Changelog¶
23.0.2¶
Released on 2025-05-20 - GitHub - PyPI
What's Changed
Bug Fixes
- Fix #3386: set appropriate CSP for attachment previews of images by @leplatrem in #3550
Full Changelog: 23.0.1...23.0.2
23.0.1¶
Released on 2025-05-15 - GitHub - PyPI
What's Changed
Bug Fixes
- Fix request duration duration unit by @leplatrem in #3548
Full Changelog: 23.0.0...23.0.1
23.0.0¶
Released on 2025-05-09 - GitHub - PyPI
What's Changed
Breaking Changes
- Remove
status
from request_size and request_duration_seconds labels by @leplatrem in #3541 - Downsize the Prometheus histograms to 8 buckets (#3544)
Bug Fixes
- Improve Makefile to avoid reinstall on each run by @leplatrem in #3545
- Fixing duplicated prometheus metrics. Resolves remote-settings #872 by @alexcottner in #3546
and #3542
New Features
- Fixes #3533: Add ability to disable certain default metrics and adjust buckets by @leplatrem in #3544
Full Changelog: 22.0.0...23.0.0
22.0.0¶
Released on 2025-05-06 - GitHub - PyPI
What's Changed
Breaking Changes
- Use explicit seconds suffix for duration metrics by @leplatrem in #3539
- Remove redundant setting introduced in 3c3af9f by @leplatrem in #3535
Full Changelog: 21.1.1...22.0.0
21.1.1¶
Released on 2025-04-23 - GitHub - PyPI
What's Changed
Bug Fixes
- Prevent random values to become metrics labels values by @leplatrem in #3534
Full Changelog: 21.1.0...21.1.1
21.1.0¶
Released on 2025-04-23 - GitHub - PyPI
What's Changed
New Features
- Add config hash/path/datetime to root URL by @leplatrem in #3530
- Add new settings to control Prometheus metrics by @leplatrem in #3533
Full Changelog: 21.0.0...21.1.0
21.0.0¶
Released on 2025-04-22 - GitHub - PyPI
What's Changed
Breaking Changes
- Prometheus metrics design was changed by @leplatrem in #3528
- No more view count (use request_summary instead)
- Endpoint is now the route name instead of the URL
- Metrics names are now fixed and all variables are now labels
- Use Prometheus histograms for timers (instead of Summary) by @leplatrem in #3529
Full Changelog: 20.6.1...21.0.0
20.6.1¶
Released on 2025-04-15 - GitHub - PyPI
What's Changed
Bug Fixes
- Fix metrics folder reset with multiple processes by @leplatrem in #3526
Full Changelog: 20.6.0...20.6.1
20.6.0¶
Released on 2025-04-14 - GitHub - PyPI
What's Changed
New Features
- Add command to purge tombstones by @leplatrem in #3524
Full Changelog: 20.5.0...20.6.0
20.5.0¶
Released on 2025-04-11 - GitHub - PyPI
What's Changed
New Features
- Enable Prometheus multiprocess collector by @leplatrem in #3525
Full Changelog: 20.4.0...20.5.0
20.4.0¶
Released on 2025-04-08 - GitHub - PyPI
What's Changed
New Features
- Ref #3515: log more about history trim and expose more settings in root URL by @leplatrem in #3522
Dependency Updates
- Update Kinto Admin version to 3.7.1 by @github-actions in #3521
Full Changelog: 20.3.0...20.4.0
20.3.0¶
Released on 2025-04-02 - GitHub - PyPI
What's Changed
Bug Fixes
- Fix
purge_deleted()
method in memory backend by @leplatrem in #3520
New Features
- Ref #3516: Add new index on deleted objects by @leplatrem in #3519
- Add option to disable history for certain users by @leplatrem in #3515
Full Changelog: 20.2.0...20.3.0
20.2.0¶
Released on 2025-04-01 - GitHub - PyPI
What's Changed
New Features
- Add storage method to fetch all timestamps in one query by @leplatrem in #3518
Dependency Updates
- Update Kinto Admin version to 3.7.0 by @github-actions in #3513
Full Changelog: 20.1.0...20.2.0
20.1.0¶
Released on 2025-03-11 - GitHub - PyPI
What's Changed
New Features
- Add ability to log request ID to all output messages by @leplatrem in #3510
Change your logging config to:
[handler_consoler]
-class = StreamHandler
+class = kinto.core.StreamHandlerWithRequestID
Or, via code:
from dockerflow import logging as dockerflow_logging
handler = MyLogHandler()
filter_ = dockerflow_logging.RequestIdLogFilter()
handler.addFilter(filter_)
Full Changelog: 20.0.0...20.1.0
20.0.0¶
Released on 2025-03-05 - GitHub - PyPI
What's Changed
Breaking Changes
- Remove
kinto.plugins.quotas
(fixes #2894) by @leplatrem in #3503 - Remove accounts emailing features by @leplatrem in #3505
- Do not use
kinto.plugins.statsd
by default by @leplatrem in #3504
Documentation
- Remove obsolete sections from docs (fixes #307, fixes #330, fixes #508) by @leplatrem in #3502
- Remove mentions of kinto-storage.org demo by @leplatrem in #3508
Dependency Updates
- Update Kinto Admin version to 3.6.0 by @github-actions in #3501
Upgrade Instructions
kinto.plugins.quotas
If you were using this plugin, you would have to copy its code from previous version and make sure the module is available in the PYTHONPATH
.
