« Changelog History


Kinto v8.3.0 Release Notes

Release Date: 2018-04-06 // about 6 years ago

  • 🔒 Security fix

    • 🛠 Validate the account user password even when the session is cached (fixes #1583). Since Kinto 8.2.0 the account plugin had a security flaw where the password wasn't verified during the session duration.

    🆕 New features

    • ➕ Add bucket and account creation permissions in the permissions endpoint (fixes #1510)

    🐛 Bug fixes

    • ⬇️ Reduce the OpenID state string length to fit in the PostgreSQL cache backend (fixes #1566)

    📚 Documentation

    • 👌 Improve OpenID settings and API documentation

    Internal Changes

    • ⚡️ Now fully rely on Pyup.io (or contributors) to update the versions in the requirements.txt file (fixes #1512)
    • 👀 Move from importing pip to running it in a subprocess (see https://github.com/pypa/pip/issues/5081).
    • ✂ Remove useless print when using the OpenID policy (ref #1509)
    • Try to recover from the race condition where two requests can delete the same record. (Fix #1557; refs #1407.)
    • 🛠 Fix a bug in the memory backend where paginating past the end of a list would restart pagination. (Refs #1584.)