**API**
- Added the ``GET /contribute.json`` endpoint for open-source information (fixes 607)
- Allow record IDs to be any string instead of just UUIDs (fixes 655).
API is now at version **1.7**. See `API changelog <http://kinto.readthedocs.io/en/latest/api/>`_.
**New features**
- Major version update. Merged cliquet into kinto.core. This is
intended to simplify the experience of people who are new to Kinto.
Addresses 687.
- Removed ``initialize_cliquet()``, which has been deprecated for a while.
- Removed ``cliquet_protocol_version``. Kinto already defines
incompatible API variations as part of its URL format (e.g. ``/v0``,
``/v1``). Services based on kinto.core are free to use
``http_api_version`` to indicate any additional changes to their
APIs.
- Simplify settings code. Previously, ``public_settings`` could be
prefixed with a project name, which would be reflected in the output
of the ``hello`` view. However, this was never part of the API
specification, and was meant to be solely a backwards-compatibility
hack for first-generation Kinto clients. Kinto public settings
should always be exposed unprefixed. Applications developed against
kinto.core can continue using these names even after they transition
clients to the new implementation of their service.
- ``kinto start`` now accepts a ``--port`` option to specify which port to listen to.
**Important**: Because of a limitation in [Pyramid tooling](http://stackoverflow.com/a/21228232/147077),
it won't work if the port is hard-coded in your existing ``.ini`` file. Replace
it by ``%(http_port)s`` or regenerate a new configuration file with ``kinto init``.
- Add support for ``pool_timeout`` option in Redis backend (fixes 620)
- Add new setting ``kinto.heartbeat_timeout_seconds`` to control the maximum duration
of the heartbeat endpoint (fixes 601)
**Bug fixes**
- Fix internal storage filtering when an empty list of values is provided.
- Authenticated users are now allowed to obtain an empty list of buckets on
``GET /buckets`` even if no bucket is readable (454)
- Fix enabling flush enpoint with ``KINTO_FLUSH_ENDPOINT_ENABLED`` environment variable (fixes 588)
- Fix reading settings for events listeners from environment variables (fixes 515)
- Fix principal added to ``write`` permission when a publicly writable object
is created/edited (fixes 645)
- Prevent client to cache and validate authenticated requests (fixes 635)
- Fix bug that prevented startup if old Cliquet configuration values
were still around (633)
- Fix crash when a cache expires setting is set for a specific bucket or collection. (597)
- Mark old cliquet backend settings as deprecated (but continue to support them). (596)
- Add an explicit message when the server is configured as read-only and the
collection timestamp fails to be saved (ref Kinto/kinto558)
- Prevent the browser to cache server responses between two sessions. (593)
- Redirects version prefix to hello page when trailing_slash_redirect is enabled. (700)
- Fix crash when setting empty permission list with PostgreSQL permission backend (fixes Kinto/kinto575)
- Fix crash when type of values in querystring for exclude/include is wrong (fixes Kinto/kinto587)
- Fix crash when providing duplicated principals in permissions with PostgreSQL permission backend (fixes 702)
- Add ``app.wsgi`` to the manifest file. This helps address Kinto/kinto543.
- Fix loss of data attributes when permissions are replaced with ``PUT`` (fixes Kinto/kinto601)
- Fix 400 response when posting data with ``id: "default"`` in default bucket.
- Fix 500 on heartbeat endpoint when a check does not follow the specs and raises instead of
returning false.
Kinto-attachment
----------------