Kinto v8.3.0 Release Notes
Release Date: 2018-04-06 // about 6 years ago-
🔒 Security fix
- 🛠 Validate the account user password even when the session is cached (fixes #1583). Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.
🆕 New features
- ➕ Add bucket and account creation permissions in the permissions endpoint (fixes #1510)
🐛 Bug fixes
- ⬇️ Reduce the OpenID state string length to fit in the PostgreSQL cache backend (fixes #1566)
📚 Documentation
- 👌 Improve OpenID settings and API documentation
Internal Changes
- ⚡️ Now fully rely on Pyup.io (or contributors) to update the versions in the
requirements.txt
file (fixes #1512) - 👀 Move from importing pip to running it in a subprocess (see https://github.com/pypa/pip/issues/5081).
- ✂ Remove useless print when using the OpenID policy (ref #1509)
- Try to recover from the race condition where two requests can delete the same record. (Fix #1557; refs #1407.)
- 🛠 Fix a bug in the memory backend where paginating past the end of a list would restart pagination. (Refs #1584.)