pyramid


Namepyramid JSON
Version 2.0.2 PyPI version JSON
download
home_pagehttps://trypyramid.com
SummaryThe Pyramid Web Framework, a Pylons project
upload_time2023-08-25 06:33:23
maintainer
docs_urlNone
authorChris McDonough, Agendaless Consulting
requires_python>=3.6
licenseBSD-derived (Repoze)
keywords web wsgi pylons pyramid
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage
            Pyramid
=======

.. image:: https://github.com/Pylons/Pyramid/workflows/Build%20and%20test/badge.svg?branch=2.0-branch
        :target: https://github.com/Pylons/Pyramid/actions?query=workflow%3A%22Build+and+test%22
        :alt: 2.0-branch Travis CI Status

.. image:: https://readthedocs.org/projects/pyramid/badge/?version=2.0-branch
        :target: https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch
        :alt: 2.0-branch Documentation Status

.. image:: https://img.shields.io/badge/IRC-Libera.Chat-blue.svg
        :target: https://web.libera.chat/#pyramid
        :alt: IRC Libera.Chat

Pyramid is a small, fast, down-to-earth, open source Python web framework.
It makes real-world web application development
and deployment more fun, more predictable, and more productive.
`Try Pyramid <https://trypyramid.com/>`_, browse its add-ons and documentation, and get an overview.

.. code-block:: python

    from wsgiref.simple_server import make_server
    from pyramid.config import Configurator
    from pyramid.response import Response

    def hello_world(request):
        return Response('Hello World!')

    if __name__ == '__main__':
        with Configurator() as config:
            config.add_route('hello', '/')
            config.add_view(hello_world, route_name='hello')
            app = config.make_wsgi_app()
        server = make_server('0.0.0.0', 6543, app)
        server.serve_forever()

Pyramid is a project of the `Pylons Project <https://pylonsproject.org>`_.

Support and Documentation
-------------------------

See `Pyramid Support and Development
<https://docs.pylonsproject.org/projects/pyramid/en/latest/#support-and-development>`_
for documentation, reporting bugs, and getting support.

Developing and Contributing
---------------------------

See `HACKING.txt <https://github.com/Pylons/pyramid/blob/main/HACKING.txt>`_ and
`contributing.md <https://github.com/Pylons/pyramid/blob/main/contributing.md>`_
for guidelines on running tests, adding features, coding style, and updating
documentation when developing in or contributing to Pyramid.

License
-------

Pyramid is offered under the BSD-derived `Repoze Public License
<http://repoze.org/license.html>`_.

Authors
-------

Pyramid is made available by `Agendaless Consulting <https://agendaless.com>`_
and a team of `contributors
<https://github.com/Pylons/pyramid/graphs/contributors>`_.


.. _changes_2.0.2:

2.0.2 (2023-08-25)
==================

Bug Fixes
---------

- Removed support for null-bytes in the path when making a request for a file
  against a static_view. Whille null-bytes are allowed by the HTTP
  specification, due to the handling of null-bytes potentially leading to
  security vulnerabilities it is no longer supported.

  This fixes a security vulnerability that is present due to a bug in Python
  3.11.0 through 3.11.4, thereby allowing the unintended disclosure of an
  ``index.html`` one directory up from the static views path.

  Thanks to Masashi Yamane of LAC Co., Ltd for reporting this issue.

Backward Incompatibilities
--------------------------

- Requests to a static_view are no longer allowed to contain a null-byte in any
  part of the path segment.

.. _changes_2.0.1:

2.0.1 (2023-01-29)
==================

- Add support for Python 3.10 and 3.11.

- Copy ``__name__`` from decorated attribute when using
  ``pyramid.decorator.reify``.
  See https://github.com/Pylons/pyramid/pull/3660

- Fix method signatures in docs for
  ``pyramid.config.Configurator.add_static_view`` and
  ``pyramid.config.Configurator.override_asset``.
  See https://github.com/Pylons/pyramid/pull/3699

- Remove obsolete stackframe hack used in Python 3.5.0 when showing
  configurator conflict errors.
  See https://github.com/Pylons/pyramid/pull/3700

- Fix an error when injecting certain objects into the ``pshell`` env due to
  the use of ``!=``.
  See https://github.com/Pylons/pyramid/pull/3704

- Pyramid drops support for ``l*gettext()`` methods in the i18n module.
  These have been deprecated in Python's gettext module since 3.8, and
  removed in Python 3.11. They also shouldn't be used at all on Python 3.
  See https://github.com/Pylons/pyramid/pull/3717

- Avoid ``setDaemon(True)`` deprecation warning by updating threading API usage
  to ``.daemon = True``.

2.0 (2021-02-28)
================

- No changes from 2.0b1.

