Changelog#

4.6.4 (2024-03-13)#

πŸ‘· Bug fixes#

  • session: using unsafe_cnx_context_manager invoke a recursive auth loop

4.6.3 (2024-02-23)#

πŸ‘· Bug fixes#

  • IRQLAdapter: do not fail on a β€˜None’ (or false) result (#1023)

  • prevent crash when trying a rql method on a null entity

4.6.2 (2024-02-20)#

πŸ‘· Bug fixes#

4.6.1 (2024-02-07)#

πŸŽ‰ New features#

  • auth: add an authentication ticket mechanism to ensure cookies invalidation

  • skeleton: add –diff option to black job

  • skeleton: add –show-source option to flake8 command

πŸ‘· Bug fixes#

  • migrations: eschema.object_relations are dictionnaries now

  • rename RelationSchema._subj_schemas/_obj_schemas to RelationSchema._subject_schemas/_object_schemas

  • tests: only datetime with a timezone are accepted now

🀷 Various changes#

  • fix: pin sphinx dependencies versions to be able to build with sphinx 4

4.6.0 (2024-01-23)#

Important: this release fix a security issue where the CSRF token was always set on the url path β€œ/” which could be an issue if the cubicweb instance is installed on a subpath next to others cubicweb instances.

πŸŽ‰ New features#

  • all-in-one: add s3 conf for dbdump

  • db-dump: use –output to upload dump to specific path in s3 bucket

  • db-restore: add s3 option to restore dump from s3 bucket

  • dbdump: add option to push backup to s3

  • uilib: uses functools.wraps on our decorators

πŸ‘· Bug fixes#

  • csrf: set csrf_token cookie on the correct url path

  • test-instance-creation-with-cubicweb_api: add missing X-Client-Name request headers

  • doc: pin sphinx dependencies versions to be able to build with sphinx 4

4.5.2 (2023-12-18)#

πŸ‘· Bug fixes#

  • SMTP: don’t override SMTP import by MockSMTP in testlib

  • testlib: move devtools.testlib.MockSMTP and devtools.testlib.Email

4.5.1 (2023-12-11)#

πŸ‘· Bug fixes#

  • remove a typing import which break compatibility with python 3.7

4.5.0 (2023-12-08)#

πŸŽ‰ New features#

  • display progressbar when importing data

  • minor refactoring to export reverse indicator stuff

πŸ‘· Bug fixes#

4.4.0 (2023-11-29)#

πŸŽ‰ New features#

  • ensure we have the right version of logilab-database

  • req: protect find of injection through limit parameter

πŸ‘· Bug fixes#

  • replace deprecated rtype by relation_type

4.3.0 (2023-11-23)#

πŸŽ‰ New features#

πŸ‘· Bug fixes#

  • content_negociation: if we only want rdf views, don’t catch all mimetypes (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/906)

  • make doc build compatible with sphinx_book_theme version 1.*

  • setup.py: switch to Environment markers for conditionnal installations

  • slapd: back_hdb and back_bdb are deprecated in favor of back_mdp

  • tests: make slapd log its error messages on stdout for debug purpose

  • tests: make tests crash if slapd fails to initialize its database

πŸ“ Documentation#

  • csrf: fix the wrong code for β€œDisable CSRF for a CubicWeb View” chapter

πŸ€– Continuous integration#

  • feat: allow to select what job to launch using labels

  • refactor: make python-logilab:latest the default image

  • skeleton: test web layout

  • typo in bash that could break a condition if a variable is missing

🀷 Various changes#

  • contributing: add CONTRIBUTING.rst file

  • contributing: remove outdated guides

  • contributing: update weekly meeting description

  • cw4: add a missing topic about translations in migration to CW4 documentation (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/840)

  • cw4: add missing part about RecipientFinders in migration documentation (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/804)

  • fix title length to please sphinx

  • paginated_rset has been moved to cubicweb_web

  • remove a file related to a removed module

  • remove reference to a missing image in a documentation we don’t maintain anymore

  • remove reference to a removed file

  • remove reference to an unexisting file

  • sphinx dislike ~ for a subsubsection

  • still build cubicweb.web documentation

  • stuff have been moved to bwcompat

  • view module has been moved to cubicweb_web

  • WARNING: Bullet list ends without a blank line; unexpected unindent.

4.2.0 (2023-07-25)#

πŸŽ‰ New features#

  • CubicWeb is now compatible with python 3.11

  • enable a default session factory in new cubes skeleton pyramid.ini

  • support yams < 1.*, before it was < 0.49.*

4.1.0 (2023-07-05)#

πŸŽ‰ New features#

  • add new option β€œreceives-base-url-path” set to True by default. This option will be used by cubicweb_web 1.1.0 and some other cubes. It indicates CubicWeb to take into account an url path if it’s defined in the base-url option (for example β€œmy-prefix” in base-url = https://my-website.com/my-prefix/) This will remove the need to do url rewriting in nginx/apache or similar tools.

πŸ‘· Bug fixes#

  • config: catch ImportError instead of ModuleNotFoundError

  • tests: automatically add BASE_URL to urls if it’s missing

πŸ“ Documentation#

  • simplify installation doc and move source installation to contributing part

  • fix a lot of sphinx typos in 4.0 changelog

🀷 Various changes#

  • remove windmill tutorial (#746.)

  • update the museum tutorial to use cubicweb 4

4.0.0 (2023-05-09)#

The main idea behind this major release is to transform the CubicWeb library into a headless framework with a convenient API so that every projects can build its own frontend with the technologies of his choice. This is why we decided to remove html generation from CubicWeb. But rest assured, the html views are still provided by the cubicweb-web cube and a CubicWeb 3.x project won’t have to rewrite its whole frontend code. However, they are now considered legacy and they will receive minimal maintenance.

In order for developpers to build their applications, we are in the process of building Typescript toolings to ease the creation of web frontends.

You can follow this guide to migrate from CubicWeb 3.38 to CubicWeb 4.0.

Apart from the extraction of the cubicweb.web module here are some other major changes which landed in this release:

  • a new cubicweb-ctl config command to show the actual configuration of an instance

  • /<eid> and /<entity type>/<eid> routes can return either HTML or RDF depending on the value of the HTTP Accept header. These routes are enabled by default but you can be disabled by editing your pyramid.ini.

  • in RQL satements, NOW and TODAY are now evaluated differently depending on the entity type they represent (Datetime, TZDateTime or Date), leading to more predictible behaviour

Breaking changes#

  • remove all cubicweb_web retrocompatibility

  • content_negociation: use cubicweb.include to include or not rdf/html views

  • autotest: move AutoPopulateTest and AutomaticWebTest to cubicweb_web.devtools.testlib

  • bwcompat: move cubicweb.pyramid.bwcompat to cubicweb_web.bwcompat

  • move cubicweb.ext.rest to cubicweb_web.ext.rest

  • move cubicweb.predicates.paginated_rset to cubicweb_web

  • move cubicweb.pyramid.url_redirections to cubicweb_web

  • move CubicWebPyramidRequest to cubicweb_web

  • move has_cw_permission pyramid predicates to cubicweb_web

  • move ResultSet.limited_rql to cubicweb_web.views.navigation.limited_rql

  • move cubicweb.server.utils.HTMLHead and cubicweb.server.utils.HTMLStream to cubicweb_web.utils

  • move cubicweb/pyramid/test/test_hooks.py to cubicweb_web

  • move test_sanitized_html to cubicweb_web

  • move back WebCreateHandler from cubicweb_web to cubicweb

  • pyramid.ini: remove cubicweb.pyramid.defaults and add specific option for auth and session (see Migration guide)

  • pyramid: include cubicweb.pyramid.core after cubicweb.include from pyramid.ini

  • config: BaseApptestConfiguration now inherits from AllInOneConfiguration) (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/659)

  • config: merge ApptestConfiguration into BaseApptestConfiguration, merge devtools.TestServerConfiguration into devtools.apptest_config.BaseApptestConfiguration, merge server.serverconfig.ServerConfiguration into cwconfig.CubicWebConfiguration, drop devtools.RealDatabaseConfiguration class (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/659)

  • services: remove CubicWebRequestBase from repo_gc_stats

  • testlib: move web related method from devtools.testlib.CubicWebTC to cubicweb_web (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/688)

  • remove all CSRF and login related code from cubicweb.pyramid.test classes

  • remove WebConfiguration from CubicWeb

  • rename cubicweb-ctl pyramid command to cubicweb-ctl start

πŸŽ‰ New features#

πŸ‘· Bug fixes#

  • cwconfig: use importlib_metadata instead of pkg_ressources to parse cubes entry_points

  • devtools: pyramid test app use https, so we need a base url with https

  • hooks: notification objects are not in the β€œviews” registry anymore

  • massive_store: reset self._initialized when we drop cwmassive_initialized

  • pyramid: allows to use None for timeout, max_age and reissue_time options

  • rset: handle rset.possible_actions call when we have no actions registered (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/693)

  • sobjects/notifications: keep RecipientsFinder class and subclass in the components registry for retrocompatibility

  • remove unsage usage of eval and use regular module imports instead

  • fix some deprecation warnings emitted by yams

  • use threading.active_count() instead of deprecated threading.activeCount()

🀷 Various changes#

  • activate pyramid.debug_routematch pyramid option during testing

  • documentation: add a warning regarding cubicweb_web at the beginning of pages about web frontend development

  • documentation: add -j auto option to speed up compilation

  • python 3.10: parameter codeset of cubicweb.cwgettext is deprecated

  • yams.reader 0.48: argument remove_unused_rtypes of callable load has been renamed and is deprecated, use keyword argument remove_unused_relation_types instead

3.38.14 (2024-02-07)#

πŸŽ‰ New features#

  • auth: add an authentication ticket mechanism to ensure cookies invalidation

  • skeleton: add –diff option to black job

  • skeleton: add –show-source option to flake8 command

🀷 Various changes#

  • fix: pin sphinx dependencies versions to be able to build with sphinx 4

3.38.13 (2023-12-21)#

πŸ‘· Bug fixes#

  • import load_module_from_name directly from logilab.common.modutils

πŸ“ Documentation#

  • pyramid.sessions: instructions for using redis for the session are incorrect

3.38.12 (2023-10-31)#

πŸ‘· Bug fixes#

  • modify the csrf_token on disconnection

πŸ“ Documentation#

  • improve book/devrepo/migration

3.38.11 (2023-10-19)#

πŸ‘· Bug fixes#

  • debugtoolbar: in some case some controllers’ options don’t have a default value

  • session: in test mode during commit, be sure to execute all postcommit

3.38.10 (2023-07-10)#

πŸ‘· Bug fixes#

3.38.9 (2023-06-07)#

πŸ‘· Bug fixes#

  • pyramid: allows to use None for timeout, max_age and reissue_time options

3.38.8 (2023-03-24)#

πŸ‘· Bug fixes#

πŸ€– Continuous integration#

  • avoid launching duplicated migractions tests

  • clean CI of unused jobs

  • disable can-i-merge

  • don’t wait for tests to start QA jobs

  • smoke_test: add timeout to request to avoid hanging up for too long

  • smoke_test: handle ConnectionError situation

  • test-cube-skeleton: ensure we use the same python version for smoke test than py3-* tests

3.38.7 (2023-03-07)#

πŸ‘· Bug fixes#

  • rdf: https instead of http for schema.org

  • sphinx-theme 1.0 breaks doc build

  • make sure we only install yapps2-logilab by updating depencies

  • tried to format a string while missing one formatting argument

3.38.6 (2023-02-13)#

πŸ‘· Bug fixes#

  • hooks: notification things are no more in β€œviews” registry

3.38.5 (2023-01-31)#

πŸ‘· Bug fixes#

  • remove deprecated import to cubicweb.web

3.38.4 (2023-01-17)#

πŸŽ‰ New features#

  • skeleton: remove format=pylint option from tox because it’s better without it

3.38.3 (2023-01-12)#

πŸ‘· Bug fixes#

🀷 Various changes#

  • changelog/3.38: add instruction on how to use 3.38/cubicweb_web_imports.py

3.38.2 (2023-01-03)#

πŸ‘· Bug fixes#

  • sobjects/notifications: keep RecipientsFinder class and subclass in the components registry for retrocompatibility

3.38.1 (2022-12-05)#

πŸŽ‰ New features#

  • schema: Export relations options on the schema (merge from 3.37)

πŸ‘· Bug fixes#

  • schema_exporters: Add missing description field for relations (e.g in_state) to schema exporter (merge from 3.37)

3.38.0 (2022-11-22)#

This is the last major release of the 3.* before the 4 branch.

