2024-08-30 15:32:55 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 19 03:28:33 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to 1.8.8:
|
|
|
|
|
* The use of WebOb's Response object to redirect a request to a new location
|
|
|
|
|
can lead to an open redirect if the Location header is not a full URI.
|
|
|
|
|
(bsc#1229221, CVE-2024-42353)
|
|
|
|
|
- Drop Python 2 blocks in the spec file.
|
|
|
|
|
- Switch to pyproject macros.
|
|
|
|
|
|
2024-05-03 19:59:18 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 26 07:20:55 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com>
|
|
|
|
|
|
|
|
|
|
- Drop sphinx doctrees for reproducible builds
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 3 11:20:42 UTC 2023 - Martin Liška <mliska@suse.cz>
|
|
|
|
|
|
|
|
|
|
- Use sphinx-build and do not depend on removed build_sphinx
|
|
|
|
|
in Sphinx 7.0 (boo#1211051).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Apr 23 22:40:43 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
|
|
|
|
|
|
|
|
|
- Switch documentation to be within the main package for SLE15
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 21 12:21:30 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- add sle15_python_module_pythons (jsc#PED-68)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 13 22:45:53 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
|
|
|
|
|
|
|
|
|
- Make calling of %{sle15modernpython} optional.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 24 22:29:11 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
|
|
|
|
|
|
|
|
|
- We should require python3-* packages, not python-* ones, which
|
|
|
|
|
are python2.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Mar 20 19:02:16 UTC 2021 - Ben Greiner <code@bnavigator.de>
|
|
|
|
|
|
|
|
|
|
- fix test suite for python39 (based on gh#Pylons/webob#390)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 2 00:33:29 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- update to 1.8.7:
|
|
|
|
|
- Decoding deflate-encoded responses now supports data which is packed in
|
|
|
|
|
a zlib container as it is supposed to be. The old, non-standard behaviour
|
|
|
|
|
is still supported.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 11 08:52:29 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- update to 1.8.6:
|
|
|
|
|
- The SameSite value now includes a new option named "None", this is a new
|
|
|
|
|
change that was introduced in
|
|
|
|
|
https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 7 09:55:07 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
|
|
|
|
|
|
|
|
|
|
update to 1.8.5:
|
|
|
|
|
- Fixed one last remaining invalid escape sequence in a docstring.
|
|
|
|
|
- Response.content_type now accepts unicode strings on Python 2 and encodes
|
|
|
|
|
them to latin-1. See https://github.com/Pylons/webob/pull/389 and
|
|
|
|
|
https://github.com/Pylons/webob/issues/388
|
|
|
|
|
- Accept header classes now support a .copy() function that may be used to
|
|
|
|
|
create a copy. This allows ``create_accept_header`` and other like functions
|
|
|
|
|
to accept an pre-existing Accept header. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/386 and
|
|
|
|
|
https://github.com/Pylons/webob/issues/385
|
|
|
|
|
- Some backslashes introduced with the new accept handling code were causing
|
|
|
|
|
DeprecationWarnings upon compiling the source to pyc files, all of the
|
|
|
|
|
backslashes have been reigned in as appropriate, and users should no longer
|
|
|
|
|
see DeprecationWarnings for invalid escape sequence. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/384
|
|
|
|
|
- ``acceptparse.AcceptValidHeader``, ``acceptparse.AcceptInvalidHeader``, and
|
|
|
|
|
``acceptparse.AcceptNoHeader`` will now always ignore offers that do not
|
|
|
|
|
match the required media type grammar when calling ``.acceptable_offers()``.
|
|
|
|
|
Previous versions raised a ``ValueError`` for invalid offers in
|
|
|
|
|
``AcceptValidHeader`` and returned them as acceptable in the others.
|
|
|
|
|
See https://github.com/Pylons/webob/pull/372
|
|
|
|
|
- Add Request.remote_host, exposing REMOTE_HOST environment variable.
|
|
|
|
|
- Added ``acceptparse.Accept.parse_offer`` to codify what types of offers
|
|
|
|
|
are compatible with ``acceptparse.AcceptValidHeader.acceptable_offers``,
|
|
|
|
|
``acceptparse.AcceptMissingHeader.acceptable_offers``, and
|
|
|
|
|
``acceptparse.AcceptInvalidHeader.acceptable_offers``. This API also
|
|
|
|
|
normalizes the offer with lowercased type/subtype and parameter names.
