Changelog

23.0.2

Released on 2025-05-20 - GitHub - PyPI

What's Changed

Bug Fixes

• Fix #3386: set appropriate CSP for attachment previews of images by @leplatrem in #3550

Full Changelog: 23.0.1...23.0.2

23.0.1

Released on 2025-05-15 - GitHub - PyPI

What's Changed

Bug Fixes

• Fix request duration duration unit by @leplatrem in #3548

Full Changelog: 23.0.0...23.0.1

23.0.0

Released on 2025-05-09 - GitHub - PyPI

What's Changed

Breaking Changes

• Remove status from request_size and request_duration_seconds labels by @leplatrem in #3541
• Downsize the Prometheus histograms to 8 buckets (#3544)

Bug Fixes

• Improve Makefile to avoid reinstall on each run by @leplatrem in #3545
• Fixing duplicated prometheus metrics. Resolves remote-settings #872 by @alexcottner in #3546
  and #3542

New Features

• Fixes #3533: Add ability to disable certain default metrics and adjust buckets by @leplatrem in #3544

Full Changelog: 22.0.0...23.0.0

22.0.0

Released on 2025-05-06 - GitHub - PyPI

What's Changed

Breaking Changes

• Use explicit seconds suffix for duration metrics by @leplatrem in #3539
• Remove redundant setting introduced in 3c3af9f by @leplatrem in #3535

Full Changelog: 21.1.1...22.0.0

21.1.1

Released on 2025-04-23 - GitHub - PyPI

What's Changed

Bug Fixes

• Prevent random values to become metrics labels values by @leplatrem in #3534

Full Changelog: 21.1.0...21.1.1

21.1.0

Released on 2025-04-23 - GitHub - PyPI

What's Changed

New Features

• Add config hash/path/datetime to root URL by @leplatrem in #3530
• Add new settings to control Prometheus metrics by @leplatrem in #3533

Full Changelog: 21.0.0...21.1.0

21.0.0

Released on 2025-04-22 - GitHub - PyPI

What's Changed

Breaking Changes

• Prometheus metrics design was changed by @leplatrem in #3528
  • No more view count (use request_summary instead)
  • Endpoint is now the route name instead of the URL
  • Metrics names are now fixed and all variables are now labels
• Use Prometheus histograms for timers (instead of Summary) by @leplatrem in #3529

Full Changelog: 20.6.1...21.0.0

20.6.1

Released on 2025-04-15 - GitHub - PyPI

What's Changed

Bug Fixes

• Fix metrics folder reset with multiple processes by @leplatrem in #3526

Full Changelog: 20.6.0...20.6.1

20.6.0

Released on 2025-04-14 - GitHub - PyPI

What's Changed

New Features

• Add command to purge tombstones by @leplatrem in #3524

Full Changelog: 20.5.0...20.6.0

20.5.0

Released on 2025-04-11 - GitHub - PyPI

What's Changed

New Features

• Enable Prometheus multiprocess collector by @leplatrem in #3525

Full Changelog: 20.4.0...20.5.0

20.4.0

Released on 2025-04-08 - GitHub - PyPI

What's Changed

New Features

• Ref #3515: log more about history trim and expose more settings in root URL by @leplatrem in #3522

Dependency Updates

• Update Kinto Admin version to 3.7.1 by @github-actions in #3521

Full Changelog: 20.3.0...20.4.0

20.3.0

Released on 2025-04-02 - GitHub - PyPI

What's Changed

Bug Fixes

• Fix purge_deleted() method in memory backend by @leplatrem in #3520

New Features

• Ref #3516: Add new index on deleted objects by @leplatrem in #3519
• Add option to disable history for certain users by @leplatrem in #3515

Full Changelog: 20.2.0...20.3.0

20.2.0

Released on 2025-04-01 - GitHub - PyPI

What's Changed

New Features

• Add storage method to fetch all timestamps in one query by @leplatrem in #3518

Dependency Updates

• Update Kinto Admin version to 3.7.0 by @github-actions in #3513

Full Changelog: 20.1.0...20.2.0

20.1.0

Released on 2025-03-11 - GitHub - PyPI

What's Changed

New Features

• Add ability to log request ID to all output messages by @leplatrem in #3510

Change your logging config to:

 [handler_consoler]
-class = StreamHandler
+class = kinto.core.StreamHandlerWithRequestID

Or, via code:

from dockerflow import logging as dockerflow_logging

handler = MyLogHandler()
filter_ = dockerflow_logging.RequestIdLogFilter()
handler.addFilter(filter_)

Full Changelog: 20.0.0...20.1.0

20.0.0

Released on 2025-03-05 - GitHub - PyPI

What's Changed

Breaking Changes

• Remove kinto.plugins.quotas (fixes #2894) by @leplatrem in #3503
• Remove accounts emailing features by @leplatrem in #3505
• Do not use kinto.plugins.statsd by default by @leplatrem in #3504

