github.com
/
pypiserver
mirror of https://github.com/pypiserver/pypiserver
1
0
Fork 1
Code Releases Wiki Activity
pypiserver/CHANGES.rst

388 lines
13 KiB
ReStructuredText
Raw Blame History

Changelog
=========
1.3.0 (2019-05-xx)
------------------
- ENH: pypiserver now consistently and correctly handles the `X-Forwarded-Host`
header to allow for alternative base URLs (#248, resolves #155, thanks
@kujyp for an excellent first-time contribution!)
- DOC: significantly more information added to the `docker-compose.yml`
example, including recipes for various configuration options (thanks
@jetheurer for pointing out the errors in the existing docs, #243!)
- DOC: removed outdated suggestion to serve the packages data directly via
a webserver and replaced with information about setting up nginx
caching (thanks @RiceKab for bringing the issue to our attention, #232)
1.2.7 (2019-01-31)
------------------
- FIX: bcrypt is now *properly* installed in the Docker image, and our
automated tests now do a better job of making sure authentication and
uploads work as expected in Docker (thanks @ronneke1996, #239; also
thanks @kellycampbell, #235 for an alternate approach that wound up
being unused but is still appreciated!)
1.2.6 (2019-01-26)
------------------
- SEC: mitigate potential CRLF injection attacks from malicious URLs
(thanks @samwcyo, #237)
1.2.5 (2018-11-11)
------------------
- FIX: bcrypt is now installed into the Docker image, which allows
passlib to work like it should (thanks @Diftraku, #224)
- MAINT: integration tests with ``twine`` have been updated to use the
command-line interface rather than the internal API, which should
make them more resilient over time (#226)
1.2.4 (2018-08-06)
------------------
- FIX: the command to download new versions of available packages now
works with ``pip`` >= 10.0 (thanks @elboerto, #215)
1.2.3 (2018-08-04)
------------------
- MAINT: Remove broken downloads badge (thanks @hugovk, #209)
- ENH: Improved Dockerfile and ``docker-compose`` example, docs for using
the docker image, automatic docker builds
1.2.2 (2018-06-12)
------------------
- FIX: update fallback URL to https://pypi.org/simple since pypi.python.org
has shut down
- FIX: updated tests to use ``Popen`` rather than ``pip.main()`` given its
removal in pip version 10.0
- DOC: scrubbed docs of links to pypi.python.org
- DEPRECATION: Drop support for Python 3.3 (thanks @hugovk, #198)
1.2.1 (2017-11-29)
------------------
- FIX propagation of certain ``pypiserver`` settings via a ``paste.ini`` config
file (thanks @luismsgomes, #156)
- FIX update default fallback URL to be https for compliance with PyPI
(thanks @uSpike, #182)
- FIX resolved a regression preventing spinning up multiple pypiservers
via a paste config (thanks @bertjwregeer, #173)
- FIX cmdline parsing of stray comparison consuming many flags (e.g. ``--help``),
and docs about ``auther``
- (thanks to @sakurai-youhei, #162).
- Travis CI testing for Python 3.6 and pypy3 (#183)
- Several documentation improvements (thanks @tescalada, #166, #161, #172 and
@axnsan12, #190)
1.2.0 (2016-06-25)
------------------
"Brexit": Normalize and stop legacy support.
- Less rigorous support for ``python-2 < 2.7`` and ``python-3 < 3.3``.
- Package normalizations and :pep:`503` updates:
- Package names are normalized: convert all characters to lower-case
and replace any of ``[-_.]`` with a dash(``'-'``).
- The simple index only lists normalized package names.
- Any request for a non-normalized package name is redirected to
the normalized name.
- URLs are redirected unless they end in ``'/'`` (expect packages themselves).
- (thanks to @dpkp, #38, #139, #140)
- Added ``pip search`` support.
- (thanks to @blade2005, #80, #114)
- FIX startup regressions for other WSGI-servers, introduced by previous ``v1.1.10``.
- (thanks to @virtuald, @Oneplus, @michaelkuty, @harcher81, @8u1a,
#117, #122, #124/#127/#128)
- FIX over-writing of packages even when without ``--overwrite`` flag.
- (thanks to @blade2005, #113)
- Fixes for *paste*, *gunicorn* and other *WSGI* servers.
- (thanks to @corywright, @virtuald, @montefra, #112, #118, #119)
- Updates and fixes needed due to changes in dependent libraries.
