Skip to content

Latest commit

 

History

History
373 lines (287 loc) · 12.2 KB

CHANGES.rst

File metadata and controls

373 lines (287 loc) · 12.2 KB
Raw

Changelog

1.2.7 (2019-01-31)

  • FIX: bcrypt is now properly installed in the Docker image, and our automated tests now do a better job of making sure authentication and uploads work as expected in Docker (thanks @ronneke1996, #239; also thanks @kellycampbell, #235 for an alternate approach that wound up being unused but is still appreciated!)

1.2.6 (2019-01-26)

  • SEC: mitigate potential CRLF injection attacks from malicious URLs (thanks @samwcyo, #237)

1.2.5 (2018-11-11)

  • FIX: bcrypt is now installed into the Docker image, which allows passlib to work like it should (thanks @Diftraku, #224)
  • MAINT: integration tests with twine have been updated to use the command-line interface rather than the internal API, which should make them more resilient over time (#226)

1.2.4 (2018-08-06)

  • FIX: the command to download new versions of available packages now works with pip >= 10.0 (thanks @elboerto, #215)

1.2.3 (2018-08-04)

  • MAINT: Remove broken downloads badge (thanks @hugovk, #209)
  • ENH: Improved Dockerfile and docker-compose example, docs for using the docker image, automatic docker builds

1.2.2 (2018-06-12)

  • FIX: update fallback URL to https://pypi.org/simple since pypi.python.org has shut down
  • FIX: updated tests to use Popen rather than pip.main() given its removal in pip version 10.0
  • DOC: scrubbed docs of links to pypi.python.org
  • DEPRECATION: Drop support for Python 3.3 (thanks @hugovk, #198)

1.2.1 (2017-11-29)

  • FIX propagation of certain pypiserver settings via a paste.ini config file (thanks @luismsgomes, #156)
  • FIX update default fallback URL to be https for compliance with PyPI (thanks @uSpike, #182)
  • FIX resolved a regression preventing spinning up multiple pypiservers via a paste config (thanks @bertjwregeer, #173)
  • FIX cmdline parsing of stray comparison consuming many flags (e.g. --help), and docs about auther
    • (thanks to @sakurai-youhei, #162).
  • Travis CI testing for Python 3.6 and pypy3 (#183)
  • Several documentation improvements (thanks @tescalada, #166, #161, #172 and @axnsan12, #190)

1.2.0 (2016-06-25)

"Brexit": Normalize and stop legacy support.

  • Less rigorous support for python-2 < 2.7 and python-3 < 3.3.
  • Package normalizations and 503 updates:
    • Package names are normalized: convert all characters to lower-case and replace any of [-_.] with a dash('-').
    • The simple index only lists normalized package names.
    • Any request for a non-normalized package name is redirected to the normalized name.
    • URLs are redirected unless they end in '/' (expect packages themselves).
    • (thanks to @dpkp, #38, #139, #140)
  • Added pip search support.
    • (thanks to @blade2005, #80, #114)
  • FIX startup regressions for other WSGI-servers, introduced by previous v1.1.10.
    • (thanks to @virtuald, @Oneplus, @michaelkuty, @harcher81, @8u1a, #117, #122, #124/#127/#128)
  • FIX over-writing of packages even when without --overwrite flag.
    • (thanks to @blade2005, #113)
  • Fixes for paste, gunicorn and other WSGI servers.
    • (thanks to @corywright, @virtuald, @montefra, #112, #118, #119)
  • Updates and fixes needed due to changes in dependent libraries.
    • (thanks @dpkp, #120/#121, #129, #141/#142)
  • Add cache for speeding up GPG signatures.
    • sthanks to @virtuald, #116)
  • Other minor fixes and improvements.
    • (thanks to @bibby, @Oneplus, @8u1a, #129, #131)
  • TravisCI-test against python-3.5.
    • (#107, #108, #110)
  • docs:
    • Provide samples for Automated Startup (systemd & hypervisor). (thanks to @ssbarnea, #137, #146)
    • Add usage instructions for related project pypi-uploader. (thanks to @ssbarnea & @bibby, #147)
    • doc: Provide sample-code to authenticate using /etc/passwds file via pam modules in Unix.
      • (thanks to @blade2005, #149, #151-#153)
    • Improved API usage instructions.
    • Detailed changes recorded in Github's milestone 1.2.0.

