapes (#1758)

kinto 11.1.0

2018-10-25T17:07:05+00:00

**New features** - Add ability to configure the ``project_name`` in settings, shown in the [root URL](https://kinto.readthedocs.io/en/stable/api/1.x/utilities.html#get) (fixes #1809) - Use ``.`` as bucket/collection separator in cache control settings (fixes #1815) **Bug fixes** - Fix missing favicon and inline images in kinto-admin plugin **Internal changes** - Use mock from the standard library. - Blackify the whole code base (#1799, huge thanks to @Cnidarias for this!) - Upgrade kinto-admin to v1.22

kinto 11.2.0

2018-11-29T09:56:38+00:00

**New features** - Return a ``500 Internal Error`` on ``__version__`` instead of 404 if the version file cannot be found (fixes #1841) **Bug fixes** - Fix the ``http_api_version`` exposed in the ``/v1/`` endpoint. The version ``1.20`` was getting parsed as a number ``1.2``. - Fix ``record:create`` not taken into account from settings. (fixes #1813) **Internal changes** - Build the admin on the CI. (#1857) - Migrate JSON Hyper-Schema to Draft-07 (#1808) **Documentation** - Add documentation on troubleshooting Auth0 multiauth issue. (#1889)

kinto 11.2.1

2018-12-10T10:42:46+00:00

- Still supports jsonschema 2.6 before 3.0 is released as a production release. (#1923)

kinto 12.0.0

2019-01-11T11:40:29+00:00

**Breaking changes** - Remove Python 3.5 support and upgrade to Python 3.6. (#1886) - Remove ``record`` from `UnicityError` class (#1919). This enabled us to fix #1545. - Storage backend API has changed, notions of collection and records were replaced by the generic terms *resource* and *object*. Plugins that subclass the internal ``ShareableResource`` class may also break. - GET requests no longer include the ``Total-Records`` header. To get a count in a collection you need to do a HEAD request. And the new header name is ``Total-Objects``. (#1624) - Remove the ``UserResource`` class. And ``ShareableResource`` is now deprecated in favor of ``Resource``. - Removed ``kinto.core.utils.parse_resource()``. Use ``kinto.core.utils.view_lookup_registry()`` instead (#1828) - Remove the `delete-collection` command (#1959) API is now at version **1.21**. See [API changelog](http://docs.kinto-storage.org/en/latest/api/index.html). **New features** - Add a ``user-data`` endpoint at ``/__user_data__/`` which can be used to delete all data associated with a principal. This might be helpful for pursuing GDPR compliance, for instance. (Fixes #442.) **Bug Fixes** - Like query now returns 400 when a non string value is used. (#1899) - Record ID is validated if explicitly mentioned in the collection schema (#1942) - The Memory permission backend implementation of ``remove_principal`` is now less generous with what it removes (#1955). **Documentation** - Change PostgreSQL backend URLs to be ``postgresql://`` instead of the deprecated ``postgres://`` **Internal changes** - Remove depreciation warning for ``mapping`` (#1904) - Fix depreciated warn method (#1903) - Use f-string instead of % or format operators. (#1886) - Ignore admin plugin node_modules folder while running black (#1902) - Remove regexp py36 warnings. (#1907) - Changed psycopg2 dependency for psycopg2-binary. (#1905) - Renamed core notions (ie. record and collection) (#710) - JSON Schema validation is optimized by keeping instances of validator cached. (#1807)

kinto 12.0.1

2019-01-21T15:25:02+00:00

**Bug Fixes** - Fix bumping of tombstones timestamps when deleting objects in PostgreSQL storage backend (fixes #1981) - Fix ETag header in responses of DELETE on plural endpoints (ref #1981)

kinto 12.0.2

2019-01-25T17:35:50+00:00

**Bug fixes** - **security**: Fix a pagination bug in the PostgreSQL backend that could leak records between collections

kinto 13.0.0

2019-01-25T17:36:32+00:00

**New features** - Expose the user_profile in the user field of the hello page with OpenID authentication (#1989) **Breaking changes** - Update Kinto OpenID plugin to redirect with a base64 JSON encoded token. (#1988). *This will work with kinto-admin 1.23* **Bug fixes** - **security**: Fix a pagination bug in the PostgreSQL backend that could leak records between collections **Internal changes** - Upgrade kinto-admin to v1.23.0

kinto 13.0.1

2019-01-29T14:02:49+00:00

**Bug fixes** - Loosen up the Content-Security policies in the Kinto Admin plugin to prevent Webpack inline script to be rejected (fixes #2000)