For example:
$ git clone git@github.com:Kinto/kinto.git
$ cd kinto/
$ git checkout 19.6.0
$ cp -R kinto/plugins/quotas /app/kinto_quotas
And refer to the folder in your config:
kinto.includes = ...
/app/kinto_quotas
Accounts Emailing Features
If you were using these features, you would have to run (and maintain) your own fork of Kinto 😢
Default StatsD metrics
The kinto.plugins.statsd
plugin now has to be included explicitly in the kinto.includes
config.
Full Changelog: 19.6.0...20.0.0
19.6.0¶
Released on 2025-02-19 - GitHub - PyPI
What's Changed
Documentation
- Re-enable readthedocs by @leplatrem in #3499
Dependency Updates
- Switch to
psycopg-binary
library by @leplatrem in #3496 - Vendor
cornice
andcornice.ext.swagger
by @leplatrem in #3497
Full Changelog: 19.5.0...19.6.0
19.5.0¶
Released on 2025-02-12 - GitHub - PyPI
What's Changed
Bug Fixes
- Fix crash when error has type bytes (fixes #3488) by @leplatrem in #3489
- Lint and fix Github Actions by @leplatrem in #3491
- Fix exception in in-memory permission backend (fixes #2687) by @cbguder in #3493
New Features
Dependency Updates
- Update Kinto Admin version to 3.5.1 by @github-actions in #3494
Other Changes
- Add workflow to check for Kinto Admin updates by @grahamalama in #3358
New Contributors
- @cbguder made their first contribution in #3490
- @github-actions made their first contribution in #3494
Full Changelog: 19.4.0...19.5.0
19.4.0¶
Released on 2025-01-16 - GitHub - PyPI
What's Changed
New Features
- Add setting to set prefix on Prometheus metrics by @leplatrem in #3483
Full Changelog: 19.3.2...19.4.0
19.3.2¶
Released on 2025-01-14 - GitHub - PyPI
What's Changed
Bug Fixes
- Adjusting CORS logic to return the first match instead of sent Origin by @alexcottner in #3471
Full Changelog: 19.3.1...19.3.2
19.3.1¶
Released on 2024-12-11 - GitHub - PyPI
What's Changed
Bug Fixes
- Fix #3474: encode unsafe characters in request summary metric by @leplatrem in #3476
- Fix #3475: prevent malformed timestamps to reach storage queries by @leplatrem in #3477
Full Changelog: 19.3.0...19.3.1
19.3.0¶
Released on 2024-11-04 - GitHub - PyPI
What's Changed
New Features
- Improve metrics API to support multiple key/value labels by @leplatrem in #3459
- Registry a no-op metrics service by default by @leplatrem in #3460
- Observe metrics request summary, size, and duration with labels by @leplatrem in #3461
Internal Changes
- Fix Dockerfile syntax to get rid of warnings by @leplatrem in #3463
Dependency Updates
- Upgrade kinto-admin to v3.4.1 by @leplatrem in #3457
Full Changelog: 19.2.0...19.3.0
19.2.0¶
Released on 2024-10-16 - GitHub - PyPI
What's Changed
New Features
- Add prometheus support (Fixes #3407) by @leplatrem in #3453
Can now be enabled via built-in pluginkinto.plugins.prometheus
inkinto.includes
(see settings docs)
Deprecations
- Before, assigning a value to the
kinto.statsd_url
setting was enough to enable StatsD monitoring. It is now recommended to addkinto.plugins.statsd
to the list of enabled plugins inkinto.includes
(see settings docs) - Initialization step
kinto.core.initialization.setup_statsd
inkinto.initialization_sequence
is now deprecated. Usekinto.core.initialization.setup_metrics
.
Internals:
config.registry.statsd
is now deprecated. Useconfig.registry.metrics
instead.