In this release the whole cubicweb.web module and the cubicweb/view.py file have been extracted in the cubicweb_web cube which is a dependency of cubicweb now. Automatic backward compatibility is provided by imports so your projects should work with this new version without modifications.

A script to help migrating to this version is available in this repository in the 3.38 folder https://forge.extranet.logilab.fr/cubicweb/cw_versions_migration_tools This script will change all the imports to match the news one for CubicWeb 3.38 and the cube cubicweb_web. It will not change your dependencies in your setup.py or __pkginfo__.py, you have to do this yourself.

Its usage, once the dependencies has been installed (only RedBaron), is the following:

python 3.38/cubicweb_web_imports.py <path to my project>

It will hopefully save you quite some time.

πŸŽ‰ New features#

  • the cubicweb_web cube is now a dependency of cubicweb

  • add adapter_regid as parameter on add_entity_to_graph (#535)

  • add relation constraints to schema export

  • cubicweb.web extraction: change all import of cubicweb.web to cubicweb_web

  • cubicweb.web removal: add deprecation warning in view module

  • cubicweb.web removal: add generic deprecation warning in all web modules

  • cwctl: don’t check if we need to upgrade anything when running cwctl versions (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/563)

  • doc: clarify when rich had been removed

  • export relation options in schema options key

  • pkg: upgrade version of waitress to 2.1.1 or more, for security reason. (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/543)

  • rdf: use entity.absolute_url instead of cwuri in RDF adapters (#534)

  • redirection: pyramid redirection now keep parameters by default (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/566)

  • rql: Add β€œIRQLInterface” adapter to force defining a rql interface which is available on RQL projection varaibles

  • rql: Add entities function and attribute from RQL queries

  • serverctl: add a command to list all unused indexes

  • test/content-negociation: display rdf body on failing tests for easier debugging

  • test: use testing.cubicweb instead of testing.fr in test (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/374) BREAKING CHANGE: use testing.cubicweb instead of testing.fr in test

πŸ‘· Bug fixes#

  • add retrocompatibility for anonymized_request that is now in cubicweb_web

  • base64.decodestring is deprecated and has been removed

  • cubicweb_web/deprecations: increase warning stack level to show correct line

  • cubicweb_web: change magic modules imports to uses cubicweb_web

  • cwconfig: Ensure the cube web is available with cubicweb-ctl commands

  • CWRelation.rtype api is different from CWRelation.relation_type api

  • ensure that the β€œweb” cube is in the list of cubes dependencies

  • hook: Search the notification view from the good registry

  • htmlwidgets: BoxLink rendering is broken

  • make i18ncube load web cube’s appobjects

  • mod: Load sobjects.notification and sobjects.supervising even if no cubicweb_web

  • notification: Make NotificationView inherits from AppObject

  • pyramid: adapt TestApp.post_json method to CSRF

  • pyramid: adapt TestApp.put_json method to CSRF

  • pyramid: try to get β€œ/login” if β€œ/” is forbidden

  • req: add missing set_log_methods on CubicWebRequestBase

  • schema_exporters: handle symmetrical relation in schema export. (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/568)

  • supervising: Adapt SupervisingView for the NotificationView API

  • supervising: Uses the NotificationView for the supervising instead of component

  • test-instance-creation: cubicweb now needs the web cube to be installed

πŸ€– Continuous integration#

Most python test have been splitted to speed up the CI speed.

  • .gitlab-ci.yml: refactoring py3 tests declaration using a base template

  • add check-dependencies-resolution job

  • add mypy job

  • add safety job

  • add twine-check job

  • fix: β€œbase” in py3-server-base clashed with β€œpy3-base”, use β€œcore” instead

  • fix: py3-auto-test-views jobs wrongly launched py3-server-bases tests

  • migrate to v2 of templates

  • move to bullseye and pg13

  • split py3-misc into several different tests

  • split py3-server into several different tests

  • test-instance-creation: pip –use-feature=in-tree-build is deprecated, remove it

  • use .retry base template in (nearly) all jobs

🀷 Various changes#

  • [cubicweb 3.38] RequestSessionBase is deprecated, use RequestSessionAndConnectionBase instead

  • remove mailing-list from β€œhow to contribute” since it’s no more used (https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/395)

  • supervising: Refactor to not using self.w from NotificationView

  • Unknown config option: log_print

3.37.17 (2023-07-10)#

πŸ‘· Bug fixes#

3.37.16 (2023-06-07)#

πŸ‘· Bug fixes#

  • pyramid: allows to use None for timeout, max_age and reissue_time options

3.37.15 (2023-03-24)#

πŸ‘· Bug fixes#

πŸ€– Continuous integration#

  • avoid launching duplicated migractions tests

  • clean CI of unused jobs

  • disable can-i-merge

  • don’t wait for tests to start QA jobs

  • smoke_test: add timeout to request to avoid hanging up for too long

  • smoke_test: handle ConnectionError situation

  • test-cube-skeleton: ensure we use the same python version for smoke test than py3-* tests

3.37.14 (2023-03-07)#

πŸ‘· Bug fixes#

  • rdf: https instead of http for schema.org

  • sphinx-theme 1.0 breaks doc build

  • make sure we only install yapps2-logilab by updating depencies

  • tried to format a string while missing one formatting argument

3.37.13 (2023-01-27)#

πŸŽ‰ New features#

  • misc: allow to disable or not constraint check on fast drop script

3.37.12 (2023-01-17)#

πŸŽ‰ New features#

  • skeleton: remove format=pylint option from tox because it’s better without it

3.37.11 (2023-01-12)#

πŸ‘· Bug fixes#

3.37.10 (2022-12-05)#

πŸŽ‰ New features#

  • schema: Export relations options on the schema

πŸ‘· Bug fixes#

  • schema_exporters: Add missing description field for relations (e.g in_state) to schema exporter

3.37.9 (2022-11-15)#

πŸ‘· Bug fixes#

  • hook: correct a typo, self.warn doesn’t exist

3.37.8 (2022-10-04)#

πŸ‘· Bug fixes#

  • attr: when an entity is not existing always return None when fetching its attributes (#599)

  • web.views: escape text from the undohistory view (#598)

🀷 Various changes#

  • delete unused translations from *.po files (#600)

  • skeleton: add long_description_content_type in setup.py

3.37.7 (2022-09-22)#

πŸ‘· Bug fixes#

3.37.6 (2022-09-14)#

πŸ‘· Bug fixes#

  • bookmark: do not escape the xaddrelation view from ajaxedit module

3.37.5 (2022-08-30)#

πŸ‘· Bug fixes#

  • pyramid: Redirect to the wanted URL after a successfully loggedin (to #584)

  • xss: Ensure to use the xml_escape method on entity attributes

  • perf: Restore initial performances by removing the uneccessary join

3.37.4 (2022-07-21)#

πŸ‘· Bug fixes#

🀷 Various changes#

3.37.3 (2022-07-13)#

πŸ‘· Bug fixes#

  • htmlwidgets: BoxLink rendering is broken

3.37.2 (2022-06-03)#

πŸ‘· Bug fixes#

  • pyramid: adapt TestApp.put_json method to CSRF

3.37.1 (2022-06-01)#

πŸŽ‰ New features#

πŸ‘· Bug fixes#

  • base64.decodestring is deprecated and has been removed

  • pyramid tests: adapt TestApp.post_json method to CSRF

  • pyramid tests: try to get β€œ/login” if β€œ/” is forbidden

3.37.0 (2022-03-31)#

Breaking changes#

  • cubicweb.web.BaseWebConfiguration and cubicweb.web.WebConfigurationBase have been merged into cubicweb.web.WebConfiguration

  • cubicweb.web.CubicWebPyramidConfiguration had been removed

  • you can nomore use -c option when creating a CW instance, since there is now only one kind of configuration: all-in-one.conf

πŸŽ‰ New features#

  • add attributes constraints in exported schema

  • depends on yams 0.48

  • doc: mostly add links of issues

πŸ‘· Bug fixes#

  • unittest_devctl: give all debugging informations

πŸ€– Continuous integration#

  • use templates

🀷 Various changes#

  • refactor!: merge BaseWebConfiguration into WebConfiguration

  • refactor!: remove -c option to cubicweb-ctl create to only use all-in-one

  • refactor!: remove unused CubicWebPyramidConfiguration

3.36.15 (2023-03-24)#

πŸ‘· Bug fixes#

πŸ€– Continuous integration#

  • avoid launching duplicated migractions tests

  • clean CI of unused jobs

  • disable can-i-merge

  • don’t wait for tests to start QA jobs

  • smoke_test: add timeout to request to avoid hanging up for too long

  • smoke_test: handle ConnectionError situation

  • test-cube-skeleton: ensure we use the same python version for smoke test than py3-* tests

3.36.14 (2023-03-02)#

πŸ‘· Bug fixes#

  • sphinx-theme 1.0 breaks doc build

3.36.13 (2023-03-02)#

πŸ‘· Bug fixes#

  • make sure we only install yapps2-logilab by updating depencies

  • tried to format a string while missing one formatting argument

3.36.12 (2023-01-17)#

πŸŽ‰ New features#

  • skeleton: remove format=pylint option from tox because it’s better without it

3.36.11 (2023-01-12)#

πŸ‘· Bug fixes#

3.36.10 (2022-11-15)#

πŸ‘· Bug fixes#

  • hook: correct a typo, self.warn doesn’t exist

3.36.9 (2022-10-04)#

πŸ‘· Bug fixes#

  • attr: when an entity is not existing always return None when fetching its attributes (#599)

  • web.views: escape text from the undohistory view (#598)

🀷 Various changes#

  • delete unused translations from *.po files (#600)

  • skeleton: add long_description_content_type in setup.py

3.36.8 (2022-09-22)#

πŸ‘· Bug fixes#

3.36.7 (2022-09-14)#

πŸ‘· Bug fixes#

  • bookmark: do not escape the xaddrelation view from ajaxedit module

3.36.6 (2022-08-30)#

πŸ‘· Bug fixes#

  • pyramid: Redirect to the wanted URL after a successfully loggedin (to #584)

  • xss: Ensure to use the xml_escape method on entity attributes

  • perf: Restore initial performances by removing the uneccessary join

3.36.5 (2022-07-21)#

πŸ‘· Bug fixes#

🀷 Various changes#

3.36.4 (2022-07-13)#

  • merge 3.35.6 into 3.36

3.36.3 (2022-06-03)#

πŸ‘· Bug fixes#

  • pyramid: adapt TestApp.put_json method to CSRF

3.36.2 (2022-06-01)#

πŸŽ‰ New features#

πŸ‘· Bug fixes#

  • base64.decodestring is deprecated and has been removed

  • pyramid: adapt TestApp.post_json method to CSRF

  • pyramid: try to get β€œ/login” if β€œ/” is forbidden

3.36.1 (2022-03-31)#

πŸ‘· Bug fixes#

  • rql2sql: upgrade RQL version to fix translation of NOT EXISTS(X eid Y) (#528)

  • view: don’t escape html tags inside image previews

3.36.0 (2022-03-14)#

πŸŽ‰ New features#

  • markdown: load extra extensions to render tables (#515)

  • schema_exporter: add a parameter to export schema as dict (#522)

