Changelog

This document describes changes between each past release.

3.2.0 (unreleased)

Bug fixes

Add an explicit message when the server is configured as read-only and the collection timestamp fails to be saved (ref Kinto/kinto#558)

3.1.5 (2016-05-17)

Bug fixes

Prevent the browser to cache server responses between two sessions. (#593)

3.1.4 (2016-05-10)

Bug fixes

Redirects version prefix to hello page when trailing_slash_redirect is enabled. (#700)
Fix crash when setting empty permission list with PostgreSQL permission backend (fixes Kinto/kinto#575)
Fix crash when type of values in querystring for exclude/include is wrong (fixes Kinto/kinto#587)
Fix crash when providing duplicated principals in permissions with PostgreSQL permission backend (fixes #702)

3.1.3 (2016-04-29)

Bug fixes

Fix migration of triggers in PostgreSQL storage backend when upgrading from <3.0.0. Running the migrate command will basically re-create them (fixes Kinto/kinto#559)

Documentation

Fix some typos in documentation (#696)
Update links to readthedocs (#697)

3.1.2 (2016-04-19)

Bug fixes

Fix safe creation (If-None-Match: *) if a record used to exist with the same id (Kinto/kinto#512)

New features

A cache_prefix setting was added for cache backends. (#680)

3.1.1 (2016-04-05)

Bug fixes

Allow numeric comparison and sorting with the PostgreSQL backend. (#690)

3.1.0 (2016-03-07)

Protocol

Add the __lbheartbeat__ endpoint, for load balancer membership test.

New features

Default console log renderer now has colours (#671)

Bug fixes

Do not always return 412 errors when request header If-None-Match: * is sent on POST /collection (fixes #673)

Internal changes

Remove some imports at initialization to speed startup (#674)

3.0.0 (2016-02-26)

Breaking changes

Errors are not swallowed anymore during the execution of ResourceChanged events subscribers.

Subscribers are still executed within the transaction like before.

Subscribers are still executed even if transaction is eventually rolledback. Every subscriber execution succeeds, or none.

Thus, subscribers of these events should only perform operations that are reversed on transaction rollback: most likely database storage operations.

For irreversible operations see the new AfterResourceChanged event.

Protocol

Clients are redirected to URLs without trailing slash only if the current URL does not exist (#656)
Partial responses can now be specified for nested objects (#660, Kinto/kinto#445) For example, /records?_fields=address.street.
List responses are now sorted by to last_modified descending by default (#662, thanks @ayusharma)

New features

Resource events are now merged in batch requests. One event per resource and per action is emitted when a transaction is committed (#634)
Monitor time of events listeners execution (fixes #503)
Add method to remove a principal from every user
Validate that the client can accept JSON response. (#667)
Validate that the client can only send JSON request body. (#667)
Added a new AfterResourceChanged event, that is sent only when the commit in database is done and successful.

Subscribers of this event can fail, errors are swallowed and logged. The final transaction result (or response) cannot be altered.

Since commit occured successfully and operations will not be rolledback, subcribers running irreversible actions should subscribe to this event (like sending messages, deleting files, or run asynchronous tasks).
Track execution time on StatsD for each authentication sub-policy (#639)
Output the cliquet version with --version (#636)

Bug fixes

ResourceChanged events are not emitted if a batch subrequest fails (#634) There are still emitted if the whole batch transaction is eventually rolledback.
Fix a migration of PostgreSQL schema introduced in #604 that was never executed
Fix PostgreSQL backend timestamps when collection is empty (ref Kinto/kinto#433)
Fix statsd initialization on storage (#637)
Providing bad last modified values on delete now returns 400 (#665)
Providing last modified in the past for delete now follows behaviour create/update (#665)

Internal changes

Moved utils.current_service(request) to reified request method (ref #631)
Optimized (and cleaned) usage of (un)authenticated_userid (#641)
Apply request extensions on forged requests (ref Kinto/kinto#438)
Get rid of custom Enum (fixes #645)
Pyramid config link updated (#654, thanks @ayusharma)
Add missing readonly param for read operations in PostgreSQL (#653)
Move Retry-After to error responses in documentation (#657)
Improve batch endpoint documentation about transactions (ref #629)
Mac OS python installation command updated (#661)
Added details about forced timestamps (#665)
Added troubleshooting section in docs (thanks @ayusharma)

2.15.0 (2016-01-27)

Protocol

Forward slashes (/) are not escaped anymore in JSON responses (#537)
The API capabilities can be exposed in a capabilities attribute in the root URL (#628). Clients can rely on this to detect optional features on the server (e.g. enabled plugins).

