File: HISTORY.txt

package info (click to toggle)
python-webob 1:1.8.5-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 1,664 kB
  • sloc: python: 21,344; makefile: 171
file content (1389 lines) | stat: -rw-r--r-- 51,130 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1.7rc1 (2016-11-18)
-------------------

Compatibility
~~~~~~~~~~~~~

- WebOb is no longer supported on Python 2.6 and PyPy3 (due to pip no longer
  supporting Python 3.2 even on PyPy)

Backwards Incompatibility
~~~~~~~~~~~~~~~~~~~~~~~~~

- ``Response.set_cookie`` no longer accepts a key argument. This was deprecated
  in WebOb 1.5 and as mentioned in the deprecation, is being removed in 1.7

- ``Response.__init__`` will no longer set the default Content-Type, nor
  Content-Length on Responses that don't have a body. This allows WebOb to
  return proper responses for things like `Response(status='204 No Content')`.

- ``Response.text`` will no longer raise if the Content-Type does not have a
  charset, it will fall back to using the new ``default_body_encoding`. To get
  the old behaviour back please sub-class ``Response`` and set
  ``default_body_encoding`` to ``None``. See
  https://github.com/Pylons/webob/pull/287

- WebOb no longer supports Chunked Encoding, this means that if you are using
  WebOb and need Chunked Encoding you will be required to have a proxy that
  unchunks the request for you. Please read
  https://github.com/Pylons/webob/issues/279 for more background.

Feature
~~~~~~~

- ``Response`` has a new ``default_body_encoding`` which may be used to allow
  getting/setting ``Response.text`` when a Content-Type has no charset. See
  https://github.com/Pylons/webob/pull/287

- ``webob.Request`` with any HTTP method is now allowed to have a body. This
  allows DELETE to have a request body for passing extra information. See
  https://github.com/Pylons/webob/pull/283 and
  https://github.com/Pylons/webob/pull/274

- Add ``tell()`` to ``ResponseBodyFile`` so that it may be used for example for
  zipfile support. See https://github.com/Pylons/webob/pull/117

- Allow the return from ``wsgify.middleware`` to be used as a decorator. See
  https://github.com/Pylons/webob/pull/228

Bugfix
~~~~~~

- Fixup ``cgi.FieldStorage`` on Python 3.x to work-around issue reported in
  Python bug report 27777 and 24764. This is currently applied for Python
  versions less than 3.7. See https://github.com/Pylons/webob/pull/294

- ``Response.set_cookie`` now accepts ``datetime`` objects for the ``expires``
  kwarg and will correctly convert them to UTC with no tzinfo for use in
  calculating the ``max_age``. See https://github.com/Pylons/webob/issues/254
  and https://github.com/Pylons/webob/pull/292

- Fixes ``request.PATH_SAFE`` to contain all of the path safe characters
  according to RFC3986. See https://github.com/Pylons/webob/pull/291

- WebOb's exceptions will lazily read underlying variables when inserted into
  templates to avoid expensive computations/crashes when inserting into the
  template. This had a bad performance regression on Py27 because of the way
  the lazified class was created and returned. See
  https://github.com/Pylons/webob/pull/284

- ``wsgify.__call__`` raised a ``TypeError`` with an unhelpful message, it will
  now return the ``repr`` for the wrapped function:
  https://github.com/Pylons/webob/issues/119

- ``Response.content_type`` removes the charset content-type parameter unless
  the new content-type is a text like type that has a charset parameter.  See
  https://github.com/Pylons/webob/pull/261 and
  https://github.com/Pylons/webob/issues/130

- ``Response.json``'s ``json.dumps``/``json.loads`` are now always UTF-8. It no
  longer tries to use the charset.

- The ``Response.__init__`` will by default no longer set the Content-Type to
  the default if a ``headerlist`` is provided. This fixes issues whereby
  ``Request.get_response()`` would return a Response that didn't match the
  actual response. See https://github.com/Pylons/webob/pull/261 and
  https://github.com/Pylons/webob/issues/205

- Cleans up the remainder of the issues with the updated WebOb exceptions that
  were taught to return JSON in version 1.6. See
  https://github.com/Pylons/webob/issues/237 and
  https://github.com/Pylons/webob/issues/236

- ``Response.from_file`` now parses the status line correctly when the status
  line contains an HTTP with version, as well as a status text that contains
  multiple white spaces (e.g HTTP/1.1 404 Not Found). See
  https://github.com/Pylons/webob/issues/250

- ``Response`` now has a new property named ``has_body`` that may be used to
  interrogate the ``Response`` to find out if ``Response.body`` is or isn't
  set.

  This is used in the exception handling code so that if you use a WebOb HTTP
  Exception and pass a generator to ``app_iter`` WebOb won't attempt to read
  the whole thing and instead allows it to be returned to the WSGI server. See
  https://github.com/Pylons/webob/pull/259

1.6.0 (2016-03-15)
------------------

Compatibility
~~~~~~~~~~~~~

- Python 3.2 is no longer supported by WebOb

Bugfix
~~~~~~

- Request.decode attempted to read from the an already consumed stream, it has
  now been redirected to another stream to read from. See
  https://github.com/Pylons/webob/pull/183

- The application/json media type does not allow for a charset as discovery of
  the encoding is done at the JSON layer. Upon initialization of a Response
  WebOb will no longer add a charset if the content-type is set to JSON. See
  https://github.com/Pylons/webob/pull/197 and
  https://github.com/Pylons/pyramid/issues/1611

Features
~~~~~~~~

- Lazily HTML escapes environment keys in HTTP Exceptions so that those keys in
  the environ that are not used in the output of the page don't raise an
  exception due to inability to be properly escaped. See
  https://github.com/Pylons/webob/pull/139

- MIMEAccept now accepts comparisons against wildcards, this allows one to
  match on just the media type or sub-type, without having to explicitly match
  on both the media type and sub-type at the same time. See
  https://github.com/Pylons/webob/pull/185

- Add the ability to return a JSON body from an exception. Using the Accept
  information in the request, the exceptions will now automatically return a
  JSON version of the exception instead of just HTML or text. See
  https://github.com/Pylons/webob/pull/230 and
  https://github.com/Pylons/webob/issues/209

Security
~~~~~~~~