2.0b1 (2021-02-20)
==================

- Break potential reference cycle between ``request`` and ``context``.
  See https://github.com/Pylons/pyramid/pull/3649

- Remove ``update_wrapper`` from ``pyramid.decorator.reify``.
  See https://github.com/Pylons/pyramid/pull/3657

2.0b0 (2020-12-15)
==================

- Overhaul tutorials and update cookiecutter to de-emphasize ``request.user``
  in favor of ``request.identity`` for common use cases.
  See https://github.com/Pylons/pyramid/pull/3629

- Improve documentation and patterns with builtin fixtures shipped in the
  cookiecutters.
  See https://github.com/Pylons/pyramid/pull/3629

2.0a0 (2020-11-29)
==================

Features
--------

- Add support for Python 3.9.
  See https://github.com/Pylons/pyramid/issues/3622

- The ``aslist`` method now handles non-string objects when flattening.
  See https://github.com/Pylons/pyramid/pull/3594

- It is now possible to pass multiple values to the ``header`` predicate
  for route and view configuration.
  See https://github.com/Pylons/pyramid/pull/3576

- Add support for Python 3.8.
  See https://github.com/Pylons/pyramid/pull/3547

- New security APIs have been added to support a massive overhaul of the
  authentication and authorization system. Read
  "Upgrading Authentication/Authorization" in the "What's New in Pyramid 2.0"
  chapter of the documentation for information about using this new system.

  - ``pyramid.config.Configurator.set_security_policy``.
  - ``pyramid.interfaces.ISecurityPolicy``
  - ``pyramid.request.Request.identity``.
  - ``pyramid.request.Request.is_authenticated``
  - ``pyramid.authentication.SessionAuthenticationHelper``
  - ``pyramid.authorization.ACLHelper``
  - ``is_authenticated=True/False`` predicate for route and view configs

  See https://github.com/Pylons/pyramid/pull/3465 and
  https://github.com/Pylons/pyramid/pull/3598

- Changed the default ``serializer`` on
  ``pyramid.session.SignedCookieSessionFactory`` to use
  ``pyramid.session.JSONSerializer`` instead of
  ``pyramid.session.PickleSerializer``. Read
  "Upgrading Session Serialization" in the "What's New in Pyramid 2.0" chapter
  of the documentation for more information about why this change was made.
  See https://github.com/Pylons/pyramid/pull/3413

- It is now possible to control whether a route pattern contains a trailing
  slash when it is composed with a route prefix using
  ``config.include(..., route_prefix=...)`` or
  ``with config.route_prefix_context(...)``. This can be done by specifying
  an empty pattern and setting the new argument
  ``inherit_slash=True``. For example:

  .. code-block:: python

      with config.route_prefix_context('/users'):
          config.add_route('users', '', inherit_slash=True)

  In the example, the resulting pattern will be ``/users``. Similarly, if the
  route prefix were ``/users/`` then the final pattern would be ``/users/``.
  If the ``pattern`` was ``'/'``, then the final pattern would always be
  ``/users/``. This new setting is only available if the pattern supplied
  to ``add_route`` is the empty string (``''``).
  See https://github.com/Pylons/pyramid/pull/3420

- No longer define ``pyramid.request.Request.json_body`` which is already
  provided by WebOb. This allows the attribute to now be settable.
  See https://github.com/Pylons/pyramid/pull/3447

- Improve debugging info from ``pyramid.view.view_config`` decorator.
  See https://github.com/Pylons/pyramid/pull/3483

- A new parameter, ``allow_no_origin``, was added to
  ``pyramid.config.Configurator.set_default_csrf_options`` as well as
  ``pyramid.csrf.check_csrf_origin``. This option controls whether a
  request is rejected if it has no ``Origin`` or ``Referer`` header -
  often the result of a user configuring their browser not to send a
  ``Referer`` header for privacy reasons even on same-domain requests.
  The default is to reject requests without a known origin. It is also
  possible to allow the special ``Origin: null`` header by adding it to the
  ``pyramid.csrf_trusted_origins`` list in the settings.
  See https://github.com/Pylons/pyramid/pull/3512
  and https://github.com/Pylons/pyramid/pull/3518

- A new parameter, ``check_origin``, was added to
  ``pyramid.config.Configurator.set_default_csrf_options`` which disables
  origin checking entirely.
  See https://github.com/Pylons/pyramid/pull/3518

- Added ``pyramid.interfaces.IPredicateInfo`` which defines the object passed
  to predicate factories as their second argument.
  See https://github.com/Pylons/pyramid/pull/3514

- Added support for serving pre-compressed static assets by using the
  ``content_encodings`` argument of
  ``pyramid.config.Configurator.add_static_view`` and
  ``pyramid.static.static_view``.
  See https://github.com/Pylons/pyramid/pull/3537

- Fix ``DeprecationWarning`` emitted by using the ``imp`` module.
  See https://github.com/Pylons/pyramid/pull/3553

- Properties created via ``config.add_request_method(..., property=True)`` or
  ``request.set_property`` used to be readonly. They can now be overridden
  via ``request.foo = ...`` and until the value is deleted it will return
  the overridden value. This is most useful when mocking request properties
  in testing.
  See https://github.com/Pylons/pyramid/pull/3559

- Finished callbacks are now executed as part of the ``closer`` that is
  invoked as part of ``pyramid.scripting.prepare`` and
  ``pyramid.paster.bootstrap``.
  See https://github.com/Pylons/pyramid/pull/3561