kinto 13.1.0

2019-03-21T11:29:30+00:00

**New features** - Expose the user_profile in the user field of the hello page. (#1989) - Add an "account validation" option to the accounts plugin. (#1973) - Add a ``validate`` endpoint at ``/accounts/{user id}/validate/{validation key}`` which can be used to validate an account when the [account validation](http://docs.kinto-storage.org/en/latest/api/1.x/accounts.html#validate-accounts) option is enabled on the accounts plugin. - Add a ``reset-password`` endpoint at ``/accounts/(user id)/reset-password`` which can be used to reset a user's password when the account validation option is enabled on the accounts plugin. **Bug fixes** - Fixed two potential bugs relating to mutable default values. - Fix crash on validating records with errors in arrays (#1508) - Fix crash on deleting multiple accounts (#2009) **Documentation** - Fixed spelling and Filtering docs **Internal changes** - Use ``setup.cfg`` for package metadata (ref #1921) API is now at version **1.22**. See [API changelog](http://docs.kinto-storage.org/en/latest/api/index.html#changelog)

kinto 13.1.1

2019-05-23T20:30:39+00:00

**Bug fixes** - Fix cache heartbeat test (fixes #2107) - Fix support of ``sqlalchemy.pool.NullPool`` for PostgreSQL backends. The default ``pool_size`` of 25 is maintained on the default pool class (``QueuePoolWithMaxBacklog``). When using custom connection pools, please refer to SQLAlchemy documentation for default values. **Internal changes** - Remove dependency to kinto-redis in core tests

kinto 13.2.0

2019-06-18T23:23:20+00:00

**Internal changes** - Upgrade [kinto-admin to v1.24.0](https://github.com/Kinto/kinto-admin/releases/tag/v1.24.0)

kinto 13.2.1

2019-06-25T08:58:12+00:00

**Internal changes** - Upgrade kinto-admin to v1.24.1

kinto 13.2.2

2019-07-04T13:10:59+00:00

**Bug fixes** - Fix apparence of Admin notifications (fixes #2191)

kinto 13.3.0

2019-08-15T10:07:03+00:00

**Bug fixes** - Prevent password to be modified on modification of accounts metadata (fixes #2058) - Fix unexpected exception in ``/__version__`` endpoint - Add ``Content-Type`` to default_cors_headers (refs #2220) - Fix crash with non-allowed requests on ``__user_data__`` (fixes #2063) - Fix multiple event listeners on READ action (fixes #1755) **New features** - Allow StatsD counter to be incremented by an arbitrary number

kinto 13.4.0

2019-09-12T13:51:26+00:00

**Internal changes** - Upgrade kinto-admin to v1.25.0

kinto 13.5.0

2019-09-26T09:52:16+00:00

**Internal changes** - Add a warning when using the accounts plugin with the memory backend. (fixes #2258) - Upgrade kinto-admin to [v1.25.1](https://github.com/Kinto/kinto-admin/releases/tag/v1.25.1)

kinto 13.6.0

2019-10-24T13:36:57+00:00

**New Features** - Add ``Content-Security-Policy`` header and report URI (fixes #2303) **Internal Changes** - Use package-lock file for Kinto Admin packaging - Use isort for formatting imports (Fixes #2270) - Upgrade kinto-admin to v1.25.2

kinto 13.6.1

2019-10-31T16:19:39+00:00

**Bug fixes** - Fix loading of Kinto Admin (#2320)

kinto 13.6.2

2019-11-04T14:16:43+00:00

**Bug fixes** - Second attempt at fixing loading of Kinto Admin (#2322)

kinto 13.6.3

2020-01-30T13:55:22+00:00

**Bug fixes** - History entries datetimes now carry timezone information - Fix ``kinto init`` command (#2375) - Fix float strings parsing in certain URL query parameters. (#2392) **Internal Changes** - Upgrade kinto-admin to v1.26.1 - Drop ``auth`` parameter from storage backend methods.