Other Changes
- Update code of conduct reference by @emmanuel-ferdman in #3444
New Contributors
- @emmanuel-ferdman made their first contribution in #3444
Full Changelog: 18.1.1...19.2.0
18.1.1¶
Released on 2024-06-20 - GitHub - PyPI
What's Changed
Bug Fixes
- Fix #3402: Prevent invalid timestamps to reach the database by @leplatrem in #3425
Full Changelog: 18.1.0...18.1.1
18.1.0¶
Released on 2024-03-19 - GitHub - PyPI
What's Changed
New Features
- Add Python 3.12 support by @leplatrem in #3377
Bug Fixes
- Add request filter if server is configured as readonly by @leplatrem in #3387
Other Changes
- Fixes #3380 - UI asset files not properly copied to container by @alexcottner in #3381
- Adding basic python playwright test by @alexcottner in #3382
Full Changelog: 18.0.0...18.1.0
18.0.0¶
Released on 2024-02-01 - GitHub - PyPI
What's Changed
Breaking Changes
- When Kinto Admin assets is read from custom folder, we now expect a
VERSION
file to be present, by @leplatrem in #3376
Bug Fixes
- Fix Docker image build frozen step by @leplatrem in #3372
Full Changelog: 17.0.0...18.0.0
17.0.0¶
Released on 2024-01-26 - GitHub - PyPI
What's Changed
Breaking Changes
- Decouple
kinto-redis
from this repository by @leplatrem in #3360 - Do not install dev dependencies in Docker image by @leplatrem in #3369
Dependency Updates
- Bump Kinto Admin to 3.0.1 by @grahamalama in #3351
Other Changes
- Run functional tests on freshly built container by @leplatrem in #3367
- Move community files to
.github/
folder by @leplatrem in #3366 - Generate changelog from Github releases by @leplatrem in #3353
- Group all Dependabot pull-requests by @leplatrem in #3308
- Rename master branch to main by @leplatrem in #3355
- Merge Github workflows files into
test.yml
by @leplatrem in #3362 - Get rid of tox by @leplatrem in #3357
- ShellCheck
scripts/
folder by @leplatrem in #3364 - Force labels on pull-requests, and add sections in generated changelog by @leplatrem in #3361
- Switch from
setup.cfg
/setup.py
topyproject.toml
by @leplatrem in #3359
Full Changelog: 16.3.0...17.0.0
16.3.0¶
Released on 2024-01-15 - GitHub - PyPI
New features
- Add a new
kinto.admin_assets_path
setting to specify the location on the Admin UI assets.
Internal Changes
16.2.3¶
Released on 2023-12-05 - GitHub - PyPI
- Upgraded Kinto Admin to v2.1.1
16.2.2¶
Released on 2023-11-22 - GitHub - PyPI
Upgrading kinto-admin to v2.1.0.
16.2.1¶
Released on 2023-09-13 - GitHub - PyPI
Bug fixes
- Keep warning level for server-side logging (#3263)
Note: version 16.2.0 does not exist.
16.1.0¶
Released on 2023-09-06 - GitHub - PyPI
New features
- Send logging warnings to Sentry, with logging debugs as breadcrumbs. Configure levels with
kinto.sentry_breadcrumbs_min_level
andkinto.sentry_events_min_level
settings (#3262)
16.0.0¶
Released on 2023-05-30 - GitHub - PyPI
Breaking Changes
- Drop support of Python 3.7 (end-of-life 2023-06-27)
New features
- Add request id to
request.summary
logs (read fromX-Request-Id
header and defaults to 16 hex string)
Documentation
- Fix typos on the Concepts page (#3151)
15.1.1¶
Released on 2023-02-09 - GitHub - PyPI
Bug Fixes
- Use correct import path for SQLAlchemy Sentry integration
15.1.0¶
Released on 2023-02-09 - GitHub - PyPI
New features
- Enable SQLAlchemy integration for Sentry
Internal Changes
- Force SQLAlchemy version to 1.X
15.0.0¶
Released on 2023-02-04 - GitHub - PyPI
Breaking Changes
raven
is not installed by default anymore (fixes #3054). Sentry reporting is now enabled via settings (or environment variables).
In order to migrate from Kinto <14 to Kinto 15, remove the mention ofsentry
andraven
from your logging configuration:
# kinto.ini
[logger_root]
level = INFO
- handlers = console, sentry
+ handlers = console
[handlers]
- keys = console, sentry
+ keys = console
- [handler_sentry]
- class = raven.handlers.logging.SentryHandler
- args = ('https://<key>:<secret>@app.getsentry.com/<project>',)
- level = WARNING
- formatter = generic
And add the following settings:
kinto.sentry_dsn = https://userid@o1.ingest.sentry.io/1
kinto.sentry_env = prod
For more information, see Settings documentation
Documentation
- Fix
/batch
endpoint documentation about required authentication.
14.8.0¶
Released on 2022-10-06 - GitHub - PyPI
New Features
- Add
Cache-Control
response header in root URL endpoint (/v1/
) when the instance is configured as read-only.