- Added ``pyramid.request.RequestLocalCache`` which can be used to create
  simple objects that are shared across requests and can be used to store
  per-request data. This is useful when the source of data is external to
  the request itself. Often a reified property is used on a request via
  ``pyramid.config.Configurator.add_request_method``, or
  ``pyramid.decorator.reify``, and these work great when the data is
  generated on-demand when accessing the request property. However, often
  the case is that the data is generated when accessing some other system
  and then we want to cache the data for the duration of the request.
  See https://github.com/Pylons/pyramid/pull/3561

- Exposed ``pyramid.authorization.ALL_PERMISSIONS`` and
  ``pyramid.authorization.DENY_ALL`` such that all of the ACL-related constants
  are now importable from the ``pyramid.authorization`` namespace.
  See https://github.com/Pylons/pyramid/pull/3563

- ``pserve`` now outputs verbose messaging to `stderr` instead of `stdout`
  to circumvent buffering issues that exist by default on `stdout`.
  See https://github.com/Pylons/pyramid/pull/3593

Deprecations
------------

- Deprecated the authentication and authorization interfaces and
  principal-based support. See "Upgrading Authentication/Authorization" in
  the "What's New in Pyramid 2.0" chapter of the documentation for information
  on equivalent APIs and notes on upgrading. The following APIs are deprecated
  as a result of this change:

  - ``pyramid.config.Configurator.set_authentication_policy``
  - ``pyramid.config.Configurator.set_authorization_policy``
  - ``pyramid.interfaces.IAuthenticationPolicy``
  - ``pyramid.interfaces.IAuthorizationPolicy``
  - ``pyramid.request.Request.effective_principals``
  - ``pyramid.request.Request.unauthenticated_userid``
  - ``pyramid.authentication.AuthTktAuthenticationPolicy``
  - ``pyramid.authentication.RemoteUserAuthenticationPolicy``
  - ``pyramid.authentication.RepozeWho1AuthenticationPolicy``
  - ``pyramid.authentication.SessionAuthenticationPolicy``
  - ``pyramid.authentication.BasicAuthAuthenticationPolicy``
  - ``pyramid.authorization.ACLAuthorizationPolicy``
  - The ``effective_principals`` view and route predicates.

  See https://github.com/Pylons/pyramid/pull/3465

- Deprecated ``pyramid.security.principals_allowed_by_permission``. This
  method continues to work with the deprecated
  ``pyramid.interfaces.IAuthorizationPolicy`` interface but will not work with
  the new ``pyramid.interfaces.ISecurityPolicy``.
  See https://github.com/Pylons/pyramid/pull/3465

- Deprecated several ACL-related aspects of ``pyramid.security``. Equivalent
  objects should now be imported from the ``pyramid.authorization`` namespace.
  This includes:

  - ``pyramid.security.Everyone``
  - ``pyramid.security.Authenticated``
  - ``pyramid.security.ALL_PERMISSIONS``
  - ``pyramid.security.DENY_ALL``
  - ``pyramid.security.ACLAllowed``
  - ``pyramid.security.ACLDenied``

  See https://github.com/Pylons/pyramid/pull/3563

- Deprecated ``pyramid.session.PickleSerializer``.
  See https://github.com/pylons/pyramid/issues/2709,
  and https://github.com/pylons/pyramid/pull/3353,
  and https://github.com/pylons/pyramid/pull/3413

Backward Incompatibilities
--------------------------

- Drop support for Python 2.7, 3.4, and 3.5.
  See https://github.com/Pylons/pyramid/pull/3421,
  and https://github.com/Pylons/pyramid/pull/3547,
  and https://github.com/Pylons/pyramid/pull/3634

- Removed the ``pyramid.compat`` module. Integrators should use the ``six``
  module or vendor shims they are using into their own codebases going forward.
  https://github.com/Pylons/pyramid/pull/3421

- ``pcreate`` and the builtin scaffolds have been removed in favor of
  using the ``cookiecutter`` tool and the ``pyramid-cookiecutter-starter``
  cookiecutter. The script and scaffolds were deprecated in Pyramid 1.8.
  See https://github.com/Pylons/pyramid/pull/3406

- Changed the default ``hashalg`` on
  ``pyramid.authentication.AuthTktCookieHelper`` to ``sha512``.
  See https://github.com/Pylons/pyramid/pull/3557

- Removed ``pyramid.interfaces.ITemplateRenderer``. This interface was
  deprecated since Pyramid 1.5 and was an interface
  used by libraries like ``pyramid_mako`` and ``pyramid_chameleon`` but
  provided no functionality within Pyramid itself.
  See https://github.com/Pylons/pyramid/pull/3409

- Removed ``pyramid.security.has_permission``,
  ``pyramid.security.authenticated_userid``,
  ``pyramid.security.unauthenticated_userid``, and
  ``pyramid.security.effective_principals``. These methods were deprecated
  in Pyramid 1.5 and all have equivalents available as properties on the
  request. For example, ``request.authenticated_userid``.
  See https://github.com/Pylons/pyramid/pull/3410

- Removed support for supplying a media range to the ``accept`` predicate of
  both ``pyramid.config.Configurator.add_view`` and
  ``pyramid.config.Configurator.add_route``. These options were deprecated
  in Pyramid 1.10 and WebOb 1.8 because they resulted in uncontrollable
  matching that was not compliant with the RFC.
  See https://github.com/Pylons/pyramid/pull/3411

- Removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. This
  session factory was replaced with
  ``pyramid.session.SignedCookieSessionFactory`` in Pyramid 1.5 and has been
  deprecated since then.
  See https://github.com/Pylons/pyramid/pull/3412

- Removed ``pyramid.session.signed_serialize``, and
  ``pyramid.session.signed_deserialize``. These methods were only used by
  the now-removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``
  and were coupled to the vulnerable pickle serialization format which could
  lead to remove code execution if the secret key is compromised.
  See https://github.com/Pylons/pyramid/pull/3412

- Changed the default ``serializer`` on
  ``pyramid.session.SignedCookieSessionFactory`` to use
  ``pyramid.session.JSONSerializer`` instead of
  ``pyramid.session.PickleSerializer``. Read "Upgrading Session Serialization"
  in the "What's New in Pyramid 2.0" chapter of the documentation for more
  information about why this change was made.
  See https://github.com/Pylons/pyramid/pull/3413

- ``pyramid.request.Request.invoke_exception_view`` will no longer be called
  by the default execution policy.
  See https://github.com/Pylons/pyramid/pull/3496

- ``pyramid.config.Configurator.scan`` will no longer, by default, execute
  Venusian decorator callbacks registered for categories other than
  ``'pyramid'``. To find any decorator regardless of category, specify
  ``config.scan(..., categories=None)``.
  See https://github.com/Pylons/pyramid/pull/3510

- The second argument to predicate factories has been changed from ``config``
  to ``info``, an instance of ``pyramid.interfaces.IPredicateInfo``. This
  limits the data available to predicates but still provides the package,
  registry, settings and dotted-name resolver which should cover most use
  cases and is largely backward compatible.
  See https://github.com/Pylons/pyramid/pull/3514

- Removed the ``check_csrf`` predicate. Instead, use
  ``pyramid.config.Configurator.set_default_csrf_options`` and the
  ``require_csrf`` view option to enable automatic CSRF checking.
  See https://github.com/Pylons/pyramid/pull/3521

- Update the default behavior of
  ``pyramid.authenticationAuthTktAuthenticationPolicy`` and
  ``pyramid.authentication.AuthTktCookieHelper`` to only set a single cookie
  without a domain parameter when no other domain constraints are specified.
  Prior to this change, ``wild_domain=False`` (the default) was effectively
  treated the same as ``wild_domain=True``, in which a cookie was defined
  such that browsers would use it both for the request's domain, as well as
  any subdomain. In the new behavior, cookies will only affect the current
  domain, and not subdomains, by default.
  See https://github.com/Pylons/pyramid/pull/3587

Documentation Changes
---------------------

- Restore build of PDF on Read The Docs.
  See https://github.com/Pylons/pyramid/issues/3290

- Fix docs build for Sphinx 2.0.
  See https://github.com/Pylons/pyramid/pull/3480

- Significant updates to the wiki, wiki2 tutorials to demonstrate the new
  security policy usage as well as a much more production-ready test harness.
  See https://github.com/Pylons/pyramid/pull/3557

            