Documentation

• Remove obsolete sections from docs (fixes #307, fixes #330, fixes #508) by @leplatrem in #3502
• Remove mentions of kinto-storage.org demo by @leplatrem in #3508

Dependency Updates

• Update Kinto Admin version to 3.6.0 by @github-actions in #3501

Upgrade Instructions

kinto.plugins.quotas

If you were using this plugin, you would have to copy its code from previous version and make sure the module is available in the PYTHONPATH.
For example:

$ git clone git@github.com:Kinto/kinto.git
$ cd kinto/
$ git checkout 19.6.0
$ cp -R kinto/plugins/quotas /app/kinto_quotas

And refer to the folder in your config:

kinto.includes = ...
                 /app/kinto_quotas

Accounts Emailing Features

If you were using these features, you would have to run (and maintain) your own fork of Kinto 😢

Default StatsD metrics

The kinto.plugins.statsd plugin now has to be included explicitly in the kinto.includes config.

Full Changelog: 19.6.0...20.0.0

19.6.0

Released on 2025-02-19 - GitHub - PyPI

What's Changed

Documentation

• Re-enable readthedocs by @leplatrem in #3499

Dependency Updates

• Switch to psycopg-binary library by @leplatrem in #3496
• Vendor cornice and cornice.ext.swagger by @leplatrem in #3497

Full Changelog: 19.5.0...19.6.0

19.5.0

Released on 2025-02-12 - GitHub - PyPI

What's Changed

Bug Fixes

• Fix crash when error has type bytes (fixes #3488) by @leplatrem in #3489
• Lint and fix Github Actions by @leplatrem in #3491
• Fix exception in in-memory permission backend (fixes #2687) by @cbguder in #3493

New Features

• Publish ARM64 Docker image by @cbguder in #3490

Dependency Updates

• Update Kinto Admin version to 3.5.1 by @github-actions in #3494

Other Changes

• Add workflow to check for Kinto Admin updates by @grahamalama in #3358

New Contributors

• @cbguder made their first contribution in #3490
• @github-actions made their first contribution in #3494

Full Changelog: 19.4.0...19.5.0

19.4.0

Released on 2025-01-16 - GitHub - PyPI

What's Changed

New Features

• Add setting to set prefix on Prometheus metrics by @leplatrem in #3483

Full Changelog: 19.3.2...19.4.0

19.3.2

Released on 2025-01-14 - GitHub - PyPI

What's Changed

Bug Fixes

• Adjusting CORS logic to return the first match instead of sent Origin by @alexcottner in #3471

Full Changelog: 19.3.1...19.3.2

19.3.1

Released on 2024-12-11 - GitHub - PyPI

What's Changed

Bug Fixes

• Fix #3474: encode unsafe characters in request summary metric by @leplatrem in #3476
• Fix #3475: prevent malformed timestamps to reach storage queries by @leplatrem in #3477

Full Changelog: 19.3.0...19.3.1

19.3.0

Released on 2024-11-04 - GitHub - PyPI

What's Changed

New Features

• Improve metrics API to support multiple key/value labels by @leplatrem in #3459
• Registry a no-op metrics service by default by @leplatrem in #3460
• Observe metrics request summary, size, and duration with labels by @leplatrem in #3461

Internal Changes

• Fix Dockerfile syntax to get rid of warnings by @leplatrem in #3463

Dependency Updates

• Upgrade kinto-admin to v3.4.1 by @leplatrem in #3457

Full Changelog: 19.2.0...19.3.0

19.2.0

Released on 2024-10-16 - GitHub - PyPI

What's Changed

New Features

• Add prometheus support (Fixes #3407) by @leplatrem in #3453
  Can now be enabled via built-in plugin kinto.plugins.prometheus in kinto.includes (see settings docs)

Deprecations

• Before, assigning a value to the kinto.statsd_url setting was enough to enable StatsD monitoring. It is now recommended to add kinto.plugins.statsd to the list of enabled plugins in kinto.includes (see settings docs)
• Initialization step kinto.core.initialization.setup_statsd in kinto.initialization_sequence is now deprecated. Use kinto.core.initialization.setup_metrics.

Internals:

• config.registry.statsd is now deprecated. Use config.registry.metrics instead.

Other Changes

• Update code of conduct reference by @emmanuel-ferdman in #3444

New Contributors

• @emmanuel-ferdman made their first contribution in #3444

Full Changelog: 18.1.1...19.2.0

18.1.1

Released on 2024-06-20 - GitHub - PyPI

What's Changed

Bug Fixes

• Fix #3402: Prevent invalid timestamps to reach the database by @leplatrem in #3425

Full Changelog: 18.1.0...18.1.1

18.1.0

Released on 2024-03-19 - GitHub - PyPI

What's Changed

New Features

• Add Python 3.12 support by @leplatrem in #3377

Bug Fixes

• Add request filter if server is configured as readonly by @leplatrem in #3387

Other Changes

• Fixes #3380 - UI asset files not properly copied to container by @alexcottner in #3381
• Adding basic python playwright test by @alexcottner in #3382