|
|
|
|
|
See https://github.com/Pylons/webob/pull/376 and
|
|
|
|
|
https://github.com/Pylons/webob/pull/379
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 20 15:00:08 UTC 2018 - dmueller@suse.com
|
|
|
|
|
|
|
|
|
|
- add explicit requires on python to have SSL module available
|
|
|
|
|
for passing the tests
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 9 06:55:05 UTC 2018 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Drop devel dependency
|
|
|
|
|
- Use %license macro
|
|
|
|
|
- Use proper upstream tarball
|
|
|
|
|
- Really execute tests
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 9 06:42:35 UTC 2018 - comurphy@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.8.2:
|
|
|
|
|
- SameSite may now be passed as str or bytes to `Response.set_cookie` and
|
|
|
|
|
`cookies.make_cookie`. This was an oversight as all other arguments would be
|
|
|
|
|
correctly coerced before being serialized. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/361 and
|
|
|
|
|
https://github.com/Pylons/webob/pull/362
|
|
|
|
|
- acceptparse.MIMEAccept which is deprecated in WebOb 1.8.0 made a backwards
|
|
|
|
|
incompatible change that led to it raising on an invalid Accept header. This
|
|
|
|
|
behaviour has now been reversed, as well as some other fixes to allow
|
|
|
|
|
MIMEAccept to behave more like the old version. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/356
|
|
|
|
|
- ``request.POST`` now supports any requests with the appropriate
|
|
|
|
|
Content-Type. Allowing any HTTP method to access form encoded content,
|
|
|
|
|
including DELETE, PUT, and others. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/352
|
|
|
|
|
- WebOb is no longer officially supported on Python 3.3 which was EOL'ed on
|
|
|
|
|
2017-09-29.
|
|
|
|
|
- Many changes have been made to the way WebOb does Accept handling, not just
|
|
|
|
|
for the Accept header itself, but also for Accept-Charset, Accept-Encoding
|
|
|
|
|
and Accept-Language. This was a `Google Summer of Code
|
|
|
|
|
<https://developers.google.com/open-source/gsoc/>`_ project completed by
|
|
|
|
|
Whiteroses (https://github.com/whiteroses). Many thanks to Google for running
|
|
|
|
|
GSoC, the Python Software Foundation for organising and a huge thanks to Ira
|
|
|
|
|
for completing the work. See https://github.com/Pylons/webob/pull/338 and
|
|
|
|
|
https://github.com/Pylons/webob/pull/335. Documentation is available at
|
|
|
|
|
https://docs.pylonsproject.org/projects/webob/en/master/api/webob.html
|
|
|
|
|
- The cookie APIs now have the ability to set the SameSite attribute on a
|
|
|
|
|
cookie in both ``webob.cookies.make_cookie`` and
|
|
|
|
|
``webob.cookies.CookieProfile``. See https://github.com/Pylons/webob/pull/255
|
|
|
|
|
- Exceptions now use string.Template.safe_substitute rather than
|
|
|
|
|
string.Template.substitute. The latter would raise for missing mappings, the
|
|
|
|
|
former will simply not substitute the missing variable. This is safer in case
|
|
|
|
|
the WSGI environ does not contain the keys necessary for the body template.
|
|
|
|
|
See https://github.com/Pylons/webob/issues/345.
|
|
|
|
|
- Request.host_url, Request.host_port, Request.domain correctly parse IPv6 Host
|
|
|
|
|
headers as provided by a browser. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/332
|
|
|
|
|
- Request.authorization would raise ValueError for unusual or malformed header
|
|
|
|
|
values. See https://github.com/Pylons/webob/issues/231
|
|
|
|
|
- Allow unnamed fields in form data to be properly transcoded when calling
|
|
|
|
|
request.decode with an alternate encoding. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/309
|
|
|
|
|
- ``Response.__init__`` would discard ``app_iter`` when a ``Response`` had no
|
|
|
|
|
body, this would cause issues when ``app_iter`` was an object that was tied
|
|
|
|
|
to the life-cycle of a web application and had to be properly closed.