Raw data

            {
    "_id": null,
    "home_page": "https://trypyramid.com",
    "name": "pyramid",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.6",
    "maintainer_email": "",
    "keywords": "web,wsgi,pylons,pyramid",
    "author": "Chris McDonough, Agendaless Consulting",
    "author_email": "pylons-discuss@googlegroups.com",
    "download_url": "https://files.pythonhosted.org/packages/47/c3/5d5736e692fc7ff052577f03136b5edfdf1e2e177eff2f4b91206acae11d/pyramid-2.0.2.tar.gz",
    "platform": null,
    "description": "Pyramid\n=======\n\n.. image:: https://github.com/Pylons/Pyramid/workflows/Build%20and%20test/badge.svg?branch=2.0-branch\n        :target: https://github.com/Pylons/Pyramid/actions?query=workflow%3A%22Build+and+test%22\n        :alt: 2.0-branch Travis CI Status\n\n.. image:: https://readthedocs.org/projects/pyramid/badge/?version=2.0-branch\n        :target: https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch\n        :alt: 2.0-branch Documentation Status\n\n.. image:: https://img.shields.io/badge/IRC-Libera.Chat-blue.svg\n        :target: https://web.libera.chat/#pyramid\n        :alt: IRC Libera.Chat\n\nPyramid is a small, fast, down-to-earth, open source Python web framework.\nIt makes real-world web application development\nand deployment more fun, more predictable, and more productive.\n`Try Pyramid <https://trypyramid.com/>`_, browse its add-ons and documentation, and get an overview.\n\n.. code-block:: python\n\n    from wsgiref.simple_server import make_server\n    from pyramid.config import Configurator\n    from pyramid.response import Response\n\n    def hello_world(request):\n        return Response('Hello World!')\n\n    if __name__ == '__main__':\n        with Configurator() as config:\n            config.add_route('hello', '/')\n            config.add_view(hello_world, route_name='hello')\n            app = config.make_wsgi_app()\n        server = make_server('0.0.0.0', 6543, app)\n        server.serve_forever()\n\nPyramid is a project of the `Pylons Project <https://pylonsproject.org>`_.\n\nSupport and Documentation\n-------------------------\n\nSee `Pyramid Support and Development\n<https://docs.pylonsproject.org/projects/pyramid/en/latest/#support-and-development>`_\nfor documentation, reporting bugs, and getting support.\n\nDeveloping and Contributing\n---------------------------\n\nSee `HACKING.txt <https://github.com/Pylons/pyramid/blob/main/HACKING.txt>`_ and\n`contributing.md <https://github.com/Pylons/pyramid/blob/main/contributing.md>`_\nfor guidelines on running tests, adding features, coding style, and updating\ndocumentation when developing in or contributing to Pyramid.\n\nLicense\n-------\n\nPyramid is offered under the BSD-derived `Repoze Public License\n<http://repoze.org/license.html>`_.\n\nAuthors\n-------\n\nPyramid is made available by `Agendaless Consulting <https://agendaless.com>`_\nand a team of `contributors\n<https://github.com/Pylons/pyramid/graphs/contributors>`_.\n\n\n.. _changes_2.0.2:\n\n2.0.2 (2023-08-25)\n==================\n\nBug Fixes\n---------\n\n- Removed support for null-bytes in the path when making a request for a file\n  against a static_view. Whille null-bytes are allowed by the HTTP\n  specification, due to the handling of null-bytes potentially leading to\n  security vulnerabilities it is no longer supported.\n\n  This fixes a security vulnerability that is present due to a bug in Python\n  3.11.0 through 3.11.4, thereby allowing the unintended disclosure of an\n  ``index.html`` one directory up from the static views path.\n\n  Thanks to Masashi Yamane of LAC Co., Ltd for reporting this issue.\n\nBackward Incompatibilities\n--------------------------\n\n- Requests to a static_view are no longer allowed to contain a null-byte in any\n  part of the path segment.\n\n.. _changes_2.0.1:\n\n2.0.1 (2023-01-29)\n==================\n\n- Add support for Python 3.10 and 3.11.\n\n- Copy ``__name__`` from decorated attribute when using\n  ``pyramid.decorator.reify``.\n  See https://github.com/Pylons/pyramid/pull/3660\n\n- Fix method signatures in docs for\n  ``pyramid.config.Configurator.add_static_view`` and\n  ``pyramid.config.Configurator.override_asset``.\n  See https://github.com/Pylons/pyramid/pull/3699\n\n- Remove obsolete stackframe hack used in Python 3.5.0 when showing\n  configurator conflict errors.\n  See https://github.com/Pylons/pyramid/pull/3700\n\n- Fix an error when injecting certain objects into the ``pshell`` env due to\n  the use of ``!=``.\n  See https://github.com/Pylons/pyramid/pull/3704\n\n- Pyramid drops support for ``l*gettext()`` methods in the i18n module.\n  These have been deprecated in Python's gettext module since 3.8, and\n  removed in Python 3.11. They also shouldn't be used at all on Python 3.\n  See https://github.com/Pylons/pyramid/pull/3717\n\n- Avoid ``setDaemon(True)`` deprecation warning by updating threading API usage\n  to ``.daemon = True``.\n\n2.0 (2021-02-28)\n================\n\n- No changes from 2.0b1.\n\n2.0b1 (2021-02-20)\n==================\n\n- Break potential reference cycle between ``request`` and ``context``.\n  See https://github.com/Pylons/pyramid/pull/3649\n\n- Remove ``update_wrapper`` from ``pyramid.decorator.reify``.\n  See https://github.com/Pylons/pyramid/pull/3657\n\n2.0b0 (2020-12-15)\n==================\n\n- Overhaul tutorials and update cookiecutter to de-emphasize ``request.user``\n  in favor of ``request.identity`` for common use cases.