3.32.rst 5.68 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
3.32.6 (2021-09-24)
===================
👷 Bug fixes
-----------

- don’t escape value in navigation components (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/389)
- views: remove unneeded xml_escape for primary titles
- setup: keep rdflib-jsonld at version < 0.6.0
- setup: limit setuptools version to avoid issue with 2to3

11
12
13
14
15
16
3.32.5 (2021-09-14)
===================

- upgrade rdflib-jsonld version to keep compatibility with setupools
  58 and above

17
18
19
20
21
22
23
3.32.4 (2021-09-02)
===================
👷 Bug fixes
-----------

- do not use localhost.local has test domain, but keep the one already defined

24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
3.32.3 (2021-08-31)
===================
🎉 New features
--------------

- migration: add a migration script to warn about incompatibility of cwtags. (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/367)

👷 Bug fixes
-----------

- bringing back CubicWebServerTC and porting it to pyramid
- fix bad escaped values in web views
- pkg: since we added csrf mecanism, we need pyramid >= 1.9
- test_newcube were broken because we removed cubicweb-*.spec file but didn't updated the tests

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
3.32.2 (2021-07-30)
===================
🎉 New features
--------------

- use open-source/gitlab-ci-templates in cube skeleton

👷 Bug fixes
-----------

- add default value for params argument of PyramidCWTest.webapp.post (#350)
- csrf: give CSRF token when using /ajax route
- empty identification cookie on webapp.reset()
- remove *.spec from skeleton
- views: Fix reledit errors when trying modify relation with multi subjects

55
56
57
58
59
60
61
62
63
64
65
66
3.32.1 (2021-07-23)
===================
👷 Bug fixes
-----------

- pin rdflib < 6.0.0 to avoid compatibility issues

🤖 Continuous integration
------------------------

- use image from heptapod registry since r.intra was shut down

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
3.32.0 (2021-07-13)
===================

🔐 Security, breaking changes
----------------------------

:file:`self.w` API has been changed to automatically escape arguments used to format the string to mitiage XSS attacks.

This means that instead of writting:

.. code:: python

    self.w("some %s string %s" % (a, b))

You need to write:

.. code:: python

    self.w("some %s string %s", a, b)

And CubicWeb will escapes all arguments given to :file:`self.w` which are :file:`a` and :file:`b` here.

If for a specific reason (for example generating javascript) you don't want to escape the arguments of :file:`self.w` you can use the :file:`escape` kwarg argument of :file:`self.w` like this:

.. code:: python

    self.w("some %s string %s", a, b, escape=False)

This is normally retrocompatible since :file:`self.w` old API with only one argument still works (but you **shouldn't** use it anymore) but if you have been giving a custom function as :file:`self.w` you'll need to adapt the API of this function to match :file:`self.w` new API which is:

.. code:: python

    def w(self, string, *args, **kwargs, escape=False): ...

Also note that :file:`UStringIO.write` function has also been modified to be compatible with :file:`self.w` new API (so if you are using it you won't need to port this code).

A CSRF protection machanism has been integrated in CubicWeb using Pyramid CSRF built in protection. Regarding breaking changes:

- Cubicweb now only works **with pyramid**
- if you are only using cubicweb "web" without ajax and you have been doing advanced modification at the session management level this shouldn't break anything for you
- if you are doing POST/PUT/DELETE... requests using AJAX, you need to adapt you code to send the csrf_token otherwise all you requests will be denied. This is explain in the AJAX seciton of the documentation: :ref:`csrf_protection`

The whole mechanism is explained in the documentation: :ref:`csrf_protection`

🚧 Other breaking changes
------------------------

We decide to stop releasing cubicweb as debian packages. Thanks for all the fishes.

🎉 New features
--------------

- add a component to disable RQL suggestions: :file:`cubicweb.web.views.magicsearch.RQLNoSuggestionsBuilder`

👷 Bug fixes
-----------

- [reledit] display reledit for a relation if some conditions are satisfied ([1] the relation dont have rqlexpr permissions and can be deleted [2] at least one of related entites can be deleted)
- pyramid/predicates: avoid to show an error without a session connection
- be sure db-statement-timeout is not None
- correctly transform cubicweb.web.RemoteCallFailed into pyramid corresponding exceptions, this allow to propagate the correct content type (for example for json exceptions)
- "cubicweb-ctl list" now supports multiple dependencies constraints

🤖 Continuous integration
------------------------

- coverage: gitlab-ci is able to read the coverage report we produce
- disable from-forge for now since we aren't using them
- fix path to coverage-*.xml for non-reports artifacts
- flake8: integrate flake8-gl-codeclimate for QA reports
- integrate junit reports style for tests errors in gitlab
- optimisation: allow to interrupt started jobs that can be replaced
- pytest-html: generate self contained html file for easier test repport browsing
- trigger py3-* jobs on tox.ini/.gitlab-ci.yml/requirements modifications
- use gitlab readthedocs integration

🤷 Various changes
-----------------

- fix error cases when internationalizable is not defined on rdef
- improve docstring in web.views.basecontrollers

📋 Developer experience
--------------------

- using black on the whole project \o/ (thx for hg format-source)
- debug/ux: display traceback of stderr when exception in addition of the html page
- testing: activate debug mode during testing
- ux: display on stdout the requests made to the server like nginx
- ux: display traceback on stderr on request failure
157
- ux: logger.info for selected view by ViewController