Full Changelog: 18.0.0...18.1.0

18.0.0

Released on 2024-02-01 - GitHub - PyPI

What's Changed

Breaking Changes

• When Kinto Admin assets is read from custom folder, we now expect a VERSION file to be present, by @leplatrem in #3376

Bug Fixes

• Fix Docker image build frozen step by @leplatrem in #3372

Full Changelog: 17.0.0...18.0.0

17.0.0

Released on 2024-01-26 - GitHub - PyPI

What's Changed

Breaking Changes

• Decouple kinto-redis from this repository by @leplatrem in #3360
• Do not install dev dependencies in Docker image by @leplatrem in #3369

Dependency Updates

• Bump Kinto Admin to 3.0.1 by @grahamalama in #3351

Other Changes

• Run functional tests on freshly built container by @leplatrem in #3367
• Move community files to .github/ folder by @leplatrem in #3366
• Generate changelog from Github releases by @leplatrem in #3353
• Group all Dependabot pull-requests by @leplatrem in #3308
• Rename master branch to main by @leplatrem in #3355
• Merge Github workflows files into test.yml by @leplatrem in #3362
• Get rid of tox by @leplatrem in #3357
• ShellCheck scripts/ folder by @leplatrem in #3364
• Force labels on pull-requests, and add sections in generated changelog by @leplatrem in #3361
• Switch from setup.cfg/setup.py to pyproject.toml by @leplatrem in #3359

Full Changelog: 16.3.0...17.0.0

16.3.0

Released on 2024-01-15 - GitHub - PyPI

New features

• Add a new kinto.admin_assets_path setting to specify the location on the Admin UI assets.

Internal Changes

• Publish to docker hub on tag (#3329)
• Publish to Pypi on tag (#3328)
• Switch to ruff insteaf of therapist+flake8+black+isort (#3321)
• Upgrade to SQLAlchemy 2 (fixes #3128)

16.2.3

Released on 2023-12-05 - GitHub - PyPI

• Upgraded Kinto Admin to v2.1.1

16.2.2

Released on 2023-11-22 - GitHub - PyPI

Upgrading kinto-admin to v2.1.0.

16.2.1

Released on 2023-09-13 - GitHub - PyPI

Bug fixes

• Keep warning level for server-side logging (#3263)

Note: version 16.2.0 does not exist.

16.1.0

Released on 2023-09-06 - GitHub - PyPI

New features

• Send logging warnings to Sentry, with logging debugs as breadcrumbs. Configure levels with kinto.sentry_breadcrumbs_min_level and kinto.sentry_events_min_level settings (#3262)

16.0.0

Released on 2023-05-30 - GitHub - PyPI

Breaking Changes

• Drop support of Python 3.7 (end-of-life 2023-06-27)

New features

• Add request id to request.summary logs (read from X-Request-Id header and defaults to 16 hex string)

Documentation

• Fix typos on the Concepts page (#3151)

15.1.1

Released on 2023-02-09 - GitHub - PyPI

Bug Fixes

• Use correct import path for SQLAlchemy Sentry integration

15.1.0

Released on 2023-02-09 - GitHub - PyPI

New features

• Enable SQLAlchemy integration for Sentry

Internal Changes

• Force SQLAlchemy version to 1.X

15.0.0

Released on 2023-02-04 - GitHub - PyPI

Breaking Changes

• raven is not installed by default anymore (fixes #3054). Sentry reporting is now enabled via settings (or environment variables).
  In order to migrate from Kinto <14 to Kinto 15, remove the mention of sentry and raven from your logging configuration:

# kinto.ini
[logger_root]
level = INFO
-    handlers = console, sentry
+    handlers = console
[handlers]
-    keys = console, sentry
+    keys = console
-    [handler_sentry]
-    class = raven.handlers.logging.SentryHandler
-    args = ('https://<key>:<secret>@app.getsentry.com/<project>',)
-    level = WARNING
-    formatter = generic

And add the following settings:

    kinto.sentry_dsn = https://userid@o1.ingest.sentry.io/1
    kinto.sentry_env = prod

For more information, see Settings documentation

Documentation

• Fix /batch endpoint documentation about required authentication.

14.8.0

Released on 2022-10-06 - GitHub - PyPI

New Features

• Add Cache-Control response header in root URL endpoint (/v1/) when the instance is configured as read-only.