kinto 13.6.4

2020-03-29T10:43:37+00:00

**Security fix** - Fix permission checking with POST on plural endpoints (fixes #2459) **Bug fixes** - Apply CORS headers to EOL responses (#2452) **Internal Changes** - Remove ``auth`` parameter from postgresql/memory storage backends - Removed pytest-sugar

kinto 13.6.5

2020-03-31T10:37:11+00:00

**Bug fixes** - Simplify get_objects_permissions query (#2475)

kinto 13.6.6

2020-06-26T08:39:44+00:00

**Bug fixes** - Fix messages duplication in logs (#2513) - Fix resource timestamp unicity (fixes #2472, #602) **Documentation** - Refer to proper terms in glossary (#2486)

kinto 14.0.0

2020-09-01T08:10:43+00:00

**Breaking changes** - Drop the ``strict_json`` option, and use ``ultrajson`` everywhere **Internal Changes** - Upgrade kinto-admin to v1.26.2

kinto 14.0.1

2020-09-09T11:36:48+00:00

**Bug fixes** - Do not break storage implementations (ie. kinto-redis) that rely on ``json`` class attribute (removed in v14.0.0) - Do not return 400 for ``?_since=null`` (fixes #2595)

kinto 14.1.0

2020-10-27T09:05:10+00:00

**New feature** - Add ability to disable explicit permissions at object level (ref #893). Use ``kinto.explicit_permissions = false`` to only rely on inherited permissions (see settings docs) **Internal Changes** - Distinguish readonly errors in storage backend (``kinto.core.storage.exceptions.ReadonlyError``) - Upgrade kinto-admin to v1.27.0 - Add support to Python 3.9

kinto 14.1.1

2020-11-03T21:18:33+00:00

**Bug fixes** - Fix broken Kinto admin (#2646) **Internal Changes** - Upgrade kinto-admin to v1.27.3

kinto 14.2.0

2021-02-22T12:06:14+00:00

**New feature** - Allow rotation of the user password hmac secret without rotating the default bucket id hmac secret. (#2647) **Documentation** - Upgrade kinto-admin to v1.29.0 - servicedenuages.fr domain is parked, replace links with web.archive.org (#2720) - Fix broken url in docs (#2692) **Internal changes** - Show diff on failures. (#2723) - Add GitHub Actions workflows (#2677)

kinto 14.3.0

2021-06-13T13:46:05+00:00

**Documentation** - Fix documentation about disabling endpoints (#2794) **Internal changes** - Now compatible with Pyramid 2 (#2764) - Upgrade kinto-admin to v1.30.0

kinto 14.4.0

2021-09-16T16:00:48+00:00

**Documentation** - Fix "negociation" typo in docs/images/architecture.svg (#2813) **Internal changes** - Replace ujson with rapidjson. (#2677) - Upgrade kinto-admin to v1.30.2

kinto 14.4.1

2021-09-20T13:56:19+00:00

**Bug fixes** - Fix bundle of kinto-admin, using same versions of React as upstream package

kinto 14.5.0

2021-10-08T11:38:43+00:00

**New feature** - Add ``kinto.version_prefix_redirect_ttl_seconds`` setting in order to send ``Cache-Control`` response headers on version prefix redirects (fixes #2874)

kinto 14.6.1

2022-02-03T16:02:23+00:00

**Bug Fixes** - Fix crash in ``/permissions`` endpoint when a setting is misinterpreted as resource permission (e.g. ``signer.auto_create_resources_principals``) **Internal Changes** - Update `Dockerfile` & `docker-compose` for faster, usable builds (#2942) - Add a SECURITY.md file (fixes #2912) (#2918) - Fix coveralls.io support (#2921) - Remove duplicated dependencies (#2922)

kinto 14.7.0

2022-03-30T20:16:28+00:00

**Internal Changes** * Add alwaysdata Marketplace link. https://github.com/Kinto/kinto/pull/2957 * Test package description formatting in CI https://github.com/Kinto/kinto/pull/2951 * Build Kinto Admin from source https://github.com/Kinto/kinto/pull/2966

Dependabot Updates

* Bump pytest from 6.2.5 to 7.0.0 https://github.com/Kinto/kinto/pull/2950 * Bump pytest from 7.0.0 to 7.0.1 https://github.com/Kinto/kinto/pull/2953 * Bump werkzeug from 2.0.2 to 2.0.3 https://github.com/Kinto/kinto/pull/2954 * Bump python-rapidjson from 1.5 to 1.6 https://github.com/Kinto/kinto/pull/2956 * Bump waitress from 2.0.0 to 2.1.0 https://github.com/Kinto/kinto/pull/2962 * Bump sqlalchemy from 1.4.31 to 1.4.32 https://github.com/Kinto/kinto/pull/2961 * Bump selenium from 4.1.0 to 4.1.2 https://github.com/Kinto/kinto/pull/2960 * Bump newrelic from 7.4.0.172 to 7.6.0.173 https://github.com/Kinto/kinto/pull/2959 * Bump pytest from 7.0.1 to 7.1.0 https://github.com/Kinto/kinto/pull/2965 * Bump selenium from 4.1.2 to 4.1.3 https://github.com/Kinto/kinto/pull/2964 * Bump pyramid-tm from 2.4 to 2.5 https://github.com/Kinto/kinto/pull/2963 * Bump waitress from 2.1.0 to 2.1.1 https://github.com/Kinto/kinto/pull/2968 * Bump pytest from 7.1.0 to 7.1.1 https://github.com/Kinto/kinto/pull/2967

