Changelog

23.0.2

Released on 2025-05-20 - GitHub - PyPI

What's Changed

Bug Fixes

Full Changelog: 23.0.1...23.0.2

23.0.1

Released on 2025-05-15 - GitHub - PyPI

What's Changed

Bug Fixes

Full Changelog: 23.0.0...23.0.1

23.0.0

Released on 2025-05-09 - GitHub - PyPI

What's Changed

Breaking Changes

  • Remove status from request_size and request_duration_seconds labels by @leplatrem in #3541
  • Downsize the Prometheus histograms to 8 buckets (#3544)

Bug Fixes

New Features

  • Fixes #3533: Add ability to disable certain default metrics and adjust buckets by @leplatrem in #3544

Full Changelog: 22.0.0...23.0.0

22.0.0

Released on 2025-05-06 - GitHub - PyPI

What's Changed

Breaking Changes

Full Changelog: 21.1.1...22.0.0

21.1.1

Released on 2025-04-23 - GitHub - PyPI

What's Changed

Bug Fixes

  • Prevent random values to become metrics labels values by @leplatrem in #3534

Full Changelog: 21.1.0...21.1.1

21.1.0

Released on 2025-04-23 - GitHub - PyPI

What's Changed

New Features

Full Changelog: 21.0.0...21.1.0

21.0.0

Released on 2025-04-22 - GitHub - PyPI

What's Changed

Breaking Changes

  • Prometheus metrics design was changed by @leplatrem in #3528
    • No more view count (use request_summary instead)
    • Endpoint is now the route name instead of the URL
    • Metrics names are now fixed and all variables are now labels
  • Use Prometheus histograms for timers (instead of Summary) by @leplatrem in #3529

Full Changelog: 20.6.1...21.0.0

20.6.1

Released on 2025-04-15 - GitHub - PyPI

What's Changed

Bug Fixes

Full Changelog: 20.6.0...20.6.1

20.6.0

Released on 2025-04-14 - GitHub - PyPI

What's Changed

New Features

Full Changelog: 20.5.0...20.6.0

20.5.0

Released on 2025-04-11 - GitHub - PyPI

What's Changed

New Features

Full Changelog: 20.4.0...20.5.0

20.4.0

Released on 2025-04-08 - GitHub - PyPI

What's Changed

New Features

  • Ref #3515: log more about history trim and expose more settings in root URL by @leplatrem in #3522

Dependency Updates

  • Update Kinto Admin version to 3.7.1 by @github-actions in #3521

Full Changelog: 20.3.0...20.4.0

20.3.0

Released on 2025-04-02 - GitHub - PyPI

What's Changed

Bug Fixes

New Features

Full Changelog: 20.2.0...20.3.0

20.2.0

Released on 2025-04-01 - GitHub - PyPI

What's Changed

New Features

  • Add storage method to fetch all timestamps in one query by @leplatrem in #3518

Dependency Updates

  • Update Kinto Admin version to 3.7.0 by @github-actions in #3513

Full Changelog: 20.1.0...20.2.0

20.1.0

Released on 2025-03-11 - GitHub - PyPI

What's Changed

New Features

  • Add ability to log request ID to all output messages by @leplatrem in #3510

Change your logging config to:

 [handler_consoler]
-class = StreamHandler
+class = kinto.core.StreamHandlerWithRequestID

Or, via code:

from dockerflow import logging as dockerflow_logging

handler = MyLogHandler()
filter_ = dockerflow_logging.RequestIdLogFilter()
handler.addFilter(filter_)

Full Changelog: 20.0.0...20.1.0

20.0.0

Released on 2025-03-05 - GitHub - PyPI

What's Changed

Breaking Changes

Documentation

Dependency Updates

  • Update Kinto Admin version to 3.6.0 by @github-actions in #3501

Upgrade Instructions

kinto.plugins.quotas

If you were using this plugin, you would have to copy its code from previous version and make sure the module is available in the PYTHONPATH.
For example:

$ git clone git@github.com:Kinto/kinto.git
$ cd kinto/
$ git checkout 19.6.0
$ cp -R kinto/plugins/quotas /app/kinto_quotas

And refer to the folder in your config:

kinto.includes = ...
                 /app/kinto_quotas

Accounts Emailing Features

If you were using these features, you would have to run (and maintain) your own fork of Kinto 😢

Default StatsD metrics

The kinto.plugins.statsd plugin now has to be included explicitly in the kinto.includes config.

