2.8.0

Breaking changes

• Deprecated settings cliquet.cache_pool_maxconn,
  cliquet.storage_pool_maxconn and cliquet.basic_auth_enabled
  were removed (ref #448)
• Prefixed settings will not work if project_name is not defined.
  (either with cliquet.initialize() or with the cliquet.project_name
  configuration variable).
• Settings should now be read without their prefix in the code:
  request.registry.settings['max_duration'] rather than
  request.registry.settings['cliquet.max_duration']

New features

• Add cache CORS headers. (ref #466)
• Use the project name as setting prefix (ref #472)

Internal changes

• Expose statsd client so that projects using cliquet can send statsd
  metrics. (ref #465)
• Refactor BaseWebTest. (ref #468)
• Remove hard coded CORS origins in order to be able to override it
  with config. (ref #467)
• Allow overridding 405 response error to give context (ref #471)
• Allow overridding 503 response error to give context (ref #473)

2.7.0

Breaking changes

• Backends are not instantiated by default anymore (used to be with Redis) (#461)

New features

• Redirect to remove trailing slash in URLs (fixes Kinto/kinto#112)
• Add resource cache control headers via settings (fixes #401)
• Add request bound_data attribute, shared with subrequests.
  Useful to share context or cache values between BATCH requests for example (#459)

Bug fixes

• Fix Werkzeug profiling setup docs and code (#451)
• Fix logger encoding error with UTF-8 output (#455)
• Do not instantiate backends if not configured (fixes #386)

Internal changes

• Huge refactoring the interaction between Resource and Permission backend (#454)
• Fetch record only once from storage with PUT requests on resources (#452)
• Index permissions columns, bringing huge performance gain for shared collections (#458, ref #354)
• Add instructions to mention contributors list in documentation (#408)
• Explicitly call to collection create_record on PUT (#460)

2.6.2

Bug fixes

• Expose CORS headers on subrequest error response and for non service errors (#435).
• Make sure a tuple is passed for Postgresql list comparisons even for ids (#443).

Internal changes

• Use the get_bound_permissions callback to select shared records in collection list (#444).

2.6.1

Bug fixes

• Make sure we pass a tuple to Postgresql in conditions (#441)

2.6.0

Protocol

• Fix consistency in API to modify permissions with PATCH (#437, ref Kinto/kinto#155).
  The list of principals for each specified permission is now replaced by the one
  provided.

New features

• Partial collection of records for ProtectedResource when user has no read
  permission (fixes #354). Alice can now obtain a list of Bob records on which she
  has read/write permission.

Internal changes

• Fix Wheel packaging for Pypy (fixes Kinto/kinto#177)
• Add additional test to make sure 400 errors returns CORS Allowed Headers

2.5.0

Protocol

• Collection records can now be filtered using multiple values (?in_status=1,2,3) (fixes #39)
• Collection records can now be filtered excluding multiple values (?exclude_status=1,2,3) (fixes mozilla-services/readinglist#68)

Internal changes

• We can obtains accessible objects_id in a collection from user principals (fixes #423)

2.4.3

Bug fixes

• Fix the packaging for cliquet (#430)

2.4.2

Internal changes

• Remove the symlink to cliquet_docs and put the documentation inside
  cliquet_docs directly (#426)

2.4.1

Internal changes

Make documentation available from outside by using cliquet_docs (#413)

2.4.0

Protocol

• Userid is now provided when requesting the hello endpoint with an Authorization
  header (#319)
• UUID validation now accepts any kind of UUID, not just v4 (fixes #387)
• Querystring parameter _to was renamed to _before (the former is now
  deprecated) (#391)

New features

• Cliquet Service class now has the default error handler attached (#388)
• Allow to configure info link in error responses with cliquet.error_info_link
  setting (#395)
• Storage backend now has a purge_deleted() to get rid of tombstones (#400)

Bug fixes

• Fix missing Backoff header for 304 responses (fixes #416)
• Fix Python3 encoding errors (#328)
• data is not mandatory in request body if the resource does not define
  any schema or if no field is mandatory (fixes Kinto/kinto#63)
• Fix no validation error on PATCH with unknown attribute (fixes #374)
• Fix permissions not validated on PATCH (fixes #375)
• Fix CORS header missing in 404 responses for unknown URLs (fixes #414)

Internal changes

• Renamed main documentation sections to HTTP Protocol and Internals (#394)
• Remove mentions of storage in documentation to avoid confusions with the
  Kinto project.
• Add details in timestamp documentation.
• Mention talk at Python Meetup Barcelona in README
• Fix documentation about postgres-contrib dependancy (#409)
• Add cliquet.utils to Internals documentation (#407)
• Default id generator now accepts dashes and underscores (#411)