πŸ“ Documentation#

  • fix sidebar table of content

  • improve basic tutorial

  • improve home and sidebar

  • improve setup instructions

  • improve skeleton readme

  • set version number

  • use relative links for static resources

  • use right number of characters for titles

  • use sphinx_book_theme

3.35.12 (2022-11-15)#

πŸ‘· Bug fixes#

  • hook: correct a typo, self.warn doesn’t exist

3.35.11 (2022-10-04)#

πŸ‘· Bug fixes#

  • attr: when an entity is not existing always return None when fetching its attributes (#599)

  • web.views: escape text from the undohistory view (#598)

🀷 Various changes#

  • delete unused translations from *.po files (#600)

  • skeleton: add long_description_content_type in setup.py

3.35.10 (2022-09-22)#

πŸ‘· Bug fixes#

3.35.9 (2022-09-14)#

πŸ‘· Bug fixes#

  • bookmark: do not escape the xaddrelation view from ajaxedit module

3.35.8 (2022-08-30)#

πŸ‘· Bug fixes#

  • pyramid: Redirect to the wanted URL after a successfully loggedin (to #584)

  • xss: Ensure to use the xml_escape method on entity attributes

  • perf: Restore initial performances by removing the uneccessary join

3.35.7 (2022-07-21)#

πŸ‘· Bug fixes#

🀷 Various changes#

3.35.6 (2022-07-13)#

🀷 Various changes#

  • fix warnings of yams 0.48+ (3.35 requires <0.48)

3.35.5 (2022-07-13)#

πŸ‘· Bug fixes#

  • basecontrollers: str object have no more β€œdecode” method since py3

  • fix some warnings of yams 0.48+

  • htmlwidgets: BoxLink rendering is broken

  • server: remove a memory leak related to a file

  • test: improve one related to CSRF

3.35.4 (2022-06-03)#

πŸ‘· Bug fixes#

  • pyramid: adapt TestApp.put_json method to CSRF

3.35.3 (2022-06-01)#

πŸŽ‰ New features#

πŸ‘· Bug fixes#

  • base64.decodestring is deprecated and has been removed

  • pyramid: adapt TestApp.post_json method to CSRF

  • pyramid: try to get β€œ/login” if β€œ/” is forbidden

3.35.2 (2022-03-31)#

πŸ‘· Bug fixes#

  • rql2sql: upgrade RQL version to fix translation of NOT EXISTS(X eid Y) (#528)

  • view: don’t escape html tags inside image previews

3.35.1 (2022-03-09)#

  • avoid excaping cubicweb:loadurl’s value twice (to #523)

  • don’t escape whole key=”value” attributes in TreeViewItemView (to #523)

  • escape URLs passed as href attributes (to #523)

3.35 (2022-02-02)#

Breaking changes#

  • deprecate RQLSuggestionsBuilder component ; users of this component should now use rqlsuggestions.RQLSuggestionsBuilder instead. RQL bar completion behaviour can be changed by replacing the β€œrql_suggest” ajax function. If this function isn’t registered, rql completion is disabled.

  • remove RQLNoSuggestionsBuilder

  • disable login using GET requests for security reasons

  • web: remove support of old Internet Explorer versions: add_css no longer accepts iespec and ieonly arguments

πŸŽ‰ New features#

  • add a Dockerfile in the skeleton

  • add a function for deleting entities faster

  • config: add help messages in configuration files (all-in-one and sources)

  • disable constraints checks on the DB upon deletion

  • show cube name when there is a version conflict

  • skeleton: add release-new in skeleton

  • upgrade to yams 0.47

  • content negociation: we now can use /<etype>/<rest_attr> route for content negociation, if rest_attr is defined, the route /<etype>/<rest_attr> is disabled for content negociation in this situation

πŸ‘· Bug fixes#

  • relation_type not existing in some conditions on RelationDefinition (ionDefinition.rtype has been deprecated in yams in favor of relation_type)

πŸ€– Continuous integration#

  • only collect warnings when running tests on the default branch (#489)

3.34.3 (2022-03-31)#

πŸ‘· Bug fixes#

  • rql2sql: upgrade RQL version to fix translation of NOT EXISTS(X eid Y) (#528)

  • view: don’t escape html tags inside image previews

3.34.2 (2022-03-09)#

πŸ‘· Bug fixes#

  • avoid excaping cubicweb:loadurl’s value twice (to #523)

  • don’t escape whole key=”value” attributes in TreeViewItemView (to #523)

  • escape URLs passed as href attributes (to #523)

3.34.1 (2021-12-01)#

πŸ‘· Bug fixes#

  • server: correct RQL generation when we have function in ORDERBY (#466)

3.34.0 (2021-11-23)#

Breaking changes#

  • Python 3.7 is now the minimum supported version of Python;

  • test: settings = {"cubicweb.bwcompat": true} is now the default for test, please, check your test if they are failing because of this;

  • test: the qunit test driver has been removed;

  • remove our deprecated and unused wsgi module;

  • fix!(handler): rediction to login on cubicweb.AuthenticationError Previously we were sending a forbidden response (403) with the login form as the html content, now we redirect (303) to the login form instead;

  • rich <https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/348>, introduced in 3.33 for nice tracebacks, had been removed <https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/434#note_93131>.

Since we updated rdflib to version 6, some packages like rdflib_jsonld are no longuer needed. Please, check your dependencies if you have any issue.

πŸŽ‰ New features#

  • add an export-schema command to cwctl

  • csrf: add debug login when creating a new csrf token

  • get_cleaned_form_data: add backward deprecated compatibility on req.form

  • pyramid/test/ux: better debugging information when failing to get CSRF token

  • security: implement inforcing form validation for POST arguments

  • store: allow stores to be used as context manager (#446)

πŸ‘· Bug fixes#

  • allow in Int as rest_attr

  • build_doc: docutils version 0.18.0 breaks doc building

  • doc8: indentation was using tabs in 3.32_reledit.rst

  • ldap: upgrade to ldap3 (datetime, encode fix)

  • p3-misc: missing fyzz modules for certains tests in spa2rql

  • pyramid/test: webapp handles cookies for us, we don’t need to manually set them

  • RDFLib: Remove rdflib-jsonld dependency and use RDFLib v6 jsonld builtin parser BREAKING CHANGE: The RDFLib v6 does not support python 3.6 anymore. With this dependency, CubicWeb neither.

  • reledit: Do not retrieve a list of schemata with _compute_ttypes

  • remove qunit test stuff (#447)

  • skeleton: use forge.extranet.logilab.fr as default web url for new cubes (#463)

  • startup: Fix RQL query to take advantage of caching (#384)

  • store csrf token during login

  • test: make anonymous user creation hook tests pass (#452)

  • utils: remove an useless space character

  • views: remove unneeded xml_escape for primary titles

πŸ€– Continuous integration#

  • allow sonarqube to fails until we fix the internal url problem

  • test: don’t wait lint to run tests (#445)

  • use some gitlab-ci-templates (#455)

  • uses buster-slim-pg11-firefox custom image for py3-auto-test job

  • uses cubicweb/dockerfiles/can-i-merge image to optimize can-i-merge job

🀷 Various changes#

  • instance-config: add attributes for authenticated smtp

  • pyramid.compat is deprecated and will be removed in Pyramid 2.0. The functionality is no longer necessary, as Pyramid 2.0 drops support for Python 2.

  • webconfig: remove an unused configuration option

3.33.13 (2022-03-09)#

πŸ‘· Bug fixes#

  • avoid excaping cubicweb:loadurl’s value twice (to #523)

  • don’t escape whole key=”value” attributes in TreeViewItemView (to #523)

  • escape URLs passed as href attributes (to #523)

3.33.12 (2021-12-01)#

πŸ‘· Bug fixes#

  • server: correct RQL generation when we have function in ORDERBY (#466)

3.33.11 (2021-11-17)#

πŸ‘· Bug fixes#

  • pkg: pin Yams version < 0.46.0

3.33.10 (2021-11-17)#

  • Removed allowed-http-host-headers configuration (which was a breaking change), since we don’t have this vulnerability in CubicWeb.

Various changes#

  • depend on sphinx >= 4.3

3.33.9 (2021-11-08)#

πŸ‘· Bug fixes#

  • views: remove an abusive escape (#457)

3.33.8 (2021-11-02)#

πŸ‘· Bug fixes#

  • build_doc: docutils version 0.18.0 breaks doc building (#443)

  • pkg: don’t use pyparsing 3 since it’s not compatible with rdflib 5 (#441)

  • pkg: pin pyramid_multiauth version to avoid compatibility issue with Pyramid 1 (#450)

3.33.7 (2021-10-12)#

πŸ‘· Bug fixes#

  • ldap: upgrade to ldap3 (datetime, encode fix)

  • csrf: ensure that we have a csrf token returned on every requests

3.33.6 (2021-10-04)#

πŸ‘· Bug fixes#

  • facet: remove abusive escaping in facets views. (#394)

3.33.5 (2021-09-29)#

πŸ‘· Bug fixes#

  • backout β€œlimit setuptools version to avoid issue with 2to3”

  • use our package rdflib-jsonld-without-2to3, this is a fork of rdflib-jsonld with 2to3 usage removed, but which still contains the whole package code unlike rdflib-jsonld 0.6.x.

  • reledit: Do not retrieve a list of schemata with _compute_ttypes

3.33.4 (2021-09-24)#

  • don’t escape value in navigation components (#389)

  • views: remove unneeded xml_escape for primary titles

  • setup: keep rdflib-jsonld at version < 0.6.0

  • setup: limit setuptools version to avoid issue with 2to3

3.33.3 (2021-09-14)#

  • upgrade rdflib-jsonld version to keep compatibility with setupools 58 and above

πŸ‘· Bug fixes#

  • startup: Fix RQL query to take advantage of caching (#384)

3.33.2 (2021-09-02)#

πŸ“ Documentation#

  • tuto: Fix path

3.33.1 (2021-08-31)#

πŸŽ‰ New features#

  • allowed-http-host-headers: automatically add default hostname to the allowed list on debug mode

  • req: Add a β€œlimit” parameter to RequestSessionBase.find

  • req: Add exists for optimized search of at least one entity

  • ux: better error message when a controller can’t be select

πŸ‘· Bug fixes#

  • fyzz dep was missing for running certain tests

  • only fyzz 0.2.2 is compatible with python 3

  • typo: fix some mispellings

πŸ“ Documentation#

  • fix allowed-http-host-header label and quote from Django’s doc

πŸ€– Continuous integration#

  • integrate can-i-merge

🀷 Various changes#

  • 3.33: improve changelog quality

  • fix(bwcompat)!: return a 400 instead of a 401 when failed to select a controller

  • fix: allowed-http-host-headers has been released in 3.33 actually

  • misc: fix rst syntax

3.33.0 (2021-08-03)#

πŸŽ‰ New features#

  • BREAKING security: introduce allowed-http-host-header against host attack (However, this is backed out in 3.33.10).