Bug fixes

Batch now relies on custom views responses (@viewconfig(context=Error)) (fixes mozilla-services/syncto#78, rel #629)
Fix listener name logging during startup (#626)

New features

The policy name used to configure authentication in settings is now used for the user id prefix and StatsD authn_type counters.

2.14.0 (2016-01-15)

Protocol

Fields can be filtered in GET requests using _fields=f1,f2 in querystring (fixes #384)

New features

Add ability to filter fields from querystring (#601, thanks @MrChoclate)
Check backends configuration at startup (fixes Kinto/kinto#228)

Bug fixes

Do not overwrite original error message and details in batch requests (fixes #617)
Fix plugins not being able to use custom requests methods (#618)
Do not log batch subrequests twice (fixes #450, fixes Kinto/kinto#264)

Internal changes

Refactor filtering of events to use Pyramid subscribers predicates (fixes #609)
Refactor logger imports (fixes #102)

2.13.1 (2015-12-15)

Bug fixes

Fix hmac digest with python3 (fixes Kinto/kinto#288)

Documentation

Fixed typo in RHEL package manager command (#610, thanks @FooBarQuaxx)

2.13.0 (2015-12-01)

Bug fixes

Fixes duplicated records in paginated results when limit is forced via settings (fixes #588)

New features

Allow to keep the last_modified field of records when updating or creating them. Useful for replication of remote collections (fixes #604)

Internal changes

Documentation has been updated to explain better how versionning is handled (fixes #603)

2.12.0 (2015-11-27)

Protocol

Minor changes in the root URL (hello view):

Added http_api_version (#600)
Renamed hello to project_name
Renamed protocol_version to cliquet_protocol_version
Renamed documentation to project_docs
Renamed version to project_version

Breaking changes

When using cliquet-fxa, the setting multiauth.policy.fxa.use must now be explicitly set to cliquet_fxa.authentication.FxAOAuthAuthenticationPolicy
Fields in the root view were renamed (#600)

Bug fixes

Include plugins after setting up components (like authn/authz) so that plugins can register views with permissions checking
Remove __permissions__ from impacted records values in ResourceChanged events (#586)

New features

New options in configuration of listeners to specify filtered actions and resource names (#492, #555)
Add ability to listen to read action on resource (disabled by default) (#493)
Add ability to ask for partial response via _fields parameter on GET endpoints

Internal

Fixed a few details in quickstart docs since backends are not Redis by default anymore
Replace usage of assert by explicit exceptions since the former can be ignored when python is ran with -O (fixes #592)
Improved documentation about permissions (#572, thanks for the feedback @MrChoclate)
Fixed docs building under Python 3 (#591)

2.11.0 (2015-11-17)

Protocol

_since and _before now accepts an integer value between quotes ", as it would be returned in the ETag response header.
A batch request now fails if one of the subrequests fails (#510) (see new feature about transactions)

Breaking changes

For PostgreSQL backends, it is recommended to specify postgresql://.

New features

A transaction now covers the whole request/response cycle (#510, Kinto/kinto#194). If an error occurs during the request processing, every operation performed is rolled back. Note: This is only enabled with PostgreSQL backends. In other words, the rollback has no effect on backends like Redis or Memory.
Add the protocol_version to tell which protocol version is implemented by the service in the hello page. (#324)
New settings for backends when using PostgreSQL: *_pool_maxoverflow, *_pool_recycle, *_pool_timeout to control connections pool behaviour.
Add custom pool supporting a max_backlog parameter that limits the number of threads waiting for a connection (#509)
Add impacted_records attribute on ResourceChanged event (#501) This also allows listeners to react on particular field change, since old and new version of records is provided.