14.7.2¶
Released on 2022-04-13 - GitHub - PyPI
Bug Fixes
- Prevents merging of
ResourceChanged
events if they were triggered from
events listeners (cascade) (see mozilla/remote-settings#203)
14.7.1¶
Released on 2022-03-31 - GitHub - PyPI
Bug Fixes
- Include Kinto Admin VERSION file in package
Internal Changes
- Exclude tests from built package
14.7.0¶
Released on 2022-03-30 - GitHub - PyPI
Internal Changes
- Add alwaysdata Marketplace link. #2957
- Test package description formatting in CI #2951
- Build Kinto Admin from source #2966
Dependabot Updates
- Bump pytest from 6.2.5 to 7.0.0 #2950
- Bump pytest from 7.0.0 to 7.0.1 #2953
- Bump werkzeug from 2.0.2 to 2.0.3 #2954
- Bump python-rapidjson from 1.5 to 1.6 #2956
- Bump waitress from 2.0.0 to 2.1.0 #2962
- Bump sqlalchemy from 1.4.31 to 1.4.32 #2961
- Bump selenium from 4.1.0 to 4.1.2 #2960
- Bump newrelic from 7.4.0.172 to 7.6.0.173 #2959
- Bump pytest from 7.0.1 to 7.1.0 #2965
- Bump selenium from 4.1.2 to 4.1.3 #2964
- Bump pyramid-tm from 2.4 to 2.5 #2963
- Bump waitress from 2.1.0 to 2.1.1 #2968
- Bump pytest from 7.1.0 to 7.1.1 #2967
Kinto Admin
Bug Fixes
- Downgrade to history v4 (Kinto/kinto-admin#2180)
- Fix crash on incorrect auth credentials (Kinto/kinto-admin#2119)
For a complete log of Kinto Admin changes, see v1.31.0...v2.0.0
Full Changelog: 14.6.1...14.7.0
14.6.1¶
Released on 2022-02-03 - GitHub - PyPI
Bug Fixes
- Fix crash in
/permissions
endpoint when a setting is misinterpreted as resource permission (e.g.signer.auto_create_resources_principals
)
Internal Changes
14.5.0¶
Released on 2021-10-08 - GitHub - PyPI
New feature
- Add
kinto.version_prefix_redirect_ttl_seconds
setting in order to sendCache-Control
response headers on version prefix redirects (fixes #2874)
14.4.1¶
Released on 2021-09-20 - GitHub - PyPI
Bug fixes
- Fix bundle of kinto-admin, using same versions of React as upstream package
14.4.0¶
Released on 2021-09-16 - GitHub - PyPI
Documentation
- Fix "negociation" typo in docs/images/architecture.svg (#2813)
Internal changes
- Replace ujson with rapidjson. (#2677)
- Upgrade kinto-admin to v1.30.2
14.3.0¶
Released on 2021-06-13 - GitHub - PyPI
Documentation
- Fix documentation about disabling endpoints (#2794)
Internal changes
- Now compatible with Pyramid 2 (#2764)
- Upgrade kinto-admin to v1.30.0
14.2.0¶
Released on 2021-02-22 - GitHub - PyPI
New feature
- Allow rotation of the user password hmac secret without rotating the default bucket id hmac secret. (#2647)
Documentation
- Upgrade kinto-admin to v1.29.0
- servicedenuages.fr domain is parked, replace links with web.archive.org (#2720)
- Fix broken url in docs (#2692)
Internal changes
14.1.1¶
Released on 2020-11-03 - GitHub - PyPI
Bug fixes
- Fix broken Kinto admin (#2646)
Internal Changes
- Upgrade kinto-admin to v1.27.3
14.1.0¶
Released on 2020-10-27 - GitHub - PyPI
New feature
- Add ability to disable explicit permissions at object level (ref #893). Use
kinto.explicit_permissions = false
to only rely on inherited permissions (see settings docs)
Internal Changes
- Distinguish readonly errors in storage backend (
kinto.core.storage.exceptions.ReadonlyError
) - Upgrade kinto-admin to v1.27.0
- Add support to Python 3.9
14.0.1¶
Released on 2020-09-09 - GitHub - PyPI
Bug fixes
- Do not break storage implementations (ie. kinto-redis) that rely on
json
class attribute (removed in v14.0.0) - Do not return 400 for
?_since=null
(fixes #2595)
14.0.0¶
Released on 2020-09-01 - GitHub - PyPI
Breaking changes
- Drop the
strict_json
option, and useultrajson
everywhere
Internal Changes
- Upgrade kinto-admin to v1.26.2
13.6.6¶
Released on 2020-06-26 - GitHub - PyPI
Bug fixes
Documentation
- Refer to proper terms in glossary (#2486)
13.6.5¶
Released on 2020-03-31 - GitHub - PyPI
Bug fixes
- Simplify get_objects_permissions query (#2475)
13.6.4¶
Released on 2020-03-29 - GitHub - PyPI
Security fix
- Fix permission checking with POST on plural endpoints (fixes #2459)
Bug fixes
- Apply CORS headers to EOL responses (#2452)
Internal Changes
- Remove
auth
parameter from postgresql/memory storage backends - Removed pytest-sugar
13.6.3¶
Released on 2020-01-30 - GitHub - PyPI
Bug fixes
- History entries datetimes now carry timezone information
- Fix
kinto init
command (#2375) - Fix float strings parsing in certain URL query parameters. (#2392)
Internal Changes
- Upgrade kinto-admin to v1.26.1
- Drop
auth
parameter from storage backend methods.