\n  See https://github.com/Pylons/pyramid/pull/3629\n\n- Improve documentation and patterns with builtin fixtures shipped in the\n  cookiecutters.\n  See https://github.com/Pylons/pyramid/pull/3629\n\n2.0a0 (2020-11-29)\n==================\n\nFeatures\n--------\n\n- Add support for Python 3.9.\n  See https://github.com/Pylons/pyramid/issues/3622\n\n- The ``aslist`` method now handles non-string objects when flattening.\n  See https://github.com/Pylons/pyramid/pull/3594\n\n- It is now possible to pass multiple values to the ``header`` predicate\n  for route and view configuration.\n  See https://github.com/Pylons/pyramid/pull/3576\n\n- Add support for Python 3.8.\n  See https://github.com/Pylons/pyramid/pull/3547\n\n- New security APIs have been added to support a massive overhaul of the\n  authentication and authorization system. Read\n  \"Upgrading Authentication/Authorization\" in the \"What's New in Pyramid 2.0\"\n  chapter of the documentation for information about using this new system.\n\n  - ``pyramid.config.Configurator.set_security_policy``.\n  - ``pyramid.interfaces.ISecurityPolicy``\n  - ``pyramid.request.Request.identity``.\n  - ``pyramid.request.Request.is_authenticated``\n  - ``pyramid.authentication.SessionAuthenticationHelper``\n  - ``pyramid.authorization.ACLHelper``\n  - ``is_authenticated=True/False`` predicate for route and view configs\n\n  See https://github.com/Pylons/pyramid/pull/3465 and\n  https://github.com/Pylons/pyramid/pull/3598\n\n- Changed the default ``serializer`` on\n  ``pyramid.session.SignedCookieSessionFactory`` to use\n  ``pyramid.session.JSONSerializer`` instead of\n  ``pyramid.session.PickleSerializer``. Read\n  \"Upgrading Session Serialization\" in the \"What's New in Pyramid 2.0\" chapter\n  of the documentation for more information about why this change was made.\n  See https://github.com/Pylons/pyramid/pull/3413\n\n- It is now possible to control whether a route pattern contains a trailing\n  slash when it is composed with a route prefix using\n  ``config.include(..., route_prefix=...)`` or\n  ``with config.route_prefix_context(...)``. This can be done by specifying\n  an empty pattern and setting the new argument\n  ``inherit_slash=True``. For example:\n\n  .. code-block:: python\n\n      with config.route_prefix_context('/users'):\n          config.add_route('users', '', inherit_slash=True)\n\n  In the example, the resulting pattern will be ``/users``. Similarly, if the\n  route prefix were ``/users/`` then the final pattern would be ``/users/``.\n  If the ``pattern`` was ``'/'``, then the final pattern would always be\n  ``/users/``. This new setting is only available if the pattern supplied\n  to ``add_route`` is the empty string (``''``).\n  See https://github.com/Pylons/pyramid/pull/3420\n\n- No longer define ``pyramid.request.Request.json_body`` which is already\n  provided by WebOb. This allows the attribute to now be settable.\n  See https://github.com/Pylons/pyramid/pull/3447\n\n- Improve debugging info from ``pyramid.view.view_config`` decorator.\n  See https://github.com/Pylons/pyramid/pull/3483\n\n- A new parameter, ``allow_no_origin``, was added to\n  ``pyramid.config.Configurator.set_default_csrf_options`` as well as\n  ``pyramid.csrf.check_csrf_origin``. This option controls whether a\n  request is rejected if it has no ``Origin`` or ``Referer`` header -\n  often the result of a user configuring their browser not to send a\n  ``Referer`` header for privacy reasons even on same-domain requests.\n  The default is to reject requests without a known origin. It is also\n  possible to allow the special ``Origin: null`` header by adding it to the\n  ``pyramid.csrf_trusted_origins`` list in the settings.\n  See https://github.com/Pylons/pyramid/pull/3512\n  and https://github.com/Pylons/pyramid/pull/3518\n\n- A new parameter, ``check_origin``, was added to\n  ``pyramid.config.Configurator.set_default_csrf_options`` which disables\n  origin checking entirely.\n  See https://github.com/Pylons/pyramid/pull/3518\n\n- Added ``pyramid.interfaces.IPredicateInfo`` which defines the object passed\n  to predicate factories as their second argument.\n  See https://github.com/Pylons/pyramid/pull/3514\n\n- Added support for serving pre-compressed static assets by using the\n  ``content_encodings`` argument of\n  ``pyramid.config.Configurator.add_static_view`` and\n  ``pyramid.static.static_view``.\n  See https://github.com/Pylons/pyramid/pull/3537\n\n- Fix ``DeprecationWarning`` emitted by using the ``imp`` module.\n  See https://github.com/Pylons/pyramid/pull/3553\n\n- Properties created via ``config.add_request_method(..., property=True)`` or\n  ``request.set_property`` used to be readonly. They can now be overridden\n  via ``request.foo = ...`` and until the value is deleted it will return\n  the overridden value. This is most useful when mocking request properties\n  in testing.\n  See https://github.com/Pylons/pyramid/pull/3559\n\n- Finished callbacks are now executed as part of the ``closer`` that is\n  invoked as part of ``pyramid.scripting.prepare`` and\n  ``pyramid.paster.bootstrap``.