|
|
|
|
|
``app_iter`` is more advanced API for ``Response`` and thus even if it
|
|
|
|
|
contains a body and is thus against the HTTP RFC's, we should let the users
|
|
|
|
|
shoot themselves by returning a body. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/305
|
|
|
|
|
- When calling a ``@wsgify`` decorated function, the default arguments passed
|
|
|
|
|
to ``@wsgify`` are now used when called with the request, and not as a
|
|
|
|
|
`start_response`
|
|
|
|
|
|
|
|
|
|
.. code::
|
|
|
|
|
|
|
|
|
|
def hello(req, name):
|
|
|
|
|
return "Hello, %s!" % name
|
|
|
|
|
app = wsgify(hello, args=("Fred",))
|
|
|
|
|
|
|
|
|
|
req = Request.blank('/')
|
|
|
|
|
resp = req.get_response(app) # => "Hello, Fred"
|
|
|
|
|
resp2 = app(req) # => "Hello, Fred"
|
|
|
|
|
|
|
|
|
|
Previously the ``resp2`` line would have failed with a ``TypeError``. With
|
|
|
|
|
this change there is no way to override the default arguments with no
|
|
|
|
|
arguments. See https://github.com/Pylons/webob/pull/203
|
|
|
|
|
- When setting ``app_iter`` on a ``Response`` object the ``content_md5`` header
|
|
|
|
|
is no longer cleared. This behaviour is odd and disallows setting the
|
|
|
|
|
``content_md5`` and then returning an iterator for chunked content encoded
|
|
|
|
|
responses. See https://github.com/Pylons/webob/issues/86
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 23 19:55:17 UTC 2018 - tbechtold@suse.com
|
|
|
|
|
|
|
|
|
|
- Drop not needed python-pytest-cov BuildRequires
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 23 13:57:18 UTC 2018 - tbechtold@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.7.4:
|
|
|
|
|
- Add support for `wsgi.input_terminated` in the wsgi environ to allow for
|
|
|
|
|
Chunked Encoding to be used with WebOb
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 6 14:34:02 UTC 2017 - tbechtold@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.7.3:
|
|
|
|
|
- Request.host_url, Request.host_port and Request.domain now all understand and
|
|
|
|
|
know how to parse IPv6 Host headers sent by browsers. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/332
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 5 21:53:49 UTC 2017 - toddrme2178@gmail.com
|
|
|
|
|
|
|
|
|
|
- Fix Provides/Obsoletes.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 4 12:47:31 UTC 2017 - tbechtold@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.7.2:
|
|
|
|
|
- Allow unnamed fields in form data to be properly transcoded when calling
|
|
|
|
|
request.decode with an alternate encoding. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/309
|
|
|
|
|
- Switch to singlespec approach
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 10 16:14:42 UTC 2017 - tbechtold@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.7.1:
|
|
|
|
|
- ``Response.__init__`` would discard ``app_iter`` when a ``Response`` had no
|
|
|
|
|
body, this would cause issues when ``app_iter`` was an object that was tied
|
|
|
|
|
to the life-cycle of a web application and had to be properly closed.
|
|
|
|
|
``app_iter`` is more advanced API for ``Response`` and thus even if it
|
|
|
|
|
contains a body and is thus against the HTTP RFC's, we should let the users
|
|
|
|
|
shoot themselves by returning a body. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/305
|
|
|
|
|
- WebOb is no longer supported on Python 2.6 and PyPy3 (due to pip no longer
|
|
|
|
|
supporting Python 3.2 even on PyPy)
|
|
|
|
|
- ``Response.content_type`` removes all existing Content-Type parameters, and
|
|
|
|
|
if the new Content-Type is "texty" it adds a new charset (unless already
|
|
|
|
|
provided) using the ``default_charset``. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/301
|
|
|
|
|
- ``Response.set_cookie`` no longer accepts a key argument. This was deprecated
|
|
|
|
|
in WebOb 1.5 and as mentioned in the deprecation, is being removed in 1.7
|
|
|
|
|
- ``Response.__init__`` will no longer set the default Content-Type, nor
|
|
|
|
|
Content-Length on Responses that don't have a body. This allows WebOb to
|
|
|
|
|
return proper responses for things like `Response(status='204 No Content')`.