  • add postgresql extra requires

  • config: add β€˜debug’ option in β€œ[main]” of all-in-one.conf that does the same thing than β€œ-D” in β€œcubicweb-ctl pyramid”

  • rich <https://github.com/willmcgugan/rich/>: to have nicer tracebacks, use rich.traceback <https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/348> (removed in 3.34 <https://forge.extranet.logilab.fr/cubicweb/cubicweb/-/issues/434#note_93131>)

πŸ‘· Bug fixes#

  • add default value for params argument in pyramid webtest post function (#350)

  • csrf: give CSRF token when using /ajax route

  • empty identification cookie on webapp.reset()

  • pin rdflib < 6.0.0 to avoid compatibility issues

  • rdf: graph.serialize needs to encode its content in utf-8

  • security: change configuration [WEB]interface default value to 127.0.0.1

  • views: Fix reledit errors when trying modify relation with multi subjects

πŸ€– Continuous integration#

  • use image from heptapod registry since r.intra was shut down

🀷 Various changes#

  • use open-source/gitlab-ci-templates in cube skeleton

  • drop mention of MySQL and SQLServer support

  • update cube installation procedure documentation

  • remove *.spec from skeleton

3.32.14 (2021-12-01)#

πŸ‘· Bug fixes#

  • server: correct RQL generation when we have function in ORDERBY (#466)

3.32.13 (2021-11-17)#

πŸ‘· Bug fixes#

  • pkg: pin Yams version < 0.46.0

3.32.12 (2021-11-17)#

Various changes#

  • depend on sphinx>=4.3

3.32.11 (2021-11-08)#

πŸ‘· Bug fixes#

  • views: remove an abusive escape (#457)

3.32.10 (2021-11-02)#

πŸ‘· Bug fixes#

  • build_doc: docutils version 0.18.0 breaks doc building (#443)

  • pkg: don’t use pyparsing 3 since it’s not compatible with rdflib 5 (#441)

  • pkg: pin pyramid_multiauth version to avoid compatibility issue with Pyramid 1 (#450)

3.32.9 (2021-10-12)#

πŸ‘· Bug fixes#

  • csrf: ensure that we have a csrf token returned on every requests

3.32.8 (2021-10-04)#

πŸ‘· Bug fixes#

  • facet: remove abusive escaping in facets views (#394)

3.32.7 (2021-09-29)#

πŸ‘· Bug fixes#

  • backout β€œlimit setuptools version to avoid issue with 2to3”

  • use our package rdflib-jsonld-without-2to3, this is a fork of rdflib-jsonld with 2to3 usage removed, but which still contains the whole package code unlike rdflib-jsonld 0.6.x.

  • reledit: Do not retrieve a list of schemata with _compute_ttypes

3.32.6 (2021-09-24)#

πŸ‘· Bug fixes#

  • don’t escape value in navigation components (#398)

  • views: remove unneeded xml_escape for primary titles

  • setup: keep rdflib-jsonld at version < 0.6.0

  • setup: limit setuptools version to avoid issue with 2to3

3.32.5 (2021-09-14)#

  • upgrade rdflib-jsonld version to keep compatibility with setupools 58 and above

3.32.4 (2021-09-02)#

πŸ‘· Bug fixes#

  • do not use localhost.local has test domain, but keep the one already defined

3.32.3 (2021-08-31)#

πŸŽ‰ New features#

  • migration: add a migration script to warn about incompatibility of cwtags. (#367)

πŸ‘· Bug fixes#

  • bringing back CubicWebServerTC and porting it to pyramid

  • fix bad escaped values in web views

  • pkg: since we added csrf mecanism, we need pyramid >= 1.9

  • test_newcube were broken because we removed cubicweb-*.spec file but didn’t updated the tests

3.32.2 (2021-07-30)#

πŸŽ‰ New features#

  • use open-source/gitlab-ci-templates in cube skeleton

πŸ‘· Bug fixes#

  • add default value for params argument of PyramidCWTest.webapp.post (#350)

  • csrf: give CSRF token when using /ajax route

  • empty identification cookie on webapp.reset()

  • remove *.spec from skeleton

  • views: Fix reledit errors when trying modify relation with multi subjects

3.32.1 (2021-07-23)#

πŸ‘· Bug fixes#

  • pin rdflib < 6.0.0 to avoid compatibility issues

πŸ€– Continuous integration#

  • use image from heptapod registry since r.intra was shut down

3.32.0 (2021-07-13)#

πŸ”’ Security, breaking changes#

Protection against XSS#

self.w API has been changed to automatically escape arguments used to format the string to mitigate XSS attacks.

This means that instead of writing:

self.w("some %s string %s" % (a, b))

You need to write:

self.w("some %s string %s", a, b)

And CubicWeb will escape all arguments given to self.w which are a and b here.

If for a specific reason (for example generating javascript) you don’t want to escape the arguments of self.w you can use the escape kwarg argument of self.w like this:

self.w("some %s string %s", a, b, escape=False)

This is normally retrocompatible since self.w old API with only one argument still works (but you shouldn’t use it anymore) but if you have been giving a custom function as self.w you’ll need to adapt the API of this function to match self.w new API which is:

def w(self, string, *args, **kwargs, escape=False): ...

Also note that UStringIO.write function has also been modified to be compatible with self.w new API (so if you are using it you won’t need to port this code).

CSRF protection#

A CSRF protection mechanism has been integrated in CubicWeb using Pyramid CSRF built-in protection. Regarding breaking changes:

  • Cubicweb now only works with pyramid

  • if you are only using cubicweb β€œweb” without ajax and you have been doing advanced modification at the session management level this shouldn’t break anything for you

  • if you are doing POST/PUT/DELETE… requests using AJAX, you need to adapt your code to send the csrf_token otherwise all you requests will be denied. This is explained in the AJAX section of the documentation: CSRF protection in CubicWeb

The whole mechanism is explained in the documentation: CSRF protection in CubicWeb

🚧 Other breaking changes#

We decided to stop releasing cubicweb as debian packages that we used on multi-purpose servers in favor of docker images that we run with docker-compose or on kubernetes. Thanks for all the fishes.

πŸŽ‰ New features#

  • add a component to disable RQL suggestions: cubicweb.web.views.magicsearch.RQLNoSuggestionsBuilder

πŸ‘· Bug fixes#

  • [reledit] display reledit for a relation if some conditions are satisfied ([1] the relation don’t have rqlexpr permissions and can be deleted [2] at least one of related entites can be deleted)

  • pyramid/predicates: avoid to show an error without a session connection

  • be sure db-statement-timeout is not None

  • correctly transform cubicweb.web.RemoteCallFailed into pyramid corresponding exceptions, this allow to propagate the correct content type (for example for json exceptions)

  • β€œcubicweb-ctl list” now supports multiple dependencies constraints

🀷 Various changes#

  • fix error cases when internationalizable is not defined on rdef

  • improve docstring in web.views.basecontrollers

πŸ€– Continuous integration#

  • coverage: gitlab-ci is able to read the coverage report we produce

  • disable from-forge for now since we aren’t using them

  • fix path to coverage-*.xml for non-reports artifacts

  • flake8: integrate flake8-gl-codeclimate for QA reports

  • integrate junit reports style for tests errors in gitlab

  • optimisation: allow to interrupt started jobs that can be replaced

  • pytest-html: generate self contained html file for easier test repport browsing

  • trigger py3-* jobs on tox.ini/.gitlab-ci.yml/requirements modifications

  • use gitlab readthedocs integration

πŸ“‹ Developer experience#

  • using black on the whole project o/ (thx for hg format-source)

  • debug/ux: display traceback of stderr when exception in addition of the html page

  • testing: activate debug mode during testing

  • ux: display on stdout the requests made to the server like nginx

  • ux: display traceback on stderr on request failure

  • ux: logger.info for selected view by ViewController

3.31.9 (2021-11-17)#

πŸ‘· Bug fixes#

  • pkg: pin Yams version < 0.46.0

3.31.8 (2021-11-17)#

🀷 Various changes#

  • depend on sphinx >= 4.3

3.31.7 (2021-11-02)#

πŸ‘· Bug fixes#

  • build_doc: docutils version 0.18.0 breaks doc building (#443)

  • pkg: don’t use pyparsing 3 since it’s not compatible with rdflib 5. (#441)

  • pkg: pin pyramid_multiauth version to avoid compatibility issue with Pyramid 1 (#450)

3.31.6 (2021-09-28)#

🀷 Various changes#

  • backout β€œlimit setuptools version to avoid issue with 2to3”

  • use our package rdflib-jsonld-without-2to3, this is a fork of rdflib-jsonld with 2to3 usage removed, but which still contains the whole package code unlike rdflib-jsonld 0.6.x.

3.31.5 (2021-09-24)#

πŸ‘· Bug fixes#

  • setup: keep rdflib-jsonld at version < 0.6.0

  • setup: limit setuptools version to avoid issue with 2to3

3.31.4 (2021-09-14)#

  • upgrade rdflib-jsonld version to keep compatibility with setupools 58 and above

3.31.3 (2021-07-23)#

πŸ‘· Bug fixes#

  • pin rdflib < 6.0.0 to avoid compatibility issues

πŸ€– Continuous integration#

  • use image from heptapod registry since r.intra was shut down

3.31.2 (2021-07-19)#

πŸ‘· Bug fixes#

  • do not consume a lot of time to collect debug data if no one is listening on debug channels

  • fix incomplete merge of previous versions (brings back write_front)

3.31.1 (2021-05-18)#

Revert#

  • backed out changeset bcb633bd791d, don’t give event to notify_on_commit Notification are done using Operation, and Operation do not have a event attribute, because they can be used for several event. Moreover, this commit (bcb633bd791d) changed the prototype of the notify_on_commit without giving the right event to the Operation (which is a singleton).

3.31 (2021-05-04)#

πŸŽ‰ New features#

  • handle same_site cookies configuration in pyramid.ini

  • order: add support for order by NULLS LAST and NULLS FIRST

  • improve default cubicweb skeleton

πŸ‘· Bug fixes#

  • create anonymous user at runtime if it doesn’t exist already.

  • dbcreate: don’t ask confirmation to create schema in automatic

  • hooks/notification: BREAKING CHANGE correctly initialize operation with event attribute

  • RQLExpression: performance issue on RQLExpressions using EXISTS() BREAKING CHANGE: explicitly use EXISTS in RQLExpression for permissions

  • fix some security issues

Documentation#

  • tuto: add structure of β€œenhance views” museum tutorial part.

  • tuto: redact β€œReact in a CubicWeb view” museum tuto part.

  • tuto: rename cubicweb-tuto to tuto, avoiding confusion with cubicweb_tuto

πŸ€– Continuous integration#

  • gitlab-ci: set expiration delay to 2 weeks for artifacts

  • image is no longer a global keyword, use default

  • rename jobs names to match global conventions

  • test skeleton own tox in the CI

🀷 Various changes#

  • cleanup: Remove migrations for 3.21 and less

  • py3: Rename raw_input (that does not exist anymore) to input

  • tests: create a .nobackup file in the data/database directory (#298)

3.30.1 (2021-07-23)#

πŸ‘· Bug fixes#

  • pin rdflib < 6.0.0 to avoid compatibility issues

πŸ€– Continuous integration#

  • use image from heptapod registry since r.intra was shut down

3.30.0 (2021-03-16)#

πŸŽ‰ New features#

  • config: read required variables from environment (#85)

  • db-create: Β add drop option to control database deletion (#202) BREAKING CHANGE: cubicweb-ctl db-create no more drops the db in

  • massive store: add an option to allow stores not to drop constraints (#219)

  • pyramid-ctl: add β€œnb-threads” parameter to cubicweb-ctl pyramid (#119)

  • urlpublish: add empty_rset_raises_404 flag on rql rewrite urls (#199)

  • add script_attribute to add_js function (#210)

  • cubicweb/cwconfig: authenticated SMTP outgoing email

  • database/exception: include the query information in database error for better debuging

  • upgrade Logilab’s dependencies to last versions

  • web: only set β€œVary: Accept-Language” when we translate something (#224)

πŸ‘· Bug fixes#

  • rql2sql: properly handle date and datetime operations with SQLite (#109)

  • rql: make the rql completion working again

  • rql: refactor GROUP_CONCAT so that it handles NULL values

  • catch authentication exception

  • ci: manually remove the .tox/doc directory (#206)

  • ci: use **/*.py to match all python files

  • ci: Β recreate doc environment from scratch (#206)

  • cwgettext: missing local module

  • db-create: don’t force to use –drop if there is no existing db.

