Jinja

-------------

Released 2017-01-07

- Resolved a regression with call block scoping for macros. Nested
caller blocks that used the same identifiers as outer macros could
refer to the wrong variable incorrectly.

-----------

Released 2017-01-07, codename Derivation

- Change cache key definition in environment. This fixes a performance
regression introduced in 2.8.
- Added support for ``generator_stop`` on supported Python versions
(Python 3.5 and later)
- Corrected a long standing issue with operator precedence of math
operations not being what was expected.
- Added support for Python 3.6 async iterators through a new async
mode.
- Added policies for filter defaults and similar things.
- Urlize now sets "rel noopener" by default.
- Support attribute fallback for old-style classes in 2.x.
- Support toplevel set statements in extend situations.
- Restored behavior of Cycler for Python 3 users.
- Subtraction now follows the same behavior as other operators on
undefined values.
- ``map`` and friends will now give better error messages if you
forgot to quote the parameter.
- Depend on MarkupSafe 0.23 or higher.
- Improved the ``truncate`` filter to support better truncation in
case the string is barely truncated at all.
- Change the logic for macro autoescaping to be based on the runtime
autoescaping information at call time instead of macro define time.
- Ported a modified version of the ``tojson`` filter from Flask to
Jinja and hooked it up with the new policy framework.
- Block sets are now marked ``safe`` by default.
- On Python 2 the asciification of ASCII strings can now be disabled
with the ``compiler.ascii_str`` policy.
- Tests now no longer accept an arbitrary expression as first argument
but a restricted one. This means that you can now properly use
multiple tests in one expression without extra parentheses. In
particular you can now write ``foo is divisibleby 2 or foo is
divisibleby 3`` as you would expect.
- Greatly changed the scoping system to be more consistent with what
template designers and developers expect. There is now no more magic
difference between the different include and import constructs.
Context is now always propagated the same way. The only remaining
differences is the defaults for ``with context`` and ``without
context``.
- The ``with`` and ``autoescape`` tags are now built-in.
- Added the new ``select_autoescape`` function which helps configuring
better autoescaping easier.
- Fixed a runtime error in the sandbox when attributes of async
generators were accessed.

-------------

Released 2016-12-29

- Fixed the ``for_qs`` flag for ``urlencode``.
- Fixed regression when applying ``int`` to non-string values.
- SECURITY: if the sandbox mode is used format expressions are now
sandboxed with the same rules as in Jinja. This solves various
information leakage problems that can occur with format strings.

-----------

Released 2015-07-26, codename Replacement

- Added ``target`` parameter to urlize function.
- Added support for ``followsymlinks`` to the file system loader.
- The truncate filter now counts the length.
- Added equalto filter that helps with select filters.
- Changed cache keys to use absolute file names if available instead
of load names.
- Fixed loop length calculation for some iterators.
- Changed how Jinja enforces strings to be native strings in Python 2
to work when people break their default encoding.
- Added ``make_logging_undefined`` which returns an undefined
object that logs failures into a logger.
- If unmarshalling of cached data fails the template will be reloaded
now.
- Implemented a block ``set`` tag.
- Default cache size was increased to 400 from a low 50.
- Fixed ``is number`` test to accept long integers in all Python
versions.
- Changed ``is number`` to accept Decimal as a number.
- Added a check for default arguments followed by non-default
arguments. This change makes ``{% macro m(x, y=1, z) %}`` a syntax
error. The previous behavior for this code was broken anyway
(resulting in the default value being applied to ``y``).
- Add ability to use custom subclasses of
``jinja2.compiler.CodeGenerator`` and ``jinja2.runtime.Context`` by
adding two new attributes to the environment
(``code_generator_class`` and ``context_class``). :pr:`404`
- Added support for context/environment/evalctx decorator functions on
the finalize callback of the environment.
- Escape query strings for urlencode properly. Previously slashes were
not escaped in that place.
- Add 'base' parameter to 'int' filter.

-------------

Released 2014-06-06

- Security issue: Corrected the security fix for the cache folder.
This fix was provided by RedHat.

-------------

Released 2014-01-10

- Prefix loader was not forwarding the locals properly to inner
loaders. This is now fixed.
- Security issue: Changed the default folder for the filesystem cache
to be user specific and read and write protected on UNIX systems.
See `Debian bug 734747`_ for more information.

.. _Debian bug 734747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747