This document describes changes between each past release.
- Fix crash on
- Handle Integer overflow in querystring parameters. (#1076)
- Document that _fields only work with GET (#1081)
- Prevent injections in the PostgreSQL permission backend (#1061)
Bug fixes - Update the cache backend to use the new upsert behavior from PostgreSQL 9.5 (fixes #1055)
- Errorneous release.
- Retries to set value in PostgreSQL cache backend in case of BackendError (fixes #1052)
- Retries to set value in PostgreSQL cache backend in case of IntegrityError (fixes #1035)
- Remove JSON Patch content-type from accepted types on the viewset, since it is handled in a separate view (#1031).
- Upgraded to Kinto-Admin 1.8.1
- Configure the Kinto Admin auth methods from the server configuration (#1042)
- Fix crash with batch endpoint when list of requests contains trailing comma (fixes #1024)
- Cache backend transactions are not bound to the request/response cycle anymore (fixes #879)
- Quick mention of PostgreSQL commands to run tests locally in contributing docs.
- Use YAML
safe_loadfor the swagger file. (#1022)
- Request headers and querystrings are now validated using cornice schemas (#873).
- JSON Patch format is now validated using cornice (#880).
- Upgraded to Kinto-Admin 1.8.0
- Add an OpenAPI specification
for the HTTP API on
Protocol is now at version 1.14. See API changelog.
- When admin is enabled,
/v1/admindoes not return
404anymore, but now redirects to
/v1/admin/(with trailing slash).
- Add missing
DELETEheader with plural endpoints (fixes #1000)
- Changed default listening address from 0.0.0.0 to 127.0.0.1 (#949, thanks @PeriGK)
- Upgrade to Kinto-Admin 1.7.0
- Add a
basicauthcapability when activated on the server. (#937)
- Add ability to delete history entries using
Protocol is now at version 1.13. See API changelog.
- Permissions are now correctly removed from permission backend when a parent object is deleted (fixes #898)
- Heartbeat of storage backend does not leave tombstones (fixes #985)
record_idattribute in history entries when several records are modified via a batch request (fixes #942)
- Fix crash on redirection when path contains control characters (fixes #962)
- Fix crash on redirection when path contains unicode characters (#982)
- Fix performance issue when fetching shared objects from plural endpoints (fixes #965)
- Fix JSON-Merge validation (fixes #979)
- Fix crash when
If-None-Matchheaders contain invalid unicode data (fixes #983)
- Add missing
- Return 404 on non-existing objects for users with read permissions (fixes #918)
- Fix pagination with DELETE on plural endpoints (fixes #987)
basicauthin admin by default. (#943)
- Add a setting to limit the maximum number of bytes cached in the memory backend. (#610)
- Add a setting to exclude certain resources from being tracked by history (fixes #964)
permissions.get_accessible_objects()does not support Regexp and now accepts a
cache.set()now logs a warning if
- Remove usage of assert (fixes #954)
delete_object_permissions()of the permission backend now supports URI patterns (eg.
- Refactor handling of prefixed user id among request principals
- Add a warning when a cache entry is set without TTL (ref #960)
- Replaced insecure use of
random.choice(...)with more secure
- Removed usage of pattern matching in PostgreSQL when not necessary (ref #907, fixes #974)
- Insist about authentication in concepts documentation (ref #976)
- Upgrade to Kinto-Admin 1.6.0
- Upgraded to Cornice 2.0 (#790)
- Add support for JSON-Patch (RFC 6902).
- Add support for JSON-Merge (RFC 7396).
- Added a principals list to
helloview when authenticated.
- Added details attribute to 404 errors. (#818)
Protocol is now at version 1.12. See API changelog.
- Added a new built-in plugin
kinto.plugins.adminto serve the kinto admin.
- Added a new
- Fixed showing of backend type twice in StatsD backend keys (fixes #857)
- Fix crash when querystring parameter contains null string (fixes #882)
- Fix crash when redirection path contains CRLF character (fixes #887)
- Fix response status for OPTION request on version redirection (fixes #852)
- Fix crash in PostgreSQL backend when specified bound permissions is empty (fixes #906)
- Permissions endpoint now exposes the user permissions defined in settings (fixes #909)
- Fix bug when two subfields are selected in partial responses (fixes #920)
- Fix crash in permission endpoint when merging permissions from settings and from permissions backend (fixes #926)
- Fix crash in authorization policy when object ids contain unicode (fixes #931)
mappingattribute is now deprecated, use
- Clarify implicit permissions when allowed to create child objects (#884)
- Upgrade built-in
adminplugin to Kinto Admin 1.5.0
- Do not bump timestamps in PostgreSQL storage backend when non-data columns are modified.
- Add some specifications for the permissions endpoint with regards to inherited permissions
- Add deletion of multiple groups in API docs (#928)
Thanks to all contributors, with a special big-up for @gabisurita!
- Make sure we redirect endpoints with trailing slashes with the default bucket plugin. (#848)
- Fix group association when members contains
- Raise an error when members contains
system.Everyoneor a group ID (#850)
- Fix StatsD view counter with 404 responses (#853)
- Fixes filtering on ids with numeric values. (fixes #851)
- Fix error response consistency with safe creations if the
createpermission is granted (fixes #792). The server now returns a
412instead of a
If-None-Match: *header is provided and the
createpermission is granted.
permissionsattribute is now empty in the response if the user has not the permission to write on the object (fixes #123)
- Filtering records now works the same on the memory and postgresql backends: if we’re comparing to a number, the filter will now filter out records that don’t have this field. If we’re comparing to anything else, the record without such a field is treated as if it had ‘’ as the value for this field. (fixes #815)
- Parent attributes are now readable if children creation is allowed. That means for example
that collection attributes are now readable to users with
record:createpermission. Same applies to bucket attributes and
- Return an empty list on the plural endpoint instead of
createpermission is allowed
Protocol is now at version 1.11. See API changelog.
- Fix crash in history plugin when target had no explicit permission defined (fixes #805, #842)
- The storage backend now allows
parent_idpattern matching in
- The history and quotas plugins execution time is now monitored on StatsD (
kinto.version_json_pathsettings (fixes #830)
- Fixed a failing pypy test by changing the way it was mocking transaction.manager.commit (fixes #755)
- Moved storage/cache/permissions base tests to
- Now fails with an explicit error when StatsD is configured but not installed.
- Remove redundant fields from data column in PostgreSQL records table (fixes #762)
- Support for filtering records based on a text search (#791)
Protocol is now at version 1.10. See API changelog.
- Fix concurrent writes in the memory backend (fixes #759)
- Fix heartbeat transaction locks with PostgreSQL backends (fixes #804)
- Fix crash with PostgreSQL storage backend when filtering with integer on a missing field (fixes #813)
- Fix links to comparison table in docs
- Fix kinto init input function (#796)
- Show warning when
http_schemeis not set to
https(#706, thanks @Prashant-Surya)
- Fix sorting/filtering history entries by
- On subobject filtering, return a 400 error response only if first level field is unknown (on resources with strict schema)
- Permissions endpoint (
GET /permissions) can now be filtered, sorted and paginated.
- Return 400 error response when history is filtered with unknown field
- Fix crash on permissions endpoint when history is enabled (#774)
- Fix crash on history when interacting via the bucket plural endpoint (
/buckets) (fixes #773)
- Fix documentation of errors codes (fixes #766)
kinto.id_generatorwas removed from documentation since it does not behave as expected (fixes #757, thanks @doplumi) folder and a
kinto.core.testingmodule was introduced for tests helpers (fixes #605)
- In documentation, link the notion of principals to the permissions page instead of glossary
- Add details about
PATCHbehaviour (fixes #566)
kinto --versionwas renamed
AfterResourceChangedevents now return
newrecords for the
- Redis backends are not part of the core anymore. (#712).
- Redis listener is not part of the core anymore. (#712)
kinto.event_listeners.redis.use = kinto_redis.listenersinstead of
kinto.event_listeners.redis.use = kinto.core.listeners.redis
- Notion of unique fields was dropped from
- Added a
/__version__endpoint with the version that has been deployed. (#747)
- Allow sub-object filtering on plural endpoints (e.g
- Allow sub-object sorting on plural endpoints (e.g
Protocol is now at version 1.9. See API changelog.
- Added a new built-in plugin
kinto.plugins.historythat keeps track of every action that occured within a bucket and serves a stream of changes that can be synced. See API documentation.
- Added a new
--dry-runoption to command-line script
migratethat will simulate migration operation without executing on the backend (thanks @lavish205! #685)
- Added ability to plug custom StatsD backend implementations via a new
kinto.statsd_backendsetting. Useful for Datadogâ˘ integration for example (fixes #626).