Full Changelog: 19.6.0...20.0.0

19.6.0

Released on 2025-02-19 - GitHub - PyPI

What's Changed

Documentation

Dependency Updates

Full Changelog: 19.5.0...19.6.0

19.5.0

Released on 2025-02-12 - GitHub - PyPI

What's Changed

Bug Fixes

New Features

Dependency Updates

  • Update Kinto Admin version to 3.5.1 by @github-actions in #3494

Other Changes

New Contributors

  • @cbguder made their first contribution in #3490
  • @github-actions made their first contribution in #3494

Full Changelog: 19.4.0...19.5.0

19.4.0

Released on 2025-01-16 - GitHub - PyPI

What's Changed

New Features

Full Changelog: 19.3.2...19.4.0

19.3.2

Released on 2025-01-14 - GitHub - PyPI

What's Changed

Bug Fixes

  • Adjusting CORS logic to return the first match instead of sent Origin by @alexcottner in #3471

Full Changelog: 19.3.1...19.3.2

19.3.1

Released on 2024-12-11 - GitHub - PyPI

What's Changed

Bug Fixes

Full Changelog: 19.3.0...19.3.1

19.3.0

Released on 2024-11-04 - GitHub - PyPI

What's Changed

New Features

  • Improve metrics API to support multiple key/value labels by @leplatrem in #3459
  • Registry a no-op metrics service by default by @leplatrem in #3460
  • Observe metrics request summary, size, and duration with labels by @leplatrem in #3461

Internal Changes

Dependency Updates

Full Changelog: 19.2.0...19.3.0

19.2.0

Released on 2024-10-16 - GitHub - PyPI

What's Changed

New Features

Deprecations

  • Before, assigning a value to the kinto.statsd_url setting was enough to enable StatsD monitoring. It is now recommended to add kinto.plugins.statsd to the list of enabled plugins in kinto.includes (see settings docs)
  • Initialization step kinto.core.initialization.setup_statsd in kinto.initialization_sequence is now deprecated. Use kinto.core.initialization.setup_metrics.

Internals:

  • config.registry.statsd is now deprecated. Use config.registry.metrics instead.

Other Changes

New Contributors

Full Changelog: 18.1.1...19.2.0

18.1.1

Released on 2024-06-20 - GitHub - PyPI

What's Changed

Bug Fixes

Full Changelog: 18.1.0...18.1.1

18.1.0

Released on 2024-03-19 - GitHub - PyPI

What's Changed

New Features

Bug Fixes

  • Add request filter if server is configured as readonly by @leplatrem in #3387

Other Changes

Full Changelog: 18.0.0...18.1.0

18.0.0

Released on 2024-02-01 - GitHub - PyPI

What's Changed

Breaking Changes

  • When Kinto Admin assets is read from custom folder, we now expect a VERSION file to be present, by @leplatrem in #3376

Bug Fixes

Full Changelog: 17.0.0...18.0.0

17.0.0

Released on 2024-01-26 - GitHub - PyPI

What's Changed

Breaking Changes

Dependency Updates

Other Changes

Full Changelog: 16.3.0...17.0.0

16.3.0

Released on 2024-01-15 - GitHub - PyPI

New features

  • Add a new kinto.admin_assets_path setting to specify the location on the Admin UI assets.

Internal Changes

  • Publish to docker hub on tag (#3329)
  • Publish to Pypi on tag (#3328)
  • Switch to ruff insteaf of therapist+flake8+black+isort (#3321)
  • Upgrade to SQLAlchemy 2 (fixes #3128)

16.2.3

Released on 2023-12-05 - GitHub - PyPI

  • Upgraded Kinto Admin to v2.1.1

16.2.2

Released on 2023-11-22 - GitHub - PyPI

Upgrading kinto-admin to v2.1.0.

16.2.1

Released on 2023-09-13 - GitHub - PyPI

Bug fixes

  • Keep warning level for server-side logging (#3263)

Note: version 16.2.0 does not exist.