  • deprecated: logilab.common.deprecated has been renamed to callable_deprecated

  • deps: we are not yet compatible with pyramid 2.0

  • migractions: don’t use notification hooks during postcreate

  • py3: we still have some unicode() arround

  • repo_cnx: Catch OperationalError during repo_cnx (#215)

  • skeleton: add gitlab-ci in skeleton manifest

  • skeleton: make the skeleton black compliant

  • skip a wdoc test when doctuils is not available

  • typo: drop_db instead of drop_pd

  • urlpublisher: raise a 404 when a URL rewrite with rql has no rset (#199)

  • UX when migractions failed to get its connection

  • migractions: don’t commit in the middle of drop_cube

  • views: fix possible UnboundLocalError in ErrorView

  • server: Set language of connection in all cases (#87)

Documentation#

  • deploy: add a Docker section in deployment

  • deploy: Update kubernetes deploy

  • deploy: Update uwsgi deployment

  • deploy: Β add section ref for kubernetes section

  • include api documentation

  • mention weekly meeting in matrix

  • Add link to migration and remove FIXME

  • add more links in the index and capitalize entries (#185)

  • all-in-one.conf: add link in index.rst

  • dataimport: remove SQLGenObjectStore description and add MassiveObjectStore.

  • index: remove β€œskeleton”, since it’s already explain in β€œlayout”

  • licence: automatically set licence info in setup.py template (#94)

  • move (and fix) apache documentation to the deply section

  • Remove SQLSERVER

  • rql: replace COMMA_JOIN by GROUP_CONCAT (#259)

  • tutorials: correct a dead link.

  • tutorials: add a link to museum demo source code, and correct a typo.

  • tutorials: add introduction and structure of the museum tutorial.

  • tutorials: redaction of β€œdata-management/import” part of the museum tuto.

  • tutorials: redaction of β€œgetting started” part.

  • tutorials: reword

πŸ€– Continuous integration#

🀷 Various changes#

  • remove statsd (closes #39) BREAKING CHANGE

  • remove web.cors in favor of wsgicors with pyramid

  • server/migractions: simplify the Migration Handler entry point

  • server: replace utils.QueryCache with cachetools.LFUCache

  • Silent yams warning (first rdef selection from an ambiguous rtype)

  • Very minor improvements of cubicweb/server/repository.py

  • views: Make JsonMixIn.wdata method usable with non-web connections

3.29.6 (2021-10-07)#

πŸŽ‰ New features#

  • Allow authentication on SMTP for outgoing emails. This feature was present in 3.28, but got lost during merge.

3.29#

πŸŽ‰ New features#

  • we started to reorganize the documentation, in particular the index, this work will continue with the next releases. Thus, some chapters are still missing

  • ext/markdown: add urlize extension to auto link url in markdown documents

πŸ‘· Bug fixes#

  • .gitlab-ci.yaml.tmpl should be named .gitlab-ci.yml.tmpl for heptapod

Documentation#

  • Change data model link to use the definition from YAMS

  • reorganize the TOC

  • fix a few dead links

  • add explanation on site_cubicweb.py

  • update cube layout documentation

  • add more explanations to what is a cube

  • pooler: bad option name for the connections pooler

  • Change data model link to use the definition from YAMS

πŸ€– Continuous integration#

  • build the documentation on gitlab pages

🀷 Various changes#

  • DeprecatedWarning: [logilab.common.deprecation] moved has been renamed and is deprecated, uses callable_moved instead

  • add pipeline badge and shields with stats from pypi & docker

3.28.2#

Fixed#

  • re-introduce cubicweb.pyramid.resources.EntityResource/ETypeResource

  • re-introduce cubicweb.pyramid.predicates.MatchIsETypePredicate

  • both were still needed for several cubes

3.28.1#

Fixed#

  • python 3.8 compatibility: base64 encodestring has been removed, use encodebytes

3.28#

The big highlights of this release are:

  • CubicWeb now requires python >=3.6

  • a new dynamic database connections pooler to replace the old static one

  • a big upgrade in our CI workflow both for tests and documentations

  • RDF generations when rdf mimetype in Accept HTTP headers

  • rql resultset now stores selections variables names for RQL select queries, this will allow to build better tools

Added#

  • [pyramid]`has_cw_permission` pyramid predicates added for routes and view

  • The database pooler is now dynamic. New connections are opened when needed and closed after a configurable period of time. This can be configured through connections-pooler-max-size (default 0, unlimited), connections-pooler-min-size (default 0), and connections-pooler-idle-timeout (default 600 seconds). The old configuration connections-pooler-size has been dropped.

  • [pyramid-debugtoolbar] make SQL and RQL tables sortable

  • [RQL]Resulset now stores selected variables for RQL select queries

  • pyramid: add routes /{eid} and /{etype}/{eid} to return RDF when rdf mimetype in Accept HTTP headers

  • entities: simplify rdf generation and add a generic rdf adapter

  • web.views: add Link alternate in HTTP response header in HTML view

  • Black and Mypy config in tox.ini file in new cube skeleton

  • Gitlab CI config file in new cube skeleton

Changed#

  • CubicWeb now requires python >=3.6

  • CI now test Cubicweb against latest unreleased public commits of its dependencies

  • CI now rebuilds documentation after tests

Deprecated#

  • Class cubicweb.view.EntityAdapter was moved to cubicweb.entity.EntityAdapter, a deprecation warning is in place, but please update your source code accordingly

Removed#

  • Support for plpython has been dropped

  • RDFnquadsView (Breaking Change)

Fixed#

  • Fix various tests in the CI

  • Use SchemaLoader instead of pyfilereader

  • [pyramid-debugtoolbar] remove CW controller panel rendering when no controller got collected

  • [basecontroller] link tags in the header can only be added on entities

  • add a __contains__ method to dict_protocol_catcher to avoid breaking on β€œin”

Thanks to our contributors: Simon Chabot, Laurent Peuch, Nicolas Chauvat, Philippe Pepiot, Élodie Thieblin, François FERRY, Fabien Amarger, Laurent Wouters, Guillaume Vandevelde.

3.27 (31 January 2020)#

New features#

  • Tests can now be run concurrently across multiple processes. You can use pytest-xdist for that. For tests using PostgresApptestConfiguration you should be aware that startpgcluster() can’t run concurrently. Workaround is to call pytest with --dist=loadfile to use a single test process per test module or use an existing database cluster and set db-host and db-port of devtools.DEFAULT_PSQL_SOURCES['system'] accordingly.

  • on cubicweb-ctl create and cubicweb-ctl pyramid, if it doesn’t already exist in the instance directory, the pyramid.ini file will be generated with the needed secrets.

  • add a –pdb flag to all cubicweb-ctl command to launch (i)pdb if an exception occurs during a command execution.

  • the –loglevel and –dbglevel flags are available for all cubicweb-ctl instance commands (and not only the pyramid one)

  • following β€œonly in foreground” behavior all commands logs to stdout by default from now on. To still log to a file pass log_to_file=True to CubicWebConfiguration.config_for

  • add a new migration function update_bfss_path(old_path, new_path) to update the path in Bytes File-System Storage (bfss).

  • on every request display request path and selected controller in CLI

  • migration interactive mode improvements:

    • when an exception occurs, display the full traceback instead of only the exception

    • on migration p(db) choice, launch ipdb if it’s installed

    • on migration p(db) choice, give the traceback to pdb if it’s available, this mean that the (i)pdb interactive session will be on the stack of the exception instead of being on the stack where pdb is launched which will allow the user to access all the relevant context of the exception which otherwise is lost

  • on DBG_SQL and/or DBG_RQL, if pygments is installed, syntax highlight sql/rql debug output

  • allow to specify the instance id for any instance command using the CW_INSTANCE global variable instead of or giving it as a cli argument

  • when debugmode is activated (β€˜-D/–debug’ on the pyramid command for example), the HTML generated by CW will contains new tags that will indicate by which object in the code it has been generated and in which line of which source code. For example:

<div
  cubicweb-generated-by="cubicweb.web.views.basetemplates.TheMainTemplate"
  cubicweb-from-source="/home/user/code/logilab/cubicweb/cubicweb/web/views/basetemplates.py:161"
  id="contentmain">
    <h1
      cubicweb-generated-by="cubicweb.web.views.basetemplates.TheMainTemplate"
      cubicweb-from-source="/home/user/code/logilab/cubicweb/cubicweb/view.py:136">
        unset title
    </h1>
    [...]
</div>

While this hasn’t been done yet, this feature is an open path for building dynamic tools that can help inspect the page.

  • a new debug channels mechanism has been added, you can subscribe to one of those channels in your python code to build debug tools for example (the pyramid custom panels are built using that) and you will receive a datastructure (a dict) containing related information. The available channels are: controller, rql, sql, vreg, registry_decisions

  • add a new β€˜-t/–toolbar’ option the pyramid command to activate the pyramid debugtoolbar

  • a series of pyramid debugtoolbar panels specifically made for CW, see bellow

Pyramid debugtoolbar and custom panel#

The pyramid debugtoolbar is now integrated into CubicWeb during the development phase when you use the β€˜pyramid’ command. To activate it you need to pass the β€˜-t/–toolbar’ argument to the β€˜pyramid’ command.

In addition, a series of custom panels specifically done for CW are now available, they display useful information for the development and the debugging of each page. The available panels are:

  • a general panel which contains the selected controller, the current settings and useful links screenshot

  • a panel listing all decisions taken in registry for building this page screenshot

  • a panel listing the content of the vreg registries screenshot

  • a panel listing all the RQL queries made during a request screenshot

  • a panel listing all the SQL queries made during a request screenshot

Furthermore, in all those panels, next to each object/class/function/method a link to display its source code is available (shown as β€˜[source]’ screenshot) and also every file path shown is a traceback is also a link to display the corresponding file (screenshot). For example: screenshot.

Backwards incompatible changes#

  • Standardization on the way to launch a cubicweb instance, from now on the only way to do that will be the used the pyramid command. Therefore:

    • cubicweb-ctl commands β€œstart”, β€œstop”, β€œrestart”, β€œreload” and β€œstatus” have been removed because they relied on the Twisted web server backend that is no longer maintained nor working with Python 3.

    • Twisted web server support has been removed.

    • cubicweb-ctl wsgi has also been removed.

  • Support for legacy cubes (in the β€˜cubes’ python namespace) has been dropped. Use of environment variables CW_CUBES_PATH and CUBES_DIR is removed.

  • Python 2 support has been dropped.

  • Exceptions in notification hooks aren’t catched-all anymore during tests so one can expect tests that seem to pass (but were actually silently failing) to fail now.

  • All β€œcubicweb-ctl” command only accept one instance argument from now one (instead of 0 to n)

  • β€˜pyramid’ command will always run in the foreground now, by consequence the option --no-daemon has been removed.

  • DBG_MS flag has been removed since it is not used anymore

  • transactions db logs where displayed using the logging (debug/info/warning…) mechanism, now it is only displayed if the corresponding DBG_OPS flag is used

  • backward python 2 compatible code for scheduler class has been removed from cubicweb.server.utils. If you get an import error when doing from cubicweb.server.utils import scheduler replace it with from sched import scheduler.

Deprecated code drops#

Most code deprecated until version 3.25 has been dropped.

3.26 (1 February 2018)#

New features#

Backwards incompatible changes#

  • CubicWebConfiguration method β€˜shared_dir’ got dropped.

3.25 (14 April 2017)#

New features#

  • A new option connections-pooler-enabled (default yes) has been added. This allow to switch off internal connection pooling for use with others poolers such as pgbouncer.

  • In deleteconf view (confirmation before deletion), the list of first-level composite objects that would be deleted along with the primary entity is displayed (01eeea97e549).

  • The cubicweb.pyramid module now provides a Paste application factory registered as an entry point named pyramid_main and that can be used to run a Pyramid WSGI application bound to a CubicWeb repository.

  • A new configuration type pyramid has been added to create CubicWeb’s instances (through cubicweb-ctl create -c pyramid <basecube> <appid>). This configuration bootstraps a CubicWeb instance that is essentially a repository plus the minimal setup to run a Pyramid WSGI application on top of it. Noticeably, it does not ship all web configuration but rather relies on configuration declared in a development.ini file for any Pyramid application.

  • A new way to declare workflows as simple data structure (dict/list) has been introduced. Respective utility functions live in cubicweb.wfutils module. This handles both the creation and migration of workflows.

  • A new IDublinCore adapter has been introduced to control the generation of Dublin Core metadata that are used in several base views.