13.6.2¶
Released on 2019-11-04 - GitHub - PyPI
Bug fixes
- Second attempt at fixing loading of Kinto Admin (#2322)
13.6.1¶
Released on 2019-10-31 - GitHub - PyPI
Bug fixes
- Fix loading of Kinto Admin (#2320)
13.6.0¶
Released on 2019-10-24 - GitHub - PyPI
New Features
- Add
Content-Security-Policy
header and report URI (fixes #2303)
Internal Changes
- Use package-lock file for Kinto Admin packaging
- Use isort for formatting imports (Fixes #2270)
- Upgrade kinto-admin to v1.25.2
13.5.0¶
Released on 2019-09-26 - GitHub - PyPI
Internal changes
13.4.0¶
Released on 2019-09-12 - GitHub - PyPI
Internal changes
- Upgrade kinto-admin to v1.25.0
13.3.0¶
Released on 2019-08-15 - GitHub - PyPI
Bug fixes
- Prevent password to be modified on modification of accounts metadata (fixes #2058)
- Fix unexpected exception in
/__version__
endpoint - Add
Content-Type
to default_cors_headers (refs #2220) - Fix crash with non-allowed requests on
__user_data__
(fixes #2063) - Fix multiple event listeners on READ action (fixes #1755)
New features
- Allow StatsD counter to be incremented by an arbitrary number
13.2.2¶
Released on 2019-07-04 - GitHub - PyPI
Bug fixes
- Fix apparence of Admin notifications (fixes #2191)
13.2.1¶
Released on 2019-06-25 - GitHub - PyPI
Internal changes
- Upgrade kinto-admin to v1.24.1
13.2.0¶
Released on 2019-06-18 - GitHub - PyPI
Internal changes
- Upgrade kinto-admin to v1.24.0
13.1.1¶
Released on 2019-05-23 - GitHub - PyPI
Bug fixes
- Fix cache heartbeat test (fixes #2107)
- Fix support of
sqlalchemy.pool.NullPool
for PostgreSQL backends.
The defaultpool_size
of 25 is maintained on the default pool class
(QueuePoolWithMaxBacklog
). When using custom connection pools, please
refer to SQLAlchemy documentation for default values.
Internal changes
- Remove dependency to kinto-redis in core tests
13.1.0¶
Released on 2019-03-21 - GitHub - PyPI
New features
- Expose the user_profile in the user field of the hello page. (#1989)
- Add an "account validation" option to the accounts plugin. (#1973)
- Add a
validate
endpoint at/accounts/{user id}/validate/{validation key}
which can be used to validate an account when the account
validation option is enabled on the accounts plugin. - Add a
reset-password
endpoint at/accounts/(user id)/reset-password
which can be used to reset a user's password when the account validation option is enabled on the accounts plugin.
Bug fixes
- Fixed two potential bugs relating to mutable default values.
- Fix crash on validating records with errors in arrays (#1508)
- Fix crash on deleting multiple accounts (#2009)
Documentation
- Fixed spelling and Filtering docs
Internal changes
- Use
setup.cfg
for package metadata (ref #1921)
API is now at version 1.22. See API changelog
13.0.1¶
Released on 2019-01-29 - GitHub - PyPI
Bug fixes
- Loosen up the Content-Security policies in the Kinto Admin plugin to prevent Webpack inline script to be rejected (fixes #2000)
12.0.2¶
Released on 2019-01-25 - GitHub - PyPI
Bug fixes
- security: Fix a pagination bug in the PostgreSQL backend that could leak records between collections
13.0.0¶
Released on 2019-01-25 - GitHub - PyPI
New features
- Expose the user_profile in the user field of the hello page with OpenID authentication (#1989)
Breaking changes
- Update Kinto OpenID plugin to redirect with a base64 JSON encoded token. (#1988).