16.1.0

Released on 2023-09-06 - GitHub - PyPI

New features

  • Send logging warnings to Sentry, with logging debugs as breadcrumbs. Configure levels with kinto.sentry_breadcrumbs_min_level and kinto.sentry_events_min_level settings (#3262)

16.0.0

Released on 2023-05-30 - GitHub - PyPI

Breaking Changes

  • Drop support of Python 3.7 (end-of-life 2023-06-27)

New features

  • Add request id to request.summary logs (read from X-Request-Id header and defaults to 16 hex string)

Documentation

  • Fix typos on the Concepts page (#3151)

15.1.1

Released on 2023-02-09 - GitHub - PyPI

Bug Fixes

  • Use correct import path for SQLAlchemy Sentry integration

15.1.0

Released on 2023-02-09 - GitHub - PyPI

New features

  • Enable SQLAlchemy integration for Sentry

Internal Changes

  • Force SQLAlchemy version to 1.X

15.0.0

Released on 2023-02-04 - GitHub - PyPI

Breaking Changes

  • raven is not installed by default anymore (fixes #3054). Sentry reporting is now enabled via settings (or environment variables).
    In order to migrate from Kinto <14 to Kinto 15, remove the mention of sentry and raven from your logging configuration:
# kinto.ini
[logger_root]
level = INFO
-    handlers = console, sentry
+    handlers = console
[handlers]
-    keys = console, sentry
+    keys = console
-    [handler_sentry]
-    class = raven.handlers.logging.SentryHandler
-    args = ('https://<key>:<secret>@app.getsentry.com/<project>',)
-    level = WARNING
-    formatter = generic

And add the following settings:

    kinto.sentry_dsn = https://userid@o1.ingest.sentry.io/1
    kinto.sentry_env = prod

For more information, see Settings documentation

Documentation

  • Fix /batch endpoint documentation about required authentication.

14.8.0

Released on 2022-10-06 - GitHub - PyPI

New Features

  • Add Cache-Control response header in root URL endpoint (/v1/) when the instance is configured as read-only.

14.7.2

Released on 2022-04-13 - GitHub - PyPI

Bug Fixes

14.7.1

Released on 2022-03-31 - GitHub - PyPI

Bug Fixes

  • Include Kinto Admin VERSION file in package

Internal Changes

  • Exclude tests from built package

14.7.0

Released on 2022-03-30 - GitHub - PyPI

Internal Changes

  • Add alwaysdata Marketplace link. #2957
  • Test package description formatting in CI #2951
  • Build Kinto Admin from source #2966
Dependabot Updates
  • Bump pytest from 6.2.5 to 7.0.0 #2950
  • Bump pytest from 7.0.0 to 7.0.1 #2953
  • Bump werkzeug from 2.0.2 to 2.0.3 #2954
  • Bump python-rapidjson from 1.5 to 1.6 #2956
  • Bump waitress from 2.0.0 to 2.1.0 #2962
  • Bump sqlalchemy from 1.4.31 to 1.4.32 #2961
  • Bump selenium from 4.1.0 to 4.1.2 #2960
  • Bump newrelic from 7.4.0.172 to 7.6.0.173 #2959
  • Bump pytest from 7.0.1 to 7.1.0 #2965
  • Bump selenium from 4.1.2 to 4.1.3 #2964
  • Bump pyramid-tm from 2.4 to 2.5 #2963
  • Bump waitress from 2.1.0 to 2.1.1 #2968
  • Bump pytest from 7.1.0 to 7.1.1 #2967

Kinto Admin

Bug Fixes

For a complete log of Kinto Admin changes, see v1.31.0...v2.0.0

Full Changelog: 14.6.1...14.7.0

14.6.1

Released on 2022-02-03 - GitHub - PyPI

Bug Fixes

  • Fix crash in /permissions endpoint when a setting is misinterpreted as resource permission (e.g. signer.auto_create_resources_principals)

Internal Changes

  • Update Dockerfile & docker-compose for faster, usable builds (#2942)
  • Add a SECURITY.md file (fixes #2912) (#2918)
  • Fix coveralls.io support (#2921)
  • Remove duplicated dependencies (#2922)

14.5.0

Released on 2021-10-08 - GitHub - PyPI

New feature

  • Add kinto.version_prefix_redirect_ttl_seconds setting in order to send Cache-Control response headers on version prefix redirects (fixes #2874)

14.4.1

Released on 2021-09-20 - GitHub - PyPI

Bug fixes

  • Fix bundle of kinto-admin, using same versions of React as upstream package

14.4.0

Released on 2021-09-16 - GitHub - PyPI

Documentation

  • Fix "negociation" typo in docs/images/architecture.svg (#2813)

Internal changes

  • Replace ujson with rapidjson. (#2677)
  • Upgrade kinto-admin to v1.30.2

14.3.0

Released on 2021-06-13 - GitHub - PyPI

Documentation

  • Fix documentation about disabling endpoints (#2794)