### Kinto Admin **Bug Fixes** - Downgrade to history v4 (Kinto/kinto-admin#2180) - Fix crash on incorrect auth credentials (Kinto/kinto-admin#2119) For a complete log of Kinto Admin changes, see [v1.31.0...v2.0.0](https://github.com/Kinto/kinto-admin/compare/v1.31.0...v2.0.0) **Full Changelog**: https://github.com/Kinto/kinto/compare/14.6.1...14.7.0

kinto 14.7.1

2022-03-31T00:17:52+00:00

**Bug Fixes** - Include Kinto Admin VERSION file in package **Internal Changes** - Exclude tests from built package

kinto 14.7.2

2022-04-13T15:01:55+00:00

**Bug Fixes** - Prevents merging of `ResourceChanged` events if they were triggered from events listeners (cascade) (see mozilla/remote-settings#203)

kinto 14.8.0

2022-10-06T13:42:04+00:00

**New Features** - Add ``Cache-Control`` response header in root URL endpoint (``/v1/``) when the instance is configured as read-only.

kinto 15.0.0

2023-02-04T00:20:16+00:00

**Breaking Changes** - ``raven`` is not installed by default anymore (fixes #3054). Sentry reporting is now enabled via settings (or environment variables). In order to migrate from Kinto <14 to Kinto 15, remove the mention of ``sentry`` and ``raven`` from your logging configuration: ```diff # kinto.ini [logger_root] level = INFO - handlers = console, sentry + handlers = console [handlers] - keys = console, sentry + keys = console - [handler_sentry] - class = raven.handlers.logging.SentryHandler - args = ('https://:@app.getsentry.com/',) - level = WARNING - formatter = generic ``` And add the following settings: ```ini kinto.sentry_dsn = https://userid@o1.ingest.sentry.io/1 kinto.sentry_env = prod ``` For more information, see [Settings documentation](https://kinto.readthedocs.io/en/stable/configuration/settings.html#authentication) **Documentation** - Fix ``/batch`` endpoint documentation about required authentication.

kinto 15.1.0

2023-02-09T01:47:45+00:00

**New features** - Enable SQLAlchemy integration for Sentry **Internal Changes** - Force SQLAlchemy version to 1.X

kinto 15.1.1

2023-02-09T16:26:19+00:00

**Bug Fixes** - Use correct import path for SQLAlchemy Sentry integration

kinto 16.0.0

2023-05-30T15:26:55+00:00

**Breaking Changes** - Drop support of Python 3.7 (end-of-life 2023-06-27) **New features** - Add request id to ``request.summary`` logs (read from ``X-Request-Id`` header and defaults to 16 hex string) **Documentation** - Fix typos on the Concepts page (#3151)

kinto 16.1.0

2023-09-06T20:52:45+00:00

**New features** - Send logging warnings to Sentry, with logging debugs as breadcrumbs. Configure levels with ``kinto.sentry_breadcrumbs_min_level`` and ``kinto.sentry_events_min_level`` settings (#3262)

kinto 16.2.1

2023-09-13T14:46:50+00:00

**Bug fixes** - Keep warning level for server-side logging (#3263) > Note: version 16.2.0 does not exist.

kinto 16.2.2

2023-11-22T15:22:20+00:00

Upgrading kinto-admin to [v2.1.0](https://github.com/Kinto/kinto-admin/releases/tag/v2.1.0).

kinto 16.2.3

2023-12-05T17:42:06+00:00

- Upgraded Kinto Admin to [v2.1.1](https://github.com/Kinto/kinto-admin/releases/tag/v2.1.1)

kinto 16.3.0

2024-01-15T13:17:05+00:00

**New features** - Add a new ``kinto.admin_assets_path`` setting to specify the location on the Admin UI assets. **Internal Changes** - Publish to docker hub on tag (#3329) - Publish to Pypi on tag (#3328) - Switch to ruff insteaf of therapist+flake8+black+isort (#3321) - Upgrade to SQLAlchemy 2 (fixes #3128)