This will work with kinto-admin 1.23
Bug fixes
- security: Fix a pagination bug in the PostgreSQL backend that could leak records between collections
Internal changes
- Upgrade kinto-admin to v1.23.0
12.0.1¶
Released on 2019-01-21 - GitHub - PyPI
Bug Fixes
12.0.0¶
Released on 2019-01-11 - GitHub - PyPI
Breaking changes
- Remove Python 3.5 support and upgrade to Python 3.6. (#1886)
- Remove
record
fromUnicityError
class (#1919). This enabled us to fix #1545. - Storage backend API has changed, notions of collection and records were replaced
by the generic terms resource and object. Plugins that subclass the internal
ShareableResource
class may also break. - GET requests no longer include the
Total-Records
header. To get a count in a collection
you need to do a HEAD request. And the new header name isTotal-Objects
. (#1624) - Remove the
UserResource
class. AndShareableResource
is now deprecated in
favor ofResource
. - Removed
kinto.core.utils.parse_resource()
. Usekinto.core.utils.view_lookup_registry()
instead (#1828) - Remove the
delete-collection
command (#1959)
API is now at version 1.21. See API changelog.
New features
- Add a
user-data
endpoint at/__user_data__/
which can be used to delete all data
associated with a principal. This might be helpful for pursuing GDPR
compliance, for instance. (Fixes #442.)
Bug Fixes
- Like query now returns 400 when a non string value is used. (#1899)
- Record ID is validated if explicitly mentioned in the collection schema (#1942)
- The Memory permission backend implementation of
remove_principal
is now less generous with what it removes (#1955).
Documentation
- Change PostgreSQL backend URLs to be
postgresql://
instead of the deprecatedpostgres://
Internal changes
- Remove depreciation warning for
mapping
(#1904) - Fix depreciated warn method (#1903)
- Use f-string instead of % or format operators. (#1886)
- Ignore admin plugin node_modules folder while running black (#1902)
- Remove regexp py36 warnings. (#1907)
- Changed psycopg2 dependency for psycopg2-binary. (#1905)
- Renamed core notions (ie. record and collection) (#710)
- JSON Schema validation is optimized by keeping instances of validator cached. (#1807)
11.2.1¶
Released on 2018-12-10 - GitHub - PyPI
- Still supports jsonschema 2.6 before 3.0 is released as a production release. (#1923)
11.2.0¶
Released on 2018-11-29 - GitHub - PyPI
New features
- Return a
500 Internal Error
on__version__
instead of 404 if the version file
cannot be found (fixes #1841)
Bug fixes
- Fix the
http_api_version
exposed in the/v1/
endpoint. The
version1.20
was getting parsed as a number1.2
. - Fix
record:create
not taken into account from settings. (fixes #1813)
Internal changes
Documentation
- Add documentation on troubleshooting Auth0 multiauth issue. (#1889)
11.1.0¶
Released on 2018-10-25 - GitHub - PyPI
New features
- Add ability to configure the
project_name
in settings, shown in the root URL (fixes #1809) - Use
.
as bucket/collection separator in cache control settings (fixes #1815)
Bug fixes
- Fix missing favicon and inline images in kinto-admin plugin
Internal changes
- Use mock from the standard library.
- Blackify the whole code base (#1799, huge thanks to @Cnidarias for this!)
- Upgrade kinto-admin to v1.22
11.0.0¶
Released on 2018-10-09 - GitHub - PyPI
Breaking changes
- The
basicauth
policy is not used by default anymore (#1736)
If your application relies on this specific behaviour, you now have to add explicitly settings:
multiauth.policies = basicauth
But it is recommended to use other authentication policies like the OpenID Connect or the accounts plugin instead.
# Enable plugin.
kinto.includes = kinto.plugins.accounts
# Enable authenticated policy.
multiauth.policies = account
multiauth.policy.account.use = kinto.plugins.accounts.AccountsPolicy
# Allow anyone to create their own account.
kinto.account_create_principals = system.Everyone
You will find more details the authentication settings section of the documentation
Bug fixes
- Fix crash when querystring filter contains NUL (0x00) character (fixes #1704)
- Many bugs were fixed in the Kinto Admin UI (see v1.21.0)
Documentation
- Huge refactor of documentation about authentication (#1736)
Internal changes
10.1.2¶
Released on 2018-10-03 - GitHub - PyPI
Bug fixes
- Fix OpenID login in Kinto-Admin (Kinto/kinto-admin#641)
Internal changes
- Upgrade kinto-admin to v1.20.2
10.1.1¶
Released on 2018-09-21 - GitHub - PyPI
Bug fixes
10.1.0¶
Released on 2018-09-17 - GitHub - PyPI
Bug fixes
- Deleting a collection doesn't delete access_control_entrries for its children (fixes #1647)
New features
- The registry now has a "command" attribute during one-off commands
such askinto migrate
. This can be useful for plugins that want
to behave differently during a migration, for instance. (#1762)
10.0.0¶
Released on 2018-09-03 - GitHub - PyPI
10.0.0 (2018-08-16)
Breaking changes
kinto.core.events.get_resource_events
now returns a generator
rather than a list.