Bug fixes

Fix Service CORS not being set when plugins are included
Fix crash with Redis backend if record parent/id is unicode (fixes #556)
Fix principals of permission backend not being plugged by default (#573)
Fix Redis error traces not being logged (#560)
Fix principals of permission backend not being plugged by default. (#573)
Maintain pagination offset to prevent pagination loop in some cases. (#366)

Internal changes

Switch to SQLAlchemy for smarter connections pools.
Added a simple end-to-end test on a Cliquet sample application, using Loads. (fixes #512)
Switched to SQLAlchemy sessions instead of raw connections and cursors. (#510)
Refactor Redis clients instantiation to avoid repeated defaults. (#567, #568)
Initialize Service class attributes before including plugins. (#578)
Add a statsd_count helper function to ease the usage of statsd. (#574)
Mention SQLAlchemy on missing PostgreSQL dependencies. (#545)

2.10.2 (2015-11-10)

Bug fixes

Fix sharing records with ProtectedResource (fixes #549)
Fix notifications on protected resources (#548)
Log any heartbeat exception (fixes #559)
Fix crash with Redis backend if record parent/id is unicode (fixes #556)
Fix Redis client instantiation (fixes #564)

2.10.1 (2015-11-03)

Bug fixes

Make sure read enpoints (GET, OPTIONS, HEAD) are activated in readonly mode. (#539)

2.10.0 (2015-10-30)

Protocol

Moved userid attribute to a dedicated user mapping in the hello view.
Fixed 503 error message to mention backend errors in addition to unavailability.
Set cache headers only when anonymous (fixes #449)
Follow redirections in batch subrequests (fixes #511)
When recreating a record that was previously deleted, status code is now 201 (ref #530).

New features

Follow redirections in batch subrequests (fixes #511)
Add a readonly setting to run the service in read-only mode. (#525)
If no client cache is set, add Cache-Control: no-cache by default, so that clients are forced to revalidate their cache against the server (#522, ref Kinto/kinto#231)

Bug fixes

Fix PostgreSQL error when deleting an empty collection in a protected resource (fixes #528)
Fix PUT not using create() method in storage backend when tombstone exists (fixes #530)
Delete tombstone when record is re-created (fixes #518)
Fix crash with empty body for PATCH (fixes #477, fixes #516)
Fix english typo in 404 error message (fixes #527)

Internal changes

Better __pycache__ cleaning

2.9.0 (2015-10-27)

New features

Added Pyramid events, triggered when the content of a resource has changed. (#488)
Added cliquet.includes setting allowing loading of plugins once Cliquet is initialized (unlike pyramid.includes). (#504)

Protocol

Remove the broken git revision commit field in the hello page. (#495).

Breaking changes

Renamed internal backend classes for better consistency. Settings remain unchanged, but if you imported the backend classes in your Cliquet application, it will break (#491).
cliquet.schema is now deprecated, and was moved to a cliquet.resource module. (#505)
Resource collection attribute is now deprecated. Use model attribute instead. (#506)

Internal changes

Rework PostgreSQL backends to use composition instead of inheritance for the client code. (#491)
Replace DROP INDEX by a conditional creation in PostgreSQL schemas (#487, #496 thanks @rodo)
Documentation and minor refactors in viewset code (#490, #498, #502)
Add the build-requirements, distclean and maintainer-clean Makefile rules.
Documentation JSON patch format. (#484)
Fix for permission among record fields in 412 errors. (#499)

2.8.2 (2015-10-22)

Bug fixes

Fix crash on settings with list values (#481)
Fix crash in Redis permission backend (ref Kinto/kinto#215)

Internal changes

Use tox installed in virtualenv (#486)
Skip python versions unavailable in tox (#486)

2.8.1 (2015-10-14)

Expose public settings without prefix, except if we explicitely configure public_settings to expose them (with cliquet. or project_name.) (ref #476)

