Kinto

------------------

**Breaking changes**

- The flush endpoint is now a built-in plugin at ``kinto.plugins.flush`` and
should be enabled using the ``includes`` section of the configuration file.
``KINTO_FLUSH_ENDPOINT_ENABLED`` environment variable is no longer supported. (1147)
- Settings with ``cliquet.`` prefix are not supported anymore.
- Logging configuration now relies on standard Python logging module (1150)

Before:

.. code-block:: ini

kinto.logging_renderer = kinto.core.logs.ClassicLogRenderer

Now:

.. code-block:: ini

[handler_console]
...
formatter = color

[formatters]
keys = color

[formatter_color]
class = logging_color_formatter.ColorFormatter

- Forbid storing bytes in the cache backend. (1143)
- ``kinto.core.api`` was renamed to ``kinto.core.openapi`` (1145)
- Logging extra information on message must be done using the ``extra`` keyword
(eg. ``logger.info('msg', extra={a=1})`` instead of ``logger.info('msg', a=1)``)
(1110, 1150)
- Cache entries must now always have a TTL. The ``ttl`` parameter of ``cache.set()``
is now mandatory (fixes 960).
- ``get_app_settings()`` from ``kinto.core.testing.BaseWebTest`` is now a
class method (1144)

**Protocol**

- Groups can now be created with a simple ``PUT`` (fixes 793)
- Batch requests now raise ``400`` on unknown attributes (1163).

Protocol is now at version **1.16**. See `API changelog`_.

**New features**

- Enforce the permission endpoint when the admin plugin is included (fixes 1059)
- Access control failures are logged with WARN level (fixes 1074)
- Added an experimental Accounts API which allow users to sign-up
modify their password or delete their account (fixes 795)

**Bug fixes**

- Fix Memory backend sometimes show empty permissions (1045)
- Allow to create default bucket with a PUT request and an empty body (fixes 1080)
- Fix PostgreSQL backend when excluding a list of numeric values (fixes 1093)
- Fix ``ignore_conflict`` storage backend create method parameter to
keep the existing rather than overriding it. (1134)
- Fix impacted records of events generated by implicit creation in default
bucket (1137)
- Removed Structlog binding and bottlenecks (fixes 603)
- Fixed Swagger output with subpath and regex in pyramid routes (fixes 1180)
- Fixed Postgresql errors when specifying empty values in querystring numeric filters. (fixes 1194)
- Return a 400 Bad Request instead of crashing when the querystring contains bad characters. (fixes 1195)
- Fix PostgreSQL backend from deleting records of the same name in
other buckets and collections when deleting a bucket. (fixes 1209)
- Fix race conditions on deletions with upsert in PostgreSQL ``storage.update()`` (fixes 1202)
- Fix PostgreSQL backend race condition when replacing permissions of an object (fixes 1210)
- Fix crash when deleting multiple buckets with quotas plugin enabled (fixes 1201)

**Internal changes**

- Do not keep the whole Kinto Admin bundle in the repo (fixes 1012)
- Remove the email example from the custom code event listener tutorial (fixes 420)
- Removed useless logging info from resource (ref 603)
- Make sure prefixed userid is always first in principals
- Run functional tests on PostgreSQL
- Fix tests with Pyramid 1.9a
- Removed useless deletions in quota plugin
- Upgraded the kinto-admin to version 1.13.2

------------------

**Breaking changes**

- Remove Python 2.7 support and upgrade to Python 3.5. (1050)
- Upgraded minimal PostgreSQL support to PostgreSQL 9.5 (1056)
- The ``--ini`` parameter is now after the subcommand name (1095)

**Protocol**

- Fixed ``If-Match`` behavior to match the RFC 2616 specification (1102).
- A ``409 Conflict`` error response is now returned when some backend integrity
constraint is violated (instead of ``503``) (ref 602)

Protocol is now at version **1.15**. See `API changelog`_.

**Bug fixes**

- Prevent injections in the PostgreSQL permission backend (1061)
- Fix crash on ``If-Match: *`` (1064)
- Handle Integer overflow in querystring parameters. (1076)
- Flush endpoint now returns an empty JSON object instad of an HTML page (1098)
- Fix nested sorting key breaks pagination token. (1116)
- Remove ``deleted`` field from ``PUT`` requests over tombstones. (1115)
- Fix crash when preconditions are used on the permission endpoint (fixes 1066)
- Fixed resource timestamp upsert in PostgreSQL backend (1125)
- Fix pserve argument ordering with Pyramid 1.8 (1095)

**Internal changes**

- Update the upsert query to use an INSERT or UPDATE on CONFLICT behavior (fixes 1055)
- Remove pypy supports. (1049)
- Permission schema children fields are now set during initialization instead of on
deserialization (1046).
- Request schemas (including validation and deserialization) are now isolated by method
and endpoint type (1047).
- Move generic API schemas (e.g TimeStamps and HeaderFields) from `kinto.core.resource.schema`
to a sepate file on `kinto.core.schema`. (1054)
- Upgraded the kinto-admin to version 1.10.0 (1086, 1128)
- Upgrade to Pyramid 1.8 (1087)
- Replace old loadtests with functional tests (1085)
- Use `Cornice Swagger <https://github.com/Cornices/cornice.ext.swagger>`_ rather than
merging YAML files to generate the OpenAPI spec.
- Gracefully handle ``UnicityError`` with the ``default_bucket`` plugin and
the PostgreSQL backend using PostgreSQL 9.5+ ``ON CONFLICT`` clause. (1122)

------------------

**Bug fixes**

- Retries to set value in PostgreSQL cache backend in case of BackendError (fixes 1052)

------------------

**Bug fixes**

- Retries to set value in PostgreSQL cache backend in case of IntegrityError (fixes 1035)

**Internal changes**

- Remove JSON Patch content-type from accepted types on the viewset, since it is handled
in a separate view (1031).
- Upgraded to Kinto-Admin 1.8.1
- Configure the Kinto Admin auth methods from the server configuration (1042)

------------------

**Bug fixes**

- Fix crash with batch endpoint when list of requests contains trailing comma (fixes 1024)

**Internal changes**

- Cache backend transactions are not bound to the request/response cycle anymore (fixes 879)
- Quick mention of PostgreSQL commands to run tests locally in contributing docs.
- Use YAML ``safe_load`` for the swagger file. (1022)
- Request headers and querystrings are now validated using cornice schemas (873).
- JSON Patch format is now validated using cornice (880).
- Upgraded to Kinto-Admin 1.8.0

------------------

**Protocol**

- Add an `OpenAPI specification <https://kinto.readthedocs.io/en/latest/api/1.x/openapi.html>`_
for the HTTP API on ``/__api__`` (997)

Protocol is now at version **1.14**. See `API changelog`_.

**New features**

- When admin is enabled, ``/v1/admin`` does not return ``404`` anymore, but now redirects to
``/v1/admin/`` (with trailing slash).

**Bug fixes**

- Add missing ``Total-Records`` field on ``DELETE`` header with plural endpoints (fixes 1000)

**Internal changes**

- Changed default listening address from 0.0.0.0 to 127.0.0.1 (949, thanks PeriGK)
- Upgrade to Kinto-Admin 1.7.0