- Added a
delete-collectionaction to the
- Added verbosity options to the
- Added a built-in plugin that allows to define quotas per bucket or collection. (#752)
- Fix bug where the resource events of a request targetting two groups/collection from different buckets would be grouped together.
- Fix crash when an invalid UTF-8 character is provided in URL
- Fix crash when provided
last_modifiedfield is not divisible (e.g. string)
- Huge rework of documentation after the merge of Cliquet into kinto.core (#731)
- Improve the documentation about generating docs (fixes #615)
- Switch from cliquet-pusher to kinto-pusher in Dockerfile and tutorial.
- List posssible response status on every endpoint documentation (#736)
- Remove duplicated and confusing docs about generic resources
- Replace the term
APIin documentation (fixes #664)
- Add load tests presets (exhaustive, read, write) in addition to the existing random. Switched integration test
make loadtest-check-simulationto run the exhaustive one (fixes #258)
- Remove former Cliquet load tests (#733)
- Add a flag to to run simulation load tests on
blogbucket by default (#733)
- Add command-line documentation (#727)
--backendcommand-line option for
kinto initis not accepted as first parameter anymore
- Improved parts of the FAQ (#744)
- Improve 404 and 403 error handling to make them customizable. (#748)
kinto.coreresources are now schemaless by default (fixes #719)
- Fix heartbeat transaction locks with PostgreSQL backends (fixes #804)
- Fix Redis get_accessible_object implementation (#725)
- Fix bug where the resource events of a request targetting two groups/collection from different buckets would be grouped together.
- Add the
permissions_endpointcapability when the
kinto.experimental_permissions_endpointis set. (#722)
- Add new experimental endpoint
GET /v1/permissionsto retrieve the list of permissions granted on every kind of object (#600). Requires setting
kinto.experimental_permissions_endpointto be set to
Protocol is now at version 1.8. See API changelog.
- Fix crash in authorization policy when requesting
GET /buckets/collections(fixes #695)
- Fix crash with PostgreSQL storage backend when provided id in POST is an integer (#688). Regression introduced in 3.2.0 with #655.
- Fix crash with PostgreSQL storage backend is configured as read-only and reaching the records endpoint of an unknown collection (fixes #693, related #558)
- Fix events payloads for actions in the default bucket (fixes #704)
- Fix bug in object permissions with memory backend
- Make sure the tombstone is deleted when the record is created with PUT. (#715)
- Allow filtering and sorting by any attribute on buckets, collections and groups list endpoints
- Fix crash in memory backend with Python3 when filtering on unknown field
- Resource events constructors signatures were changed. The event payload is now built immediately when event is fired instead of during transactoin commit (#704).
- Fix crash when a resource is registered without record path.
- Changed behaviour of accessible objects in permissions backend when list of bound permissions is empty.
last_modifiedon record when provided value is equal to previous in storage
- Add ability to delete records and purge tombstones with just the
- Buckets deletion is now a lot more efficient, since every sub-objects are deleted with a single operation on storage backend (#711)
- Simplified and improved the code quality of
kinto.core.authorization, mainly by keeping usage of
get_bound_permissionscallback in one place only.
- Allow record IDs to be any string instead of just UUIDs (fixes #655).
Protocol is now at version 1.7. See API changelog.
kinto startnow accepts a
--portoption to specify which port to listen to. Important: Because of a limitation in Pyramid tooling, it won’t work if the port is hard-coded in your existing
.inifile. Replace it by
%(http_port)sor regenerate a new configuration file with
- Add support for
pool_timeoutoption in Redis backend (fixes #620)
- Add new setting
kinto.heartbeat_timeout_secondsto control the maximum duration of the heartbeat endpoint (fixes #601)
- Ability to define ID generators per object type via the settings
- Fix loss of data attributes when permissions are replaced with
- Fix 400 response when posting data with
id: "default"in default bucket.
- Fix 500 on heartbeat endpoint when a check does not follow the specs and raises instead of returning false.
- Renamed some permission backend methods for consistency with other classes (fixes #608)
- Removed some deprecated code that had been in
kinto.corefor too long.
- Mention in groups documentation that the principal of a group to be used in a permissions
definition is the full URI (e.g.