- exc._HTTPMove and any subclasses will now raise a ValueError if the location
  field contains a line feed or carriage return. These values may lead to
  possible HTTP Response Splitting. The header_getter descriptor has also been
  modified to no longer accept headers with a line feed or carriage return.
  See: https://github.com/Pylons/webob/pull/229 and
  https://github.com/Pylons/webob/issues/217


1.5.1 (2015-10-30)
------------------

Bug Fixes
~~~~~~~~~

- The exceptions HTTPNotAcceptable, HTTPUnsupportedMediaType and
  HTTPNotImplemented will now correctly use the sub-classed template rather
  than the default error template. See https://github.com/Pylons/webob/issues/221

- Response's from_file now correctly deals with a status line that contains an
  HTTP version identifier. HTTP/1.1 200 OK is now correctly parsed, whereas
  before this would raise an error upon setting the Response.status in
  from_file. See https://github.com/Pylons/webob/issues/121

1.5.0 (2015-10-11)
------------------

Bug Fixes
~~~~~~~~~

- The cookie API functions will now make sure that `max_age` is an integer or
  an string that can convert to an integer. Previously passing in
  max_age='test' would have silently done the wrong thing.

Features
~~~~~~~~

- Unbreak req.POST when the request method is PATCH. Instead of returning
  something cmpletely unrelated we return NoVar. See:
  https://github.com/Pylons/webob/pull/215

- HTTP Status Code 308 is now supported as a Permanent Redirect. See
  https://github.com/Pylons/webob/pull/207

Backwards Incompatibilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ``Response.set_cookie`` renamed the only required parameter from "key" to
  "name". The code will now still accept "key" as a keyword argument, and will
  issue a DeprecationWarning until WebOb 1.7.

- The ``status`` attribute of a ``Response`` object no longer takes a string
  like ``None None`` and allows that to be set as the status. It now has to at
  least match the pattern of ``<integer status code> <explenation of status
  code>``. Invalid status strings will now raise a ``ValueError``.

1.5.0a0 (2015-07-25)
--------------------

Backwards Incompatibilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ``Morsel`` will no longer accept a cookie value that does not meet RFC6265's
  cookie-octet specification. Upon calling ``Morsel.serialize`` a warning will
  be issued, in the future this will raise a ``ValueError``, please update your
  cookie handling code. See https://github.com/Pylons/webob/pull/172

  The cookie-octet specification in RFC6265 states the following characters are
  valid in a cookie value:
 
  ===============  =======================================
  Hex Range        Actual Characters
  ===============  =======================================
  ``[0x21     ]``  ``!``
  ``[0x25-0x2B]``  ``#$%&'()*+``
  ``[0x2D-0x3A]``  ``-./0123456789:``
  ``[0x3C-0x5B]``  ``<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[``
  ``[0x5D-0x7E]``  ``]^_`abcdefghijklmnopqrstuvwxyz{|}~``
  ===============  =======================================

  RFC6265 suggests using base 64 to serialize data before storing data in a
  cookie.

  Cookies that meet the RFC6265 standard will no longer be quoted, as this is
  unnecessary. This is a no-op as far as browsers and cookie storage is
  concerned.

- ``Response.set_cookie`` now uses the internal ``make_cookie`` API, which will
  issue warnings if cookies are set with invalid bytes. See
  https://github.com/Pylons/webob/pull/172

Features
~~~~~~~~

- Add support for some new caching headers, stale-while-revalidate and
  stale-if-error that can be used by reverse proxies to cache stale responses
  temporarily if the backend disappears. From RFC5861. See
  https://github.com/Pylons/webob/pull/189

Bug Fixes
~~~~~~~~~

- Response.status now uses duck-typing for integers, and has also learned to
  raise a ValueError if the status isn't an integer followed by a space, and
  then the reason. See https://github.com/Pylons/webob/pull/191

- Fixed a bug in ``webob.multidict.GetDict`` which resulted in the
  QUERY_STRING not being updated when changes were made to query
  params using ``Request.GET.extend()``.

- Read the body of a request if we think it might have a body. This fixes PATCH
  to support bodies. See https://github.com/Pylons/webob/pull/184

- Response.from_file returns HTTP headers as latin1 rather than UTF-8, this
  fixes the usage on Google AppEngine. See
  https://github.com/Pylons/webob/issues/99 and
  https://github.com/Pylons/webob/pull/150

- Fix a bug in parsing the auth parameters that contained bad white space. This
  makes the parsing fall in line with what's required in RFC7235. See
  https://github.com/Pylons/webob/issues/158

- Use '\r\n' line endings in ``Response.__str__``. See:
  https://github.com/Pylons/webob/pull/146

Documentation Changes
~~~~~~~~~~~~~~~~~~~~~

- ``response.set_cookie`` now has proper documentation for ``max_age`` and
  ``expires``. The code has also been refactored to use ``cookies.make_cookie``
  instead of duplicating the code. This fixes
  https://github.com/Pylons/webob/issues/166 and
  https://github.com/Pylons/webob/issues/171

- Documentation didn't match the actual code for the wsgify function signature.
  See https://github.com/Pylons/webob/pull/167

- Remove the WebDAV only from certain HTTP Exceptions, these exceptions may
  also be used by REST services for example.

1.4 (2014-05-14)
----------------

Features
~~~~~~~~

- Remove ``webob.__version__``, the version number had not been kept in sync
  with the official pkg version.  To obtain the WebOb version number, use
  ``pkg_resources.get_distribution('webob').version`` instead.

Bug Fixes
~~~~~~~~~

- Fix a bug in ``EmptyResponse`` that prevents it from setting self.close as
  appropriate due to testing truthiness of object rather than if it is
  something other than ``None``.

- Fix a bug in ``SignedSerializer`` preventing secrets from containing
  higher-order characters. See https://github.com/Pylons/webob/issues/136

- Use the ``hmac.compare_digest`` method when available for constant-time
  comparisons.