14.7.2

Released on 2022-04-13 - GitHub - PyPI

Bug Fixes

• Prevents merging of ResourceChanged events if they were triggered from
  events listeners (cascade) (see mozilla/remote-settings#203)

14.7.1

Released on 2022-03-31 - GitHub - PyPI

Bug Fixes

• Include Kinto Admin VERSION file in package

Internal Changes

• Exclude tests from built package

14.7.0

Released on 2022-03-30 - GitHub - PyPI

Internal Changes

• Add alwaysdata Marketplace link. #2957
• Test package description formatting in CI #2951
• Build Kinto Admin from source #2966

Dependabot Updates

• Bump pytest from 6.2.5 to 7.0.0 #2950
• Bump pytest from 7.0.0 to 7.0.1 #2953
• Bump werkzeug from 2.0.2 to 2.0.3 #2954
• Bump python-rapidjson from 1.5 to 1.6 #2956
• Bump waitress from 2.0.0 to 2.1.0 #2962
• Bump sqlalchemy from 1.4.31 to 1.4.32 #2961
• Bump selenium from 4.1.0 to 4.1.2 #2960
• Bump newrelic from 7.4.0.172 to 7.6.0.173 #2959
• Bump pytest from 7.0.1 to 7.1.0 #2965
• Bump selenium from 4.1.2 to 4.1.3 #2964
• Bump pyramid-tm from 2.4 to 2.5 #2963
• Bump waitress from 2.1.0 to 2.1.1 #2968
• Bump pytest from 7.1.0 to 7.1.1 #2967

Kinto Admin

Bug Fixes

• Downgrade to history v4 (Kinto/kinto-admin#2180)
• Fix crash on incorrect auth credentials (Kinto/kinto-admin#2119)

For a complete log of Kinto Admin changes, see v1.31.0...v2.0.0

Full Changelog: 14.6.1...14.7.0

14.6.1

Released on 2022-02-03 - GitHub - PyPI

Bug Fixes

• Fix crash in /permissions endpoint when a setting is misinterpreted as resource permission (e.g. signer.auto_create_resources_principals)

Internal Changes

• Update Dockerfile & docker-compose for faster, usable builds (#2942)
• Add a SECURITY.md file (fixes #2912) (#2918)
• Fix coveralls.io support (#2921)
• Remove duplicated dependencies (#2922)

14.5.0

Released on 2021-10-08 - GitHub - PyPI

New feature

• Add kinto.version_prefix_redirect_ttl_seconds setting in order to send Cache-Control response headers on version prefix redirects (fixes #2874)

14.4.1

Released on 2021-09-20 - GitHub - PyPI

Bug fixes

• Fix bundle of kinto-admin, using same versions of React as upstream package

14.4.0

Released on 2021-09-16 - GitHub - PyPI

Documentation

• Fix "negociation" typo in docs/images/architecture.svg (#2813)

Internal changes

• Replace ujson with rapidjson. (#2677)
• Upgrade kinto-admin to v1.30.2

14.3.0

Released on 2021-06-13 - GitHub - PyPI

Documentation

• Fix documentation about disabling endpoints (#2794)

Internal changes

• Now compatible with Pyramid 2 (#2764)
• Upgrade kinto-admin to v1.30.0

14.2.0

Released on 2021-02-22 - GitHub - PyPI

New feature

• Allow rotation of the user password hmac secret without rotating the default bucket id hmac secret. (#2647)

Documentation

• Upgrade kinto-admin to v1.29.0
• servicedenuages.fr domain is parked, replace links with web.archive.org (#2720)
• Fix broken url in docs (#2692)

Internal changes

• Show diff on failures. (#2723)
• Add GitHub Actions workflows (#2677)

14.1.1

Released on 2020-11-03 - GitHub - PyPI

Bug fixes

• Fix broken Kinto admin (#2646)

Internal Changes

• Upgrade kinto-admin to v1.27.3

14.1.0

Released on 2020-10-27 - GitHub - PyPI

New feature

• Add ability to disable explicit permissions at object level (ref #893). Use kinto.explicit_permissions = false to only rely on inherited permissions (see settings docs)

Internal Changes

• Distinguish readonly errors in storage backend (kinto.core.storage.exceptions.ReadonlyError)
• Upgrade kinto-admin to v1.27.0
• Add support to Python 3.9

14.0.1

Released on 2020-09-09 - GitHub - PyPI

Bug fixes

• Do not break storage implementations (ie. kinto-redis) that rely on json class attribute (removed in v14.0.0)
• Do not return 400 for ?_since=null (fixes #2595)

14.0.0

Released on 2020-09-01 - GitHub - PyPI

Breaking changes

• Drop the strict_json option, and use ultrajson everywhere

Internal Changes

• Upgrade kinto-admin to v1.26.2

13.6.6

Released on 2020-06-26 - GitHub - PyPI

Bug fixes

• Fix messages duplication in logs (#2513)
• Fix resource timestamp unicity (fixes #2472, #602)

Documentation

• Refer to proper terms in glossary (#2486)

13.6.5

Released on 2020-03-31 - GitHub - PyPI

Bug fixes

• Simplify get_objects_permissions query (#2475)

13.6.4

Released on 2020-03-29 - GitHub - PyPI

Security fix

• Fix permission checking with POST on plural endpoints (fixes #2459)

Bug fixes

• Apply CORS headers to EOL responses (#2452)

Internal Changes

• Remove auth parameter from postgresql/memory storage backends
• Removed pytest-sugar

13.6.3

Released on 2020-01-30 - GitHub - PyPI

Bug fixes

• History entries datetimes now carry timezone information
• Fix kinto init command (#2375)
• Fix float strings parsing in certain URL query parameters. (#2392)

Internal Changes

• Upgrade kinto-admin to v1.26.1
• Drop auth parameter from storage backend methods.