2.8.0 (2015-10-06)

Breaking changes

Deprecated settings cliquet.cache_pool_maxconn, cliquet.storage_pool_maxconn and cliquet.basic_auth_enabled were removed (ref #448)
Prefixed settings will not work if project_name is not defined. (either with cliquet.initialize() or with the cliquet.project_name configuration variable).
Settings should now be read without their prefix in the code: request.registry.settings['max_duration'] rather than request.registry.settings['cliquet.max_duration']

New features

Add cache CORS headers. (ref #466)
Use the project name as setting prefix (ref #472)

Internal changes

Expose statsd client so that projects using cliquet can send statsd metrics. (ref #465)
Refactor BaseWebTest. (ref #468)
Remove hard coded CORS origins in order to be able to override it with config. (ref #467)
Allow overridding 405 response error to give context (ref #471)
Allow overridding 503 response error to give context (ref #473)

2.7.0 (2015-09-23)

Breaking changes

Backends are not instantiated by default anymore (used to be with Redis) (#461)

New features

Redirect to remove trailing slash in URLs (fixes Kinto/kinto#112)
Add resource cache control headers via settings (fixes #401)
Add request bound_data attribute, shared with subrequests. Useful to share context or cache values between BATCH requests for example (#459)

Bug fixes

Fix Werkzeug profiling setup docs and code (#451)
Fix logger encoding error with UTF-8 output (#455)
Do not instantiate backends if not configured (fixes #386)

Internal changes

Huge refactoring the interaction between Resource and Permission backend (#454)
Fetch record only once from storage with PUT requests on resources (#452)
Index permissions columns, bringing huge performance gain for shared collections (#458, ref #354)
Add instructions to mention contributors list in documentation (#408)
Explicitly call to collection create_record on PUT (#460)

2.6.2 (2015-09-09)

Bug fixes

Expose CORS headers on subrequest error response and for non service errors (#435).
Make sure a tuple is passed for Postgresql list comparisons even for ids (#443).

Internal changes

Use the get_bound_permissions callback to select shared records in collection list (#444).

2.6.1 (2015-09-08)

Bug fixes

Make sure a tuple is passed for Postgresql in conditions (#441).

2.6.0 (2015-09-08)

Protocol

Fix consistency in API to modify permissions with PATCH (#437, ref Kinto/kinto#155). The list of principals for each specified permission is now replaced by the one provided.

New features

Partial collection of records for ProtectedResource when user has no read permission (fixes #354). Alice can now obtain a list of Bob records on which she has read/write permission.

Internal changes

Fix Wheel packaging for Pypy (fixes Kinto/kinto#177)
Add additional test to make sure 400 errors returns CORS Allowed Headers

2.5.0 (2015-09-04)

Protocol

Collection records can now be filtered using multiple values (?in_status=1,2,3) (fixes #39)
Collection records can now be filtered excluding multiple values (?exclude_status=1,2,3) (fixes mozilla-services/readinglist#68)

Internal changes

We can obtains accessible objects_id in a collection from user principals (fixes #423)

2.4.3 (2015-08-26)

Bug fixes

Fix the packaging for cliquet (#430)

2.4.2 (2015-08-26)

Internal changes

Remove the symlink to cliquet_docs and put the documentation inside cliquet_docs directly (#426)

2.4.1 (2015-08-25)

Internal changes

Make documentation available from outside by using cliquet_docs (#413)

2.4.0 (2015-08-14)

Protocol

Userid is now provided when requesting the hello endpoint with an Authorization header (#319)
UUID validation now accepts any kind of UUID, not just v4 (fixes #387)
Querystring parameter _to was renamed to _before (the former is now deprecated) (#391)

New features

Cliquet Service class now has the default error handler attached (#388)
Allow to configure info link in error responses with cliquet.error_info_link setting (#395)
Storage backend now has a purge_deleted() to get rid of tombstones (#400)