  • It is now possible to derive rtags using their derive method (0849a5eb57b8). Derived rtags keep a reference to the original rtag and only hold custom rules, allowing changes which are done in the original rtag after derivation to be still considered.

  • A new cubicweb-ctl scheduler <appid> command has been introduced to run background and periodic tasks of the repository (previously called looping tasks). In a production environment, a process with this command should be run alongside with a WSGI server process (possibly running multiple processes itself).

Backwards incompatible changes#

  • As a consequence of the replacement of the old looping tasks manager by a scheduler, all cubicweb-ctl’s β€œstart” commands (i.e. start, pyramid, wsgi) do not start repository looping tasks manager anymore, nor do they start the scheduler. Site administrators are thus expected to start this scheduler as a separate process. Also, registering looping tasks (i.e. calling repo.looping_tasks()) is a no-op when the repository has no scheduler set; a warning is issued in such cases. Application developers may rely on repository’s has_scheduler method to determine if they should register a looping task or not.

  • In cubicweb.pyramid, function make_cubicweb_application got renamed into config_from_cwconfig (950ce7d9f642).

  • Several cleanups in repository’s session management have been conducted resulting from changes introduced in 3.19 release. Among others, the cubicweb.server.session.Session class has been dropped, and request session attribute is now tight to a web session whose implementation depends on the front-end used (twisted or pyramid). Hence this attribute should not be accessed from β€œrepository side” code (e.g. hooks or operations) and has lost some of his former attributes like repo which used to reference the repository instance. Due to this, you don’t have anymore access to session’s data through the connection, which leds to deprecation of the data attribute and removal of get_shared_data and set_shared_data methods which are deprecated since 3.19.

  • Support for β€˜https-url’ configuration option has been removed (4516c3956d46).

  • The next_tabindex method of request class has been removed (011730a4af73). This include the removal of settabindex from the FieldWidget class init method.

  • The cubicweb.hook.logstats.start hook was dropped because it’s looping task would not be run in a web instance (see first point about repository scheduler).

  • uicfg rules to hide the opposite relation of inlined form are not anymore automatically added, because this was actually done randomly and so not reliable, so you’ll have to add them manually:

    autoform_section.tag_subject_of(('CWUser', 'use_email', 'EmailAddress'),
                                    'main', 'inlined')
    autoform_section.tag_object_of(('CWUser', 'use_email', 'EmailAddress'),
                                   'inlined', 'hidden')
    

3.24 (2 November 2016)#

New features#

  • Various bits of a CubicWeb application configuration can be now be overridden through environments variables matching configuration option names prefixed by CW_ (for instance CW_BASE_URL).

  • Cubes are now standard Python packages named as cubicweb_<cubename>. They are not anymore installed in <prefix>/share/cubicweb/cubes. Their discovery by CubicWeb is handled by a new setuptools entry point cubicweb.cubes. A backward compatibility layer is kept for β€œlegacy” cubes.

  • Pyramid support made it into CubicWeb core. Applications that use it should now declare the cubicweb[pyramid] dependency instead of cubicweb-pyramid.

  • New NullStore class in cubicweb.dataimport.stores as new base class for every store, and allowing to test your dataimport chain without actually importing anything.

Major changes#

There has been several important changes to the core internals of CubicWeb:

  • Dropped asource and extid columns from the entities table as well as the index on the type column, for a sensible optimization on both massive data insertion and database size / index rebuilding.

  • Dropped the moved_entities table and related mecanism to remember that an entity has been moved from a source to the system database - this is now the responsability of source’s parser to detect this (usually by remembering its original external id as cwuri).

  • Dropped the original β€˜give me an eid for this extid, but call me back on another line if it has to be created’ mecanism on which the cwxmlparser was relying, in favor of parsers using the dataimport API. This includes dropping the cwxmlparser. If you’re using it, you’ll have to write a specific parser, examples to come.

  • Dropped source mapping handling (schema, views, logic) with its client the cwxmlparser. This is not worth the burden, specific parsers should be preferred.

The above changes lead to the following API changes:

  • req.entity_metas(eid) doesn’t return anymore a β€˜type’ nor β€˜source’ keys, use req.entity_type(eid) instead or β€˜cw_source’ relation to get those information,

  • deprecated entity.cw_metainformation(), which doesn’t return anymore it’s β€˜source’ key,

  • dropped repository.type_and_source_from_eid(eid, cnx), repository.extid2eid(…) and source.eid_type_source(cnx, eid),

  • dropped source.support_entity(etype) and source.support_relation(rtype),

  • dropped β€˜cw_source’ key from default JSON representation of an entity,

  • dropped source_uris() and handle_deletion(…) method from datafeed parser base class, deletion of entities is now the responsability of specific implementation (see ldapparser for example),

  • entities from external source are always displayed in the UI with a link to the local entity, not the original one simplifying entity.absolute_url() implementation and allowing to drop use_ext_eid argument of entity.rest_path() (though it’s still supported for backward compat).

Changes to the massive store#

Several improvments have been done to cubicweb.dataimport.massive_store, with among the more important ones:

  • Extended store API to provide more control to end-users: fill_entities_table, fill_relation_table, fill_meta_relation_table.

  • Dropped on_commit / on_rollback arguments of the constructor.

  • Use a slave specific temporary table for entities insertion as for relations (should improve concurrency when using in master/slaves mode).

  • Delay dropping of constraint to the finish method, avoiding performance problem that was occuring because indexes were dropped at store creation time.

  • Consider the given metadata generator when looking for which metadata tables should have their constraints dropped.

  • Don’t drop index on entities.eid, it’s too costly to rebuild on database with some million of entities.

3.23 (24 June 2016)#

New features#

  • Python 3.x support in CubicWeb itself is now complete, except for the twisted package (since Twisted does not completely support Python 3.x itself). The skeleton for new cube should also be Python 3 compatible, in particular its setup.py got updated.

  • The source-sync command can now synchronize all sources in the database, if no <source> argument is provided.

  • Datafeed source synchronization is now asynchronous when requested from user interface.

Database handling#

  • Most indexes and constraints will be rebuilt during the migration, because they are now named after a md5 hash to control the name’s size.

  • Index are renamed upon renaming of an entity type, so they are still correctly tracked.

  • A new db-check-index command is added to cubicweb-ctl, to display the differences between the indexes in the database and those expected by the schema. It’s recommended to run this command after the migration to 3.23 and to adjust things manually for cases that are not easily handled by the migration script, such as indexes of entity types that have been renamed. It should be mostly about dropping extra indexes.

Data-import#

  • Deprecated MetaGenerator in favor of slightly adapted API in MetadataGenerator (more consistent, giving more control to sub-classes and suitable for usage with the MassiveObjectStore)

  • Major cleanups of the MassiveObjectStore and its PGHelper companion class:

    • dropped a bunch of unnecessary / unused attributes

    • refactored / renamed internal methods

    • added support for a metadata generator, the now recommended way to control metadata generation

  • Deprecated SQLGenObjectStore, MassiveObjectStore should be used instead.

Backwards-incompatible changes#

  • Generative tests Γ  la logilab-common are not supported anymore in CubicWebTC. It is advised to use the subtests API (available on CubicWebTC either from the standard library as of Python 3.4 or through unittest2 package otherwise).

  • CubicWebTC’s set_description method (comming from logilab.common.testlib.TestCase) is no longer available.

Development#

When installed within a virtualenv, CubicWeb will look for instances data as in user mode by default, that is in $HOME/etc/cubicweb.d, as opposed to $VIRTUAL_ENV/etc/cubicweb.d previously. To restore this behavior, explicitly set CW_MODE to system. Alternatively (and preferably), the CW_INSTANCES_DIR environment variables may be used to specify instances data location.

3.22 (4 January 2016)#

New features#

  • a huge amount of changes were done towards python 3.x support (as yet incomplete). This introduces a new dependency on six, to handle python2/python3 compatibility.

  • new cubicweb.dataimport.massive_store module, a postgresql-specific store using the COPY statement to accelerate massive data imports. This functionality was previously part of cubicweb-dataio (there are some API differences with that previous version, however).

  • cubes custom sql scripts are executed before creating tables. This allows them to create new types or extensions.

  • the ejsonexport view can be specialized using the new ISerializable entity adapter. By default, it will return an entity’s (non-Bytes and non-Password) attributes plus the special cw_etype and cw_source keys.

  • cubes that define custom final types are now handled by the add_cube migration command.

  • synchronization of external sources can be triggered from the web interface by suitably privileged users with a new cw.source-sync action.

User-visible changes#

  • the ldapfeed source now depends on the ldap3 module instead of python-ldap.

  • replies don’t get an Expires header by default. However when they do, they also get a coherent Cache-Control.

  • data files are regenerated at each request, they are no longer cached by cubicweb.web.PropertySheet. Requests for data files missing the instance hash are handled with a redirection instead of a direct reply, to allow correct cache-related reply headers.

API changes#

  • config.repository() creates a new Repository object each time, instead of returning a cached object. WARNING: this may cause unexpected issues if several repositories end up being used.

  • migration scripts, as well as other scripts executed by cubicweb-ctl shell, are loaded with the print_function flag enabled (for backwards compatibility, if that fails they are re-loaded without that flag)

  • the cw_fti_index_rql_queries method on entity classes is replaced by cw_fti_index_rql_limit, a generator which yields ResultSet objects containing entities to be indexed. By default, entities are returned 1000 at a time.

  • IDownloadableAdapter API is clarified: download_url, download_content_type and download_file_name return unicode objects, download_data returns bytes.

  • the Repository.extid2eid() entry point for external sources is deprecated. Imports should use one of the stores from the cubicweb.dataimport package instead.

  • the cubicweb.repoapi.get_repository() function’s uri argument should no longer be used.

  • the generic datafeed xml parser is deprecated in favor of the β€œstore” API introduced in cubicweb 3.21.

  • the session manager lives in the sessions registry instead of components.

  • TZDatetime attributes are returned as timezone-aware python datetime objects. WARNING: this will break client applications that compare or use arithmetic involving timezone-naive datetime objects.

  • creation_date and modification_date attributes for all entities are now timezone-aware (TZDatetime) instead of localtime (Datetime). More generally, the Datetime type should be considered as deprecated.

Deprecated code drops#

  • the cubicweb.server.hooksmanager module was removed

  • the Repository.pinfo() method was removed

  • the cubicweb.utils.SizeConstrainedList class was removed

  • the β€˜startorder’ file in configuration directory is no longer honored

3.21 (10 July 2015)#

New features#

  • the datadir-url configuration option lets one choose where static data files are served (instead of the default ${base-url}/data/)

  • some integrity checking that was previously implemented in Python was moved to the SQL backend. This includes some constraints, and referential integrity. Some consequences are that:

    • disabling integrity hooks no longer disables those checks

    • upgrades that modify constraints will fail when running on sqlite (but upgrades aren’t supported on sqlite anyway)

    Note: as of 3.21.0, the upgrade script only works on PostgreSQL. The migration for SQLServer will be added in a future bugfix release.

  • for easier instance monitoring, cubicweb can regularly dump some statistics (basically those exposed by the β€˜info’ and β€˜gc’ views) in json format to a file

User-visible changes#

  • the use of fckeditor for text form fields is disabled by default, to re-enable it simply install the cubicweb-ckeditor cube (then add_cude(β€˜ckeditor’) in a migration or in the shell)

  • the β€˜https-deny-anonymous’ configuration setting no longer exists

Code movement#

The cubicweb.web.views.timeline module (providing the timeline-json, timeline and static-timeline views) has moved to a standalone cube

API changes#

  • req.set_cookie’s β€œexpires” argument, if not None, is expected to be a date or a datetime in UTC. It was previously interpreted as localtime with the UTC offset the server started in, which was inconsistent (we are not aware of any users of that API).

  • the way to run tests on a postgresql backend has changed slightly, use cubicweb.devtools.{start,stop}pgcluster in setUpModule and tearDownModule

  • the Connection and ClientConnection objects introduced in CubicWeb 3.19 have been unified. To connect to a repository, use:

    session = repo.new_session(login, password=...)
    with session.new_cnx() as cnx:
        cnx.execute(...)
    