13.6.2

Released on 2019-11-04 - GitHub - PyPI

Bug fixes

• Second attempt at fixing loading of Kinto Admin (#2322)

13.6.1

Released on 2019-10-31 - GitHub - PyPI

Bug fixes

• Fix loading of Kinto Admin (#2320)

13.6.0

Released on 2019-10-24 - GitHub - PyPI

New Features

• Add Content-Security-Policy header and report URI (fixes #2303)

Internal Changes

• Use package-lock file for Kinto Admin packaging
• Use isort for formatting imports (Fixes #2270)
• Upgrade kinto-admin to v1.25.2

13.5.0

Released on 2019-09-26 - GitHub - PyPI

Internal changes

• Add a warning when using the accounts plugin with the memory backend. (fixes #2258)
• Upgrade kinto-admin to v1.25.1

13.4.0

Released on 2019-09-12 - GitHub - PyPI

Internal changes

• Upgrade kinto-admin to v1.25.0

13.3.0

Released on 2019-08-15 - GitHub - PyPI

Bug fixes

• Prevent password to be modified on modification of accounts metadata (fixes #2058)
• Fix unexpected exception in /__version__ endpoint
• Add Content-Type to default_cors_headers (refs #2220)
• Fix crash with non-allowed requests on __user_data__ (fixes #2063)
• Fix multiple event listeners on READ action (fixes #1755)

New features

• Allow StatsD counter to be incremented by an arbitrary number

13.2.2

Released on 2019-07-04 - GitHub - PyPI

Bug fixes

• Fix apparence of Admin notifications (fixes #2191)

13.2.1

Released on 2019-06-25 - GitHub - PyPI

Internal changes

• Upgrade kinto-admin to v1.24.1

13.2.0

Released on 2019-06-18 - GitHub - PyPI

Internal changes

• Upgrade kinto-admin to v1.24.0

13.1.1

Released on 2019-05-23 - GitHub - PyPI

Bug fixes

• Fix cache heartbeat test (fixes #2107)
• Fix support of sqlalchemy.pool.NullPool for PostgreSQL backends.
  The default pool_size of 25 is maintained on the default pool class
  (QueuePoolWithMaxBacklog). When using custom connection pools, please
  refer to SQLAlchemy documentation for default values.

Internal changes

• Remove dependency to kinto-redis in core tests

13.1.0

Released on 2019-03-21 - GitHub - PyPI

New features

• Expose the user_profile in the user field of the hello page. (#1989)
• Add an "account validation" option to the accounts plugin. (#1973)
• Add a validate endpoint at /accounts/{user id}/validate/{validation key} which can be used to validate an account when the account
  validation option is enabled on the accounts plugin.
• Add a reset-password endpoint at /accounts/(user id)/reset-password which can be used to reset a user's password when the account validation option is enabled on the accounts plugin.

Bug fixes

• Fixed two potential bugs relating to mutable default values.
• Fix crash on validating records with errors in arrays (#1508)
• Fix crash on deleting multiple accounts (#2009)

Documentation

• Fixed spelling and Filtering docs

Internal changes

• Use setup.cfg for package metadata (ref #1921)

API is now at version 1.22. See API changelog

13.0.1

Released on 2019-01-29 - GitHub - PyPI

Bug fixes

• Loosen up the Content-Security policies in the Kinto Admin plugin to prevent Webpack inline script to be rejected (fixes #2000)

12.0.2

Released on 2019-01-25 - GitHub - PyPI

Bug fixes

• security: Fix a pagination bug in the PostgreSQL backend that could leak records between collections

13.0.0

Released on 2019-01-25 - GitHub - PyPI

New features

• Expose the user_profile in the user field of the hello page with OpenID authentication (#1989)

Breaking changes

• Update Kinto OpenID plugin to redirect with a base64 JSON encoded token. (#1988).
  This will work with kinto-admin 1.23

Bug fixes

• security: Fix a pagination bug in the PostgreSQL backend that could leak records between collections

Internal changes

• Upgrade kinto-admin to v1.23.0

12.0.1

Released on 2019-01-21 - GitHub - PyPI

Bug Fixes

• Fix bumping of tombstones timestamps when deleting objects in PostgreSQL storage backend (fixes #1981)
• Fix ETag header in responses of DELETE on plural endpoints (ref #1981)

12.0.0

Released on 2019-01-11 - GitHub - PyPI

Breaking changes

• Remove Python 3.5 support and upgrade to Python 3.6. (#1886)
• Remove record from UnicityError class (#1919). This enabled us to fix #1545.
• Storage backend API has changed, notions of collection and records were replaced
  by the generic terms resource and object. Plugins that subclass the internal
  ShareableResource class may also break.
• GET requests no longer include the Total-Records header. To get a count in a collection
  you need to do a HEAD request. And the new header name is Total-Objects. (#1624)
• Remove the UserResource class. And ShareableResource is now deprecated in
  favor of Resource.
• Removed kinto.core.utils.parse_resource(). Use kinto.core.utils.view_lookup_registry() instead (#1828)
• Remove the delete-collection command (#1959)

API is now at version 1.21. See API changelog.