Bug fixes

Fix missing Backoff header for 304 responses (fixes #416)
Fix Python3 encoding errors (#328)
data is not mandatory in request body if the resource does not define any schema or if no field is mandatory (fixes Kinto/kinto#63)
Fix no validation error on PATCH with unknown attribute (fixes #374)
Fix permissions not validated on PATCH (fixes #375)
Fix CORS header missing in 404 responses for unknown URLs (fixes #414)

Internal changes

Renamed main documentation sections to HTTP Protocol and Internals (#394)
Remove mentions of storage in documentation to avoid confusions with the Kinto project.
Add details in timestamp documentation.
Mention talk at Python Meetup Barcelona in README
Fix documentation about postgres-contrib dependancy (#409)
Add cliquet.utils to Internals documentation (#407)
Default id generator now accepts dashes and underscores (#411)

2.3.1 (2015-07-15)

Bug fixes

Fix crash on hello view when application is not deployed from Git repository (fixes #382)
Expose Content-Length header to Kinto.js (#390)

2.3 (2015-07-13)

New features

Provide details about existing record in 412 error responses (fixes Kinto/kinto#122)
Add ETag on record PUT/PATCH responses (fixes #352)
Add StatsD counters for the permission backend

Bug fixes

Fix crashes in permission backends when permission set is empty (fixes #368, #371)
Fix value of ETag on record: provide collection timestamp on collection endpoints only (fixes #356)
Default resources do accept permissions attribute in payload anymore
Default resources do not require a root factory (fixes #348)
Default resources do not hit the permission backend anymore
Default viewset was split and does not handle permissions anymore (fixes #322)
Permissions on views is now set only on resources
Fix missing last_modified field in PATCH response when no field was changed (fixes #371)
Fix lost querystring during version redirection (fixes #364)

Internal changes

Document the list of public settings in hello view (Kinto/kinto#133)

2.2.1 (2015-07-06)

Bug fixes

Fix permissions handling on PATCH /resource (#358)

2.2.0 (2015-07-02)

New features

Add public settings in hello view (#318)

Bug fixes

Fix version redirection behaviour for unsupported versions (#341)
PostgreSQL dependencies are now fully optional in code (#340)
Prevent overriding final settings from default_settings parameter in cliquet.initialize() (#343)

Internal changes

Fix installation documentation regarding PostgreSQL 9.4 (#338, thanks @elemoine!)
Add detail about UTC and UTF-8 for PostgreSQL (#347, thanks @elemoine!)
Remove UserWarning exception when running tests (#339, thanks @elemoine!)
Move build_request and build_response to cliquet.utils (#344)
Pypy is now tested on Travis CI (#337)

2.1.0 (2015-06-26)

New features

Cliquet does not require authentication policies to prefix user ids anymore (fixes #299).
Pypy support (thanks Balthazar Rouberol #325)
Allow to override parent id of resources (#333)

Bug fixes

Fix crash in authorization on OPTIONS requests (#331)
Fix crash when If-Match is provided without If-None-Match (#335)

Internal changes

Fix docstrings and documentation (#329)

2.0.0 (2015-06-16)

New features

Authentication and authorization policies, as well as group finder function can now be specified via configuration (fixes #40, #265)
Resources can now be protected by fine-grained permissions (#288 via #291, #302)

Minor

Preserve provided id field of records using POST on collection (#293 via #294)
Logging value for authentication type is now available for any kind of authentication policy.
Any resource endpoint can now be disabled from settings (#46 via #268)

Bug fixes

Do not limit cache values to string (#279)
When PUT creates the record, the HTTP status code is now 201 (#298, #300)
Add safety check in utils.current_service() (#316)

Breaking changes

cliquet.storage.postgresql now requires PostgreSQL version 9.4, since it now relies on JSONB. Data will be migrated automatically using the migrate command.
the @crud decorator was replaced by @register() (fixes #12, #268)
Firefox Accounts code was removed and published as external package cliquet-fxa
The Cloud storage storage backend was removed out of Cliquet and should be revamped in Kinto repository (Kinto/kinto#45)

API

Resource endpoints now expect payloads to have a data attribute (#254, #287)
Resource endpoints switched from If-Modified-Since and If-Unmodified-Since to Etags (fixes #251 via #275), thanks @michielbdejong!