- Fix typo in Github tutorial (thanks @SwhGo_oN, #673)
- New Kinto logo (thanks @AymericFaivre, #676)
- Add a slack badge to the README (#675)
- Add new questions on FAQ (thanks @enguerran, #678)
- Fix links to examples (thanks @maxdow, #680)
- Added the
GET /contribute.jsonendpoint for open-source information (fixes #607)
Protocol is now at version 1.6. See API changelog.
- Fix internal storage filtering when an empty list of values is provided.
- Authenticated users are now allowed to obtain an empty list of buckets on
GET /bucketseven if no bucket is readable (#454)
- Fix enabling flush enpoint with
KINTO_FLUSH_ENDPOINT_ENABLEDenvironment variable (fixes #588)
- Fix reading settings for events listeners from environment variables (fixes #515)
- Fix principal added to
writepermission when a publicly writable object is created/edited (fixes #645)
- Prevent client to cache and validate authenticated requests (fixes #635)
- Fix bug that prevented startup if old Cliquet configuration values were still around (#633)
- Improved documentation about running in production with uWSGI (#543, #545)
- Fix crash when a cache expires setting is set for a specific bucket or collection. (#597)
- Mark old cliquet backend settings as deprecated (but continue to support them). (#596)
- Major version update. Merged cliquet into kinto.core. This is intended to simplify the experience of people who are new to Kinto. Addresses #687.
initialize_cliquet(), which has been deprecated for a while.
cliquet_protocol_version. Kinto already defines incompatible API variations as part of its URL format (e.g.
/v1). Services based on kinto.core are free to use
http_api_versionto indicate any additional changes to their APIs.
- Simplify settings code. Previously,
public_settingscould be prefixed with a project name, which would be reflected in the output of the
helloview. However, this was never part of the API specification, and was meant to be solely a backwards-compatibility hack for first-generation Kinto clients. Kinto public settings should always be exposed unprefixed. Applications developed against kinto.core can continue using these names even after they transition clients to the new implementation of their service.
- Add an explicit message when the server is configured as read-only and the collection timestamp fails to be saved (ref Kinto/kinto#558)
- Prevent the browser to cache server responses between two sessions. (#593)
- Redirects version prefix to hello page when trailing_slash_redirect is enabled. (#700)
- Fix crash when setting empty permission list with PostgreSQL permission backend (fixes Kinto/kinto#575)
- Fix crash when type of values in querystring for exclude/include is wrong (fixes Kinto/kinto#587)
- Fix crash when providing duplicated principals in permissions with PostgreSQL permission backend (fixes #702)
app.wsgito the manifest file. This helps address #543.
- Fix crash in JSON schema validation when additional properties are provided (fixes #548)
- Strip internal fields before validating JSON schema (fixes #549)
- Fix migration of triggers in PostgreSQL storage backend when upgrading from Kinto<2.0.
migratecommand will basically re-create them (fixes #559)
- Fix typo in RHEL installation instructions (#552, thanks @enkidulan!)
- Link to english version of kinto presentation article (#553, thanks @glasserc!)
- Document basics about PostgreSQL privileges (#547)
- Change links from readthedocs.org to readthedocs.io (#557)
- Fix Parse server license in docs (#571, thanks @revolunet!)
- Relax content-type validation when no body is posted (fixes #507)
- Fix creation events not sent for implicit creation of objects in the
defaultbucket (fixes #529)
- Fix the Dockerfile pip install (#522)
- Fix concurrency control request headers to recreate deleted objects (#512)
- Allow groups to store arbitrary properties. (#469)
cache_prefixsetting was added for cache backends. (mozilla-services/cliquet#680)
- Put the cloud provider links in a comparison table (#514)
- Fix the module name of Redis event listener (thanks @happy-tanuki, #516)
- Add Makefile Documentation (thanks @ayusharma, #483)
- Document how to run Docker with custom config file (#525)
- Fix API version title (#523)
- Add a ‘upgrade pip’ command in the getting-started docs (#531)
- Document how to configure the postgresql backend (#533)
- Document how to upgrade Kinto (#537, #538)
Protocol is now in version 1.5. See API changelog.