New features

• Add a user-data endpoint at /__user_data__/ which can be used to delete all data
  associated with a principal. This might be helpful for pursuing GDPR
  compliance, for instance. (Fixes #442.)

Bug Fixes

• Like query now returns 400 when a non string value is used. (#1899)
• Record ID is validated if explicitly mentioned in the collection schema (#1942)
• The Memory permission backend implementation of remove_principal
  is now less generous with what it removes (#1955).

Documentation

• Change PostgreSQL backend URLs to be postgresql:// instead of the deprecated postgres://

Internal changes

• Remove depreciation warning for mapping (#1904)
• Fix depreciated warn method (#1903)
• Use f-string instead of % or format operators. (#1886)
• Ignore admin plugin node_modules folder while running black (#1902)
• Remove regexp py36 warnings. (#1907)
• Changed psycopg2 dependency for psycopg2-binary. (#1905)
• Renamed core notions (ie. record and collection) (#710)
• JSON Schema validation is optimized by keeping instances of validator cached. (#1807)

11.2.1

Released on 2018-12-10 - GitHub - PyPI

• Still supports jsonschema 2.6 before 3.0 is released as a production release. (#1923)

11.2.0

Released on 2018-11-29 - GitHub - PyPI

New features

• Return a 500 Internal Error on __version__ instead of 404 if the version file
  cannot be found (fixes #1841)

Bug fixes

• Fix the http_api_version exposed in the /v1/ endpoint. The
  version 1.20 was getting parsed as a number 1.2.
• Fix record:create not taken into account from settings. (fixes #1813)

Internal changes

• Build the admin on the CI. (#1857)
• Migrate JSON Hyper-Schema to Draft-07 (#1808)

Documentation

• Add documentation on troubleshooting Auth0 multiauth issue. (#1889)

11.1.0

Released on 2018-10-25 - GitHub - PyPI

New features

• Add ability to configure the project_name in settings, shown in the root URL (fixes #1809)
• Use . as bucket/collection separator in cache control settings (fixes #1815)

Bug fixes

• Fix missing favicon and inline images in kinto-admin plugin

Internal changes

• Use mock from the standard library.
• Blackify the whole code base (#1799, huge thanks to @Cnidarias for this!)
• Upgrade kinto-admin to v1.22

11.0.0

Released on 2018-10-09 - GitHub - PyPI

Breaking changes

• The basicauth policy is not used by default anymore (#1736)

If your application relies on this specific behaviour, you now have to add explicitly settings:

    multiauth.policies = basicauth

But it is recommended to use other authentication policies like the OpenID Connect or the accounts plugin instead.

    # Enable plugin.
    kinto.includes = kinto.plugins.accounts

    # Enable authenticated policy.
    multiauth.policies = account
    multiauth.policy.account.use = kinto.plugins.accounts.AccountsPolicy

    # Allow anyone to create their own account.
    kinto.account_create_principals = system.Everyone

You will find more details the authentication settings section of the documentation

Bug fixes

• Fix crash when querystring filter contains NUL (0x00) character (fixes #1704)
• Many bugs were fixed in the Kinto Admin UI (see v1.21.0)

Documentation

• Huge refactor of documentation about authentication (#1736)

Internal changes

• Upgrade kinto-admin to v1.21.0
• Deprecate assertEquals and use assertEqual (fixes #1780)
• Set schema to an instance instead of class (fixes #1781)
• Fix DeprecationWarning for unrecognized backslash escapes (#1758)

10.1.2

Released on 2018-10-03 - GitHub - PyPI

Bug fixes

• Fix OpenID login in Kinto-Admin (Kinto/kinto-admin#641)

Internal changes

• Upgrade kinto-admin to v1.20.2

10.1.1

Released on 2018-09-21 - GitHub - PyPI

Bug fixes

• Fix for adding extra OpenId providers (fixes #1509)
• Change the meaning of event.payload["timestamp"]. Previously it
  was @reifyd, which meant that it was calculated from before
  whatever thing triggered the event. Now we use a "fresh"
  timestamp. (Fixes #1469.)

10.1.0

Released on 2018-09-17 - GitHub - PyPI

Bug fixes

• Deleting a collection doesn't delete access_control_entrries for its children (fixes #1647)

New features

• The registry now has a "command" attribute during one-off commands
  such as kinto migrate. This can be useful for plugins that want
  to behave differently during a migration, for instance. (#1762)

10.0.0

Released on 2018-09-03 - GitHub - PyPI

10.0.0 (2018-08-16)

Breaking changes

• kinto.core.events.get_resource_events now returns a generator
  rather than a list.