Internal changes

  • Now compatible with Pyramid 2 (#2764)
  • Upgrade kinto-admin to v1.30.0

14.2.0

Released on 2021-02-22 - GitHub - PyPI

New feature

  • Allow rotation of the user password hmac secret without rotating the default bucket id hmac secret. (#2647)

Documentation

  • Upgrade kinto-admin to v1.29.0
  • servicedenuages.fr domain is parked, replace links with web.archive.org (#2720)
  • Fix broken url in docs (#2692)

Internal changes

  • Show diff on failures. (#2723)
  • Add GitHub Actions workflows (#2677)

14.1.1

Released on 2020-11-03 - GitHub - PyPI

Bug fixes

  • Fix broken Kinto admin (#2646)

Internal Changes

  • Upgrade kinto-admin to v1.27.3

14.1.0

Released on 2020-10-27 - GitHub - PyPI

New feature

  • Add ability to disable explicit permissions at object level (ref #893). Use kinto.explicit_permissions = false to only rely on inherited permissions (see settings docs)

Internal Changes

  • Distinguish readonly errors in storage backend (kinto.core.storage.exceptions.ReadonlyError)
  • Upgrade kinto-admin to v1.27.0
  • Add support to Python 3.9

14.0.1

Released on 2020-09-09 - GitHub - PyPI

Bug fixes

  • Do not break storage implementations (ie. kinto-redis) that rely on json class attribute (removed in v14.0.0)
  • Do not return 400 for ?_since=null (fixes #2595)

14.0.0

Released on 2020-09-01 - GitHub - PyPI

Breaking changes

  • Drop the strict_json option, and use ultrajson everywhere

Internal Changes

  • Upgrade kinto-admin to v1.26.2

13.6.6

Released on 2020-06-26 - GitHub - PyPI

Bug fixes

  • Fix messages duplication in logs (#2513)
  • Fix resource timestamp unicity (fixes #2472, #602)

Documentation

  • Refer to proper terms in glossary (#2486)

13.6.5

Released on 2020-03-31 - GitHub - PyPI

Bug fixes

  • Simplify get_objects_permissions query (#2475)

13.6.4

Released on 2020-03-29 - GitHub - PyPI

Security fix

  • Fix permission checking with POST on plural endpoints (fixes #2459)

Bug fixes

  • Apply CORS headers to EOL responses (#2452)

Internal Changes

  • Remove auth parameter from postgresql/memory storage backends
  • Removed pytest-sugar

13.6.3

Released on 2020-01-30 - GitHub - PyPI

Bug fixes

  • History entries datetimes now carry timezone information
  • Fix kinto init command (#2375)
  • Fix float strings parsing in certain URL query parameters. (#2392)

Internal Changes

  • Upgrade kinto-admin to v1.26.1
  • Drop auth parameter from storage backend methods.

13.6.2

Released on 2019-11-04 - GitHub - PyPI

Bug fixes

  • Second attempt at fixing loading of Kinto Admin (#2322)

13.6.1

Released on 2019-10-31 - GitHub - PyPI

Bug fixes

  • Fix loading of Kinto Admin (#2320)

13.6.0

Released on 2019-10-24 - GitHub - PyPI

New Features

  • Add Content-Security-Policy header and report URI (fixes #2303)

Internal Changes

  • Use package-lock file for Kinto Admin packaging
  • Use isort for formatting imports (Fixes #2270)
  • Upgrade kinto-admin to v1.25.2

13.5.0

Released on 2019-09-26 - GitHub - PyPI

Internal changes

  • Add a warning when using the accounts plugin with the memory backend. (fixes #2258)
  • Upgrade kinto-admin to v1.25.1

13.4.0

Released on 2019-09-12 - GitHub - PyPI

Internal changes

  • Upgrade kinto-admin to v1.25.0

13.3.0

Released on 2019-08-15 - GitHub - PyPI

Bug fixes

  • Prevent password to be modified on modification of accounts metadata (fixes #2058)
  • Fix unexpected exception in /__version__ endpoint
  • Add Content-Type to default_cors_headers (refs #2220)
  • Fix crash with non-allowed requests on __user_data__ (fixes #2063)
  • Fix multiple event listeners on READ action (fixes #1755)

New features

  • Allow StatsD counter to be incremented by an arbitrary number

13.2.2

Released on 2019-07-04 - GitHub - PyPI

Bug fixes

  • Fix apparence of Admin notifications (fixes #2191)

13.2.1

Released on 2019-06-25 - GitHub - PyPI

Internal changes

  • Upgrade kinto-admin to v1.24.1

13.2.0

Released on 2019-06-18 - GitHub - PyPI

Internal changes

13.1.1

Released on 2019-05-23 - GitHub - PyPI

Bug fixes

  • Fix cache heartbeat test (fixes #2107)
  • Fix support of sqlalchemy.pool.NullPool for PostgreSQL backends.
    The default pool_size of 25 is maintained on the default pool class
    (QueuePoolWithMaxBacklog). When using custom connection pools, please
    refer to SQLAlchemy documentation for default values.