|
|
|
|
|
- ``Response.text`` will no longer raise if the Content-Type does not have a
|
|
|
|
|
charset, it will fall back to using the new ``default_body_encoding`. To get
|
|
|
|
|
the old behaviour back please sub-class ``Response`` and set
|
|
|
|
|
``default_body_encoding`` to ``None``. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/287
|
|
|
|
|
- WebOb no longer supports Chunked Encoding, this means that if you are using
|
|
|
|
|
WebOb and need Chunked Encoding you will be required to have a proxy that
|
|
|
|
|
unchunks the request for you. Please read
|
|
|
|
|
https://github.com/Pylons/webob/issues/279 for more background.
|
|
|
|
|
- ``Response`` has a new ``default_body_encoding`` which may be used to allow
|
|
|
|
|
getting/setting ``Response.text`` when a Content-Type has no charset. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/287
|
|
|
|
|
- ``webob.Request`` with any HTTP method is now allowed to have a body. This
|
|
|
|
|
allows DELETE to have a request body for passing extra information. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/283 and
|
|
|
|
|
https://github.com/Pylons/webob/pull/274
|
|
|
|
|
- Add ``tell()`` to ``ResponseBodyFile`` so that it may be used for example for
|
|
|
|
|
zipfile support. See https://github.com/Pylons/webob/pull/117
|
|
|
|
|
- Allow the return from ``wsgify.middleware`` to be used as a decorator. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/228
|
|
|
|
|
- Fixup ``cgi.FieldStorage`` on Python 3.x to work-around issue reported in
|
|
|
|
|
Python bug report 27777 and 24764. This is currently applied for Python
|
|
|
|
|
versions less than 3.7. See https://github.com/Pylons/webob/pull/294 and
|
|
|
|
|
https://github.com/Pylons/webob/pull/300
|
|
|
|
|
- ``Response.set_cookie`` now accepts ``datetime`` objects for the ``expires``
|
|
|
|
|
kwarg and will correctly convert them to UTC with no tzinfo for use in
|
|
|
|
|
calculating the ``max_age``. See https://github.com/Pylons/webob/issues/254
|
|
|
|
|
and https://github.com/Pylons/webob/pull/292
|
|
|
|
|
- Fixes ``request.PATH_SAFE`` to contain all of the path safe characters
|
|
|
|
|
according to RFC3986. See https://github.com/Pylons/webob/pull/291
|
|
|
|
|
- WebOb's exceptions will lazily read underlying variables when inserted into
|
|
|
|
|
templates to avoid expensive computations/crashes when inserting into the
|
|
|
|
|
template. This had a bad performance regression on Py27 because of the way
|
|
|
|
|
the lazified class was created and returned. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/284
|
|
|
|
|
- ``wsgify.__call__`` raised a ``TypeError`` with an unhelpful message, it will
|
|
|
|
|
now return the ``repr`` for the wrapped function:
|
|
|
|
|
https://github.com/Pylons/webob/issues/119
|
|
|
|
|
- ``Response.json``'s ``json.dumps``/``json.loads`` are now always UTF-8. It no
|
|
|
|
|
longer tries to use the charset.
|
|
|
|
|
- The ``Response.__init__`` will by default no longer set the Content-Type to
|
|
|
|
|
the default if a ``headerlist`` is provided. This fixes issues whereby
|
|
|
|
|
``Request.get_response()`` would return a Response that didn't match the
|
|
|
|
|
actual response. See https://github.com/Pylons/webob/pull/261 and
|
|
|
|
|
https://github.com/Pylons/webob/issues/205
|
|
|
|
|
- Cleans up the remainder of the issues with the updated WebOb exceptions that
|
|
|
|
|
were taught to return JSON in version 1.6. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/237 and
|
|
|
|
|
https://github.com/Pylons/webob/issues/236
|
|
|
|
|
- ``Response.from_file`` now parses the status line correctly when the status
|
|
|
|
|
line contains an HTTP with version, as well as a status text that contains
|
|
|
|
|
multiple white spaces (e.g HTTP/1.1 404 Not Found). See
|
|
|
|
|
https://github.com/Pylons/webob/issues/250
|
|
|
|
|
- ``Response`` now has a new property named ``has_body`` that may be used to
|
|
|
|
|
interrogate the ``Response`` to find out if ``Response.body`` is or isn't
|
|
|
|
|
set.