- (thanks @dpkp, #120/#121, #129, #141/#142)
- Add cache for speeding up GPG signatures.
- sthanks to @virtuald, #116)
- Other minor fixes and improvements.
- (thanks to @bibby, @Oneplus, @8u1a, #129, #131)
- TravisCI-test against *python-3.5*.
- (#107, #108, #110)
- docs:
- Provide samples for *Automated Startup* (``systemd`` & ``hypervisor``).
(thanks to @ssbarnea, #137, #146)
- Add usage instructions for related project ``pypi-uploader``.
(thanks to @ssbarnea & @bibby, #147)
- doc: Provide sample-code to authenticate using ``/etc/passwds`` file
via *pam* modules in Unix.
- (thanks to @blade2005, #149, #151-#153)
- Improved API usage instructions.
- Detailed changes recorded in `Github's milestone 1.2.0
<https://github.com/pypiserver/pypiserver/milestones/M1.2.0>`_.
1.1.10 (2016-01-19)
-------------------
Serve 1000s of packages, PGP-Sigs, skip versions starting with 'v'.
+ #101: Speed-up server by (optionally) using the `watchdog` package
to cache results, serve packages directly from proxying-server (*Apache* ,
*nginx*), and pre-compile regexes (thanks @virtuald).
- #106: Support uploading PGP-signatures (thanks @mplanchard).
- Package-versions parsing modifications:
- #104: Stopped parsing invalid package-versions prefixed with `v`; they are
invalid according to :pep-reference:`0440` (thanks @virtuald &
@stevejefferiesIDBS).
- Support versions with epochs separated by `!` like `package-1!1.1.0`.
- #102: FIX regression on uploading packages with `+` char in their version
caused by recent bottle-upgrade.
- #103: Minor doc fixes (thanks @MichaelSchneeberger).
1.1.9 (2015-12-21)
------------------
"Ssss-elections" bug-fix & maintenance release.
- Upgrade bottle 1.11.6-->1.13-dev.
- Fixes `MAX_PARAM` limiting dependencies(#82)
- Rework main startup and standalone:
- New standalone generation based on ZIPed wheel archive.
- Replace all sys.module mechanics with relative imports.
- Fix gevent monkeypatching (#49).
- Simplify definition of config-options on startup.
- TODO: Move startup-options validations out of `main()` and
into `pypiserver.core`
package, to validate also start-up from API-clients.
- #53: Like PyPI, HREF-links now contain package's md5-hashes in their fragment.
Add `--hash_algo` cmd-line option to turn-off or specify other *hashlib*
message-digest algorithms (e.g. `sha256` is a safer choice, set it to `off`
to avoid any performance penalty if hosting a lot of packages).
- #97: Add `--auther` non cmd-line startup-option to allow for alternative
authentication methods (non HtPasswdFile-based one) to be defined by
API-clients (thanks @Tythos).
- #91: Attempt to fix register http failures (thanks to @Tythos and @petri).
- Test actual clients (ie `pip`, `Twine`, `setuptools`).
- Test spurious `setuptools` failures.
- NOT FIXED! Still getting spurious failures.
- Various other fixes:
- #96: Fix program's requirement (i.e. add passlib as extra-requirement).
provide requirements files also for developers.
- logging: Send also bottle `_stderr` to logger; fix logger names.
- #95: Add missing loop-terminators in bottle-templates (thanks to @bmflynn).
1.1.8 (2015-09-15)
------------------
"Finikounda" release.
- Allow un-authenticated uploads (no htpasswd file) (#55).
- Fixes on package-name handling (#85 and #88, #89).
- Respect logging cmd-line options (#81).
- Add TCs for standalone script and other build-issues (#92)
- See milestone:M1.1.8 on github for all fixes included.
1.1.7 (2015-03-8)
-----------------
1st release under cooperative ownership:
- #65, #66: Improve Auth for private repos by supporting i
password protected package listings and downloads,
in addition to uploads (use the -a, --authenticate option
to specify which to protect).
- #67: Add cache-control http-header, reqed by pip.
- #56, #70: Ignore non-packages when serving.
- #58, #62: Log all http-requests.
- #61: Possible to change welcome-msg.
- #77, #78: Avoid XSS by generating web-content with SimpleTemplate
instead of python's string-substs.
- #38, #79: Instruct to use --extra-index-url for misspelled dependencies to work,
reorganize README instructions.