Internal changes

  • Remove dependency to kinto-redis in core tests

13.1.0

Released on 2019-03-21 - GitHub - PyPI

New features

  • Expose the user_profile in the user field of the hello page. (#1989)
  • Add an "account validation" option to the accounts plugin. (#1973)
  • Add a validate endpoint at /accounts/{user id}/validate/{validation key} which can be used to validate an account when the account
    validation
    option is enabled on the accounts plugin.
  • Add a reset-password endpoint at /accounts/(user id)/reset-password which can be used to reset a user's password when the account validation option is enabled on the accounts plugin.

Bug fixes

  • Fixed two potential bugs relating to mutable default values.
  • Fix crash on validating records with errors in arrays (#1508)
  • Fix crash on deleting multiple accounts (#2009)

Documentation

  • Fixed spelling and Filtering docs

Internal changes

  • Use setup.cfg for package metadata (ref #1921)

API is now at version 1.22. See API changelog

13.0.1

Released on 2019-01-29 - GitHub - PyPI

Bug fixes

  • Loosen up the Content-Security policies in the Kinto Admin plugin to prevent Webpack inline script to be rejected (fixes #2000)

12.0.2

Released on 2019-01-25 - GitHub - PyPI

Bug fixes

  • security: Fix a pagination bug in the PostgreSQL backend that could leak records between collections

13.0.0

Released on 2019-01-25 - GitHub - PyPI

New features

  • Expose the user_profile in the user field of the hello page with OpenID authentication (#1989)

Breaking changes

  • Update Kinto OpenID plugin to redirect with a base64 JSON encoded token. (#1988).
    This will work with kinto-admin 1.23

Bug fixes

  • security: Fix a pagination bug in the PostgreSQL backend that could leak records between collections

Internal changes

  • Upgrade kinto-admin to v1.23.0

12.0.1

Released on 2019-01-21 - GitHub - PyPI

Bug Fixes

  • Fix bumping of tombstones timestamps when deleting objects in PostgreSQL storage backend (fixes #1981)
  • Fix ETag header in responses of DELETE on plural endpoints (ref #1981)

12.0.0

Released on 2019-01-11 - GitHub - PyPI

Breaking changes

  • Remove Python 3.5 support and upgrade to Python 3.6. (#1886)
  • Remove record from UnicityError class (#1919). This enabled us to fix #1545.
  • Storage backend API has changed, notions of collection and records were replaced
    by the generic terms resource and object. Plugins that subclass the internal
    ShareableResource class may also break.
  • GET requests no longer include the Total-Records header. To get a count in a collection
    you need to do a HEAD request. And the new header name is Total-Objects. (#1624)
  • Remove the UserResource class. And ShareableResource is now deprecated in
    favor of Resource.
  • Removed kinto.core.utils.parse_resource(). Use kinto.core.utils.view_lookup_registry() instead (#1828)
  • Remove the delete-collection command (#1959)

API is now at version 1.21. See API changelog.

New features

  • Add a user-data endpoint at /__user_data__/ which can be used to delete all data
    associated with a principal. This might be helpful for pursuing GDPR
    compliance, for instance. (Fixes #442.)

Bug Fixes

  • Like query now returns 400 when a non string value is used. (#1899)
  • Record ID is validated if explicitly mentioned in the collection schema (#1942)
  • The Memory permission backend implementation of remove_principal
    is now less generous with what it removes (#1955).