New features

• Include Python 3.7 support.
• kinto.core.events.notify_resource_event now supports
  resource_name and resource_data. These are useful when
  emitting events from one view "as though" they came from another
  view.
• Resource events can now trigger other resource events, which are
  handled correctly. This might be handy if one resource wants to
  simulate events on another "virtual" resource, as in kinto-changes.

Bug fixes

• Raise a configuration error if the kinto.plugin.accounts is included without being enabled in policies.
  Without this kinto-admin would present a confusing login experience (fixes #1734).

Internal changes

• Upgrade kinto-admin to v1.20.0

9.2.3

Released on 2018-07-05 - GitHub - PyPI

Internal changes

• Upgrade to kinto-admin v1.19.2

9.2.2

Released on 2018-06-28 - GitHub - PyPI

Internal changes

• Upgrade to kinto-admin v1.19.1

9.2.1

Released on 2018-06-26 - GitHub - PyPI

Bug fixes

• Fixed bug where unresolved JSON pointers would crash server (fixes #1685)

Internal changes

• Update the Dockerfile with the new kinto --cache-backend option. (#1686)
• Upgrade to kinto-admin v1.19.0

9.2.0

Released on 2018-06-07 - GitHub - PyPI

API

• JSON schemas can now be defined in the bucket metadata and will apply to every
  underlying collection, group or record (fixes #1555)

API is now at version 1.20. See API changelog

New features

• Kinto Admin plugin now supports OpenID Connect
• Limit network requests to current domain in Kinto Admin using Content-Security Policies <https://hacks.mozilla.org/2016/02/implementing-content-security-policy/>_
• Prompt for cache backend type in kinto init (#1653)
• kinto.core.utils now has new features route_path_registry and
  instance_uri_registry, suitable for use when you don't
  necessarily have a request object around. The existing functions
  will remain in place.
• openid plugin will carry prompt=none querystring parameter if appended
  to authorize endpoint.

Internal changes

• Upgrade to kinto-admin v1.18.0

9.1.2

Released on 2018-05-31 - GitHub - PyPI

Security fix

• OpenID plugin used the same cache key for every access-token (fixes #1660)

9.1.1

Released on 2018-05-23 - GitHub - PyPI

Internal changes

• Correct spelling of GitHub.
• Upgrade to kinto-admin v1.17.2

9.1.0

Released on 2018-05-21 - GitHub - PyPI

API

• Batch endpoint now checks for and aborts any parent request if subrequest encounters 409 constraint violation (fixes #1569)

Bug fixes

• Fix a bug where you could not reach the last records via Next-Header when deleting with pagination (fixes #1170)
• Slight optimizations on the get_all query in the Postgres
  storage backend which should make it faster for result sets that
  have a lot of records (#1622). This is the first change meant to
  address #1507, though more can still be done.
• Fix a bug where the batch route accepted all content-types (fixes #1529)

Internal changes

• Upgrage to kinto-admin v1.17.1

9.0.0

Released on 2018-04-26 - GitHub - PyPI

API

• Introduce contains and contains_any filter operators (fixes #343).

API is now at version 1.19. See API changelog.

Breaking changes

• The storage class now exposes bump_timestamp() and bump_and_store_timestamp() methods
  so that memory based storage backends can use them. (#1596)

Internal changes

• Authentication policies can now hard code and override the name specified in settings

Documentation

• Version number is taken from package in order to ease release process (#1594)
• Copyright year is now dynamic (#1595)

Internal changes

• Upgrade the kinto-admin UI to 1.17.0

8.2.3

Released on 2018-04-06 - GitHub - PyPI

Security fix

• Validate the account user password even when the session is cached (fixes #1583).
  Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.

8.3.0

Released on 2018-04-06 - GitHub - PyPI

Security fix

• Validate the account user password even when the session is cached (fixes #1583).
  Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.

New features

• Add bucket and account creation permissions in the permissions endpoint (fixes #1510)

Bug fixes

• Reduce the OpenID state string length to fit in the PostgreSQL cache backend (fixes #1566)

Documentation

• Improve OpenID settings and API documentation

Internal Changes

• Now fully rely on Pyup.io (or contributors) to update the versions in the requirements.txt file (fixes #1512)
• Move from importing pip to running it in a subprocess (see pypa/pip#5081).
• Remove useless print when using the OpenID policy (ref #1509)
• Try to recover from the race condition where two requests can delete the same record. (Fix #1557; refs #1407.)

