Breaking changes
- Upgraded to Cornice 2.0 (#790)
Protocol
- Add support for JSON-Patch (RFC 6902).
- Add support for JSON-Merge (RFC 7396).
- Added a principals list to
helloview when authenticated. - Added details attribute to 404 errors. (#818)
Protocol is now at version 1.12. See API changelog.
New features
- Added a new built-in plugin
kinto.plugins.adminto serve the kinto admin. - Added a new
parse_resourceutility tokinto.core.utils
Bug fixes
- Fixed showing of backend type twice in StatsD backend keys (fixes #857)
- Fix crash when querystring parameter contains null string (fixes #882)
- Fix crash when redirection path contains CRLF character (fixes #887)
- Fix response status for OPTION request on version redirection (fixes #852)
- Fix crash in PostgreSQL backend when specified bound permissions is empty (fixes #906)
- Permissions endpoint now exposes the user permissions defined in settings (fixes #909)
- Fix bug when two subfields are selected in partial responses (fixes #920)
- Fix crash in permission endpoint when merging permissions from settings and from
permissions backend (fixes #926) - Fix crash in authorization policy when object ids contain unicode (fixes #931)
Internal changes
- Resource
mappingattribute is now deprecated, useschemainstead (#790) - Clarify implicit permissions when allowed to create child objects (#884)
- Upgrade built-in
adminplugin to Kinto Admin 1.5.0 - Do not bump timestamps in PostgreSQL storage backend when non-data columns
are modified. - Add some specifications for the permissions endpoint with regards to inherited
permissions - Add deletion of multiple groups in API docs (#928)
Thanks to all contributors, with a special big-up for @gabisurita!