Documentation

  • Change PostgreSQL backend URLs to be postgresql:// instead of the deprecated postgres://

Internal changes

  • Remove depreciation warning for mapping (#1904)
  • Fix depreciated warn method (#1903)
  • Use f-string instead of % or format operators. (#1886)
  • Ignore admin plugin node_modules folder while running black (#1902)
  • Remove regexp py36 warnings. (#1907)
  • Changed psycopg2 dependency for psycopg2-binary. (#1905)
  • Renamed core notions (ie. record and collection) (#710)
  • JSON Schema validation is optimized by keeping instances of validator cached. (#1807)

11.2.1

Released on 2018-12-10 - GitHub - PyPI

  • Still supports jsonschema 2.6 before 3.0 is released as a production release. (#1923)

11.2.0

Released on 2018-11-29 - GitHub - PyPI

New features

  • Return a 500 Internal Error on __version__ instead of 404 if the version file
    cannot be found (fixes #1841)

Bug fixes

  • Fix the http_api_version exposed in the /v1/ endpoint. The
    version 1.20 was getting parsed as a number 1.2.
  • Fix record:create not taken into account from settings. (fixes #1813)

Internal changes

  • Build the admin on the CI. (#1857)
  • Migrate JSON Hyper-Schema to Draft-07 (#1808)

Documentation

  • Add documentation on troubleshooting Auth0 multiauth issue. (#1889)

11.1.0

Released on 2018-10-25 - GitHub - PyPI

New features

  • Add ability to configure the project_name in settings, shown in the root URL (fixes #1809)
  • Use . as bucket/collection separator in cache control settings (fixes #1815)

Bug fixes

  • Fix missing favicon and inline images in kinto-admin plugin

Internal changes

  • Use mock from the standard library.
  • Blackify the whole code base (#1799, huge thanks to @Cnidarias for this!)
  • Upgrade kinto-admin to v1.22

11.0.0

Released on 2018-10-09 - GitHub - PyPI

Breaking changes

  • The basicauth policy is not used by default anymore (#1736)

If your application relies on this specific behaviour, you now have to add explicitly settings:

    multiauth.policies = basicauth

But it is recommended to use other authentication policies like the OpenID Connect or the accounts plugin instead.

    # Enable plugin.
    kinto.includes = kinto.plugins.accounts

    # Enable authenticated policy.
    multiauth.policies = account
    multiauth.policy.account.use = kinto.plugins.accounts.AccountsPolicy

    # Allow anyone to create their own account.
    kinto.account_create_principals = system.Everyone

You will find more details the authentication settings section of the documentation

Bug fixes

  • Fix crash when querystring filter contains NUL (0x00) character (fixes #1704)
  • Many bugs were fixed in the Kinto Admin UI (see v1.21.0)

Documentation

  • Huge refactor of documentation about authentication (#1736)

Internal changes

  • Upgrade kinto-admin to v1.21.0
  • Deprecate assertEquals and use assertEqual (fixes #1780)
  • Set schema to an instance instead of class (fixes #1781)
  • Fix DeprecationWarning for unrecognized backslash escapes (#1758)

10.1.2

Released on 2018-10-03 - GitHub - PyPI

Bug fixes

Internal changes

  • Upgrade kinto-admin to v1.20.2

10.1.1

Released on 2018-09-21 - GitHub - PyPI

Bug fixes

  • Fix for adding extra OpenId providers (fixes #1509)
  • Change the meaning of event.payload["timestamp"]. Previously it
    was @reifyd, which meant that it was calculated from before
    whatever thing triggered the event. Now we use a "fresh"
    timestamp. (Fixes #1469.)

10.1.0

Released on 2018-09-17 - GitHub - PyPI

Bug fixes

  • Deleting a collection doesn't delete access_control_entrries for its children (fixes #1647)

New features

  • The registry now has a "command" attribute during one-off commands
    such as kinto migrate. This can be useful for plugins that want
    to behave differently during a migration, for instance. (#1762)

10.0.0

Released on 2018-09-03 - GitHub - PyPI

10.0.0 (2018-08-16)

Breaking changes

  • kinto.core.events.get_resource_events now returns a generator
    rather than a list.

New features

  • Include Python 3.7 support.
  • kinto.core.events.notify_resource_event now supports
    resource_name and resource_data. These are useful when
    emitting events from one view "as though" they came from another
    view.
  • Resource events can now trigger other resource events, which are
    handled correctly. This might be handy if one resource wants to
    simulate events on another "virtual" resource, as in kinto-changes.

Bug fixes

  • Raise a configuration error if the kinto.plugin.accounts is included without being enabled in policies.
    Without this kinto-admin would present a confusing login experience (fixes #1734).