New features
- Include Python 3.7 support.
kinto.core.events.notify_resource_event
now supports
resource_name
andresource_data
. These are useful when
emitting events from one view "as though" they came from another
view.- Resource events can now trigger other resource events, which are
handled correctly. This might be handy if one resource wants to
simulate events on another "virtual" resource, as inkinto-changes
.
Bug fixes
- Raise a configuration error if the
kinto.plugin.accounts
is included without being enabled in policies.
Without this kinto-admin would present a confusing login experience (fixes #1734).
Internal changes
- Upgrade kinto-admin to v1.20.0
9.2.3¶
Released on 2018-07-05 - GitHub - PyPI
Internal changes
- Upgrade to kinto-admin v1.19.2
9.2.2¶
Released on 2018-06-28 - GitHub - PyPI
Internal changes
- Upgrade to kinto-admin v1.19.1
9.2.1¶
Released on 2018-06-26 - GitHub - PyPI
Bug fixes
- Fixed bug where unresolved JSON pointers would crash server (fixes #1685)
Internal changes
- Update the Dockerfile with the new kinto --cache-backend option. (#1686)
- Upgrade to kinto-admin v1.19.0
9.2.0¶
Released on 2018-06-07 - GitHub - PyPI
API
- JSON schemas can now be defined in the bucket metadata and will apply to every
underlying collection, group or record (fixes #1555)
API is now at version 1.20. See API changelog
New features
- Kinto Admin plugin now supports OpenID Connect
- Limit network requests to current domain in Kinto Admin using
Content-Security Policies <https://hacks.mozilla.org/2016/02/implementing-content-security-policy/>
_ - Prompt for cache backend type in
kinto init
(#1653) - kinto.core.utils now has new features
route_path_registry
and
instance_uri_registry
, suitable for use when you don't
necessarily have arequest
object around. The existing functions
will remain in place. - openid plugin will carry
prompt=none
querystring parameter if appended
to authorize endpoint.
Internal changes
- Upgrade to kinto-admin v1.18.0
9.1.2¶
Released on 2018-05-31 - GitHub - PyPI
Security fix
- OpenID plugin used the same cache key for every access-token (fixes #1660)
9.1.1¶
Released on 2018-05-23 - GitHub - PyPI
Internal changes
- Correct spelling of GitHub.
- Upgrade to kinto-admin v1.17.2
9.1.0¶
Released on 2018-05-21 - GitHub - PyPI
API
- Batch endpoint now checks for and aborts any parent request if subrequest encounters 409 constraint violation (fixes #1569)
Bug fixes
- Fix a bug where you could not reach the last records via Next-Header when deleting with pagination (fixes #1170)
- Slight optimizations on the
get_all
query in the Postgres
storage backend which should make it faster for result sets that
have a lot of records (#1622). This is the first change meant to
address #1507, though more can still be done. - Fix a bug where the batch route accepted all content-types (fixes #1529)
Internal changes
- Upgrage to kinto-admin v1.17.1
9.0.0¶
Released on 2018-04-26 - GitHub - PyPI
API
- Introduce
contains
andcontains_any
filter operators (fixes #343).
API is now at version 1.19. See API changelog.
Breaking changes
- The storage class now exposes
bump_timestamp()
andbump_and_store_timestamp()
methods
so that memory based storage backends can use them. (#1596)
Internal changes
- Authentication policies can now hard code and override the name specified in settings
Documentation
- Version number is taken from package in order to ease release process (#1594)
- Copyright year is now dynamic (#1595)
Internal changes
- Upgrade the kinto-admin UI to 1.17.0
8.2.3¶
Released on 2018-04-06 - GitHub - PyPI
Security fix
- Validate the account user password even when the session is cached (fixes #1583).
Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.
8.3.0¶
Released on 2018-04-06 - GitHub - PyPI
Security fix
- Validate the account user password even when the session is cached (fixes #1583).
Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.
New features
- Add bucket and account creation permissions in the permissions endpoint (fixes #1510)
Bug fixes
- Reduce the OpenID state string length to fit in the PostgreSQL cache backend (fixes #1566)
Documentation
- Improve OpenID settings and API documentation
Internal Changes
- Now fully rely on Pyup.io (or contributors) to update the versions in the
requirements.txt
file (fixes #1512) - Move from importing pip to running it in a subprocess (see pypa/pip#5081).
- Remove useless print when using the OpenID policy (ref #1509)
- Try to recover from the race condition where two requests can delete the same record. (Fix #1557; refs #1407.)
