Kinto-dist

**Bug fixes**

- Upgrade to kinto-admin v1.19.2

kinto-admin
-----------

**API**

- JSON schemas can now be defined in the bucket metadata and will apply to every
underlying collection, group or record (Kinto/kinto1555)

**Bug fixes**

- Fixed bug where unresolved JSON pointers would crash server (Kinto/kinto1685)

**New features**

- Kinto Admin plugin now supports OpenID Connect
- Limit network requests to current domain in Kinto Admin using `Content-Security Policies <https://hacks.mozilla.org/2016/02/implementing-content-security-policy/>`_
- Prompt for cache backend type in ``kinto init`` (Kinto/kinto1653)
- kinto.core.utils now has new features ``route_path_registry`` and
``instance_uri_registry``, suitable for use when you don't
necessarily have a ``request`` object around. The existing functions
will remain in place.
- openid plugin will carry ``prompt=none`` querystring parameter if appended
to authorize endpoint.

kinto-admin
-----------

**API**

- Batch endpoint now checks for and aborts any parent request if subrequest encounters ``409 Conflict`` constraint violation (Kinto/kinto1569)

**Bug fixes**

- Fix a bug where you could not reach the last records via ``Next-Header`` when deleting with pagination (Kinto/kinto1170)
- Slight optimizations on the ``get_all()`` query in the Postgres
storage backend which should make it faster for result sets that
have a lot of records (Kinto/kinto1622). This is the first change meant to
address Kinto/kinto1507, though more can still be done.
- Fix a bug where the batch route accepted all content-types (Kinto/kinto1529)


kinto-admin
-----------

==================

- Change CircleCI container in an attempt to successfully build a release.

**API**

- Introduce ``contains`` and ``contains_any`` filter operators (Kinto/kinto343).

API is now at version **1.19**. See `API changelog`_.

**Breaking changes**

- The storage class now exposes ``bump_timestamp()`` and ``bump_and_store_timestamp()`` methods
so that memory based storage backends can use them. (Kinto/kinto1596)

**Documentation**

- Version number is taken from package in order to ease release process (Kinto/kinto1594)
- Copyright year is now dynamic (Kinto/kinto1595)


kinto-admin
-----------

**Security fix**

- Since Kinto 8.2.0 the `account` plugin had a security flaw where the password wasn't verified during the session duration.
It now validates the account user password even when the session is cached (Kinto/kinto1583).