Internal changes

  • Upgrade kinto-admin to v1.20.0

9.2.3

Released on 2018-07-05 - GitHub - PyPI

Internal changes

  • Upgrade to kinto-admin v1.19.2

9.2.2

Released on 2018-06-28 - GitHub - PyPI

Internal changes

  • Upgrade to kinto-admin v1.19.1

9.2.1

Released on 2018-06-26 - GitHub - PyPI

Bug fixes

  • Fixed bug where unresolved JSON pointers would crash server (fixes #1685)

Internal changes

  • Update the Dockerfile with the new kinto --cache-backend option. (#1686)
  • Upgrade to kinto-admin v1.19.0

9.2.0

Released on 2018-06-07 - GitHub - PyPI

API

  • JSON schemas can now be defined in the bucket metadata and will apply to every
    underlying collection, group or record (fixes #1555)

API is now at version 1.20. See API changelog

New features

  • Kinto Admin plugin now supports OpenID Connect
  • Limit network requests to current domain in Kinto Admin using Content-Security Policies <https://hacks.mozilla.org/2016/02/implementing-content-security-policy/>_
  • Prompt for cache backend type in kinto init (#1653)
  • kinto.core.utils now has new features route_path_registry and
    instance_uri_registry, suitable for use when you don't
    necessarily have a request object around. The existing functions
    will remain in place.
  • openid plugin will carry prompt=none querystring parameter if appended
    to authorize endpoint.

Internal changes

  • Upgrade to kinto-admin v1.18.0

9.1.2

Released on 2018-05-31 - GitHub - PyPI

Security fix

  • OpenID plugin used the same cache key for every access-token (fixes #1660)

9.1.1

Released on 2018-05-23 - GitHub - PyPI

Internal changes

  • Correct spelling of GitHub.
  • Upgrade to kinto-admin v1.17.2

9.1.0

Released on 2018-05-21 - GitHub - PyPI

API

  • Batch endpoint now checks for and aborts any parent request if subrequest encounters 409 constraint violation (fixes #1569)

Bug fixes

  • Fix a bug where you could not reach the last records via Next-Header when deleting with pagination (fixes #1170)
  • Slight optimizations on the get_all query in the Postgres
    storage backend which should make it faster for result sets that
    have a lot of records (#1622). This is the first change meant to
    address #1507, though more can still be done.
  • Fix a bug where the batch route accepted all content-types (fixes #1529)

Internal changes

  • Upgrage to kinto-admin v1.17.1

9.0.0

Released on 2018-04-26 - GitHub - PyPI

API

  • Introduce contains and contains_any filter operators (fixes #343).

API is now at version 1.19. See API changelog.

Breaking changes

  • The storage class now exposes bump_timestamp() and bump_and_store_timestamp() methods
    so that memory based storage backends can use them. (#1596)

Internal changes

  • Authentication policies can now hard code and override the name specified in settings

Documentation

  • Version number is taken from package in order to ease release process (#1594)
  • Copyright year is now dynamic (#1595)

Internal changes

  • Upgrade the kinto-admin UI to 1.17.0

8.2.3

Released on 2018-04-06 - GitHub - PyPI

Security fix

  • Validate the account user password even when the session is cached (fixes #1583).
    Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.

8.3.0

Released on 2018-04-06 - GitHub - PyPI

Security fix

  • Validate the account user password even when the session is cached (fixes #1583).
    Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.

New features

  • Add bucket and account creation permissions in the permissions endpoint (fixes #1510)

Bug fixes

  • Reduce the OpenID state string length to fit in the PostgreSQL cache backend (fixes #1566)

Documentation

  • Improve OpenID settings and API documentation

Internal Changes

  • Now fully rely on Pyup.io (or contributors) to update the versions in the requirements.txt file (fixes #1512)
  • Move from importing pip to running it in a subprocess (see pypa/pip#5081).
  • Remove useless print when using the OpenID policy (ref #1509)
  • Try to recover from the race condition where two requests can delete the same record. (Fix #1557; refs #1407.)

8.2.2

Released on 2018-03-28 - GitHub - PyPI

Internal changes

  • Fix kinto-admin dependency error in 8.2.1 to actually really upgrade it to 1.15.1

8.2.1

Released on 2018-03-28 - GitHub - PyPI

Internal changes

8.2.0

Released on 2018-03-01 - GitHub - PyPI

New features

  • Add Openid connect support (#939, #1425). See demo
  • Account plugin now caches authentication verification (#1413)

Bug fixes

  • Fix missing principals from user info in root URL when default bucket plugin is enabled (fixes #1495)
  • Fix crash in Postgresql when the value of url param is empty (fixes #1305)

Internal changes

  • Upgraded the kinto-admin to version 1.15.0

8.1.5

Released on 2018-02-09 - GitHub - PyPI

Bug fixes

  • Restore "look before you leap" behavior in the Postgres storage
    backend create() method to check whether a record exists before
    running the INSERT query (#1487). This check is "optimistic" in the sense
    that we can still fail to INSERT after the check succeeded, but it
    can reduce write load in configurations where there are a lot of
    create()s (i.e. when using the default_bucket plugin).