1.1.6 (2014-03-05)
------------------
- remove --index-url cli parameter introduced in 1.1.5
1.1.5 (2014-01-20)
------------------
- only list devpi-server and proxypypi as alternatives
- fix wheel file handling for certain wheels
- serve wheel files as application/octet-stream
- make pypiserver executable from wheel file
- build universal wheel
- remove scripts subdirectory
- add --index-url cli parameter
1.1.4 (2014-01-03)
------------------
- make pypiserver compatible with pip 1.5
(https://github.com/pypiserver/pypiserver/pull/42)
1.1.3 (2013-07-22)
------------------
- make guessing of package name and version more robust
1.1.2 (2013-06-22)
------------------
- fix "pypi-server -U" stable/unstable detection, i.e. do not
accidentally update to unstable packages
1.1.1 (2013-05-29)
------------------
- add 'overwrite' option to allow overwriting existing package
files (default: false)
- show names with hyphens instead of underscores on the "/simple"
listing
- make the standalone version work with jython 2.5.3
- upgrade waitress to 0.8.5 in the standalone version
- workaround broken xmlrpc api on pypi.python.org by using HTTPS
1.1.0 (2013-02-14)
------------------
- implement multi-root support (one can now specify multiple package
roots)
- normalize pkgnames, handle underscore like minus
- sort files by their version, not alphabetically
- upgrade embedded bottle to 0.11.6
- upgrade waitress to 0.8.2 in the standalone script
- merge vsajip's support for verify, doc_upload and remove_pkg
1.0.1 (2013-01-03)
------------------
- make 'pypi-server -Ux' work on windows
('module' object has no attribute 'spawnlp',
https://github.com/pypiserver/pypiserver/issues/26)
- use absolute paths in hrefs for root view
(https://github.com/pypiserver/pypiserver/issues/25)
- add description of uploads to the documentation
- make the test suite work on python 3
- make pypi-server-standalone work with python 2.5
1.0.0 (2012-10-26)
------------------
- add passlib and waitress to pypi-server-standalone
- upgrade bottle to 0.11.3
- Update scripts/opensuse/pypiserver.init
- Refuse to re upload existing file
- Add 'console_scripts' section to 'entry_points', so
'pypi-server.exe' will be created on Windows.
- paste_app_factory now use the the password_file option to create the
app. Without this the package upload was not working.
- Add --fallback-url argument to pypi-server script to make it
configurable.
0.6.1 (2012-08-07)
------------------
- make 'python setup.py register' work
- added init scripts to start pypiserver on ubuntu/opensuse
0.6.0 (2012-06-14)
------------------
- make pypiserver work with pip on windows
- add support for password protected uploads
- make pypiserver work with non-root paths
- make pypiserver 'paste compatible'
- allow to serve multiple package directories using paste
0.5.2 (2012-03-27)
------------------
- provide a way to get the WSGI app
- improved package name and version guessing
- use case insensitive matching when removing archive suffixes
- fix pytz issue #6
0.5.1 (2012-02-23)
------------------
- make 'pypi-server -U' compatible with pip 1.1
0.5.0 (2011-12-05)
------------------
- make setup.py install without calling 2to3 by changing source code
to be compatible with both python 2 and python 3. We now ship a
slightly patched version of bottle. The upcoming bottle 0.11
also contains these changes.
- make the single-file pypi-server-standalone.py work with python 3
0.4.1 (2011-11-23)
------------------
- upgrade bottle to 0.9.7, fixes possible installation issues with
python 3
- remove dependency on pkg_resources module when running
'pypi-server -U'
0.4.0 (2011-11-19)
------------------
- add functionality to manage package updates
- updated documentation
- python 3 support has been added
0.3.0 (2011-10-07)
------------------
- pypiserver now scans the given root directory and it's
subdirectories recursively for packages. Files and directories
starting with a dot are now being ignored.
- /favicon.ico now returns a "404 Not Found" error
- pypiserver now contains some unit tests to be run with tox
0.2.0 (2011-08-09)
------------------
- better matching of package names (i.e. don't install package if only
a prefix matches)
- redirect to the real pypi.python.org server if a package is not found.
- add some documentation about configuring easy_install/pip
0.1.3 (2011-08-01)
------------------
- provide single file script pypi-server-standalone.py
- better documentation
0.1.2 (2011-08-01)
------------------
- prefix comparison is now case insensitive
- added usage message
- show minimal information for root url
0.1.1 (2011-07-29)
------------------
- don't require external dependencies
0.1.0 (2011-07-29)
------------------
- initial release
View Git Blame Copy Permalink