- Allow buckets to store arbitrary properties. (#239, #462)
- Delete every (writable) buckets using
- Delete every (writable) collections using
- Clients are redirected to URLs without trailing slash only if the current URL does not exist (#656)
- Partial responses can now be specified for nested objects (#445)
- List responses are now sorted by last_modified descending by default (#434, thanks @ayusharma)
- Server now returns 415 error response if client cannot accept JSON response (#461, mozilla-services/cliquet#667)
- Server now returns 415 error response if client does not send JSON request (#461, mozilla-services/cliquet#667)
- Add the
__lbheartbeat__endpoint, for load balancer membership test.
- Add the
default_bucketto the capabilities if enabled in settings (#270)
Protocol is now in version 1.4. See API changelog.
kinto.plugins.default_bucketplugin is no longer assumed. We invite users to check that the
kinto.plugins.default_bucketis present in the
includessetting if they expect it. (ref #495)
kinto startmust be explicitly run with
--reloadin order to restart the server when code or configuration changes (ref #490).
Errors are not swallowed anymore during the execution of
Subscribers are still executed within the transaction like before.
Subscribers are still executed even if the transaction is eventually rolledback. Every subscriber execution succeeds, or none.
Thus, subscribers of these events should only perform operations that are reversed on transaction rollback: most likely database storage operations.
For irreversible operations see the new
- Event subscribers are now ran synchronously and can thus alter responses (#421)
- Resource events are now merged in batch requests. One event per resource and per action is emitted when a transaction is committed (mozilla-services/cliquet#634)
- Monitor time of events listeners execution (mozilla-services/cliquet#503)
- Added a new
AfterResourceChangedevent, that is sent only when the commit in database is done and successful. See more details.
- Track execution time on StatsD for each authentication sub-policy (mozilla-services/cliquet#639)
- Default console log renderer now has colours (mozilla-service/cliquet#671)
- Output Kinto version with
kinto --version(thanks @ayusharma)
- Fix PostgreSQL backend timestamps when collection is empty (#433)
ResourceChangedevents are not emitted if a batch subrequest fails (mozilla-services/cliquet#634) There are still emitted if the whole batch transaction is eventually rolledback.
- Fix a migration of PostgreSQL schema introduced that was never executed (mozilla-services/cliquet#604)
- Fix statsd initialization on storage (mozilla-services/cliquet#637)
- Providing bad last modified values on delete now returns 400 (mozilla-services/cliquet#665)
- Providing last modified in the past for delete now follows behaviour create/update (mozilla-services/cliquet#665)
- Do not always return 412 errors when request header
If-None-Match: *is sent on
POST /collection(fixes #489, mozilla-service/cliquet#673)
- Fix secret in ini on Python 3 (fixes #341)
- Error when trying to create an empty directory (fixes #475)
- Text plain body should be rejected with an error (#461)
- Additions in troubleshooting docs (thanks @ayusharma)
- Add uwsgi bind error to troubleshooting (fixes #447)
- Mention python plugin for Uwsgi (#448)
- Add how to troubleshoot psql encoding problems. (#453)
- Add mini checklist for CDN deployment (#450)
- Replace subjective ligthweight by minimalist (fixes #417)
- Improve synchronisation docs (#451)
- Add the requirements in the Readme (#465)
- Add docs about architecture (fixes #430)
- Add a ‘why’ paragraph to the docs (Kinto value proposition) (#482)
- Update docs: how to choose the backend (#485, thanks @Enguerran)
- Add a custom id generator tutorial (#464)
- Changed default duration between retries on error (
Retry-Afterheader) from 30 to 3 seconds.
- Speed-up startup (ref #490)
- Optimized (and cleaned) usage of (un)authenticated_userid (#424, mozilla-services/cliquet#641)
- Fixed usage of virtualenv in Makefile (#443)
- Add a badge for the irc channel (#459)
- Change phrasing for backend selection (#470)
- Add a CONTRIBUTING file (#471, thanks @magopian)
- Add a contribute.json file (#478, #480, thanks @magopian)
1.11.2 (2016-02-03) ——————=
- Expose the ETag header in 304 responses for default bucket (ref mozilla-services/cliquet#631)
- Add Scalingo one-click deploy button (#418, thanks @yannski)
- Improve introduction of notifications tutorial (#419, thanks @tarekziade)
- Fix typos (thanks @magopian)
1.11.1 (2016-02-01) ——————=
- Fix wheels for Python 3 that were requiring the functools32 package that is for Python 2 only (fixes #303).