Minor

existing attribute of conflict errors responses was moved inside a generic details attribute that is also used to list validation errors.
Setting cliquet.basic_auth_enabled is now deprecated. Use pyramid_multiauth configuration instead to specify authentication policies.
Logging value for authentication type is now authn_type (with FxAOAuth or BasicAuth as default values).

Internal changes

Cliquet resource code was split into Collection and Resource (fixes #243, #282)
Cleaner separation of concern between Resource and the new notion of ViewSet (#268)
Quickstart documentation improvement (#271, #312) thanks @N1k0 and @brouberol!
API versioning documentation improvements (#313)
Contribution documentation improvement (#306)

1.8.0 (2015-05-13)

Breaking changes

Switch PostgreSQL storage to JSONB: requires 9.4+ (#104)
Resource name is not a Python property anymore (ref #243)
Return existing record instead of raising 409 on POST (fixes #75)
cliquet.storage.postgresql now requires version PostgreSQL 9.4, since it now relies on JSONB. Data will be migrated automatically using the migrate command.
Conflict errors responses existing attribute was moved inside a generic details attribute that is also used to list validation errors.
In heartbeat end-point response, database attribute was renamed to storage

New features

Storage records ids are now managed in python (fixes #71, #208)
Add setting to disable version redirection (#107, thanks @hiromipaw)
Add response behaviour headers for PATCH on record (#234)
Provide details in error responses (#233)
Expose new function cliquet.load_default_settings() to ease reading of settings from defaults and environment (#264)
Heartbeat callback functions can now be registered during startup (#261)

Bug fixes

Fix migration behaviour when metadata table is flushed (#221)
Fix backoff header presence if disabled in settings (#238)

Internal changes

Require 100% of coverage for tests to pass
Add original error message to storage backend error
A lots of improvements in documentation (#212, #225, #228, #229, #237, #246, #247, #248, #256, #266, thanks Michiel De Jong)
Migrate Kinto storage schema on startup (#218)
Fields id and last_modified are not part of resource schema anymore (#217, mozilla-services/readinlist#170)
Got rid of redundant indices in storage schema (#208, ref #138)
Disable Cornice schema request binding (#172)
Do not hide FxA errors (fixes mozilla-services/readinglist#70)
Move initialization functions to dedicated module (ref #137)
Got rid of request custom attributes for storage and cache (#245)

1.7.0 (2015-04-10)

Breaking changes

A command must be ran during deployment for database schema migration:

$ cliquet --ini production.ini migrate
Sentry custom code was removed. Sentry logging is now managed through the logging configuration, as explained in docs.

New features

Add PostgreSQL schema migration system (#139)
Add cache and oauth in heartbeat view (#184)
Add monitoring features using NewRelic (#189)
Add profiling features using Werkzeug (#196)
Add ability to override default settings in initialization (#136)
Add more statsd counter for views and authentication (#200)
Add in-memory cache class (#127)

Bug fixes

Fix crash in DELETE on collection with PostgreSQL backend
Fix Heka logging format of objects (#199)
Fix performance of record insertion using ordered index (#138)
Fix 405 errors not JSON formatted (#88)
Fix basic auth prompt when disabled (#182)

Internal changes

Improve development setup documentation (thanks @hiromipaw)
Deprecated cliquet.initialize_cliquet, renamed to cliquet.initialize.
Code coverage of tests is now 100%
Skip unstable tests on TravisCI, caused by fsync = off in their PostgreSQL.
Perform random creation and deletion in heartbeat view (#202)

1.6.0 (2015-03-30)

New features

Split schema initialization from application startup, using a command-line tool.

cliquet --ini production.ini init

Bug fixes

Fix connection pool no being shared between cache and storage (#176)
Default connection pool size to 10 (instead of 50) (#176)
Warn if PostgreSQL session has not UTC timezone (#177)