1.3.1 (2013-12-13)
------------------

Bug Fixes
~~~~~~~~~

- Fix a bug in ``SignedCookieProfile`` whereby we didn't keep the original
  serializer around, this would cause us to have ``SignedSerializer`` be added on
  top of a ``SignedSerializer`` which would cause it to be run twice when
  attempting to verify a cookie.  See https://github.com/Pylons/webob/pull/127

Backwards Incompatibilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~

- When ``CookieProfile.get_value`` and ``SignedCookieProfile.get_value`` fails
  to deserialize a badly encoded value, we now return ``None`` as if the cookie
  was never set in the first place instead of allowing a ``ValueError`` to be
  raised to the calling code.  See https://github.com/Pylons/webob/pull/126

1.3 (2013-12-10)
----------------

Features
~~~~~~~~

- Added a read-only ``domain`` property to ``BaseRequest``.  This property
  returns the domain portion of the host value.  For example, if the
  environment contains an ``HTTP_HOST`` value of ``foo.example.com:8000``,
  ``request.domain`` will return ``foo.example.com``.

- Added five new APIs: ``webob.cookies.CookieProfile``,
  ``webob.cookies.SignedCookieProfile``, ``webob.cookies.JSONSerializer`` and
  ``webob.cookies.SignedSerializer``, and ``webob.cookies.make_cookie``.  These
  APIs are convenience APIs for generating and parsing cookie headers as well
  as dealing with signing cookies.

- Cookies generated via webob.cookies quoted characters in cookie values that
  did not need to be quoted per RFC 6265.  The following characters are no
  longer quoted in cookie values: ``~/=<>()[]{}?@`` .  The full set of
  non-letter-or-digit unquoted cookie value characters is now
  ``!#$%&'*+-.^_`|~/: =<>()[]{}?@``.  See
  http://tools.ietf.org/html/rfc6265#section-4.1.1 for more information.

- Cookie names are now restricted to the set of characters expected by RFC
  6265.  Previously they could contain unsupported characters such as ``/``.

- Older versions of Webob escaped the doublequote to ``\"`` and the backslash
  to ``\\`` when quoting cookie values.  Now, instead, cookie serialization
  generates ``\042`` for the doublequote and ``\134`` for the backslash. This
  is what is expected as per RFC 6265.  Note that old cookie values that do
  have the older style quoting in them will still be unquoted correctly,
  however.

- Added support for draft status code 451 ("Unavailable for Legal Reasons").
  See http://tools.ietf.org/html/draft-tbray-http-legally-restricted-status-00

- Added status codes 428, 429, 431 and 511 to ``util.status_reasons`` (they
  were already present in a previous release as ``webob.exc`` exceptions).