- Fix a broken hyperlink in the overview section. (#406, thanks William Hoang)
- Talk about tokens rather than user:password (#393)
1.11.0 (2016-01-28) ——————=
- Forward slashes (
/) are not escaped anymore in JSON responses (mozilla-services/cliquet#537)
- Fields can be filtered in GET requests using
_fields=f1,f2in querystring (#399)
- New collections can be created via
POSTrequests (thanks John Giannelos)
- The API capabilities can be exposed in a
capabilitiesattribute in the root URL (#628). Clients can rely on this to detect optional features on the server (e.g. enabled plugins)
Protocol is now version 1.3. See API changelog.
- Add a Heroku single-clic deploy button (#362)
- Install PostgreSQL libraries on
kinto init(fixes #313)
- Smaller Docker container image (#375, #376, #383)
- Install major plugins in Dockerfile (fixes #317)
- The policy name used to configure authentication in settings is now used for
the user id prefix and StatsD
- Check backends configuration at startup (#228)
- Output message for config file creation (#351, thanks Aditya Basin)
- Trigger internal event on server flush (#354)
- Fix validation of collection id in default bucket (fixes #260)
- Fix kinto init failure when the config folder already exists (#349)
- Fix Docker compose startup (fixes #325)
- Run migrate command when Docker container starts (fixes #363)
- Fix listener name logging during startup (#626)
- Do not log batch subrequests twice (#264)
- Fix hmac digest with Python 3 (#288)
- Add explicit dependency for functools32 when Kinto is installed with an old pip version (fixes #303)
- Add tutorials about notifications (ref #353)
- Add tutorial how to write a plugin (#382)
- Add tutorial how to setup Github authentication (#390)
- Move default values to dedicated column in docs (fixes #255)
- Move run-kinto to get-started and remove platform specific installation instructions (#373)
- Update features table in overview
- Update overview comparisons (#294, #324, #328)
- Update FAQ (#397, #398)
- Simplify some aspects of the settings page (#374)
- Sharding documentation (#381)
- Added missing DELETE endoint for list of records (fixes #238)
- Mention how to restrict private URLs with NGinx (fixes #250)
- Fix link to the freenode #kinto channel in the docs (#333)
- Remove Firefox Account mention from README (fixes #326)
- Move application examples page to wiki (ref #321)
- Move PostgreSQL server docs to wiki (fixes #321)
- Change colors of logo (#359)
- Add invitation for community to point their demos/use cases (fixes #356)
- Remove duplicate glossary in docs (#372)
- Remove troubleshooting paragraph from contributing page (#385)
- Fix wrong groups name and permissions names in the documentation (#389)
- Improve formatting of code block in tutorials (#391, #396)
- Default bucket feature is now a built-in plugin (fixes #277, fixes #311, #380)
- Do not require cliquet master branch in dev (#341, #400). Now moved as tox env in TravisCI
1.10.1 (2015-12-11) ——————=
kinto initwhen containing folder does not exist (fixes #302)
- Added Hoodie in the comparison matrix (#282, thanks @Niraj8!)
- Added a get started button in documentation (#315, thanks @Niraj8!)
1.10.0 (2015-12-01) ——————=
- When using cliquet-fxa, the setting
multiauth.policy.fxa.usemust now be explicitly set to
- Fields in the root view were renamed (mozilla-services/cliquet#600)
- Fix redis default host in kinto init (fixes #289)
- Fix DockerFile with default configuration (fixes #296)
- Include plugins after setting up components (like authn/authz) so that plugins can register views with permissions checking
__permissions__from impacted records values in
Changed the naming in the root URL (hello view) (mozilla-services/cliquet#600)
- New options in configuration of listeners to specify filtered actions and resource names (mozilla-services/cliquet#492, mozilla-services/cliquet#555)
- Add ability to be notified on read actions on a resource (disabled by default) (mozilla-services/cliquet#493)
- Clarified how Kinto is versionned in the documentation (#305)
- Upgraded to Cliquet 2.11.0
- For PostgreSQL backends, it is recommended to specify
In the hello view:
- Add a
usermapping allowing clients to obtain the actual id of their default bucket
- Add the
protocol_versionto tell which protocol version is implemented by the service. (#324)
- Add a
_beforenow accepts an integer value between quotes
", as it would be returned in the
A batch request now fails if one of the subrequests fails (mozilla-services/cliquet#510) (see new feature about transactions)
- Add a Kinto command for start and migrate operation. (#129)
- Add a Kinto command to create a configuration file. (#278)
- A transaction now covers the whole request/response cycle (#194). If an error occurs during the request processing, every operation performed is rolled back. Note: This is only enabled with PostgreSQL backends. In other words, the rollback has no effect on backends like Redis or Memory.