\n  See https://github.com/Pylons/pyramid/pull/3561\n\n- Added ``pyramid.request.RequestLocalCache`` which can be used to create\n  simple objects that are shared across requests and can be used to store\n  per-request data. This is useful when the source of data is external to\n  the request itself. Often a reified property is used on a request via\n  ``pyramid.config.Configurator.add_request_method``, or\n  ``pyramid.decorator.reify``, and these work great when the data is\n  generated on-demand when accessing the request property. However, often\n  the case is that the data is generated when accessing some other system\n  and then we want to cache the data for the duration of the request.\n  See https://github.com/Pylons/pyramid/pull/3561\n\n- Exposed ``pyramid.authorization.ALL_PERMISSIONS`` and\n  ``pyramid.authorization.DENY_ALL`` such that all of the ACL-related constants\n  are now importable from the ``pyramid.authorization`` namespace.\n  See https://github.com/Pylons/pyramid/pull/3563\n\n- ``pserve`` now outputs verbose messaging to `stderr` instead of `stdout`\n  to circumvent buffering issues that exist by default on `stdout`.\n  See https://github.com/Pylons/pyramid/pull/3593\n\nDeprecations\n------------\n\n- Deprecated the authentication and authorization interfaces and\n  principal-based support. See \"Upgrading Authentication/Authorization\" in\n  the \"What's New in Pyramid 2.0\" chapter of the documentation for information\n  on equivalent APIs and notes on upgrading. The following APIs are deprecated\n  as a result of this change:\n\n  - ``pyramid.config.Configurator.set_authentication_policy``\n  - ``pyramid.config.Configurator.set_authorization_policy``\n  - ``pyramid.interfaces.IAuthenticationPolicy``\n  - ``pyramid.interfaces.IAuthorizationPolicy``\n  - ``pyramid.request.Request.effective_principals``\n  - ``pyramid.request.Request.unauthenticated_userid``\n  - ``pyramid.authentication.AuthTktAuthenticationPolicy``\n  - ``pyramid.authentication.RemoteUserAuthenticationPolicy``\n  - ``pyramid.authentication.RepozeWho1AuthenticationPolicy``\n  - ``pyramid.authentication.SessionAuthenticationPolicy``\n  - ``pyramid.authentication.BasicAuthAuthenticationPolicy``\n  - ``pyramid.authorization.ACLAuthorizationPolicy``\n  - The ``effective_principals`` view and route predicates.\n\n  See https://github.com/Pylons/pyramid/pull/3465\n\n- Deprecated ``pyramid.security.principals_allowed_by_permission``. This\n  method continues to work with the deprecated\n  ``pyramid.interfaces.IAuthorizationPolicy`` interface but will not work with\n  the new ``pyramid.interfaces.ISecurityPolicy``.\n  See https://github.com/Pylons/pyramid/pull/3465\n\n- Deprecated several ACL-related aspects of ``pyramid.security``. Equivalent\n  objects should now be imported from the ``pyramid.authorization`` namespace.\n  This includes:\n\n  - ``pyramid.security.Everyone``\n  - ``pyramid.security.Authenticated``\n  - ``pyramid.security.ALL_PERMISSIONS``\n  - ``pyramid.security.DENY_ALL``\n  - ``pyramid.security.ACLAllowed``\n  - ``pyramid.security.ACLDenied``\n\n  See https://github.com/Pylons/pyramid/pull/3563\n\n- Deprecated ``pyramid.session.PickleSerializer``.\n  See https://github.com/pylons/pyramid/issues/2709,\n  and https://github.com/pylons/pyramid/pull/3353,\n  and https://github.com/pylons/pyramid/pull/3413\n\nBackward Incompatibilities\n--------------------------\n\n- Drop support for Python 2.7, 3.4, and 3.5.\n  See https://github.com/Pylons/pyramid/pull/3421,\n  and https://github.com/Pylons/pyramid/pull/3547,\n  and https://github.com/Pylons/pyramid/pull/3634\n\n- Removed the ``pyramid.compat`` module. Integrators should use the ``six``\n  module or vendor shims they are using into their own codebases going forward.\n  https://github.com/Pylons/pyramid/pull/3421\n\n- ``pcreate`` and the builtin scaffolds have been removed in favor of\n  using the ``cookiecutter`` tool and the ``pyramid-cookiecutter-starter``\n  cookiecutter. The script and scaffolds were deprecated in Pyramid 1.8.\n  See https://github.com/Pylons/pyramid/pull/3406\n\n- Changed the default ``hashalg`` on\n  ``pyramid.authentication.AuthTktCookieHelper`` to ``sha512``.\n  See https://github.com/Pylons/pyramid/pull/3557\n\n- Removed ``pyramid.interfaces.ITemplateRenderer``. This interface was\n  deprecated since Pyramid 1.5 and was an interface\n  used by libraries like ``pyramid_mako`` and ``pyramid_chameleon`` but\n  provided no functionality within Pyramid itself.\n  See https://github.com/Pylons/pyramid/pull/3409\n\n- Removed ``pyramid.security.has_permission``,\n  ``pyramid.security.authenticated_userid``,\n  ``pyramid.security.unauthenticated_userid``, and\n  ``pyramid.security.effective_principals``. These methods were deprecated\n  in Pyramid 1.5 and all have equivalents available as properties on the\n  request. For example, ``request.authenticated_userid``.\n  See https://github.com/Pylons/pyramid/pull/3410\n\n- Removed support for supplying a media range to the ``accept`` predicate of\n  both ``pyramid.config.Configurator.add_view`` and\n  ``pyramid.config.Configurator.add_route``. These options were deprecated\n  in Pyramid 1.10 and WebOb 1.8 because they resulted in uncontrollable\n  matching that was not compliant with the RFC.\n  See https://github.com/Pylons/pyramid/pull/3411\n\n- Removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. This\n  session factory was replaced with\n  ``pyramid.session.SignedCookieSessionFactory`` in Pyramid 1.5 and has been\n  deprecated since then.