8.2.2

Released on 2018-03-28 - GitHub - PyPI

Internal changes

• Fix kinto-admin dependency error in 8.2.1 to actually really upgrade it to 1.15.1

8.2.1

Released on 2018-03-28 - GitHub - PyPI

Internal changes

• Upgraded the kinto-admin to version 1.15.1
• Upgraded newrelic to 2.106.1.88

8.2.0

Released on 2018-03-01 - GitHub - PyPI

New features

• Add Openid connect support (#939, #1425). See demo
• Account plugin now caches authentication verification (#1413)

Bug fixes

• Fix missing principals from user info in root URL when default bucket plugin is enabled (fixes #1495)
• Fix crash in Postgresql when the value of url param is empty (fixes #1305)

Internal changes

• Upgraded the kinto-admin to version 1.15.0

8.1.5

Released on 2018-02-09 - GitHub - PyPI

Bug fixes

• Restore "look before you leap" behavior in the Postgres storage
  backend create() method to check whether a record exists before
  running the INSERT query (#1487). This check is "optimistic" in the sense
  that we can still fail to INSERT after the check succeeded, but it
  can reduce write load in configurations where there are a lot of
  create()s (i.e. when using the default_bucket plugin).

8.1.4

Released on 2018-01-31 - GitHub - PyPI

Bug fixes

• Allow inherited resources to set a custom model instance before instantiating (fixes #1472)
• Fix collection timestamp retrieval when the stack is configured as readonly (fixes #1474)

8.1.3

Released on 2018-01-26 - GitHub - PyPI

Bug fixes

• Optimize the PostgreSQL permission backend's
  delete_object_permissions function in the case where we are only
  matching one object_id (or object_id prefix).

8.1.2

Released on 2018-01-24 - GitHub - PyPI

Bug fixes

• Flushing a server no longer breaks migration of the storage backend
  (#1460). If you have ever flushed a server in the past, migration
  may be broken. This version of Kinto tries to guess what version of
  the schema you're running, but may guess wrong. See
  https://github.com/Kinto/kinto/wiki/Schema-versions for some
  additional information.

Internal changes

• We now allow migration of the permission backend's schema.

Operational concerns

• The schema for the Postgres permission backend has changed. This
  changes another ID column to use the "C" collation, which should
  speed up the delete_object_permissions query when deleting a
  bucket.

8.1.1

Released on 2018-01-18 - GitHub - PyPI

Operational concerns

• The schema for the Postgres storage backend has changed. This
  changes some more ID columns to use the "C" collation, which fixes a
  bug where the bump_timestamps trigger was very slow.

8.1.0

Released on 2018-01-09 - GitHub - PyPI

Internal changes

• Update the Docker compose configuration to use memcache for the cache backend (#1405)
• Refactor the way postgresql.storage.create_from_settings ignores settings (#1410)

Operational concerns

• The schema for the Postgres storage backend has changed. This
  changes some ID columns to use the "C" collation, which will make
  delete_all queries faster. (See
  e.g. https://www.postgresql.org/docs/9.6/static/indexes-opclass.html,
  which says "If you do use the C locale, you do not need the
  xxx_pattern_ops operator classes, because an index with the default
  operator class is usable for pattern-matching queries in the C
  locale.") This may change the default sort order and grouping of
  record IDs.

New features

• New setting kinto.backoff_percentage to only set the backoff header a portion of the time.
• make tdd allows development in a TDD style by rerunning tests every time a file is changed.

Bug fixes

• Optimize the Postgres collection_timestamp method by one query. It
  now only makes two queries instead of three.
• Update other dependencies: newrelic to 2.98.0.81 (#1409), setuptools
  to 38.4.0 (#1411, #1429, #1438, #1440), pytest to 3.3.2 (#1412,
  #1437), raven to 6.4.0 (#1421), werkzeug to 0.14.1 (#1418, #1434),
  python-memcached to 1.59 (#1423), zest.releaser to 6.13.3 (#1427),
  bravado_core to 4.11.2 (#1426, #1441), statsd to 3.2.2 (#1422),
  jsonpatch to 1.21 (#1432), sqlalchemy to 1.2.0 (#1430), sphinx to
  1.6.6 (#1442).

7.6.5

Released on 2018-01-09 - GitHub - PyPI

Internal changes

• Introduce an experimental setting,
  experimental_disable_purge_deleted, which can be used to try to
  diagnose excessive CPU usage in production.

7.6.4

Released on 2017-12-07 - GitHub - PyPI

Internal changes

• Remove the FOR UPDATE locking from the delete_all query, on the
  off chance that it's somehow related to the increased CPU
  utilization we're seeing.

7.6.3

Released on 2017-12-06 - GitHub - PyPI

Internal changes

• Optimize the Postgres collection_timestamp method by one query. It
  now only makes two queries instead of three.

8.0.0

Released on 2017-11-29 - GitHub - PyPI

Breaking changes

• Storage backends no longer support the ignore_conflict
  argument (#1401). Instead of using this argument, consider catching the
  UnicityError and handling it. ignore_conflict was only ever
  used in one place, in the default_bucket plugin, and was
  eventually backed out in favor of catching and handling a
  UnicityError.

Bug fixes

• Fix a TOCTOU bug in the Postgres storage backend where a transaction
  doing a create() would fail because a row had been inserted after
  the transaction had checked for it (#1376).