Cliquet

------------------

**Bug fixes**

- Fix crash on settings with list values (481)
- Fix crash in Redis permission backend (ref Kinto/kinto215)

**Internal changes**

- Use tox installed in virtualenv (486)
- Skip python versions unavailable in tox (486)

------------------

- Expose public settings without prefix, except if we explicitely
configure public_settings to expose them (with ``cliquet.`` or
``project_name.``) (ref 476)

------------------

**Breaking changes**

- Deprecated settings ``cliquet.cache_pool_maxconn``,
``cliquet.storage_pool_maxconn`` and ``cliquet.basic_auth_enabled``
were removed (ref 448)
- Prefixed settings will not work if ``project_name`` is not defined.
(either with ``cliquet.initialize()`` or with the ``cliquet.project_name``
configuration variable).
- Settings should now be read without their prefix in the code:
``request.registry.settings['max_duration']`` rather than
``request.registry.settings['cliquet.max_duration']``

**New features**

- Add cache CORS headers. (ref 466)
- Use the project name as setting prefix (ref 472)

**Internal changes**

- Expose statsd client so that projects using cliquet can send statsd
metrics. (ref 465)
- Refactor BaseWebTest. (ref 468)
- Remove hard coded CORS origins in order to be able to override it
with config. (ref 467)
- Allow overridding 405 response error to give context (ref 471)
- Allow overridding 503 response error to give context (ref 473)

------------------

**Breaking changes**

- Backends are not instantiated by default anymore (used to be with *Redis*) (461)

**New features**

- Redirect to remove trailing slash in URLs (fixes Kinto/kinto112)
- Add resource cache control headers via settings (fixes 401)
- Add request ``bound_data`` attribute, shared with subrequests.
Useful to share context or cache values between BATCH requests for example (459)

**Bug fixes**

- Fix Werkzeug profiling setup docs and code (451)
- Fix logger encoding error with UTF-8 output (455)
- Do not instantiate backends if not configured (fixes 386)

**Internal changes**

- Huge refactoring the interaction between ``Resource`` and ``Permission`` backend (454)
- Fetch record only once from storage with PUT requests on resources (452)
- Index permissions columns, bringing huge performance gain for shared collections (458, ref 354)
- Add instructions to mention contributors list in documentation (408)
- Explicitly call to collection create_record on PUT (460)

------------------

**Bug fixes**

- Expose CORS headers on subrequest error response and for non service errors (435).
- Make sure a tuple is passed for Postgresql list comparisons even for ids (443).

**Internal changes**

- Use the ``get_bound_permissions`` callback to select shared records in collection list (444).

------------------

**Bug fixes**

- Make sure a tuple is passed for Postgresql in conditions (441).