Internal changes

Deprecated cliquet.storage_pool_maxconn and cliquet.cache_pool_maxconn settings (renamed to cliquet.storage_pool_size and cliquet.cache_pool_size)

1.5.0 (2015-03-27)

New features

Mesure calls on the authentication policy (#167)

Breaking changes

Prefix statsd metrics with the value of cliquet.statsd_prefix or cliquet.project_name (#162)
http_scheme setting has been replaced by cliquet.http_scheme and cliquet.http_host was introduced ((#151, #166)
URL in the hello view now has version prefix (#165)

Bug fixes

Fix Next-Page url if service has key in url (#158)
Fix some PostgreSQL connection bottlenecks (#170)

Internal changes

Update of PyFxA to get it working with gevent monkey patching (#168)
Reload kinto on changes (#158)

1.4.1 (2015-03-25)

Bug fixes

Rely on Pyramid API to build pagination Next-Url (#147)

1.4.0 (2015-03-24)

Breaking changes

Make monitoring dependencies optional (#121)

Bug fixes

Force PostgreSQl session timezone to UTC (#122)
Fix basic auth ofuscation and prefix (#128)
Make sure the paginate_by setting overrides the passed limit argument (#129)
Fix limit comparison under Python3 (#143)
Do not serialize using JSON if not necessary (#131)
Fix crash of classic logger with unicode (#142)
Fix crash of CloudStorage backend when remote returns 500 (#142)
Fix behaviour of CloudStorage with backslashes in querystring (#142)
Fix python3.4 segmentation fault (#142)
Add missing port in Next-Page header (#147)

Internal changes

Use ujson again, it was removed in the 1.3.2 release (#132)

Add index for as_epoch(last_modified) (#130). Please add the following statements to SQL for the migration:

ALTER FUNCTION as_epoch(TIMESTAMP) IMMUTABLE;
CREATE INDEX idx_records_last_modified_epoch ON records(as_epoch(last_modified));
CREATE INDEX idx_deleted_last_modified_epoch ON deleted(as_epoch(last_modified));

Prevent fetching to many records for one user collection (#130)
Use UPSERT for the heartbeat (#141)
Add missing OpenSSL in installation docs (#146)
Improve tests of basic auth (#128)

1.3.2 (2015-03-20)

Revert ujson usage (#132)

1.3.1 (2015-03-20)

Bug fixes

Fix packaging (#118)

1.3.0 (2015-03-20)

New features

Add PostgreSQL connection pooling, with new settings cliquet.storage_pool_maxconn and cliquet.cache_pool_maxconn (Default: 50) (#112)
Add StatsD support, enabled with cliquet.statsd_url = udp://server:port (#114)
Add Sentry support, enabled with cliquet.sentry_url = http://user:pass@server/1 (#110)

Bug fixes

Fix FxA verification cache not being used (#103)
Fix heartbeat database check (#109)
Fix PATCH endpoint crash if request has no body (#115)

Internal changes

Switch to ujson for JSON de/serialization optimizations (#108)

1.2.1 (2015-03-18)

Fix tests about unicode characters in BATCH querystring patch
Remove CREATE CAST for the postgresql backend
Fix environment variable override

1.2 (2015-03-18)

Breaking changes

cliquet.storage.postgresql now uses UUID as record primary key (#70)
Settings cliquet.session_backend and cliquet.session_url were renamed cliquet.cache_backend and cliquet.cache_url respectively.
FxA user ids are not hashed anymore (#82)
Setting cliquet.retry_after was renamed cliquet.retry_after_seconds
OAuth2 redirect url now requires to be listed in fxa-oauth.webapp.authorized_domains (e.g. *.mozilla.com)
Batch are now limited to 25 requests by default (#90)

New features

Every setting can be specified via an environment variable (e.g. cliquet.storage_url with CLIQUET_STORAGE_URL)
Logging now relies on structlog (#78)
Logging output can be configured to stream JSON (#78)
New cache backend for PostgreSQL (#44)
Documentation was improved on various aspects (#64, #86)
Handle every backend errors and return 503 errors (#21)
State verification for OAuth2 dance now expires after 1 hour (#83)