|
|
|
|
|
This is used in the exception handling code so that if you use a WebOb HTTP
|
|
|
|
|
Exception and pass a generator to ``app_iter`` WebOb won't attempt to read
|
|
|
|
|
the whole thing and instead allows it to be returned to the WSGI server. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/259
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Oct 15 09:37:15 UTC 2016 - dmueller@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.6.2:
|
|
|
|
|
* WebOb's exceptions will lazily read underlying variables when inserted into
|
|
|
|
|
templates to avoid expensive computations/crashes when inserting into the
|
|
|
|
|
template. This had a bad performance regression on Py27 because of the way
|
|
|
|
|
the lazified class was created and returned. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/284
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 6 12:55:50 UTC 2016 - dmueller@suse.com
|
|
|
|
|
|
|
|
|
|
- fix download url
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 3 16:30:52 UTC 2016 - tbechtold@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.6.1:
|
|
|
|
|
- Response.from_file now parses the status line correctly when the status line
|
|
|
|
|
contains an HTTP with version, as well as a status text that contains
|
|
|
|
|
multiple white spaces (e.g 404 Not Found). See
|
|
|
|
|
https://github.com/Pylons/webob/issues/250
|
|
|
|
|
- Python 3.2 is no longer supported by WebOb
|
|
|
|
|
- Request.decode attempted to read from the an already consumed stream, it has
|
|
|
|
|
now been redirected to another stream to read from. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/183
|
|
|
|
|
- The application/json media type does not allow for a charset as discovery of
|
|
|
|
|
the encoding is done at the JSON layer. Upon initialization of a Response
|
|
|
|
|
WebOb will no longer add a charset if the content-type is set to JSON. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/197 and
|
|
|
|
|
https://github.com/Pylons/pyramid/issues/1611
|
|
|
|
|
- Lazily HTML escapes environment keys in HTTP Exceptions so that those keys in
|
|
|
|
|
the environ that are not used in the output of the page don't raise an
|
|
|
|
|
exception due to inability to be properly escaped. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/139
|
|
|
|
|
- MIMEAccept now accepts comparisons against wildcards, this allows one to
|
|
|
|
|
match on just the media type or sub-type, without having to explicitly match
|
|
|
|
|
on both the media type and sub-type at the same time. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/185
|
|
|
|
|
- Add the ability to return a JSON body from an exception. Using the Accept
|
|
|
|
|
information in the request, the exceptions will now automatically return a
|
|
|
|
|
JSON version of the exception instead of just HTML or text. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/230 and
|
|
|
|
|
https://github.com/Pylons/webob/issues/209
|
|
|
|
|
- exc._HTTPMove and any subclasses will now raise a ValueError if the location
|
|
|
|
|
field contains a line feed or carriage return. These values may lead to
|
|
|
|
|
possible HTTP Response Splitting. The header_getter descriptor has also been
|
|
|
|
|
modified to no longer accept headers with a line feed or carriage return.
|
|
|
|
|
See: https://github.com/Pylons/webob/pull/229 and
|
|
|
|
|
https://github.com/Pylons/webob/issues/217
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 14 14:38:13 UTC 2015 - aplanas@suse.com
|
|
|
|
|
|
|
|
|
|
- updateto version 1.5.1:
|
|
|
|
|
* (Bug Fixes) The exceptions HTTPNotAcceptable,
|
|
|
|
|
HTTPUnsupportedMediaType and HTTPNotImplemented will now correctly
|
|
|
|
|
use the sub-classed template rather than the default error
|
|
|
|
|
template. See https://github.com/Pylons/webob/issues/221
|
|
|
|
|
* (Bug Fixes) Response’s from_file now correctly deals with a status
|
|
|
|
|
line that contains an HTTP version identifier. HTTP/1.1 200 OK is
|
|
|
|
|
now correctly parsed, whereas before this would raise an error
|
|
|
|
|
upon setting the Response.status in from_file. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/121
|
|
|
|
|
- 1.5.0
|
|
|
|
|
* (Bug Fixes) The cookie API functions will now make sure that
|
|
|
|
|
max_age is an integer or an string that can convert to an
|
|
|
|
|
integer. Previously passing in max_age=’test’ would have silently
|
|
|
|
|
done the wrong thing.