8.1.4

Released on 2018-01-31 - GitHub - PyPI

Bug fixes

  • Allow inherited resources to set a custom model instance before instantiating (fixes #1472)
  • Fix collection timestamp retrieval when the stack is configured as readonly (fixes #1474)

8.1.3

Released on 2018-01-26 - GitHub - PyPI

Bug fixes

  • Optimize the PostgreSQL permission backend's
    delete_object_permissions function in the case where we are only
    matching one object_id (or object_id prefix).

8.1.2

Released on 2018-01-24 - GitHub - PyPI

Bug fixes

  • Flushing a server no longer breaks migration of the storage backend
    (#1460). If you have ever flushed a server in the past, migration
    may be broken. This version of Kinto tries to guess what version of
    the schema you're running, but may guess wrong. See
    https://github.com/Kinto/kinto/wiki/Schema-versions for some
    additional information.

Internal changes

  • We now allow migration of the permission backend's schema.

Operational concerns

  • The schema for the Postgres permission backend has changed. This
    changes another ID column to use the "C" collation, which should
    speed up the delete_object_permissions query when deleting a
    bucket.

8.1.1

Released on 2018-01-18 - GitHub - PyPI

Operational concerns

  • The schema for the Postgres storage backend has changed. This
    changes some more ID columns to use the "C" collation, which fixes a
    bug where the bump_timestamps trigger was very slow.

8.1.0

Released on 2018-01-09 - GitHub - PyPI

Internal changes

  • Update the Docker compose configuration to use memcache for the cache backend (#1405)
  • Refactor the way postgresql.storage.create_from_settings ignores settings (#1410)

Operational concerns

  • The schema for the Postgres storage backend has changed. This
    changes some ID columns to use the "C" collation, which will make
    delete_all queries faster. (See
    e.g. https://www.postgresql.org/docs/9.6/static/indexes-opclass.html,
    which says "If you do use the C locale, you do not need the
    xxx_pattern_ops operator classes, because an index with the default
    operator class is usable for pattern-matching queries in the C
    locale.") This may change the default sort order and grouping of
    record IDs.

New features

  • New setting kinto.backoff_percentage to only set the backoff header a portion of the time.
  • make tdd allows development in a TDD style by rerunning tests every time a file is changed.

Bug fixes

  • Optimize the Postgres collection_timestamp method by one query. It
    now only makes two queries instead of three.
  • Update other dependencies: newrelic to 2.98.0.81 (#1409), setuptools
    to 38.4.0 (#1411, #1429, #1438, #1440), pytest to 3.3.2 (#1412,
    #1437), raven to 6.4.0 (#1421), werkzeug to 0.14.1 (#1418, #1434),
    python-memcached to 1.59 (#1423), zest.releaser to 6.13.3 (#1427),
    bravado_core to 4.11.2 (#1426, #1441), statsd to 3.2.2 (#1422),
    jsonpatch to 1.21 (#1432), sqlalchemy to 1.2.0 (#1430), sphinx to
    1.6.6 (#1442).

7.6.5

Released on 2018-01-09 - GitHub - PyPI

Internal changes

  • Introduce an experimental setting,
    experimental_disable_purge_deleted, which can be used to try to
    diagnose excessive CPU usage in production.

7.6.4

Released on 2017-12-07 - GitHub - PyPI

Internal changes

  • Remove the FOR UPDATE locking from the delete_all query, on the
    off chance that it's somehow related to the increased CPU
    utilization we're seeing.

7.6.3

Released on 2017-12-06 - GitHub - PyPI

Internal changes

  • Optimize the Postgres collection_timestamp method by one query. It
    now only makes two queries instead of three.

8.0.0

Released on 2017-11-29 - GitHub - PyPI

Breaking changes

  • Storage backends no longer support the ignore_conflict
    argument (#1401). Instead of using this argument, consider catching the
    UnicityError and handling it. ignore_conflict was only ever
    used in one place, in the default_bucket plugin, and was
    eventually backed out in favor of catching and handling a
    UnicityError.

Bug fixes

  • Fix a TOCTOU bug in the Postgres storage backend where a transaction
    doing a create() would fail because a row had been inserted after
    the transaction had checked for it (#1376).