Bug fixes

FxA OAuth views errors are now JSON formatted (#67)
Prevent error when pagination token has bad format (#72)
List of CORS exposed headers were fixed in POST on collection (#54)

Internal changes

Added a method in cliquet.resource.Resource to override known fields (required by Kinto)
Every setting has a default value
Every end-point requires authentication by default
Session backend was renamed to cache (#96)

1.1.4 (2015-03-03)

Update deleted_field support for postgres (#62)

1.1.3 (2015-03-03)

Fix include_deleted code for the redis backend (#60)
Improve the update_record API (#61)

1.1.2 (2015-03-03)

Fix packaging to include .sql files.

1.1.1 (2015-03-03)

Fix packaging to include .sql files.

1.1 (2015-03-03)

New features

Support filter on deleted using since (#51)

Internal changes

Remove python 2.6 support (#50)
Renamed Resource.deleted_mark to Resource.deleted_field (#51)
Improve native_value (#56)
Fixed Schema options inheritance (#55)
Re-build the virtualenv when setup.py changes
Renamed storage.url to cliquet.storage_url (#49)
Refactored the tests/support.py file (#38)

1.0 (2015-03-02)

Initial version, extracted from Mozilla Services Reading List project (#1)

New features

Expose CORS headers so that client behind CORS policy can access them (#5)
Postgresql Backend (#8)
Use RedisSession as a cache backend for PyFxA (#10)
Delete multiple records via DELETE on the collection_path (#13)
Batch default prefix for endpoints (#14 / #16)
Use the app version in the / endpoint (#22)
Promote Basic Auth as a proper authentication backend (#37)

Internal changes

Backends documentation (#15)
Namedtuple for filters and sort (#17)
Multiple DELETE in Postgresql (#18)
Improve Resource API (#29)
Refactoring of error management (#41)
Default Options for Schema (#47)

Files

CHANGELOG.rst

Latest commit

History

CHANGELOG.rst

File metadata and controls

Changelog

3.2.0 (unreleased)

3.1.5 (2016-05-17)

3.1.4 (2016-05-10)

3.1.3 (2016-04-29)

3.1.2 (2016-04-19)

3.1.1 (2016-04-05)

3.1.0 (2016-03-07)

3.0.0 (2016-02-26)

2.15.0 (2016-01-27)

2.14.0 (2016-01-15)

2.13.1 (2015-12-15)

2.13.0 (2015-12-01)

2.12.0 (2015-11-27)

2.11.0 (2015-11-17)

2.10.2 (2015-11-10)

2.10.1 (2015-11-03)

2.10.0 (2015-10-30)

2.9.0 (2015-10-27)

2.8.2 (2015-10-22)

2.8.1 (2015-10-14)

2.8.0 (2015-10-06)

2.7.0 (2015-09-23)

2.6.2 (2015-09-09)

2.6.1 (2015-09-08)

2.6.0 (2015-09-08)

2.5.0 (2015-09-04)

2.4.3 (2015-08-26)

2.4.2 (2015-08-26)

2.4.1 (2015-08-25)

2.4.0 (2015-08-14)

2.3.1 (2015-07-15)

2.3 (2015-07-13)

2.2.1 (2015-07-06)

2.2.0 (2015-07-02)

2.1.0 (2015-06-26)

2.0.0 (2015-06-16)

1.8.0 (2015-05-13)

1.7.0 (2015-04-10)

1.6.0 (2015-03-30)

1.5.0 (2015-03-27)

1.4.1 (2015-03-25)

1.4.0 (2015-03-24)

1.3.2 (2015-03-20)

1.3.1 (2015-03-20)

1.3.0 (2015-03-20)

1.2.1 (2015-03-18)

1.2 (2015-03-18)

1.1.4 (2015-03-03)

1.1.3 (2015-03-03)

1.1.2 (2015-03-03)

1.1.1 (2015-03-03)

1.1 (2015-03-03)

1.0 (2015-03-02)