1. Mariano Mara
  2. BeakerIssue31


BeakerIssue31 / CHANGELOG

Beaker Changelog

0.9.4 (4/13/2008)
* Adding 'google' backend datastore, available by specifying 'google' as the
  cache/session type. Note that this takes an optional table_name used to name
  the model class used.
* SECURITY BUG: Fixed security issue with Beaker not properly removing
  directory escaping characters from the session ID when un-signed sessions
  are used. Reported with patch by Felix Schwarz.
* Fixed bug with Beaker not playing well with Registry when its placed above
  it in the stack. Thanks Wichert Akkerman.

0.9.3 (2/28/2008)
* Adding 'id' to cookie-based sessions for better compatibility.
* Fixed error with exception still raised for PyCrypto missing.
* WARNING: Session middleware no longer catches Paste HTTP Exceptions, apps
  are now expected to capture and handle Paste HTTP Exceptions themselves.
* Fixed Python 2.4 compatibility bug in hmac.
* Fixed key lookup bug on cache object to only use the settings for the key
  lookup. Found by Andrew Stromnov.

0.9.2 (2/13/2008)
* Added option to make Beaker use a secure cookie.
* Removed CTRCipher as pycryptopp doesn't need it.
* Changed AES to use 256 bit.
* Fixed signing code to use hmac with sha for better signing security.
* Fixed memcached code to use delete_multi on clearing the keys for efficiency
  and updated key retrieval to properly store and retrieve None values.
* Removing cookie.py and signed cookie middleware, as the environ_key option
  for session middleware provides a close enough setting.
* Added option to use just cookie-based sessions without requiring
* Switched encryption requirement from PyCrypto to pycryptopp which uses a 
  proper AES in Counter Mode.

0.9.1 (2/4/2008)
* Fixed bug in middleware using module that wasn't imported.

0.9 (12/17/07)
* Fixed bug in memcached replace to actually replace spaces properly.
* Fixed md5 cookie signature to use SHA-1 when available.
* Updated cookie-based session storage to use 256-bit AES-CTR mode with a
  SHA-1 HMAC signature. Now requires PyCrypto to use for AES scheme.
* WARNING: Moved session and cache middleware to middleware, as per the old
  deprecation warnings had said was going to happen for 0.8.
* Added cookie-only session storage with RC4 ciphered encryption, requires 
  Python 2.4.
* Add the ability to specify the cookie's domain for sessions.

0.8.1 (11/15/07)
* Fixed bug in database.py not properly handling missing sqlalchemy library.

0.8 (10/17/07)
* Fixed bug in prior db update causing session to occasionally not be written
  back to the db.
* Fixed memcached key error with keys containing spaces. Thanks Jim Musil.
* WARNING: Major change to ext:database to use a single row per namespace.
  Additionally, there's an accessed and created column present to support 
  easier deletion of old cache/session data. You *will* need to drop any
  existing tables being used by the ext:database backend.
* Streamline ext:database backend to avoid unnecessary database selects for
  repeat data.
* Added SQLAlchemy 0.4 support to ext:database backend.

0.7.5 (08/18/07)
* Fixed data_dir parsing for session string coercions, no longer picks up None
  as a data_dir.
* Fixed session.get_by_id to lookup recently saved sessions properly, also
  updates session with creation/access time upon save.
* Add unit tests for get_by_id function. Updated get_by_id to not result in
  additional session files.
* Added session.get_by_id function to retrieve a session of the given id.

0.7.4 (07/09/07)
* Fixed issue with Beaker not properly handling arguments as Pylons may pass
  them in.
* Fixed unit test to catch file removal exception.
* Fixed another bug in synchronization, this one involving reentrant
  conditions with file synchronization
* If a file open fails due to pickling errors, locks just opened
  are released unconditionally

0.7.3 (06/08/07)
* Beaker was not properly parsing input options to session middleware. Thanks
  to Yannick Gingras and Timothy S for spotting the issue.
* Changed session to only send the cookie header if its a new session and
  save() was called. Also only creates the session file under these 

0.7.2 (05/19/07)
* Added deprecation warning for middleware move, relocated middleware to cache
  and session modules for backwards compatibility.

0.7.1 05/18/07)
* adjusted synchronization logic to account for Mako/new Cache object's 
  multithreaded usage of Container.

0.7 (05/18/07)
* WARNING: Cleaned up Cache object based on Mako cache object, this changes
  the call interface slightly for creating a Cache object directly. The
  middleware cache object is unaffected from an end-user view. This change
  also avoids duplicate creations of Cache objects.
* Adding database backend and unit tests.
* Added memcached test, fixed memcached namespace arg passing.
* Fixed session and cache tests, still failing syncdict test. Added doctests
  for Cache and Session middleware.
* Cleanup of container/cache/container_test
* Namespaces no longer require a context, removed NamespaceContext?
* Logging in container.py uses logging module
* Cleanup of argument passing, use name **kwargs instead of **params for 
  generic kwargs
* Container classes contain a static create_namespace() method, namespaces are 
  accessed from the ContainerContext? via string name + container class alone
* Implemented (but not yet tested) clear() method on Cache, locates all 
  Namespaces used thus far and clears each one based on its keys() collection
* Fixed Cache.clear() method to actually clear the Cache namespace.
* Updated memcached backend to split servers on ';' for multiple memcached
* Merging MyghtyUtils code into Beaker.

0.6.3 (03/18/2007)
* Added api with customized Session that doesn't require a Myghty request 
  object, just a dict. Updated session to use the new version.
* Removing unicode keys as some dbm backends can't handle unicode keys.
* Adding core files that should've been here.
* More stringent checking for existence of a session.
* Avoid recreating the session object when it's empty.