Bug Fixes
~~~~~~~~~

- MIMEAccept happily parsed malformed wildcard strings like "image/pn*" at
  parse time, but then threw an AssertionError during matching.  See
  https://github.com/Pylons/webob/pull/83 .

- Preserve document ordering of GET and POST request data when POST data passed
  to Request.blank is a MultiDict.  See https://github.com/Pylons/webob/pull/96

- Allow query strings attached to PATCH requests to populate request.params.
  See https://github.com/Pylons/webob/pull/106

- Added Python 3.3 trove classifier.

1.2.3
------------

* Maintainership transferred to `Pylons Project <http://www.pylonsproject.org/>`

* Fix parsing of form submissions where fields have
  transfer-content-encoding headers.

1.2.2
------------

* Fix multiple calls to ``cache_expires()`` not fully overriding the
  previously set headers.

* Fix parsing of form submissions where fields have different encodings.


1.2.1
------------

* Add index page (e.g., ``index.html``) support for
  :class:`webob.static.DirectoryApp`.

* Detect mime-type when creating a test request with file uploads
  (``Request.blank("/", POST=dict(file1=("foo.jpg", "xxx")))``)

* Relax parsing of ``Accept`` and ``Range`` headers to allow
  uppercase and extra whitespace.

* Fix docs references to some deprecated classes.


1.2
------------

* Fix :mod:`webob.client` handling  of connection-refused on Windows.

* Use ``simplejson`` in :mod:`webob.request` if present.

* Fix ``resp.retry_after = <long>`` interpreting value as a UNIX timestamp
  (should interpret as time delta in seconds).


1.2rc1
------------

* Add ``Response.json`` and ``Request.json`` which reads and sets the
  body using a JSON encoding (previously only the readable attribute
  ``Request.json_body`` existed).  ``Request.json_body`` is still
  available as an alias.

* Rename ``Response.status_int`` to ``Response.status_code`` (the
  ``.status_int`` name is still available and will be supported
  indefinitely).

* Add ``Request.text``, the unicode version of the request body
  (similar to ``Response.text``).

* Add :mod:`webob.client` which contains the WSGI application
  ``send_request_app`` and ``SendRequest``.  All requests sent to this
  application are turned into HTTP requests.

* Renamed ``Request.get_response(app)`` to ``Request.send(app)``.  The
  ``.get_response()`` name is still available.

* Use ``send_request_app`` as the default application for
  ``Request.send()``, so you can do:

    ``resp = Request.blank("http://python.org").send()``

* Add :mod:`webob.static` which contains two new WSGI applications,
  :class:`FileApp` serve one static file and :class:`DirectoryApp` to serve
  the content of a directory. They should provide a reusable implementation
  of :doc:`file-example`.  It also comes with support for ``wsgi.file_wrapper``.

  The implementation has been imported and simplified from
  :mod:`PasteOb.fileapp`.

* Add ``dev`` and ``docs`` setup.py aliases (to install development and docs
  dependencies respectively, e.g. "python setup.py dev").


1.2b3
------------

* Added ``request.host_port`` API (returns port number implied by HTTP_HOST,
  falling back to SERVER_PORT).

* Added ``request.client_addr`` API (returns IP address implied by
  HTTP_X_FORWARDED_FOR, falling back to REMOTE_ADDR).

* Fix corner-case ``response.status_int`` and ``response.status`` mutation
  bug on py3 (use explicit floor division).

* Backwards incompatibility: Request and BaseRequest objects now return
  Unicode for ``request.path_info`` and ``request.script_name`` under Python
  2.  Rationale: the legacy behavior of returning the respective raw environ
  values was nonsensical on Python 3.  Working with non-ascii encoded environ
  variables as raw WSGI values under Python 3 makes no sense, as PEP 3333
  specifies that environ variables are bytes-tunneled-as-latin-1 strings.

  If you don't care about Python 3, and you need strict backwards
  compatibility, to get legacy behavior of returning bytes on Python 2 for
  these attributes, use ``webob.LegacyRequest`` instead of ``webob.Request``.
  Although it's possible to use ``webob.LegacyRequest`` under Python 3, it
  makes no sense, and it should not be used there.

* The above backwards incompatibility fixed nonsensical behavior of
  ``request.host_url``, ``request.application_url``, ``request.path_url``,
  ``request.path``, ``request.path_qs``, ``request.url``,
  ``request.relative_url``, ``request.path_info_peek``,
  ``request.path_info_pop`` under Python 3.  These methods previously dealt
  with raw SCRIPT_NAME and PATH_INFO values, which caused nonsensical
  results.

* The WebOb Request object now respects an additional WSGI environment
  variable: ``webob.url_encoding``.  ``webob.url_encoding`` will be used to
  decode the raw WSGI PATH_INFO and SCRIPT_NAME variables when the
  ``request.path_info`` and ``request.script_name`` APIs are used.

* Request objects now accept an additional constructor parameter:
  ``url_encoding``.  ``url_encoding`` will be used to decode PATH_INFO and
  SCRIPT_NAME from its WSGI-encoded values. If ``webob.url_encoding`` is not
  set in the environ and ``url_encoding`` is not passed to the Request
  constructor, the default value ``utf-8`` will be used to decode the
  PATH_INFO and SCRIPT_NAME.

  Note that passing ``url_encoding`` will cause the WSGI environment variable
  ``webob.url_encoding`` to be set.

* Fix ``webob.response._request_uri`` internal function to generate sensible
  request URI under Python 3.  This fixed a problem under Python 3 if you
  were using non-absolute Location headers in responses.

1.2b2
------

* Fix ``request.cookies.get('name', 'default')``.  Previously ``default`` was
  ignored.

1.2b1
---------

* Mutating the ``request.cookies`` property now reflects the mutations into
  the ``HTTP_COOKIES`` environ header.

* ``Response.etag = (tag, False)`` sets weak etag.

* ``Range`` only parses single range now.

* ``Range.satisfiable(..)`` is gone.

* ``Accept.best_matches()`` is gone; use ``list(request.accept)`` or
  ``request.accept.best_match(..)`` instead (applies to all Accept-*
  headers) or similar with ``request.accept_language``.

* ``Response.request`` and ``Response.environ`` attrs are undeprecated and no
  longer raise exceptions when used.  These can also be passed to the
  Response constructor.  This is to support codebases that pass them to the
  constructor or assign them to a response instance.  However, some behavior
  differences from 1.1 exist.  In particular, synchronization is no longer
  done between environ and request attribute properties of Response; you may
  pass either to the constructor (or both) or assign one or the other or
  both, but they wont be managed specially and will remain the same over the
  lifetime of the response just as you passed them.  Default values for both
  ``request`` and ``environ`` on any given response are ``None`` now.

* Undeprecated ``uscript_name`` and ``upath_info``.

* For backwards compatibility purposes, switch ``req.script_name`` and
  ``path_info`` back again to contain "raw" undecoded native strings rather
  than text.  Use ``uscript_name`` and ``upath_info`` to get the text version
  of SCRIPT_NAME and PATH_INFO.

* Don't raise an exception if ``unicode_errors`` or ``decode_param_names`` is
  passed to the Request constructor.  Instead, emit a warning.  For benefit
  of Pylons 1.X, which passes both.

* Don't raise an exception if HTTPException.exception is used; instead emit a
  warning.  For benefit of Pylons 1.X, which uses it.

1.2a2
---------

* ``req.script_name`` and ``path_info`` now contain text, not bytes.

* Deprecated ``uscript_name`` and ``upath_info``.

* ``charset`` argument to ``Request`` as well as the attribute can only
  be set to UTF-8 or the value already present in the ``Content-Type`` header.

* ``unicode_errors`` attribute of ``Request`` and related functionality is gone.

* To process requests that come in an encoding different from UTF-8, the request
  needs to be transcoded like this: ``req = req.decode('windows-1251')``

* Added support for weak ETag matching in conditional responses.

* Most of etag-related functionality was refactored.


1.2a1
---------

* Python 3.2 compatibility.

* No longer compatible with Python 2.5 (only 2.6, 2.7, and 3.2 are supported).

* Switched VCS from Mercurial to Git

* Moved development to `GitHub <https://github.com/Pylons/webob>`_

* Added full history from PyCon 2011 sprint to the repository

* Change ``LimitedLengthFile`` and ``FakeCGIBody`` to inherit from
  ``io.RawIOBase`` and benefit from ``io.BufferedReader``.

* Do not set ``resp.request`` in ``req.get_response(app)``

* ``Response.request`` and ``.environ`` attrs are deprecated and raise exceptions
  when used.

* Deprecated request attributes ``str_GET``, ``str_POST``, ``str_cookies`` and
  ``str_params`` now raise exceptions when touched.

* Remove testing dependency on WebTest.

* Remove UnicodeMultiDict class; the result of ``Request.GET`` and
  ``Request.POST`` is now just a plain ``MultiDict``.

* The ``decode_param_names`` Request constructor argument has been removed,
  along with the ``Request.decode_param_names`` attribute.

* The ``Request.as_string()`` method is now better known as
  ``Request.as_bytes()``.

* The ``Request.from_string()`` method is now better known as
  ``Request.from_bytes()``.

* A new method named ``Request.as_text()`` now exists.

* A new method named ``Request.from_text()`` now exists.

* The ``webob.dec.wsgify`` repr() is now much less informative, but a lot
  easier to test and maintain.


1.1.1
---------

* Fix disconnect detection being incorrect in some cases (`issue 21
  <https://bitbucket.org/ianb/webob/issue/21>`_).

* Fix exception when calling ``.accept.best_match(..)`` on a header containing
  ``'*'`` (instead of ``'*/*'``).

* Extract some of the ``Accept`` code into subclasses (``AcceptCharset``,
  ``AcceptLanguage``).

* Improve language matching so that the app can now offer a generic
  language code and it will match any of the accepted dialects
  (``'en' in AcceptLanguage('en-gb')``).

* Normalize locale names when matching
  (``'en_GB' in AcceptLanguage('en-gb')``).

* Deprecate ``etag.weak_match(..)``.

* Deprecate ``Response.request`` and ``Response.environ`` attrs.


1.1
---------

* Remove deprecation warnings for ``unicode_body`` and ``ubody``.


1.1rc1
---------

* Deprecate ``Response.ubody`` / ``.unicode_body`` in favor of new ``.text`` attribute
  (the old names will be removed in 1.3 or even later).

* Make ``Response.write`` much more efficient (`issue 18
  <https://bitbucket.org/ianb/webob/issue/18>`_).

* Make sure copying responses does not reset Content-Length or Content-MD5 of the
  original (and that of future copies).

* Change ``del res.body`` semantics so that it doesn't make the response invalid,
  but only removes the response body.

* Remove ``Response._body`` so the ``_app_iter`` is the only representation.


1.1b2
---------

* Add detection for browser / user-agent disconnects. If the client disconnected
  before sending the entire request body (POST / PUT), ``req.POST``, ``req.body``
  and other related properties and methods will raise an exception.
  Previously this caused the application get a truncated request with no indication that it
  is incomplete.

* Make ``Response.body_file`` settable. This is now valid:
  ``Response(body_file=open('foo.bin'), content_type=...)``

* Revert the restriction on req.body not being settable for GET and some
  other requests. Such requests actually can have a body according to HTTP BIS
  (see also `commit message <https://bitbucket.org/ianb/webob/changeset/b3ef34c57936>`_)

* Add support for file upload testing via ``Request.blank(POST=..)``. Patch contributed by
  Tim Perevezentsev. See also:
  `ticket <https://bitbucket.org/ianb/webob/issue/15>`_,
  `changeset <https://bitbucket.org/ianb/webob/changeset/4ba9ab0c3f99>`_.

* Deprecate ``req.str_GET``, ``str_POST``, ``str_params`` and ``str_cookies`` (warning).


* Deprecate ``req.decode_param_names`` (warning).

* Change ``req.decode_param_names`` default to ``True``. This means that ``.POST``, ``.GET``,
  ``.params`` and ``.cookies`` keys are now unicode. This is necessary for WebOb to behave
  as close as possible on Python 2 and Python 3.


1.1b1
---------

* We have acquired the webob.org domain, docs are now hosted at `docs.webob.org
  <http://docs.webob.org/>`_

* Make ``accept.quality(..)`` return best match quality, not first match quality.

* Fix ``Range.satisfiable(..)`` edge cases.

* Make sure ``WSGIHTTPException`` instances return the same headers for ``HEAD``
  and ``GET`` requests.

* Drop Python 2.4 support

* Deprecate ``HTTPException.exception`` (warning on use).

* Deprecate ``accept.first_match(..)`` (warning on use).
  Use ``.best_match(..)`` instead.

* Complete deprecation of ``req.[str_]{post|query}vars`` properties
  (exception on use).

* Remove ``FakeCGIBody.seek`` hack (no longer necessary).


1.0.8
------

* Escape commas in cookie values (see also:
  `stdlib Cookie bug <http://bugs.python.org/issue9824>`_)

* Change cookie serialization to more closely match how cookies usually
  are serialized (unquoted expires, semicolon separators even between morsels)

* Fix some rare cases in cookie parsing

* Enhance the req.is_body_readable to always guess GET, HEAD, DELETE and TRACE
  as unreadable and PUT and POST as readable
  (`issue 12 <https://bitbucket.org/ianb/webob/issue/12>`_)

* Deny setting req.body or req.body_file to non-empty values for GET, HEAD and
  other bodiless requests

* Fix running nosetests with arguments on UNIX systems
  (`issue 11 <https://bitbucket.org/ianb/webob/issue/11>`_)


1.0.7
------

* Fix ``Accept`` header matching for items with zero-quality
  (`issue 10 <https://bitbucket.org/ianb/webob/issue/10>`_)

* Hide password values in ``MultiDict.__repr__``

1.0.6
------

* Use ``environ['wsgi.input'].read()`` instead of ``.read(-1)`` because the former
  is explicitly mentioned in PEP-3333 and CherryPy server does not support the latter.

* Add new ``environ['webob.is_body_readable']`` flag which specifies if the
  input stream is readable even if the ``CONTENT_LENGTH`` is not set.
  WebOb now only ever reads the input stream if the content-length is known
  or this flag is set.

* The two changes above fix a hangup with CherryPy and wsgiref servers
  (`issue 6 <https://bitbucket.org/ianb/webob/issue/6>`_)

* ``req.body_file`` is now safer to read directly. For ``GET`` and other similar requests
  it returns an empty ``StringIO`` or ``BytesIO`` object even if the server passed in
  something else.

* Setting ``req.body_file`` to a string now produces a PendingDeprecationWarning.
  It will produce DeprecationWarning in 1.1 and raise an error in 1.2. Either
  set ``req.body_file`` to a file-like object or set ``req.body`` to a string value.

* Fix ``.pop()`` and ``.setdefault(..)`` methods of ``req/resp.cache_control``

* Thanks to the participants of `Pyramid sprint at the PyCon US 2011
  <https://bitbucket.org/ianb/webob/changeset/7b7dc3ec6159>`_ WebOb now has
  100% test coverage.

1.0.5
------
* Restore Python 2.4 compatibility.

1.0.4
------

* The field names escaping bug semi-fixed in 1.0.3 and originally blamed on cgi module
  was in fact a ``webob.request._encode_multipart`` bug (also in Google Chrome) and was
  lurking in webob code for quite some time -- 1.0.2 just made it trigger more often.
  Now it is fixed properly.

* Make sure that req.url and related properties do not unnecessarily escape some chars
  (``:@&+$``) in the URI path (`issue 5 <https://bitbucket.org/ianb/webob/issue/5>`_)

* Revert some changes from 1.0.3 that have broken backwards compatibility for some apps.
  Getting ``req.body_file`` does not make input stream seekable, but there's a new property
  ``req.body_file_seekable`` that does.

* ``Request.get_response`` and ``Request.call_application`` seek the input body to start
  before calling the app (if possible).

* Accessing ``req.body`` 'rewinds' the input stream back to pos 0 as well.

* When accessing ``req.POST`` we now avoid making the body seekable as the input stream data
  are preserved in ``FakeCGIBody`` anyway.

* Add new method ``Request.from_string``.

* Make sure ``Request.as_string()`` uses CRLF to separate headers.

* Improve parity between ``Request.as_string()`` and ``.from_file``/``.from_string``
  methods, so that the latter can parse output of the former and create a similar
  request object which wasn't always the case previously.

1.0.3
------

* Correct a caching issue introduced in WebOb 1.0.2 that was causing unnecessary reparsing
  of POST requests.

* Fix a bug regarding field names escaping for forms submitted as ``multipart/form-data``.
  For more infromation see `the bug report and discussion
  <https://bitbucket.org/ianb/webob/issue/2>`_ and 1.0.4 notes for further fix.

* Add ``req.http_version`` attribute.

1.0.2
------

* Primary maintainer is now `Sergey Schetinin <http://self.maluke.com/>`_.

* Issue tracker moved from `Trac <http://bit.ly/webob-tickets>`_ to bitbucket's `issue
  tracker <https://bitbucket.org/ianb/webob/issues>`_

* WebOb 1.0.1 changed the behavior of ``MultiDict.update`` to be more in line with
  other dict-like objects. We now also issue a warning when we detect that the
  client code seems to expect the old, extending semantics.

* Make ``Response.set_cookie(key, None)`` set the 'delete-cookie' (same as ``.delete_cookie(key)``)

* Make ``req.upath_info`` and ``req.uscript_name`` settable

* Add :meth:``Request.as_string()`` method

* Add a ``req.is_body_seekable`` property

* Support for the ``deflate`` method with ``resp.decode_content()``

* To better conform to WSGI spec we no longer attempt to use seek on ``wsgi.input`` file
  instead we assume it is not seekable unless ``env['webob.is_body_seekable']`` is set.
  When making the body seekable we set that flag.

* A call to ``req.make_body_seekable()`` now guarantees that the body is seekable, is at 0 position
  and that a correct ``req.content_length`` is present.

* ``req.body_file`` is always seekable. To access ``env['wsgi.input']`` without any processing,
  use ``req.body_file_raw``. (Partially reverted in 1.0.4)

* Fix responses to HEAD requests with Range.

* Fix ``del resp.content_type``, ``del req.body``, ``del req.cache_control``

* Fix ``resp.merge_cookies()`` when called with an argument that is not a Response instance.

* Fix ``resp.content_body = None`` (was removing Cache-Control instead)

* Fix ``req.body_file = f`` setting ``CONTENT_LENGTH`` to ``-1`` (now removes from environ)

* Fix: make sure req.copy() leaves the original with seekable body

* Fix handling of WSGI environs with missing ``SCRIPT_NAME``

* A lot of tests were added by Mariano Mara and Danny Navarro.



1.0.1
-----

* As WebOb requires Python 2.4 or later, drop some compatibility modules
  and update the code to use the decorator syntax.

* Implement optional on-the-fly response compression (``resp.encode_content(lazy=True)``)

* Drop ``util.safezip`` module and make ``util`` a module instead of a subpackage.
  Merge ``statusreasons`` into it.

* Instead of using stdlib ``Cookie`` with monkeypatching, add a derived
  but thoroughly rewritten, cleaner, safer and faster ``webob.cookies`` module.

* Fix: ``Response.merge_cookies`` now copies the headers before modification instead of
  doing it in-place.

* Fix: setting request header attribute to ``None`` deletes that header.
  (Bug only affected the 1.0 release).

* Use ``io.BytesIO`` for the request body file on Python 2.7 and newer.

* If a UnicodeMultiDict was used as the ``multi`` argument of another
  UnicodeMultiDict, and a ``cgi.FieldStorage`` with a ``filename``
  with high-order characters was present in the underlying
  UnicodeMultiDict, a ``UnicodeEncodeError`` would be raised when any
  helper method caused the ``_decode_value`` method to be called,
  because the method would try to decode an already decoded string.

* Fix tests to pass under Python 2.4.

* Add descriptive docstrings to each exception in ``webob.exc``.

* Change the behaviour of ``MultiDict.update`` to overwrite existing header
  values instead of adding new headers. The extending semantics are now available
  via the ``extend`` method.

* Fix a bug in ``webob.exc.WSGIHTTPException.__init__``.  If a list of
  ``headers`` was passed as a sequence which contained duplicate keys (for
  example, multiple ``Set-Cookie`` headers), all but one of those headers
  would be lost, because the list was effectively flattened into a dictionary
  as the result of calling ``self.headers.update``.  Fixed via calling
  ``self.headers.extend`` instead.

1.0
---

* 1.0, yay!

* Pull in werkzeug Cookie fix for malformed cookie bug.

* Implement :meth:`Request.from_file` and
  :meth:`Response.from_file` which are kind of the inversion of
  ``str(req)`` and ``str(resp)``

* Add optional ``pattern`` argument to :meth:`Request.path_info_pop` that requires
  the ``path_info`` segment to match the passed regexp to get popped and returned.

* Rewrite most of descriptor implementations for speed.

* Reorder descriptor declarations to group them by their semantics.

* Move code around so that there are fewer compat modules.

* Change :meth:``HTTPError.__str__`` to better conform to PEP 352.

* Make :attr:`Request.cache_control` a view on the headers.

* Correct Accept-Language and Accept-Charset matching to fully conform to the HTTP spec.

* Expose parts of :meth:`Request.blank` as :func:`environ_from_url`
  and :func:`environ_add_POST`

* Fix Authorization header parsing for some corner cases.

* Fix an error generated if the user-agent sends a 'Content_Length' header
  (note the underscore).

* Kill :attr:`Request.default_charset`. Request charset defaults to UTF-8.
  This ensures that all values in ``req.GET``, ``req.POST`` and ``req.params``
  are always unicode.

* Fix the ``headerlist`` and ``content_type`` constructor arguments priorities
  for :class:`HTTPError` and subclasses.

* Add support for weak etags to conditional Response objects.

* Fix locale-dependence for some cookie dates strings.

* Improve overall test coverage.

* Rename class ``webob.datastruct.EnvironHeaders`` to ``webob.headers.EnvironHeaders``

* Rename class ``webob.headerdict.HeaderDict`` to ``webob.headers.ResponseHeaders``

* Rename class ``webob.updatedict.UpdateDict`` to ``webob.cachecontrol.UpdateDict``

0.9.8
-----

* Fix issue with WSGIHTTPException inadvertently generating unicode body
  and failing to encode it

* WWW-Authenticate response header is accessible as
  ``response.www_authenticate``

* ``response.www_authenticate`` and ``request.authorization`` hold None
  or tuple ``(auth_method, params)`` where ``params`` is a dictionary
  (or a string when ``auth_method`` is not one of known auth schemes
  and for Authenticate: Basic ...)

* Don't share response headers when getting a response like ``resp =
  req.get_response(some_app)``; this can avoid some funny errors with
  modifying headers and reusing Response objects.

* Add `overwrite` argument to :meth:`Response.set_cookie` that make the
  new value overwrite the previously set. `False` by default.

* Add `strict` argument to :meth:`Response.unset_cookie` that controls
  if an exception should be raised in case there are no cookies to unset.
  `True` by default.

* Fix ``req.GET.copy()``

* Make sure that 304 Not Modified responses generated by
  :meth:`Response.conditional_response_app` exclude Content-{Length/Type}
  headers

* Fix ``Response.copy()`` not being an independent copy

* When the requested range is not satisfiable, return a 416 error
  (was returning entire body)

* Truncate response for range requests that go beyond the end of body
  (was treating as invalid).

0.9.7.1
-------

* Fix an import problem with Pylons

0.9.7
-----

* Moved repository from svn location to
  http://bitbucket.org/ianb/webob/

* Arguments to :meth:`Accept.best_match` must be specific types,
  not wildcards. The server should know a list of specic types it can
  offer and use ``best_match`` to select a specific one.

* With ``req.accept.best_match([types])`` prefer the first type in the
  list (previously it preferred later types).

* Also, make sure that if the user-agent accepts multiple types and
  there are multiple matches to the types that the application offers,
  ``req.accept.best_match([..])`` returns the most specific match.
  So if the server can satisfy either ``image/*`` or ``text/plain``
  types, the latter will be picked independent from the order the accepted
  or offered types are listed (given they have the same quality rating).

* Fix Range, Content-Range and AppIter support all of which were broken
  in many ways, incorrectly parsing ranges, reporting incorrect
  content-ranges, failing to generate the correct body to satisfy the range
  from ``app_iter`` etc.

* Fix assumption that presense of a ``seek`` method means that the stream
  is seekable.

* Add ``ubody`` alias for ``Response.unicode_body``

* Add Unicode versions of ``Request.script_name`` and ``path_info``:
  ``uscript_name`` and ``upath_info``.

* Split __init__.py into four modules: request, response, descriptors and
  datetime_utils.

* Fix ``Response.body`` access resetting Content-Length to zero
  for HEAD responses.

* Support passing Unicode bodies to :class:`WSGIHTTPException`
  constructors.

* Make ``bool(req.accept)`` return ``False`` for requests with missing
  Accept header.

* Add HTTP version to :meth:`Request.__str__` output.

* Resolve deprecation warnings for parse_qsl on Python 2.6 and newer.

* Fix :meth:`Response.md5_etag` setting Content-MD5 in incorrect
  format.

* Add ``Request.authorization`` property for Authorization header.

* Make sure ETag value is always quoted (required by RFC)

* Moved most ``Request`` behavior into a new class named
  ``BaseRequest``.  The ``Request`` class is now a superclass for
  ``BaseRequest`` and a simple mixin which manages
  ``environ['webob.adhoc_attrs']`` when ``__setitem__``,
  ``__delitem__`` and ``__getitem__`` are called.  This allows
  framework developers who do not want the
  ``environ['webob.adhoc_attrs']`` mutation behavior from
  ``__setattr__``.  (chrism)

* Added response attribute ``response.content_disposition`` for its
  associated header.

* Changed how ``charset`` is determined on :class:`webob.Request`
  objects.  Now the ``charset`` parameter is read on the Content-Type
  header, if it is present.  Otherwise a ``default_charset`` parameter
  is read, or the ``charset`` argument to the Request constructor.
  This is more similar to how :class:`webob.Response` handles the
  charset.

* Made the case of the Content-Type header consistent (note: this
  might break some doctests).

* Make ``req.GET`` settable, such that ``req.environ['QUERY_STRING']``
  is updated.

* Fix problem with ``req.POST`` causing a re-parse of the body when
  you instantiate multiple ``Request`` objects over the same environ
  (e.g., when using middleware that looks at ``req.POST``).

* Recreate the request body properly when a ``POST`` includes file
  uploads.

* When ``req.POST`` is updated, the generated body will include the
  new values.

* Added a ``POST`` parameter to :meth:`webob.Request.blank`; when
  given this will create a request body for the POST parameters (list
  of two-tuples or dictionary-like object).  Note: this does not
  handle unicode or file uploads.

* Added method :meth:`webob.Response.merge_cookies`, which takes the
  ``Set-Cookie`` headers from a Response, and merges them with another
  response or WSGI application.  (This is useful for flash messages.)

* Fix a problem with creating exceptions like
  ``webob.exc.HTTPNotFound(body='<notfound/>',
  content_type='application/xml')`` (i.e., non-HTML exceptions).

* When a Location header is not absolute in a Response, it will be
  made absolute when the Response is called as a WSGI application.
  This makes the response less bound to a specific request.

* Added :mod:`webob.dec`, a decorator for making WSGI applications
  from functions with the signature ``resp = app(req)``.

0.9.6.1
-------

* Fixed :meth:`Response.__init__`, which for some content types would
  raise an exception.

* The ``req.body`` property will not recreate a StringIO object
  unnecessarily when rereading the body.

0.9.6
-----

* Removed `environ_getter` from :class:`webob.Request`.  This
  largely-unused option allowed a Request object to be instantiated
  with a dynamic underlying environ.  Since it wasn't used much, and
  might have been ill-advised from the beginning, and affected
  performance, it has been removed (from Chris McDonough).

* Speed ups for :meth:`webob.Response.__init__` and
  :meth:`webob.Request.__init__`

* Fix defaulting of ``CONTENT_TYPE`` instead of ``CONTENT_LENGTH`` to
  0 in ``Request.str_POST``.

* Added :meth:`webob.Response.copy`

0.9.5
-----

* Fix ``Request.blank('/').copy()`` raising an exception.

* Fix a potential memory leak with HEAD requests and 304 responses.

* Make :func:`webob.html_escape` respect the ``.__html__()`` magic
  method, which allows you to use HTML in
  :class:`webob.exc.HTTPException` instances.

* Handle unicode values for ``resp.location``.

* Allow arbitrary keyword arguments to ``exc.HTTP*`` (the same
  keywords you can send to :class:`webob.Response`).

* Allow setting :meth:`webob.Response.cache_expires` (usually it is
  called as a method).  This is primarily to allow
  ``Response(cache_expires=True)``.

0.9.4
-----

* Quiet Python 2.6 deprecation warnings.

* Added an attribute ``unicode_errors`` to :class:`webob.Response` --
  if set to something like ``unicode_errors='replace'`` it will decode
  ``resp.body`` appropriately.  The default is ``strict`` (which was
  the former un-overridable behavior).

0.9.3
-----

* Make sure that if changing the body the Content-MD5 header is
  removed. (Otherwise a lot of middleware would accidentally
  corrupt responses).

* Fixed ``Response.encode_content('identity')`` case (was a no-op even
  for encoded bodies).

* Fixed :meth:`Request.remove_conditional_headers` that was removing
  If-Match header instead of If-None-Match.

* Fixed ``resp.set_cookie(max_age=timedelta(...))``

* ``request.POST`` now supports PUT requests with the appropriate
  Content-Type.

0.9.2
-----

* Add more arguments to :meth:`Request.remove_conditional_headers`
  for more fine-grained control: `remove_encoding`, `remove_range`,
  `remove_match`, `remove_modified`. All of them are `True` by default.

* Add an `set_content_md5` argument to :meth:`Response.md5_etag`
  that calculates and sets Content-MD5 reponse header from current
  body.

* Change formatting of cookie expires, to use the more traditional
  format ``Wed, 5-May-2001 15:34:10 GMT`` (dashes instead of spaces).
  Browsers should deal with either format, but some other code expects
  dashes.

* Added in ``sorted`` function for backward compatibility with Python
  2.3.

* Allow keyword arguments to :class:`webob.Request`, which assign
  attributes (possibly overwriting values in the environment).

* Added methods :meth:`webob.Request.make_body_seekable` and
  :meth:`webob.Request.copy_body`, which make it easier to share a
  request body among different consuming applications, doing something
  like `req.make_body_seekable(); req.body_file.seek(0)`

0.9.1
-----

* ``request.params.copy()`` now returns a writable MultiDict (before
  it returned an unwritable object).

* There were several things broken with ``UnicodeMultiDict`` when
  ``decode_param_names`` is turned on (when the dictionary keys are
  unicode).

* You can pass keyword arguments to ``Request.blank()`` that will be
  used to construct ``Request`` (e.g., ``Request.blank('/',
  decode_param_names=True)``).

* If you set headers like ``response.etag`` to a unicode value, they
  will be encoded as ISO-8859-1 (however, they will remain encoded,
  and ``response.etag`` will not be a unicode value).

* When parsing, interpret times with no timezone as UTC (previously
  they would be interpreted as local time).

* Set the Expires property on cookies when using
  ``response.set_cookie()``.  This is inherited from ``max_age``.

* Support Unicode cookie values

0.9
---

* Added ``req.urlarg``, which represents positional arguments in
  ``environ['wsgiorg.routing_args']``.

* For Python 2.4, added attribute get/set proxies on exception objects
  from, for example, ``webob.exc.HTTPNotFound().exception``, so that
  they act more like normal response objects (despite not being
  new-style classes or ``webob.Response`` objects).  In Python 2.5 the
  exceptions are ``webob.Response`` objects.

Backward Incompatible Changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* The ``Response`` constructor has changed: it is now ``Response([body],
  [status], ...)`` (before it was ``Response([status], [body], ...)``).
  Body may be str or unicode.

* The ``Response`` class defaults to ``text/html`` for the
  Content-Type, and ``utf8`` for the charset (charset is only set on
  ``text/*`` and ``application/*+xml`` responses).

Bugfixes and Small Changes
~~~~~~~~~~~~~~~~~~~~~~~~~~