|
|
|
|
|
- 1.5.0b0
|
|
|
|
|
* (Bug Fixes) Unbreak req.POST when the request method is
|
|
|
|
|
PATCH. Instead of returning something cmpletely unrelated we
|
|
|
|
|
return NoVar. See: https://github.com/Pylons/webob/pull/215
|
|
|
|
|
* (Features) HTTP Status Code 308 is now supported as a Permanent
|
|
|
|
|
Redirect. See https://github.com/Pylons/webob/pull/207
|
|
|
|
|
- 1.5.0a1
|
|
|
|
|
* (Backwards Incompatibilities) Response.set_cookie renamed the only
|
|
|
|
|
required parameter from “key” to “name”. The code will now still
|
|
|
|
|
accept “key” as a keyword argument, and will issue a
|
|
|
|
|
DeprecationWarning until WebOb 1.7.
|
|
|
|
|
* (Backwards Incompatibilities) The status attribute of a Response
|
|
|
|
|
object no longer takes a string like None None and allows that to
|
|
|
|
|
be set as the status. It now has to at least match the pattern of
|
|
|
|
|
<integer status code> <explenation of status code>. Invalid status
|
|
|
|
|
strings will now raise a ValueError.
|
|
|
|
|
- 1.5.0a0
|
|
|
|
|
* (Backwards Incompatibilities) Morsel will no longer accept a
|
|
|
|
|
cookie value that does not meet RFC6265’s cookie-octet
|
|
|
|
|
specification. Upon calling Morsel.serialize a warning will be
|
|
|
|
|
issued, in the future this will raise a ValueError, please update
|
|
|
|
|
your cookie handling code. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/172
|
|
|
|
|
* (Backwards Incompatibilities) Response.set_cookie now uses the
|
|
|
|
|
internal make_cookie API, which will issue warnings if cookies are
|
|
|
|
|
set with invalid bytes. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/172
|
|
|
|
|
* (Features) Add support for some new caching headers,
|
|
|
|
|
stale-while-revalidate and stale-if-error that can be used by
|
|
|
|
|
reverse proxies to cache stale responses temporarily if the
|
|
|
|
|
backend disappears. From RFC5861. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/189
|
|
|
|
|
* (Bug Fixes) Response.status now uses duck-typing for integers, and
|
|
|
|
|
has also learned to raise a ValueError if the status isn’t an
|
|
|
|
|
integer followed by a space, and then the reason. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/191
|
|
|
|
|
* (Bug Fixes) Fixed a bug in webob.multidict.GetDict which resulted
|
|
|
|
|
in the QUERY_STRING not being updated when changes were made to
|
|
|
|
|
query params using Request.GET.extend().
|
|
|
|
|
* (Bug Fixes) Read the body of a request if we think it might have a
|
|
|
|
|
body. This fixes PATCH to support bodies. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/184
|
|
|
|
|
* (Bug Fixes) Response.from_file returns HTTP headers as latin1
|
|
|
|
|
rather than UTF-8, this fixes the usage on Google AppEngine. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/99 and
|
|
|
|
|
https://github.com/Pylons/webob/pull/150
|
|
|
|
|
* (Bug Fixes) Fix a bug in parsing the auth parameters that
|
|
|
|
|
contained bad white space. This makes the parsing fall in line
|
|
|
|
|
with what’s required in RFC7235. See
|
|
|
|
|
https://github.com/Pylons/webob/issues/158
|
|
|
|
|
* (Bug Fixes) Use ‘rn’ line endings in Response.__str__. See:
|
|
|
|
|
https://github.com/Pylons/webob/pull/146
|
|
|
|
|
* (Documentation Changes) response.set_cookie now has proper
|
|
|
|
|
documentation for max_age and expires. The code has also been
|
|
|
|
|
refactored to use cookies.make_cookie instead of duplicating the
|
|
|
|
|
code. This fixes https://github.com/Pylons/webob/issues/166 and
|
|
|
|
|
https://github.com/Pylons/webob/issues/171
|
|
|
|
|
* (Documentation Changes) Documentation didn’t match the actual code
|
|
|
|
|
for the wsgify function signature. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/167
|
|
|
|
|
* (Documentation Changes) Remove the WebDAV only from certain HTTP
|
|
|
|
|
Exceptions, these exceptions may also be used by REST services for
|
|
|
|
|
example.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 15 05:01:59 UTC 2014 - tbechtold@suse.com
|
|
|
|
|
|
|
|
|
|
- update to version 1.4:
|
|
|
|
|
* Remove ``webob.__version__``, the version number had not been kept in sync
|
|
|
|
|
with the official pkg version. To obtain the WebOb version number, use
|
|
|
|
|
``pkg_resources.get_distribution('webob').version`` instead.
