=====
:release-date: 2013-10-14 04:00 P.M BST
:release-by: Ask Solem
- Now depends on :mod:`amqp` version 1.3.
- No longer supports Python 2.5
The minimum Python version supported is now Python 2.6.0 for Python 2,
and Python 3.3 for Python 3.
- Dual codebase supporting both Python 2 and 3.
No longer using ``2to3``, making it easier to maintain support for
both versions.
- pickle, yaml and msgpack deserialization is now disabled by default.
This means that Kombu will by default refuse to handle any content type other
than json.
Pickle is known to be a security concern as it will happily
load any object that is embedded in a pickle payload, and payloads
can be crafted to do almost anything you want. The default
serializer in Kombu is json but it also supports a number
of other serialization formats that it will evaluate if received:
including pickle.
It was always assumed that users were educated about the security
implications of pickle, but in hindsight we don't think users
should be expected to secure their services if we have the ability to
be secure by default.
By disabling any content type that the user did not explicitly
want enabled we ensure that the user must be conscious when they
add pickle as a serialization format to support.
The other built-in serializers (yaml and msgpack) are also disabled
even though they aren't considered insecure [f1]_ at this point.
Instead they're disabled so that if a security flaw is found in one of these
libraries in the future, you will only be affected if you have
explicitly enabled them.
To have your consumer accept formats other than json you have to
explicitly add the wanted formats to a white-list of accepted
content types:
.. code-block:: pycon
>>> c = Consumer(conn, accept=['json', 'pickle', 'msgpack'])
or when using synchronous access:
.. code-block:: pycon
>>> msg = queue.get(accept=['json', 'pickle', 'msgpack'])
The ``accept`` argument was first supported for consumers in version
2.5.10, and first supported by ``Queue.get`` in version 2.5.15
so to stay compatible with previous versions you can enable
the previous behavior:
>>> from kombu import enable_insecure_serializers
>>> enable_insecure_serializers()
But note that this has global effect, so be very careful should you use it.
.. rubric:: Footnotes
.. [f1] The PyYAML library has a :func:`yaml.load` function with some of the
same security implications as pickle, but Kombu uses the
:func:`yaml.safe_load` function which is not known to be affected.
- kombu.async: Experimental event loop implementation.
This code was previously in Celery but was moved here
to make it easier for async transport implementations.
The API is meant to match the Tulip API which will be included
in Python 3.4 as the ``asyncio`` module. It's not a complete
implementation obviously, but the goal is that it will be easy
to change to it once that is possible.
- Utility function ``kombu.common.ipublish`` has been removed.
Use ``Producer(..., retry=True)`` instead.
- Utility function ``kombu.common.isend_reply`` has been removed
Use ``send_reply(..., retry=True)`` instead.
- ``kombu.common.entry_to_queue`` and ``kombu.messaging.entry_to_queue``
has been removed.
Use ``Queue.from_dict(name, **options)`` instead.
- Redis: Messages are now restored at the end of the list.
Contributed by Mark Lavin.
- ``StdConnectionError`` and ``StdChannelError`` is removed
and :exc:`amqp.ConnectionError` and :exc:`amqp.ChannelError` is used
instead.
- Message object implementation has moved to :class:`kombu.message.Message`.
- Serailization: Renamed functions encode/decode to
:func:`~kombu.serialization.dumps` and :func:`~kombu.serialization.loads`.
For backward compatibility the old names are still available as aliases.
- The ``kombu.log.anon_logger`` function has been removed.
Use :func:`~kombu.log.get_logger` instead.
- ``queue_declare`` now returns namedtuple with ``queue``, ``message_count``,
and ``consumer_count`` fields.
- LamportClock: Can now set lock class
- :mod:`kombu.utils.clock`: Utilities for ordering events added.
- :class:`~kombu.simple.SimpleQueue` now allows you to override
the exchange type used.
Contributed by Vince Gonzales.
- Zookeeper transport updated to support new changes in the :mod:`kazoo`
library.
Contributed by Mahendra M.
- pyamqp/librabbitmq: Transport options are now forwarded as keyword arguments
to the underlying connection (Issue 214).
- Transports may now distinguish between recoverable and irrecoverable
connection and channel errors.
- ``kombu.utils.Finalize`` has been removed: Use
:mod:`multiprocessing.util.Finalize` instead.
- Memory transport now supports the fanout exchange type.
Contributed by Davanum Srinivas.
- Experimental new `Pyro`_ transport (:mod:`kombu.transport.pyro`).
Contributed by Tommie McAfee.
.. _`Pyro`: http://pythonhosted.org/Pyro
- Experimental new `SoftLayer MQ`_ transport (:mod:`kombu.transport.SLMQ`).
Contributed by Kevin McDonald
.. _`SoftLayer MQ`: http://www.softlayer.com/services/additional/message-queue
- Eventio: Kqueue breaks in subtle ways so select is now used instead.
- SQLAlchemy transport: Can now specify table names using the
``queue_tablename`` and ``message_tablename`` transport options.
Contributed by Ryan Petrello.
Redis transport: Now supports using local UNIX sockets to communicate with the
Redis server (Issue 1283)
To connect using a UNIX socket you have to use the ``redis+socket``
URL-prefix: ``redis+socket:///tmp/redis.sock``.
This functionality was merged from the `celery-redis-unixsocket`_ project.
Contributed by Maxime Rouyrre.
ZeroMQ transport: drain_events now supports timeout.
Contributed by Jesper Thomschütz.
.. _`celery-redis-unixsocket`:
https://github.com/piquadrat/celery-redis-unixsocket
.. _version-2.5.16: