If you are upgrading an existing installation, read :ref:`the instructions <upgrade>`
- Fix missing permissions for non-admin users (:issue:`284`)
- Add Pyramid>=2.0 to dependencies (:issue:`283`)
- Upgrade to Pyramid 2.0
- Remove the SQL index from package summary field (will take effect when you rebuild your cache, but a rebuild is not required)
- Fix a XSS vulnerability (:issue:`280`)
- Remove storage limit of package summary (:pr:`276`) (will take effect when you rebuild your cache, but a rebuild is not required unless you hit this issue)
- Add more package info to JSON API (:pr:`269`)
- Stop normalizing metadata for Azure (:pr:`272`)
- Provide Azure credentials via environment variable (:issue:`270`)
- Pin the Pyramid version to avoid deprecation (:issue:`274`)
- Dropping support for Python 3.5 and 3.6 due to difficulty with cryptography library
- Fix a datetime crash when reloading the cache (:issue:`266`)
- Fix a logic error with
db.graceful_reload
(:pr:`267`)
- Fix content-type when streaming packages (:pr:`260`)
- JSON scraper doesn't throw exceptions if it receives a HTTP error (:issue:`264`)
- Add config option for GCS IAM signing email (:pr:`262`)
- Add
pypi.allow_delete
to disable deleting packages (:issue:`259`)
- Fix concurrency bugs in GCS backend (:issue:`258`)
- Fix metadata storage issue with some S3-compatible backends (:pr:`255`)
- Command line arg to generate password hash from stdin (:pr:`253`)
- Fix error when package in local storage but not in fallback repository (:issue:`251`)
- Fix an exception when
pypi.use_json_scraper = false
(:issue:`250`) - Allow passing in
auth.signing_key
as an environment variable (:issue:`247`) - Add some documentation about the DynamoDB cache (:issue:`249`)
- Add support for Microsoft Azure Blob storage (:pr:`241`)
- Add
requests
as a dependency (:pr:`240`)
- Fix a bug with reloading Redis cache (:pr:`230`)
- More graceful handling of non-package files in GCS (:issue:`232`)
- Support for
requires_python
metadata (:pr:`234`, :issue:`219`) - Add
pypi.use_json_scraper
setting for configuring - Change default value of
storage.redirect_urls
toTrue
- Add :ref:`auth.scheme <auth_scheme>` setting to customize password hashing algorithm (:issue:`237`)
- SIGNIFICANTLY LOWERED default password hashing rounds. :ref:`Read about why in the docs <passlib>`
- Add option to use IAM signer on GCS (:pr:`226`)
- Change default fallback url from
http://pypi.python.org
tohttps://pypi.org
(:pr:`207`) - Add
pypi.disallow_fallback
option to disable fallback for specific packages (:pr:`216`) - Fix automatic bucket creation for all S3 regions (:pr:`225`)
- Add ability to stream files through pypicloud (:pr:`202`)
- Support spaces in
auth.ldap.admin_value
values (:pr:`206`)
- Strip non-ASCII characters from summary for S3 backend (:pr:`197`)
- Fix an issue with production log format (:issue:`198`)
- Add
auth.ldap.fallback
to use config file configure groups and permissions with LDAP access backend (:issue:`199`)
- Fix: Exception during LDAP reconnect (:pr:`192`)
- Fix: LDAP on Python 3 could not detect admins (:pr:`193`)
- Feature: New
pypi.auth.admin_group_dn
setting for LDAP (for when memberOf is unavailable)
- Feature: Google Cloud Storage support (:pr:`189`)
- Feature:
/health
endpoint checks health of connection to DB backends (:issue:`181`) - Feature: Options for LDAP access backend to ignore referrals and ignore multiple user results (:pr:`184`)
- Fix: Exception when
storage.cloud_front_key_file
was set (:pr:`185`) - Fix: Bad redirect to the fallback url when searching the
/json
endpoint (:pr:`188`) - Deprecation:
pypi.fallback_url
has been deprecated in favor ofpypi.fallback_base_url
(:pr:`188`)
- Fix: Support
auth.profile_name
passing in a boto profile name (:pr:`172`) - Fix: Uploading package with empty description using twine crashes DynamoDB backend (:issue:`174`)
- Fix: Config file generation for use with docker container (using %(here)s was not working)