|
|
|
|
|
* Fix a bug in ``EmptyResponse`` that prevents it from setting self.close as
|
|
|
|
|
appropriate due to testing truthiness of object rather than if it is
|
|
|
|
|
something other than ``None``.
|
|
|
|
|
* Fix a bug in ``SignedSerializer`` preventing secrets from containing
|
|
|
|
|
higher-order characters. See https://github.com/Pylons/webob/issues/136
|
|
|
|
|
* Use the ``hmac.compare_digest`` method when available for constant-time
|
|
|
|
|
comparisons.
|
|
|
|
|
* Fix a bug in ``SignedCookieProfile`` whereby we didn't keep the original
|
|
|
|
|
serializer around, this would cause us to have ``SignedSerializer`` be added
|
|
|
|
|
on top of a ``SignedSerializer`` which would cause it to be run twice when
|
|
|
|
|
attempting to verify a cookie. See https://github.com/Pylons/webob/pull/127
|
|
|
|
|
* Backwards Incompatible change: When ``CookieProfile.get_value`` and
|
|
|
|
|
``SignedCookieProfile.get_value`` fails to deserialize a badly encoded
|
|
|
|
|
value, we now return ``None`` as if the cookie was never set in the first
|
|
|
|
|
place instead of allowing a ``ValueError`` to be raised to the calling code.
|
|
|
|
|
See https://github.com/Pylons/webob/pull/126
|
|
|
|
|
* Added a read-only ``domain`` property to ``BaseRequest``. This property
|
|
|
|
|
returns the domain portion of the host value. For example, if the
|
|
|
|
|
environment contains an ``HTTP_HOST`` value of ``foo.example.com:8000``,
|
|
|
|
|
``request.domain`` will return ``foo.example.com``.
|
|
|
|
|
* Added five new APIs: ``webob.cookies.CookieProfile``,
|
|
|
|
|
``webob.cookies.SignedCookieProfile``, ``webob.cookies.JSONSerializer`` and
|
|
|
|
|
``webob.cookies.SignedSerializer``, and ``webob.cookies.make_cookie``. These
|
|
|
|
|
APIs are convenience APIs for generating and parsing cookie headers as well
|
|
|
|
|
as dealing with signing cookies.
|
|
|
|
|
* Cookies generated via webob.cookies quoted characters in cookie values that
|
|
|
|
|
did not need to be quoted per RFC 6265. The following characters are no
|
|
|
|
|
longer quoted in cookie values: ``~/=<>()[]{}?@`` . The full set of
|
|
|
|
|
non-letter-or-digit unquoted cookie value characters is now
|
|
|
|
|
``!#$%&'*+-.^_`|~/: =<>()[]{}?@``. See
|
|
|
|
|
http://tools.ietf.org/html/rfc6265#section-4.1.1 for more information.
|
|
|
|
|
* Cookie names are now restricted to the set of characters expected by RFC
|
|
|
|
|
6265. Previously they could contain unsupported characters such as ``/``.
|
|
|
|
|
* Older versions of Webob escaped the doublequote to ``\"`` and the backslash
|
|
|
|
|
to ``\\`` when quoting cookie values. Now, instead, cookie serialization
|
|
|
|
|
generates ``\042`` for the doublequote and ``\134`` for the backslash. This
|
|
|
|
|
is what is expected as per RFC 6265. Note that old cookie values that do
|
|
|
|
|
have the older style quoting in them will still be unquoted correctly,
|
|
|
|
|
however.
|
|
|
|
|
* Added support for draft status code 451 ("Unavailable for Legal Reasons").
|
|
|
|
|
See http://tools.ietf.org/html/draft-tbray-http-legally-restricted-status-00
|
|
|
|
|
* Added status codes 428, 429, 431 and 511 to ``util.status_reasons`` (they
|
|
|
|
|
were already present in a previous release as ``webob.exc`` exceptions).