    In tests, the β€˜repo_cnx’ and β€˜client_cnx’ methods of RepoAccess are now aliases to β€˜cnx’.

Deprecated code drops#

  • the user_callback api has been removed; people should use plain ajax functions instead

  • the Pyro and Zmq-pickle remote repository access methods have been entirely removed (emerging alternatives such as rqlcontroller and cwclientlib should be used instead). Note that as a side effect, β€œrepository-only” instances (i.e. without a http component) are no longer possible. If you have any such instances, you will need to rename the configuration file from repository.conf to all-in-one.conf and run cubicweb-ctl upgrade to update it. Likewise, remote cubicweb-ctl shell is no longer available.

  • the old (deprecated since 3.19) DBAPI api is completely removed

  • cubicweb.toolsutils.config_connect() has been removed

3.20 (06/01/2015)#

New features#

  • virtual relations: a new ComputedRelation class can be used in schema.py; its rule attribute is an RQL snippet that defines the new relation.

  • computed attributes: an attribute can now be defined with a formula argument (also an RQL snippet); it will be read-only, and updated automatically.

    Both of these features are described in CWEP-002, and the updated β€œData model” chapter of the CubicWeb book.

  • cubicweb-ctl plugins can use the cubicweb.utils.admincnx function to get a Connection object from an instance name.

  • new β€˜tornado’ wsgi backend

  • session cookies have the HttpOnly flag, so they’re no longer exposed to javascript

  • rich text fields can be formatted as markdown

  • the edit controller detects concurrent editions, and raises a ValidationError if an entity was modified between form generation and submission

  • cubicweb can use a postgresql β€œschema” (namespace) for its tables

  • β€œcubicweb-ctl configure” can be used to set values of the admin user credentials in the sources configuration file

  • in debug mode, setting the _cwtracehtml parameter on a request allows tracing where each bit of output is produced

API Changes#

  • ucsvreader() and ucsvreader_pb() from the dataimport module have 2 new keyword arguments delimiter and quotechar to replace the separator and quote arguments respectively. This makes the API match that of Python’s csv.reader(). The old arguments are still supported though deprecated.

  • the migration environment’s remove_cube function is now called drop_cube.

  • cubicweb.old.css is now cubicweb.css. The previous β€œnew” cubicweb.css, along with its cubicweb.reset.css companion, have been removed.

  • the jquery-treeview plugin was updated to its latest version

Deprecated Code Drops#

  • most of 3.10 and 3.11 backward compat is gone; this includes:

    • CtxComponent.box_action() and CtxComponent.build_link()

    • cubicweb.devtools.htmlparser.XMLDemotingValidator

    • various methods and properties on Entities, replaced by cw_edited and cw_attr_cache

    • β€˜commit_event’ method on hooks, replaced by β€˜postcommit_event’

    • server.hook.set_operation(), replaced by Operation.get_instance(…).add_data()

    • View.div_id(), View.div_class() and View.create_url()

    • *VComponent classes

    • in forms, Field.value() and Field.help() must take the form and the field itself as arguments

    • form.render() must get w as a named argument, and renderer.render() must take w as first argument

    • in breadcrumbs, the optional recurs argument must be a set, not False

    • cubicweb.web.views.idownloadable.{download_box,IDownloadableLineView}

    • primary views no longer have render_entity_summary and summary methods

    • WFHistoryVComponent’s cell_call method is replaced by render_body

    • cubicweb.dataimport.ObjectStore.add(), replaced by create_entity

    • ManageView.{folders,display_folders}

3.19 (28/04/2015)#

New functionalities#

  • implement Cross Origin Resource Sharing (CORS) (see #2491768)

  • system_source.create_eid can get a range of IDs, to reduce overhead of batch entity creation

Behaviour Changes#

  • The anonymous property of Session and Connection are now computed from the related user login. If it matches the anonymous-user in the config the connection is anonymous. Beware that the anonymous-user config is web specific. Therefore, no session may be anonymous in a repository only setup.

New Repository Access API#

Connection replaces Session#

A new explicit Connection object replaces Session as the main repository entry point. Connection holds all the necessary methods to be used server-side (execute, commit, rollback, call_service, entity_from_eid, etc…). One obtains a new Connection object using session.new_cnx(). Connection objects need to have an explicit begin and end. Use them as a context manager to never miss an end:

with session.new_cnx() as cnx:
    cnx.execute('INSERT Elephant E, E name "Babar"')
    cnx.commit()
    cnx.execute('INSERT Elephant E, E name "Celeste"')
    cnx.commit()
# Once you get out of the "with" clause, the connection is closed.

Using the same Connection object in multiple threads will give you access to the same Transaction. However, Connection objects are not thread safe (hence at your own risks).

repository.internal_session is deprecated in favor of repository.internal_cnx. Note that internal connections are now safe by default, i.e. the integrity hooks are enabled.

Backward compatibility is preserved on Session.

dbapi vs repoapi#

A new API has been introduced to replace the dbapi. It is called repoapi.

There are three relevant functions for now:

  • repoapi.get_repository returns a Repository object either from an URI when used as repoapi.get_repository(uri) or from a config when used as repoapi.get_repository(config=config).

  • repoapi.connect(repo, login, **credentials) returns a ClientConnection associated with the user identified by the credentials. The ClientConnection is associated with its own Session that is closed when the ClientConnection is closed. A ClientConnection is a Connection-like object to be used client side.

  • repoapi.anonymous_cnx(repo) returns a ClientConnection associated with the anonymous user if described in the config.

repoapi.ClientConnection replace dbapi.Connection and company#

On the client/web side, the Request is now using a repoapi.ClientConnection instead of a dbapi.connection. The ClientConnection has multiple backward compatible methods to make it look like a dbapi.Cursor and dbapi.Connection.

Session used on the Web side are now the same than the one used Server side. Some backward compatibility methods have been installed on the server side Session to ease the transition.

The authentication stack has been altered to use the repoapi instead of the dbapi. Cubes adding new element to this stack are likely to break.

Session data can be accessed using the cnx.data dictionary, while transaction data is available through cnx.transaction_data. These replace the [gs]et_shared_data methods with optional txid kwarg.

New API in tests#

All current methods and attributes used to access the repo on CubicWebTC are deprecated. You may now use a RepoAccess object. A RepoAccess object is linked to a new Session for a specified user. It is able to create Connection, ClientConnection and web side requests linked to this session:

access = self.new_access('babar') # create a new RepoAccess for user babar
with access.repo_cnx() as cnx:
    # some work with server side cnx
    cnx.execute(...)
    cnx.commit()
    cnx.execute(...)
    cnx.commit()

with access.client_cnx() as cnx:
    # some work with client side cnx
    cnx.execute(...)
    cnx.commit()

with access.web_request(elephant='babar') as req:
    # some work with client side cnx
    elephant_name = req.form['elephant']
    req.execute(...)
    req.cnx.commit()

By default testcase.admin_access contains a RepoAccess object for the default admin session.

API changes#

  • RepositorySessionManager.postlogin is now called with two arguments, request and session. And this now happens before the session is linked to the request.

  • SessionManager and AuthenticationManager now take a repo object at initialization time instead of a vreg.

  • The async argument of _cw.call_service has been dropped. All calls are now synchronous. The zmq notification bus looks like a good replacement for most async use cases.

  • repo.stats() is now deprecated. The same information is available through a service (_cw.call_service('repo_stats')).

  • repo.gc_stats() is now deprecated. The same information is available through a service (_cw.call_service('repo_gc_stats')).

  • repo.register_user() is now deprecated. The functionality is now available through a service (_cw.call_service('register_user')).

  • request.set_session no longer takes an optional user argument.

  • CubicwebTC does not have repo and cnx as class attributes anymore. They are standard instance attributes. set_cnx and _init_repo class methods become instance methods.

  • set_cnxset and free_cnxset are deprecated. cnxset are now automatically managed.

  • The implementation of cascading deletion when deleting composite entities has changed. There comes a semantic change: merely deleting a composite relation does not entail any more the deletion of the component side of the relation.

  • _cw.user_callback and _cw.user_rql_callback are deprecated. Users are encouraged to write an actual controller (e.g. using ajaxfunc) instead of storing a closure in the session data.

  • A new entity.cw_linkable_rql method provides the rql to fetch all entities that are already or may be related to the current entity using the given relation.

Deprecated Code Drops#

  • session.hijack_user mechanism has been dropped.

  • EtypeRestrictionComponent has been removed, its functionality has been replaced by facets a while ago.

  • the old multi-source support has been removed. Only copy-based sources remain, such as datafeed or ldapfeed.

3.18 (10/01/2014)#

The migration script does not handle sqlite nor mysql instances.

New functionalities#

  • add a security debugging tool (see #2920304)

  • introduce an add permission on attributes, to be interpreted at entity creation time only and allow the implementation of complex update rules that don’t block entity creation (before that the update attribute permission was interpreted at entity creation and update time)

  • the primary view display controller (uicfg) now has a set_fields_order method similar to the one available for forms

  • new method ResultSet.one(col=0) to retrive a single entity and enforce the result has only one row (see #3352314)

  • new method RequestSessionBase.find to look for entities (see #3361290)

  • the embedded jQuery copy has been updated to version 1.10.2, and jQuery UI to version 1.10.3.

  • initial support for wsgi for the debug mode, available through the new wsgi cubicweb-ctl command, which can use either python’s builtin wsgi server or the werkzeug module if present.

  • a rql-table directive is now available in ReST fields

  • cubicweb-ctl upgrade can now generate the static data resource directory directly, without a manual call to gen-static-datadir.

API changes#

  • not really an API change, but the entity permission checks are now systematically deferred to an operation, instead of a) trying in a hook and b) if it failed, retrying later in an operation

  • The default value storage for attributes is no longer String, but Bytes. This opens the road to storing arbitrary python objects, e.g. numpy arrays, and fixes a bug where default values whose truth value was False were not properly migrated.

  • symmetric relations are no more handled by an rql rewrite but are now handled with hooks (from the activeintegrity category); this may have some consequences for applications that do low-level database manipulations or at times disable (some) hooks.

  • unique together constraints (multi-columns unicity constraints) get a name attribute that maps the CubicWeb contraint entities to corresponding backend index.

  • BreadCrumbEntityVComponent’s open_breadcrumbs method now includes the first breadcrumbs separator

  • entities can be compared for equality and hashed

  • the on_fire_transition predicate accepts a sequence of possible transition names

  • the GROUP_CONCAT rql aggregate function no longer repeats duplicate values, on the sqlite and postgresql backends

Deprecation#

  • pyrorql sources have been deprecated. Multisource will be fully dropped in the next version. If you are still using pyrorql, switch to datafeed NOW!

  • the old multi-source system

  • find_one_entity and find_entities in favor of find (see #3361290)

  • the TmpFileViewMixin and TmpPngView classes (see #3400448)

Deprecated Code Drops#

  • ldapuser have been dropped; use ldapfeed now (see #2936496)

  • action GotRhythm was removed, make sure you do not import it in your cubes (even to unregister it) (see #3093362)

  • all 3.8 backward compat is gone

  • all 3.9 backward compat (including the javascript side) is gone

  • the twisted (web-only) instance type has been removed

3.17 (02/05/2013)#

New functionalities#

  • add a command to compare db schema and file system schema (see #464991)

  • Add CubicWebRequestBase.content with the content of the HTTP request (see #2742453) (see #2742453)

  • Add directive bookmark to ReST rendering (see #2545595)

  • Allow user defined final type (see #124342)

API changes#

  • drop typed_eid() in favour of int() (see #2742462)

  • The SIOC views and adapters have been removed from CubicWeb and moved to the sioc cube.

  • The web page embedding views and adapters have been removed from CubicWeb and moved to the embed cube.

  • The email sending views and controllers have been removed from CubicWeb and moved to the massmailing cube.