- Use cryptography package instead of horrifyingly old and deprecated pycrypto (:issue:`179`)
- Add
storage.public_url
to S3 backend (:issue:`173`)
- Fix: Download ACL button throws error in Python 3 (:issue:`166`)
- New access backend: AWS Secrets Manager (:pr:`164`)
- Add
storage.storage_class
option for S3 storage (:pr:`170`) - Add
db.tablenames
option for DynamoDB cache (:issue:`167`) - Reduce startup race conditions on empty caches when running multiple servers (:issue:`167`)
- Fix: Fix SQL connection issues with uWSGI (:issue:`160`)
- Miscellaneous python 3 fixes
- Fix: uWSGI hangs in python 3 (:issue:`153`)
- Fix: Crash when using
ppc-migrate
to migrate from S3 to S3 - Add warnings and documentation for edge case where S3 bucket has a dot in it (:issue:`145`)
- Admin can create signup tokens (:issue:`156`)
- Fix: Hang when rebuilding Postgres cache (:issue:`147`)
- Fix: Some user deletes fail with Foreign Key errors (:issue:`150`)
- Fix: Incorrect parsing of version for wheels (:issue:`154`)
- Configuration option for number of rounds to use in password hash (:issue:`115`)
- Make request errors visible in the browser (:issue:`151`)
- Add a Create User button to admin page (:issue:`149`)
- SQL access backend defaults to disallowing anonymous users to register
- Support for LDAP anonymous bind (:pr:`142`)
- Fix a crash in Python 3 (:issue:`141`)
- Python3 support thanks to boto3
- Removing stable/unstable version from package summary
- Changing and removing many settings
- Performance tweaks
graceful_reload
option for caches, to refresh from the storage backend while remaining operational- Complete rewrite of LDAP access backend
- Utilities for hooking into :ref:`S3 create & delete notifications <s3_sync>` to keep multiple caches in sync
NOTE Because of the boto3 rewrite, many settings have changed. You will need to review the settings for your storage, cache, and access backends to make sure they are correct, as well as rebuilding your cache as per usual.
- Add
storage.object_acl
for S3 (:pr:`139`)
- Allow search endpoint to have a trailing slash (:issue:`133`)
- Allow overriding the displayed download URL in the web interface (:pr:`125`)
- Bump up the DB size of the version field (SQL-only) (:pr:`128`)
- Bug fix: S3 uploads failing from web interface and when fallback=cache (:issue:`120`)
- Bug fix: The
/pypi
path was broken for viewing & uploading packages (:issue:`119`) - Update docs to recommend
/simple
as the install/upload URL - Beaker session sets
invalidate_corrupt = true
by default
- Bug fix: Deleting packages while using the Dynamo cache would sometimes remove the wrong package from Dynamo (:issue:`118`)
Upgrade breaks: SQL caching database. You will need to rebuild it.
- Feature: Pip search works now (:pr:`107`)
- Bug fix: Deleting packages while using the Dynamo cache would sometimes remove the wrong package from Dynamo (:issue:`118`)
- Bug fix: Access backend now works with MySQL family (:pr:`106`)
- Bug fix: Return http 409 for duplicate upload to work better with twine (:issue:`112`)
- Bug fix: Show upload button in interface if
default_write = everyone
- Confirm prompt before deleting a user or group in the admin interface
- Do some basica sanity checking of username/password inputs
- Feature: Add optional AWS S3 Server Side Encryption option (:pr:`99`)
- Bug fix: Rebuilding cache always ends up with correct name/version (:pr:`93`)
- Feature: /health endpoint (nothing fancy, just returns 200) (:issue:`95`)
- Bug fix: Show platform-specific versions of wheels (:issue:`91`)
- Bug fix: LDAP auth disallows empty passwords for anonymous binding (:pr:`92`)
- Config generator sets
pypi.default_read = authenticated
for prod mode
Backwards incompatibility: This version was released to handle a change in the way pip 8.1.2 handles package names. If you are upgrading from a previous version, there are :ref:`detailed instructions for how to upgrade safely <upgrade0.4>`.
