Released: February 8, 2019
[bug] [ext] Implemented a more comprehensive assignment operation (e.g. "bulk replace")
when using association proxy with sets or dictionaries. Fixes the problem
of redundant proxy objects being created to replace the old ones, which
leads to excessive events and SQL and in the case of unique constraints
will cause the flush to fail.
[bug] [postgresql] Fixed issue where using an uppercase name for an index type (e.g. GIST,
BTREE, etc. ) or an EXCLUDE constraint would treat it as an identifier to
be quoted, rather than rendering it as is. The new behavior converts these
types to lowercase and ensures they contain only valid SQL characters.
[bug] [orm] Improved the behavior of
orm.with_polymorphic()in conjunction with
loader options, in particular wildcard operations as well as
orm.load_only(). The polymorphic object will be more accurately
targeted so that column-level options on the entity will correctly take
effect.The issue is a continuation of the same kinds of things fixed in
[bug] [sql] Fully removed the behavior of strings passed directly as components of a
Queryobject being coerced to
constructs automatically; the warning that has been emitted is now an
ArgumentError or in the case of order_by() / group_by() a CompileError.
This has emitted a warning since version 1.0 however its presence continues
to create concerns for the potential of mis-use of this behavior.
Note that public CVEs have been posted for order_by() / group_by() which
are resolved by this commit: CVE-2019-7164 CVE-2019-7548
[bug] [sql] Quoting is applied to
Functionnames, those which are usually but
not necessarily generated from the
sql.funcconstruct, at compile
time if they contain illegal characters, such as spaces or punctuation. The
names are as before treated as case insensitive however, meaning if the
names contain uppercase or mixed case characters, that alone does not
trigger quoting. The case insensitivity is currently maintained for
[bug] [sql] Added "SQL phrase validation" to key DDL phrases that are accepted as plain
ForeignKeyConstraint.initially, for areas where a series of SQL
keywords only are expected.Any non-space characters that suggest the phrase
would need to be quoted will raise a
CompileError. This change
is related to the series of changes committed as part of #4481.
[bug] [declarative] [orm] Added some helper exceptions that invoke when a mapping based on
AutoMapis used before the mapping is ready to be used, which
contain descriptive information on the class, rather than falling through
into other failure modes that are less informative.
[change] [tests] The test system has removed support for Nose, which is unmaintained for
several years and is producing warnings under Python 3. The test suite is
currently standardized on Pytest. Pull request courtesy Parth Shandilya.