  • RenderAndSendNotificationView is deprecated in favor of ActualNotificationOp the new operation use the more efficient data idiom.

  • Looping task can now have a interval <= 0. Negative interval disable the looping task entirely.

  • We now serve html instead of xhtml. (see #2065651)

Deprecation#

  • ldapuser have been deprecated. It’ll be fully dropped in the next version. If you are still using ldapuser switch to ldapfeed NOW!

  • hijack_user have been deprecated. It will be dropped soon.

Deprecated Code Drops#

  • The progress views and adapters have been removed from CubicWeb. These classes were deprecated since 3.14.0. They are still available in the iprogress cube.

  • API deprecated since 3.7 have been dropped.

3.16 (25/01/2013)#

New functionalities#

  • Add a new dataimport store (SQLGenObjectStore). This store enables a fast import of data (entity creation, link creation) in CubicWeb, by directly flushing information in SQL. This may only be used with PostgreSQL, as it requires the β€˜COPY FROM’ command.

API changes#

  • Orm: set_attributes and set_relations are unified (and deprecated) in favor of cw_set that works in all cases.

  • db-api/configuration: all the external repository connection information is now in an URL (see #2521848), allowing to drop specific options of pyro nameserver host, group, etc and fix broken ZMQ source. Configuration related changes:

    • Dropped β€˜pyro-ns-host’, β€˜pyro-instance-id’, β€˜pyro-ns-group’ from the client side configuration, in favor of β€˜repository-uri’. NO MIGRATION IS DONE, supposing there is no web-only configuration in the wild.

    • Stop discovering the connection method through repo_method class attribute of the configuration, varying according to the configuration class. This is a first step on the way to a simpler configuration handling.

    DB-API related changes:

    • Stop indicating the connection method using ConnectionProperties.

    • Drop _cnxtype attribute from Connection and cnxtype from Session. The former is replaced by a is_repo_in_memory property and the later is totaly useless.

    • Turn repo_connect into _repo_connect to mark it as a private function.

    • Deprecate in_memory_cnx which becomes useless, use _repo_connect instead if necessary.

  • the β€œtcp://” uri scheme used for ZMQ communications (in a way reminiscent of Pyro) is now named β€œzmqpickle-tcp://”, so as to make room for future zmq-based lightweight communications (without python objects pickling).

  • Request.base_url gets a secure=True optional parameter that yields an https url if possible, allowing hook-generated content to send secure urls (e.g. when sending mail notifications)

  • Dataimport ucsvreader gets a new boolean ignore_errors parameter.

Unintrusive API changes#

  • Drop of cubicweb.web.uicfg.AutoformSectionRelationTags.bw_tag_map, deprecated since 3.6.

User interface changes#

  • The RQL search bar has now some auto-completion support. It means relation types or entity types can be suggested while typing. It is an awesome improvement over the current behaviour !

  • The action box associated with table views (from tableview.py) has been transformed into a nice-looking series of small tabs; it means that the possible actions are immediately visible and need not be discovered by clicking on an almost invisible icon on the upper right.

  • The uicfg module has moved to web/views/ and ui configuration objects are now selectable. This will reduce the amount of subclassing and whole methods replacement usually needed to customize the ui behaviour in many cases.

  • Remove changelog view, as neither cubicweb nor known cubes/applications were properly feeding related files.

Other changes#

  • β€˜pyrorql’ sources will be automatically updated to use an URL to locate the source rather than configuration option. β€˜zmqrql’ sources were broken before this change, so no upgrade is needed…

  • Debugging filters for Hooks and Operations have been added.

  • Some cubicweb-ctl commands used to show the output of msgcat and msgfmt; they don’t anymore.

3.15 (12/04/2012)#

New functionnalities#

  • Add Zmq server, based on the cutting edge ZMQ (http://www.zeromq.org/) socket library. This allows to access distant instance, in a similar way as Pyro.

  • Publish/subscribe mechanism using ZMQ for communication among cubicweb instances. The new zmq-address-sub and zmq-address-pub configuration variables define where this communication occurs. As of this release this mechanism is used for entity cache invalidation.

  • Improved WSGI support. While there is still some caveats, most of the code which was twisted only is now generic and allows related functionalities to work with a WSGI front-end.

  • Full undo/transaction support : undo of modification has eventually been implemented, and the configuration simplified (basically you activate it or not on an instance basis).

  • Controlling HTTP status code used is not much more easier :

    • WebRequest now has a status_out attribut to control the response status ;

    • most web-side exceptions take an optional status argument.

API changes#

  • The base registry implementation has been moved to a new logilab.common.registry module (see #1916014). This includes code from :

    • cubicweb.vreg (the whole things that was in there)

    • cw.appobject (base selectors and all).

    In the process, some renaming was done:

    • the top level registry is now RegistryStore (was VRegistry), but that should not impact cubicweb client code ;

    • former selectors functions are now known as β€œpredicate”, though you still use predicates to build an object’selector ;

    • for consistency, the objectify_selector decoraror has hence be renamed to objectify_predicate ;

    • on the CubicWeb side, the selectors module has been renamed to predicates.

    Debugging refactoring dropped the more need for the lltrace decorator. There should be full backward compat with proper deprecation warnings. Notice the yes predicate and objectify_predicate decorator, as well as the traced_selection function should now be imported from the logilab.common.registry module.

  • All login forms are now submitted to <app_root>/login. Redirection to requested page is now handled by the login controller (it was previously handle by the session manager).

  • Publisher.publish has been renamed to Publisher.handle_request. This method now contains generic version of logic previously handled by Twisted. Controller.publish is not affected.

Unintrusive API changes#

  • New β€˜ldapfeed’ source type, designed to replace β€˜ldapuser’ source with data-feed (i.e. copy based) source ideas.

  • New β€˜zmqrql’ source type, similar to β€˜pyrorql’ but using ΓΈmq instead of Pyro.

  • A new registry called services has appeared, where you can register server-side cubicweb.server.Service child classes. Their call method can be invoked from a web-side AppObject instance using new self._cw.call_service method or a server-side one using self.session.call_service. This is a new way to call server-side methods, much cleaner than monkey patching the Repository class, which becomes a deprecated way to perform similar tasks.

  • a new ajax-func registry now hosts all remote functions (i.e. functions callable through the asyncRemoteExec JS api). A convenience ajaxfunc decorator will let you expose your python function easily without all the appobject standard boilerplate. Backward compatibility is preserved.

  • the β€˜json’ controller is now deprecated in favor of the β€˜ajax’ one.

  • WebRequest.build_url can now take a __secure__ argument. When True cubicweb try to generate an https url.

User interface changes#

A new β€˜undohistory’ view expose the undoable transactions and give access to undo some of them.

3.14 (09/11/2011)#

First notice CW 3.14 depends on yams 0.34 (which is incompatible with prior cubicweb releases regarding instance re-creation).

API changes#

  • Entity.fetch_rql restriction argument has been deprecated and should be replaced with a call to the new Entity.fetch_rqlst method, get the returned value (a rql Select node) and use the RQL syntax tree API to include the above-mentionned restrictions.

    Backward compat is kept with proper warning.

  • Entity.fetch_order and Entity.fetch_unrelated_order class methods have been replaced by Entity.cw_fetch_order and Entity.cw_fetch_unrelated_order with a different prototype:

    • instead of taking (attr, var) as two string argument, they now take (select, attr, var) where select is the rql syntax tree beinx constructed and var the variable node.

    • instead of returning some string to be inserted in the ORDERBY clause, it has to modify the syntax tree

    Backward compat is kept with proper warning, BESIDE cases below:

    • custom order method return something else the a variable name with or without the sorting order (e.g. cases where you sort on the value of a registered procedure as it was done in the tracker for instance). In such case, an error is logged telling that this sorting is ignored until API upgrade.

    • client code use direct access to one of those methods on an entity (no code known to do that).

  • Entity._rest_attr_info class method has been renamed to Entity.cw_rest_attr_info

    No backward compat yet since this is a protected method an no code is known to use it outside cubicweb itself.

  • AnyEntity.linked_to has been removed as part of a refactoring of this functionality (link a entity to another one at creation step). It was replaced by a EntityFieldsForm.linked_to property.

    In the same refactoring, cubicweb.web.formfield.relvoc_linkedto, cubicweb.web.formfield.relvoc_init and cubicweb.web.formfield.relvoc_unrelated were removed and replaced by RelationField methods with the same names, that take a form as a parameter.

    No backward compatibility yet. It’s still time to cry for it. Cubes known to be affected: tracker, vcsfile, vcreview.

  • CWPermission entity type and its associated require_permission relation type (abstract) and require_group relation definitions have been moved to a new localperms cube. With this have gone some functions from the cubicweb.schemas package as well as some views. This makes cubicweb itself smaller while you get all the local permissions stuff into a single, documented, place.

    Backward compat is kept for existing instances, though you should have installed the localperms cubes. A proper error should be displayed when trying to migrate to 3.14 an instance the use CWPermission without the new cube installed. For new instances / test, you should add a dependancy on the new cube in cubes using this feature, along with a dependancy on cubicweb >= 3.14.

  • jQuery has been updated to 1.6.4 and jquery-tablesorter to 2.0.5. No backward compat issue known.

  • Table views refactoring : new RsetTableView and EntityTableView, as well as rewritten an enhanced version of PyValTableView on the same bases, with logic moved to some column renderers and a layout. Those should be well documented and deprecates former TableView, EntityAttributesTableView and CellView, which are however kept for backward compat, with some warnings that may not be very clear unfortunatly (you may see your own table view subclass name here, which doesn’t make the problem that clear). Notice that _cw.view(β€˜table’, rset, *kwargs) will be routed to the new RsetTableView or to the old TableView depending on given extra arguments. See #1986413.

  • display_name don’t call .lower() anymore. This may leads to changes in your user interface. Different msgid for upper/lower cases version of entity type names, as this is the only proper way to handle this with some languages.

  • IEditControlAdapter has been deprecated in favor of EditController overloading, which was made easier by adding dedicated selectors called match_edited_type and match_form_id.

  • Pre 3.6 API backward compat has been dropped, though data migration compatibility has been kept. You may have to fix errors due to old API usage for your instance before to be able to run migration, but then you should be able to upgrade even a pre 3.6 database.

  • Deprecated cubicweb.web.views.iprogress in favor of new iprogress cube.

  • Deprecated cubicweb.web.views.flot in favor of new jqplot cube.

Unintrusive API changes#

  • Refactored properties forms (eg user preferences and site wide properties) as well as pagination components to ease overridding.

  • New cubicweb.web.uihelper module with high-level helpers for uicfg.

  • New anonymized_request decorator to temporary run stuff as an anonymous user, whatever the currently logged in user.

  • New β€˜verbatimattr’ attribute view.

  • New facet and form widget for Integer used to store binary mask.

  • New js_href function to generated proper javascript href.

  • match_kwargs and match_form_params selectors both accept a new once_is_enough argument.

  • printable_value is now a method of request, and may be given dict of

    formatters to use.

  • [Rset]TableView allows to set None in β€˜headers’, meaning the label should be fetched from the result set as done by default.

  • Field vocabulary computation on entity creation now takes __linkto information into accounet.

  • Started a cubicweb.pylintext pylint plugin to help pylint analyzing cubes.

RQL#

  • Support for HAVING in β€˜SET’ and β€˜DELETE’ queries.

  • new AT_TZ function to get back a timestamp at a given time-zone.

  • new WEEKDAY date extraction function

User interface changes#

  • Datafeed source now present an history of the latest import’s log, including global status and debug/info/warning/error messages issued during imports. Import logs older than a configurable amount of time are automatically deleted.

  • Breadcrumbs component is properly kept when creating an entity with β€˜__linkto’.

  • users and groups management now really lead to that (i.e. includes groups management).

  • New β€˜jsonp’ controller with β€˜jsonexport’ and β€˜ejsonexport’ views.

Configuration#

  • Added option β€˜resources-concat’ to make javascript/css files concatenation optional.