\n  See https://github.com/Pylons/pyramid/pull/3412\n\n- Removed ``pyramid.session.signed_serialize``, and\n  ``pyramid.session.signed_deserialize``. These methods were only used by\n  the now-removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``\n  and were coupled to the vulnerable pickle serialization format which could\n  lead to remove code execution if the secret key is compromised.\n  See https://github.com/Pylons/pyramid/pull/3412\n\n- Changed the default ``serializer`` on\n  ``pyramid.session.SignedCookieSessionFactory`` to use\n  ``pyramid.session.JSONSerializer`` instead of\n  ``pyramid.session.PickleSerializer``. Read \"Upgrading Session Serialization\"\n  in the \"What's New in Pyramid 2.0\" chapter of the documentation for more\n  information about why this change was made.\n  See https://github.com/Pylons/pyramid/pull/3413\n\n- ``pyramid.request.Request.invoke_exception_view`` will no longer be called\n  by the default execution policy.\n  See https://github.com/Pylons/pyramid/pull/3496\n\n- ``pyramid.config.Configurator.scan`` will no longer, by default, execute\n  Venusian decorator callbacks registered for categories other than\n  ``'pyramid'``. To find any decorator regardless of category, specify\n  ``config.scan(..., categories=None)``.\n  See https://github.com/Pylons/pyramid/pull/3510\n\n- The second argument to predicate factories has been changed from ``config``\n  to ``info``, an instance of ``pyramid.interfaces.IPredicateInfo``. This\n  limits the data available to predicates but still provides the package,\n  registry, settings and dotted-name resolver which should cover most use\n  cases and is largely backward compatible.\n  See https://github.com/Pylons/pyramid/pull/3514\n\n- Removed the ``check_csrf`` predicate. Instead, use\n  ``pyramid.config.Configurator.set_default_csrf_options`` and the\n  ``require_csrf`` view option to enable automatic CSRF checking.\n  See https://github.com/Pylons/pyramid/pull/3521\n\n- Update the default behavior of\n  ``pyramid.authenticationAuthTktAuthenticationPolicy`` and\n  ``pyramid.authentication.AuthTktCookieHelper`` to only set a single cookie\n  without a domain parameter when no other domain constraints are specified.\n  Prior to this change, ``wild_domain=False`` (the default) was effectively\n  treated the same as ``wild_domain=True``, in which a cookie was defined\n  such that browsers would use it both for the request's domain, as well as\n  any subdomain. In the new behavior, cookies will only affect the current\n  domain, and not subdomains, by default.\n  See https://github.com/Pylons/pyramid/pull/3587\n\nDocumentation Changes\n---------------------\n\n- Restore build of PDF on Read The Docs.\n  See https://github.com/Pylons/pyramid/issues/3290\n\n- Fix docs build for Sphinx 2.0.\n  See https://github.com/Pylons/pyramid/pull/3480\n\n- Significant updates to the wiki, wiki2 tutorials to demonstrate the new\n  security policy usage as well as a much more production-ready test harness.\n  See https://github.com/Pylons/pyramid/pull/3557\n",
    "bugtrack_url": null,
    "license": "BSD-derived (Repoze)",
    "summary": "The Pyramid Web Framework, a Pylons project",
    "version": "2.0.2",
    "project_urls": {
        "Changelog": "https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch/whatsnew-2.0.html",
        "Documentation": "https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch/",
        "Homepage": "https://trypyramid.com",
        "Issue Tracker": "https://github.com/Pylons/pyramid/issues"
    },
    "split_keywords": [
        "web",
        "wsgi",
        "pylons",
        "pyramid"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "db41a2114b8dd2187ae007e022a2baabdc7937cc78211cefc0c01fc5452193af",
                "md5": "9d8f6e0b56d88b5f7f4a6fc1b7466987",
                "sha256": "2e6585ac55c147f0a51bc00dadf72075b3bdd9a871b332ff9e5e04117ccd76fa"
            },
            "downloads": -1,
            "filename": "pyramid-2.0.2-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "9d8f6e0b56d88b5f7f4a6fc1b7466987",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.6",
            "size": 247277,
            "upload_time": "2023-08-25T06:33:20",
            "upload_time_iso_8601": "2023-08-25T06:33:20.883574Z",
            "url": "https://files.pythonhosted.org/packages/db/41/a2114b8dd2187ae007e022a2baabdc7937cc78211cefc0c01fc5452193af/pyramid-2.0.2-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "47c35d5736e692fc7ff052577f03136b5edfdf1e2e177eff2f4b91206acae11d",
                "md5": "1b670b74c2f7262dbcc1dbea9e91816d",
                "sha256": "372138a738e4216535cc76dcce6eddd5a1aaca95130f2354fb834264c06f18de"
            },
            "downloads": -1,
            "filename": "pyramid-2.0.2.tar.gz",
            "has_sig": false,
            "md5_digest": "1b670b74c2f7262dbcc1dbea9e91816d",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.6",
            "size": 2637533,
            "upload_time": "2023-08-25T06:33:23",
            "upload_time_iso_8601": "2023-08-25T06:33:23.642416Z",
            "url": "https://files.pythonhosted.org/packages/47/c3/5d5736e692fc7ff052577f03136b5edfdf1e2e177eff2f4b91206acae11d/pyramid-2.0.2.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-08-25 06:33:23",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "Pylons",
    "github_project": "pyramid",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "tox": true,
    "lcname": "pyramid"
}
        
Elapsed time: 0.21167s