1.1.10 (2016-01-19)

Serve 1000s of packages, PGP-Sigs, skip versions starting with 'v'.

  • #101: Speed-up server by (optionally) using the watchdog package to cache results, serve packages directly from proxying-server (Apache , nginx), and pre-compile regexes (thanks @virtuald).
  • #106: Support uploading PGP-signatures (thanks @mplanchard).
  • Package-versions parsing modifications:
    • #104: Stopped parsing invalid package-versions prefixed with v; they are invalid according to PEP 0440 (thanks @virtuald & @stevejefferiesIDBS).
    • Support versions with epochs separated by ! like package-1!1.1.0.
    • #102: FIX regression on uploading packages with + char in their version caused by recent bottle-upgrade.
  • #103: Minor doc fixes (thanks @MichaelSchneeberger).

1.1.9 (2015-12-21)

"Ssss-elections" bug-fix & maintenance release.

  • Upgrade bottle 1.11.6-->1.13-dev.
    • Fixes MAX_PARAM limiting dependencies(#82)
  • Rework main startup and standalone:
    • New standalone generation based on ZIPed wheel archive.
    • Replace all sys.module mechanics with relative imports.
    • Fix gevent monkeypatching (#49).
    • Simplify definition of config-options on startup.
    • TODO: Move startup-options validations out of main() and into pypiserver.core package, to validate also start-up from API-clients.
  • #53: Like PyPI, HREF-links now contain package's md5-hashes in their fragment. Add --hash_algo cmd-line option to turn-off or specify other hashlib message-digest algorithms (e.g. sha256 is a safer choice, set it to off to avoid any performance penalty if hosting a lot of packages).
  • #97: Add --auther non cmd-line startup-option to allow for alternative authentication methods (non HtPasswdFile-based one) to be defined by API-clients (thanks @Tythos).
  • #91: Attempt to fix register http failures (thanks to @Tythos and @petri).
    • Test actual clients (ie pip, Twine, setuptools).
    • Test spurious setuptools failures.
    • NOT FIXED! Still getting spurious failures.
  • Various other fixes:
    • #96: Fix program's requirement (i.e. add passlib as extra-requirement). provide requirements files also for developers.
    • logging: Send also bottle _stderr to logger; fix logger names.
    • #95: Add missing loop-terminators in bottle-templates (thanks to @bmflynn).

1.1.8 (2015-09-15)

"Finikounda" release.

  • Allow un-authenticated uploads (no htpasswd file) (#55).
  • Fixes on package-name handling (#85 and #88, #89).
  • Respect logging cmd-line options (#81).
  • Add TCs for standalone script and other build-issues (#92)
  • See milestone:M1.1.8 on github for all fixes included.

1.1.7 (2015-03-8)

1st release under cooperative ownership:

  • #65, #66: Improve Auth for private repos by supporting i password protected package listings and downloads, in addition to uploads (use the -a, --authenticate option to specify which to protect).
  • #67: Add cache-control http-header, reqed by pip.
  • #56, #70: Ignore non-packages when serving.
  • #58, #62: Log all http-requests.
  • #61: Possible to change welcome-msg.
  • #77, #78: Avoid XSS by generating web-content with SimpleTemplate instead of python's string-substs.
  • #38, #79: Instruct to use --extra-index-url for misspelled dependencies to work, reorganize README instructions.