* Use ``BaseCookie`` instead of ``SimpleCookie`` for parsing cookies.

* Added ``resp.write(text)`` method, which is equivalent to
  ``resp.body += text`` or ``resp.unicode_body += text``, depending on
  the type of ``text``.

* The ``decode_param_names`` argument (used like
  ``Request(decode_param_names=True)``) was being ignored.

* Unicode decoding of file uploads and file upload filenames were
  causing errors when decoding non-file-upload fields (both fixes from
  Ryan Barrett).

0.8.5
-----

* Added response methods ``resp.encode_content()`` and
  ``resp.decode_content()`` to gzip or ungzip content.

* ``Response(status=404)`` now works (before you would have to use
  ``status="404 Not Found"``).

* Bugfix (typo) with reusing POST body.

* Added ``226 IM Used`` response status.

* Backport of ``string.Template`` included for Python 2.3
  compatibility.

0.8.4
-----

* ``__setattr__`` would keep ``Request`` subclasses from having
  properly settable environ proxies (like ``req.path_info``).

0.8.3
-----

* ``request.POST`` was giving FieldStorage objects for *every*
  attribute, not just file uploads.  This is fixed now.


* Added request attributes ``req.server_name`` and ``req.server_port``
  for the environ keys ``SERVER_NAME`` and ``SERVER_PORT``.

* Avoid exceptions in ``req.content_length``, even if
  ``environ['CONTENT_LENGTH']`` is somehow invalid.

0.8.2
-----

* Python 2.3 compatibility: backport of ``reversed(seq)``

* Made separate ``.exception`` attribute on ``webob.exc`` objects,
  since new-style classes can't be raised as exceptions.

* Deprecate ``req.postvars`` and ``req.queryvars``, instead using the
  sole names ``req.GET`` and ``req.POST`` (also ``req.str_GET`` and
  ``req.str_POST``).  The old names give a warning; will give an error
  in next release, and be completely gone in the following release.

* ``req.user_agent`` is now just a simple string (parsing the
  User-Agent header was just too volatile, and required too much
  knowledge about current browsers).  Similarly,
  ``req.referer_search_query()`` is gone.

* Added parameters ``version`` and ``comment`` to
  ``Response.set_cookie()``, per William Dode's suggestion.

* Was accidentally consuming file uploads, instead of putting the
  ``FieldStorage`` object directly in the parameters.

0.8.1
-----

* Added ``res.set_cookie(..., httponly=True)`` to set the ``HttpOnly``
  attribute on the cookie, which keeps Javascript from reading the
  cookie.

* Added some WebDAV-related responses to ``webob.exc``

* Set default ``Last-Modified`` when using ``response.cache_expire()``
  (fixes issue with Opera)

* Generally fix ``.cache_control``

0.8
---

First release.  Nothing is new, or everything is new, depending on how
you think about it.