- New settings for backends when using PostgreSQL:
*_pool_timeoutto control connections pool behaviour.
- Fix 500 error response (instead of 503) when storage backend fails during
implicit creation of objects on
defaultbucket. (fixes #236)
Dockerfilefor PostgreSQL backends.
- Fix JSON schema crash when no field information is available.
- Optimization for retrieval of user principals (#263)
- Do not build the Docker container when using Docker Compose.
- Add Python 3.5 on TravisCI
- Add schema validation loadtest (fixes #201)
- Multiple documentation improvements.
- The PostgreSQL backends now use SQLAlchemy sessions.
See also *Cliquet* changes
- Upgraded to Cliquet 2.10.0
Protocol breaking changes
useridattribute to a dedicated
usermapping in the hello view (#242).
- Follow redirections in batch subrequests (fixes mozilla-services/cliquet#511)
- Set cache headers only when anonymous (fixes mozilla-services/cliquet#449)
- Add a
readonlysetting to run the service in read-only mode. (#241)
- If no client cache is set, add
Cache-Control: no-cacheby default, so that clients are forced to revalidate their cache against the server (ref Kinto/kinto#231)
- Fixed 503 error message to mention backend errors in addition to unavailability.
- When recreating a record that was previously deleted, status code is now
- Fix PostgreSQL error when deleting an empty collection in a protected resource (fixes mozilla-services/cliquet#528)
- Fix PUT not using
create()method in storage backend when tombstone exists (fixes mozilla-services/cliquet#530)
- Delete tombstone when record is re-created (fixes mozilla-services/cliquet#518)
- Fix crash with empty body for PATCH (fixes mozilla-services/cliquet#477, fixes mozilla-services/cliquet#516)
- Fix english typo in 404 error message (fixes mozilla-services/cliquet#527)
- Upgraded to Cliquet 2.9.0
- Update cliquet-fxa configuration example for cliquet-fxa 1.4.0
- Improve the documentation to get started
- Added Pyramid events, triggered when the content of a resource has changed. (#488)
kinto.includessetting allowing loading of plugins once Kinto is initialized (unlike
- Remove the broken git revision
commitfield in the hello page. (#495).
- Handle 412 details with default bucket (#226)
- Upgraded to Cliquet 2.8.2
- Return a JSON body for 405 response on the default bucket (#214)
- Improve documentation for new comers (#217)
- Do not force host in default configuration (#219)
- Use tox installed in virtualenv (#221)
- Skip python versions unavailable in tox (#222)
- Upgraded to Cliquet 2.8.1
- Settings prefixed with
cliquet.are now deprecated, and should be replaced with non prefixed version instead.
- In the root url response, public settings are exposed without prefix too
- Upgraded to Cliquet 2.7.0
- Add Disqus comments to documentation (fixes #159)
- Allow POST to create buckets (fixes #64)
- Control client cache headers from settings or collection objects (#189)
- Remove dead code (#187, ref #53)
- Add pytest-capturelog for better output on test failures (#191)
- Install cliquet middleware (no-op if disabled) (#193)
- Many optimizations on
defaultbucket (#192, #197)
- Many optimizations on number of storage hits (#203)
- Fix contributing docs about tests (#198)
- Added more batched actions to loadtests (#199)
- Partial collection of records when user has no
readpermission on collection (fixes #76). Alice can now obtain a list of Bob records on which she has individual
- Collection can now specify a JSON schema and validate its records (#31). The feature is marked as experimental and should be explicitly enabled from settings (#181)
- Accept empty payload on buckets and collections creation (#63)
- Allow underscores in Kinto bucket and collection names (#153, fixes #77)
- Collection records can now be filtered using multiple values (
- Collection records can now be filtered excluding multiple values (
- Current userid is now provided when requesting the hello endpoint with an
- UUID validation now accepts any kind of UUID, not just v4 (mozilla-services/cliquet#387)
- Querystring parameter
_toon collection records was renamed to
_before(the former is now deprecated) (mozilla-services/cliquet#391)
- Allow to configure info link in error responses with
- Fix consistency in API to modify permissions with PATCH (fixes #155) The list of principals for each specified permission is now replaced by the one provided.
