diff options
| author | Bert JW Regeer <bertjw@regeer.org> | 2016-03-15 21:43:20 -0600 |
|---|---|---|
| committer | Bert JW Regeer <bertjw@regeer.org> | 2016-03-15 21:55:59 -0600 |
| commit | 2b370430927634e02890415fc8cc20469c86a7b0 (patch) | |
| tree | d3e1cc6a37d2617f933fe2649e692ebb2542ba6d /docs | |
| parent | 31620bb8b7749c92693e4d6d7233d9547b942a57 (diff) | |
| download | webob-2b370430927634e02890415fc8cc20469c86a7b0.tar.gz | |
Copy over the WHATSNEW-1.6
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/index.txt | 1 | ||||
| -rw-r--r-- | docs/whatsnew-1.6.txt | 67 |
2 files changed, 68 insertions, 0 deletions
diff --git a/docs/index.txt b/docs/index.txt index bea762f..aafec55 100644 --- a/docs/index.txt +++ b/docs/index.txt @@ -322,6 +322,7 @@ Change History :maxdepth: 1 whatsnew-1.5 + whatsnew-1.6 changes Status & License diff --git a/docs/whatsnew-1.6.txt b/docs/whatsnew-1.6.txt new file mode 100644 index 0000000..d395d3d --- /dev/null +++ b/docs/whatsnew-1.6.txt @@ -0,0 +1,67 @@ +What's New in WebOb 1.6 +======================= + +Compatibility +~~~~~~~~~~~~~ + +- Python 3.2 is no longer a supported platform by WebOb + +Security +~~~~~~~~ + +- exc._HTTPMove and any subclasses will now raise a ValueError if the location + field contians a line feed or carriage return. These values may lead to + possible HTTP Response Splitting. The header_getter descriptor has also been + modified to no longer accept headers with a line feed or carriage return. + + WebOb does not protect against all possible ways of injecting line feeds or + carriage returns into headers, and should only be thought of as a single line + of defense. Any user input should be sanitized. + + See https://github.com/Pylons/webob/pull/229 and + https://github.com/Pylons/webob/issues/217 for more information. + +Features +~~~~~~~~ + +- When WebOb sends an HTTP Exception it will now lazily escape the keys in the + environment, so that only those keys that are actually used in the HTTP + exception are escaped. This solves the problem of keys that are not + serializable as a string in the environment. See + https://github.com/Pylons/webob/pull/139 for more information. + +- MIMEAccept now accepts comparisons against wildcards, this allows one to + match on just the media type or sub-type. + + Example: + + .. code-block:: pycon + + >>> accept = MIMEAccept('text/html') + >>> 'text/*' in accept + True + >>> '*/html' in accept + True + >>> '*' in accept + True + +- WebOb uses the user agent's Accept header to change what type of information + is returned to the client. This allows the HTTP Exception to return either + HTML, text, or a JSON response. This allows WebOb HTTP Exceptions to be used + in applications where the client is expecting a JSON response. See + https://github.com/Pylons/webob/pull/230 and + https://github.com/Pylons/webob/issues/209 for more information. + +Bugfixes +~~~~~~~~ + +- Request.decode would attempt to read from an already consumed stream, it is + now reading from the correct stream. See + https://github.com/Pylons/webob/pull/183 for more information. + +- The application/json media type does not allow for a charset as discovery of + the encoding is done at the JSON layer. Upon initialization of a Response + WebOb will no longer add a charset if the content-type is set to JSON. See + https://github.com/Pylons/webob/pull/197 and + https://github.com/Pylons/pyramid/issues/1611 + |