8.2.2¶
Released on 2018-03-28 - GitHub - PyPI
Internal changes
- Fix kinto-admin dependency error in 8.2.1 to actually really upgrade it to 1.15.1
8.2.1¶
Released on 2018-03-28 - GitHub - PyPI
Internal changes
- Upgraded the kinto-admin to version 1.15.1
- Upgraded newrelic to 2.106.1.88
8.2.0¶
Released on 2018-03-01 - GitHub - PyPI
New features
- Add Openid connect support (#939, #1425). See demo
- Account plugin now caches authentication verification (#1413)
Bug fixes
- Fix missing principals from user info in root URL when default bucket plugin is enabled (fixes #1495)
- Fix crash in Postgresql when the value of url param is empty (fixes #1305)
Internal changes
- Upgraded the kinto-admin to version 1.15.0
8.1.5¶
Released on 2018-02-09 - GitHub - PyPI
Bug fixes
- Restore "look before you leap" behavior in the Postgres storage
backend create() method to check whether a record exists before
running the INSERT query (#1487). This check is "optimistic" in the sense
that we can still fail to INSERT after the check succeeded, but it
can reduce write load in configurations where there are a lot of
create()s (i.e. when using the default_bucket plugin).
8.1.4¶
Released on 2018-01-31 - GitHub - PyPI
Bug fixes
8.1.3¶
Released on 2018-01-26 - GitHub - PyPI
Bug fixes
- Optimize the PostgreSQL permission backend's
delete_object_permissions
function in the case where we are only
matching one object_id (or object_id prefix).
8.1.2¶
Released on 2018-01-24 - GitHub - PyPI
Bug fixes
- Flushing a server no longer breaks migration of the storage backend
(#1460). If you have ever flushed a server in the past, migration
may be broken. This version of Kinto tries to guess what version of
the schema you're running, but may guess wrong. See
https://github.com/Kinto/kinto/wiki/Schema-versions for some
additional information.
Internal changes
- We now allow migration of the permission backend's schema.
Operational concerns
- The schema for the Postgres permission backend has changed. This
changes another ID column to use the "C" collation, which should
speed up thedelete_object_permissions
query when deleting a
bucket.
8.1.1¶
Released on 2018-01-18 - GitHub - PyPI
Operational concerns
- The schema for the Postgres storage backend has changed. This
changes some more ID columns to use the "C" collation, which fixes a
bug where thebump_timestamps
trigger was very slow.
8.1.0¶
Released on 2018-01-09 - GitHub - PyPI
Internal changes
- Update the Docker compose configuration to use memcache for the cache backend (#1405)
- Refactor the way postgresql.storage.create_from_settings ignores settings (#1410)
Operational concerns
- The schema for the Postgres storage backend has changed. This
changes some ID columns to use the "C" collation, which will make
delete_all
queries faster. (See
e.g. https://www.postgresql.org/docs/9.6/static/indexes-opclass.html,
which says "If you do use the C locale, you do not need the
xxx_pattern_ops operator classes, because an index with the default
operator class is usable for pattern-matching queries in the C
locale.") This may change the default sort order and grouping of
record IDs.
New features
- New setting
kinto.backoff_percentage
to only set the backoff header a portion of the time. make tdd
allows development in a TDD style by rerunning tests every time a file is changed.
Bug fixes
- Optimize the Postgres collection_timestamp method by one query. It
now only makes two queries instead of three. - Update other dependencies: newrelic to 2.98.0.81 (#1409), setuptools
to 38.4.0 (#1411, #1429, #1438, #1440), pytest to 3.3.2 (#1412,
#1437), raven to 6.4.0 (#1421), werkzeug to 0.14.1 (#1418, #1434),
python-memcached to 1.59 (#1423), zest.releaser to 6.13.3 (#1427),
bravado_core to 4.11.2 (#1426, #1441), statsd to 3.2.2 (#1422),
jsonpatch to 1.21 (#1432), sqlalchemy to 1.2.0 (#1430), sphinx to
1.6.6 (#1442).
7.6.5¶
Released on 2018-01-09 - GitHub - PyPI
Internal changes
- Introduce an experimental setting,
experimental_disable_purge_deleted
, which can be used to try to
diagnose excessive CPU usage in production.
7.6.4¶
Released on 2017-12-07 - GitHub - PyPI
Internal changes
- Remove the
FOR UPDATE
locking from the delete_all query, on the
off chance that it's somehow related to the increased CPU
utilization we're seeing.
7.6.3¶
Released on 2017-12-06 - GitHub - PyPI
Internal changes
- Optimize the Postgres collection_timestamp method by one query. It
now only makes two queries instead of three.
8.0.0¶
Released on 2017-11-29 - GitHub - PyPI
Breaking changes
- Storage backends no longer support the
ignore_conflict
argument (#1401). Instead of using this argument, consider catching the
UnicityError
and handling it.ignore_conflict
was only ever
used in one place, in thedefault_bucket
plugin, and was
eventually backed out in favor of catching and handling a
UnicityError
.
Bug fixes
- Fix a TOCTOU bug in the Postgres storage backend where a transaction
doing acreate()
would fail because a row had been inserted after
the transaction had checked for it (#1376).