- Use correct HTTP Headers encoding in both Python2 and Python3 (#141)
- ETag is now returned on every verb (fixes #110)
- When deleting a collection also remove the records tombstones (#136)
- Complete revamp of the documentation (#156 #167 #168 #169 #170)
- Upgraded to Cliquet 2.6.0
- Upgraded to Cliquet 2.3.1
- Make sure the default route only catch /buckets/default and /buckets/default/* routes. (#131)
- Upgraded to Cliquet 2.3.0
- Handle CORS with the default bucket. (#126, #135)
- Add a test to make sure the tutorial works. (#118)
- List StatsD counters and timers in documentation (fixes #73)
- Update virtualenv dependencies on setup.py modification (fixes #130)
- Upgraded to Cliquet 2.2.1
- Improvements and fixes in the tutorial (#107)
- Querystring handling when using the personal bucket (#119)
- Default buckets ID is now a UUID with dashes (#120)
- Handle unknown permission and fix crash on /buckets (#88)
- Fix permissions handling on PATCH /resource (mozilla-services/cliquet#358)
- Test with the normal Kinto authentication policy and remove the fake one (#121)
- Upgraded to Cliquet 2.2.+
- Add the personal bucket
/buckets/default, where collections are created implicitly (#71)
- Kinto now uses the memory backend by default, which simplifies its usage for development (#86, #95)
- Add public settings in hello view (mozilla-services/cliquet#318)
- Fix Docker compose file settings (#100)
- Fix version redirection behaviour for unsupported versions (mozilla-services/cliquet#341)
- Fix overriding backend settings in .ini (mozilla-services/cliquet#343)
- Documentation improvements (#75)
- Added tutorial (#79)
- Remove hard dependency on PostgreSQL (#100)
- Add pytest-cache (#98)
- Add Pypy test on Travis (#99)
- Update dependencies on
- Fix URL of readthedocs.io (#90)
- Polish default kinto configuration and default to memory backend. (#81)
- Add the kinto group finder (#78)
- Flush endpoint now returns 404 is disabled (instead of 405) (#82)
- ETag not updated on collection update (#80)
- Use py.test to run tests instead of nose (#85)
- Added notion of buckets, user groups and collections (#48, #58)
- Buckets, collections and records can now have permissions (#59)
- Updated Cliquet to 2.0, which introduces a lot of breaking changes (see changelog)
- Firefox Accounts is not a dependency anymore and should be installed and
included explictly using the python package
- API is now served under
- Collections are now managed by bucket, and not by user anymore (#44)
A list of records cannot be manipulated until its parents objects (bucket and collection) are created.
cliquet.permission_urlare now configured to use PostgreSQL instead of Redis (see default
cliquet.basic_auth_enabledis now deprecated (see *Cliquet* docs to enable authentication backends)
- Added documentation about deployment and data durability (#50)
- Added load tests (#30)
- Several improvements in documentation (#51)
- Upgraded to cliquet 1.8.+
- PostgreSQL database initialization process is not run automatically in production. Add this command to deployment procedure:
cliquet --ini config/kinto.ini migrate
- Improved documentation (#29)
- Require 100% coverage during tests (#27)
- Basic Auth is now enabled by default in example config
- Upgraded to cliquet 1.4.1
- Rely on Pyramid API to build pagination Next-Url (#147)
- Upgraded to cliquet 1.4
- Fix behaviour of CloudStorage with backslashes in querystring (mozilla-services/cliquet#142)
- Force PostgreSQl session timezone to UTC (mozilla-services/cliquet#122)
- Fix basic auth ofuscation and prefix (mozilla-services/cliquet#128)
- Make sure the paginate_by setting overrides the passed limit argument (mozilla-services/cliquet#129)
- Fix crash of classic logger with unicode (mozilla-services/cliquet#142)
- Fix crash of CloudStorage backend when remote returns 500 (mozilla-services/cliquet#142)
- Fix python3.4 segmentation fault (mozilla-services/cliquet#142)
- Add missing port in Next-Page header (mozilla-services/cliquet#147)
- Schemaless storage of records
- Firefox Account authentication
- Kinto as a storage backend for cliquet applications