1.1.6 (2014-03-05)

  • remove --index-url cli parameter introduced in 1.1.5

1.1.5 (2014-01-20)

  • only list devpi-server and proxypypi as alternatives
  • fix wheel file handling for certain wheels
  • serve wheel files as application/octet-stream
  • make pypiserver executable from wheel file
  • build universal wheel
  • remove scripts subdirectory
  • add --index-url cli parameter

1.1.4 (2014-01-03)

1.1.3 (2013-07-22)

  • make guessing of package name and version more robust

1.1.2 (2013-06-22)

  • fix "pypi-server -U" stable/unstable detection, i.e. do not accidentally update to unstable packages

1.1.1 (2013-05-29)

  • add 'overwrite' option to allow overwriting existing package files (default: false)
  • show names with hyphens instead of underscores on the "/simple" listing
  • make the standalone version work with jython 2.5.3
  • upgrade waitress to 0.8.5 in the standalone version
  • workaround broken xmlrpc api on pypi.python.org by using HTTPS

1.1.0 (2013-02-14)

  • implement multi-root support (one can now specify multiple package roots)
  • normalize pkgnames, handle underscore like minus
  • sort files by their version, not alphabetically
  • upgrade embedded bottle to 0.11.6
  • upgrade waitress to 0.8.2 in the standalone script
  • merge vsajip's support for verify, doc_upload and remove_pkg

1.0.1 (2013-01-03)

  • make 'pypi-server -Ux' work on windows ('module' object has no attribute 'spawnlp', pypiserver#26)
  • use absolute paths in hrefs for root view (pypiserver#25)
  • add description of uploads to the documentation
  • make the test suite work on python 3
  • make pypi-server-standalone work with python 2.5

1.0.0 (2012-10-26)

  • add passlib and waitress to pypi-server-standalone
  • upgrade bottle to 0.11.3
  • Update scripts/opensuse/pypiserver.init
  • Refuse to re upload existing file
  • Add 'console_scripts' section to 'entry_points', so 'pypi-server.exe' will be created on Windows.
  • paste_app_factory now use the the password_file option to create the app. Without this the package upload was not working.
  • Add --fallback-url argument to pypi-server script to make it configurable.

0.6.1 (2012-08-07)

  • make 'python setup.py register' work
  • added init scripts to start pypiserver on ubuntu/opensuse

0.6.0 (2012-06-14)

  • make pypiserver work with pip on windows
  • add support for password protected uploads
  • make pypiserver work with non-root paths
  • make pypiserver 'paste compatible'
  • allow to serve multiple package directories using paste

0.5.2 (2012-03-27)

  • provide a way to get the WSGI app
  • improved package name and version guessing
  • use case insensitive matching when removing archive suffixes
  • fix pytz issue #6

0.5.1 (2012-02-23)

  • make 'pypi-server -U' compatible with pip 1.1

0.5.0 (2011-12-05)

  • make setup.py install without calling 2to3 by changing source code to be compatible with both python 2 and python 3. We now ship a slightly patched version of bottle. The upcoming bottle 0.11 also contains these changes.
  • make the single-file pypi-server-standalone.py work with python 3

0.4.1 (2011-11-23)

  • upgrade bottle to 0.9.7, fixes possible installation issues with python 3
  • remove dependency on pkg_resources module when running 'pypi-server -U'

0.4.0 (2011-11-19)

  • add functionality to manage package updates
  • updated documentation
  • python 3 support has been added

0.3.0 (2011-10-07)

  • pypiserver now scans the given root directory and it's subdirectories recursively for packages. Files and directories starting with a dot are now being ignored.
  • /favicon.ico now returns a "404 Not Found" error
  • pypiserver now contains some unit tests to be run with tox

0.2.0 (2011-08-09)

  • better matching of package names (i.e. don't install package if only a prefix matches)
  • redirect to the real pypi.python.org server if a package is not found.
  • add some documentation about configuring easy_install/pip

0.1.3 (2011-08-01)

  • provide single file script pypi-server-standalone.py
  • better documentation

0.1.2 (2011-08-01)

  • prefix comparison is now case insensitive
  • added usage message
  • show minimal information for root url

0.1.1 (2011-07-29)

  • don't require external dependencies

0.1.0 (2011-07-29)

  • initial release