- Bug fix: LDAP auth disallows empty passwords for anonymous binding (:pr:`92`)
- Feature: Setting
auth.ldap.service_account
for LDAP auth (:pr:`84`)
- Bug fix: Missing newline in config template (:pr:`77`)
- Feature:
pypi.always_show_upstream
for tweaking fallback behavior (:issue:`82`)
- Feature: S3 backend setting
storage.redirect_urls
- Bug fix: SQL cache works with MySQL (:issue:`74`)
- Feature: S3 backend can use S3-compatible APIs (:pr:`72`)
- Feature: Cloudfront storage (:pr:`71`)
- Bug fix: Rebuilding cache from storage won't crash on odd file names (:pr:`70`)
- Feature:
/packages
endpoint to list all files for all packages (:pr:`64`)
- Bug fix: Settings parsed incorrectly for LDAP auth (:issue:`62`)
- Bug fix: Mirror mode: only one package per version is displayed (:issue:`61`)
- Add docker-specific option for config creation
- Move docker config files to a separate repository
- Feature: LDAP Support (:pr:`55`)
- Bug fix: Incorrect package name/version when uploading from web (:issue:`56`)
- Bug fix: Restore direct links to S3 to fix easy_install (:issue:`54`)
- Bug fix:
pypi.allow_overwrite
causes crash in sql cache (:issue:`52`)
- Fully defines the behavior of every possible type of pip request. See :ref:`Fallbacks <fallback_detail>` for more detail.
- Don't bother caching generated S3 urls.
- Bug fix: Crash when mirror mode serves private packages
- Bug fix: Mirror mode works properly with S3 storage backend
- Bug fix: Cache mode will correctly download packages with legacy versioning (:pr:`45`)
- Bug fix: Fix the fetch_requirements endpoint (:sha:`6b2e2db`)
- Bug fix: Incorrect expire time comparison with IAM roles (:pr:`47`)
- Feature: 'mirror' mode. Caches packages, but lists all available upstream versions.
- Bug fix: S3 download links expire incorrectly with IAM roles (:issue:`38`)
- Bug fix:
fallback = cache
crashes with distlib 0.2.0 (:issue:`41`)
- Bug fix: Connection problems with new S3 regions (:issue:`39`)
- Usability: Warn users trying to log in over http when
session.secure = true
(:issue:`40`)
- Bug fix: Crash when migrating packages from file storage to S3 storage (:pr:`35`)
- Bug fix: First download of package using S3 backend and
pypi.fallback = cache
returns 404 (:issue:`31`)
- Bug fix: Rebuilding SQL cache sometimes crashes (:issue:`29`)
- Bug fix: Rebuilding SQL cache sometimes deadlocks (:pr:`27`)
- Bug fix:
ppc-migrate
between two S3 backends (:pr:`22`)
- Bug fix: Caching works with S3 backend (:sha:`4dc593a`)
- Bug fix: Security bug in user auth (:sha:`001e8a5`)
- Bug fix: Package caching from pypi was slightly broken (:sha:`065f6c5`)
- Bug fix:
ppc-migrate
works when migrating to the same storage type (:sha:`45abcde`)
- Bug fix: Pre-existing S3 download links were broken by 0.2.0 (:sha:`52e3e6a`)
Upgrade breaks: caching database
- Bug fix: Timestamp display on web interface (:pr:`18`)
- Bug fix: User registration stores password as plaintext (:sha:`21ebe44`)
- Feature:
ppc-migrate
, command to move packages between storage backends (:sha:`399a990`) - Feature: Adding support for more than one package with the same version. Now you can upload wheels! (:sha:`2f24877`)
- Feature: Allow transparently downloading and caching packages from pypi (:sha:`e4dabc7`)
- Feature: Export/Import access-control data via
ppc-export
andppc-import
(:sha:`dbd2a16`) - Feature: Can set default read/write permissions for packages (:sha:`c9aa57b`)
- Feature: New cache backend: DynamoDB (:sha:`d9d3092`)
- Hosting all js & css ourselves (no more CDN links) (:sha:`20e345c`)
- Obligatory miscellaneous refactoring
- First public release