|
|
|
|
|
* MIMEAccept happily parsed malformed wildcard strings like "image/pn*" at
|
|
|
|
|
parse time, but then threw an AssertionError during matching. See
|
|
|
|
|
https://github.com/Pylons/webob/pull/83 .
|
|
|
|
|
* Preserve document ordering of GET and POST request data when POST data
|
|
|
|
|
passed to Request.blank is a MultiDict.
|
|
|
|
|
See https://github.com/Pylons/webob/pull/96
|
|
|
|
|
* Allow query strings attached to PATCH requests to populate request.params.
|
|
|
|
|
See https://github.com/Pylons/webob/pull/106
|
|
|
|
|
* Added Python 3.3 trove classifier.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 18 13:36:45 CET 2014 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- added license.txt as doc file
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 24 11:17:02 UTC 2013 - speilicke@suse.com
|
|
|
|
|
|
|
|
|
|
- Require python-setuptools instead of distribute (upstreams merged)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 27 13:26:48 UTC 2013 - speilicke@suse.com
|
|
|
|
|
|
|
|
|
|
- BuildRequire python (for ssl module) and drop pyOpenSSL
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 14 15:12:52 UTC 2013 - saschpe@suse.de
|
|
|
|
|
|
|
|
|
|
- (Build)Require python-pyOpenSSL instead of M2Crypto (to get the
|
|
|
|
|
ssl Python base module)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 23 09:45:17 UTC 2012 - saschpe@suse.de
|
|
|
|
|
|
|
|
|
|
- Add dependency on python-M2Crypto, otherwise you won't get HTTPS
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 22 15:05:11 UTC 2012 - saschpe@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to version 1.2.3:
|
|
|
|
|
+ Fix parsing of form submissions where fields have transfer-content-encoding headers.
|
|
|
|
|
- Build HTML documentation
|
|
|
|
|
- Run testsuite
|
|
|
|
|
- Split of doc package
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Sep 22 18:48:34 UTC 2012 - os-dev@jacraig.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.2.2:
|
|
|
|
|
* Fix multiple calls to ``cache_expires()`` not fully overriding the
|
|
|
|
|
previously set headers.
|
|
|
|
|
* Fix parsing of form submissions where fields have different encodings.
|
|
|
|
|
- Many changes between versions 1.1.1 and 1.2.1. Please see docs/news.txt
|
|
|
|
|
for full details. Major changes include support for only Python 3.2, 2.7,
|
|
|
|
|
2.6.
|
|
|
|
|
- Removed dependency on python-Tempita and python-wsgiproxy: these are only
|
|
|
|
|
used in example code in the documentation and not actual runtime reqs.
|
|
|
|
|
- Removed dependency on python-nose: it is only needed to run tests.
|
|
|
|
|
- Removed dependency on python-WebTest: it was removed as a testing
|
|
|
|
|
requirement in 1.2a1.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 28 15:23:37 UTC 2011 - prusnak@opensuse.org
|
|
|
|
|
|
|
|
|
|
- spec cleanup
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Sep 23 13:36:54 UTC 2011 - saschpe@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to version 1.1.1:
|
|
|
|
|
* Fix disconnect detection being incorrect in some cases
|
|
|
|
|
* Fix exception when calling .accept.best_match(..) on a header containing
|
|
|
|
|
'*' (instead of '*/*')
|
|
|
|
|
* Split Accept class into appropriate subclasses (AcceptCharset,
|
|
|
|
|
AcceptLanguage)
|
|
|
|
|
* Improve language matching code so that 'en' in AcceptLanguage('en-gb')
|
|
|
|
|
(the app can now offer a generic 'en' and it will match any of the
|
|
|
|
|
accepted dialects) and 'en_GB' in AcceptLanguage('en-gb') (normalization
|
|
|
|
|
of the dash/underscode in language names).
|
|
|
|
|
* Deprecate req.etag.weak_match(..)
|
|
|
|
|
* Deprecate Response.request and Response.environ attrs.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 1 10:07:58 UTC 2011 - saschpe@suse.de
|
|
|
|
|
|
|
|
|
|
- Initial version
|
|
|
|
|
|