Add past release notes to sphinx docs

website/sphinx/index.rst

@@ -13,6 +13,7 @@ available.
    networking
    integration
    utilities
+   releases
 
 
 

website/sphinx/releases.rst

@@ -0,0 +1,12 @@
+Release notes
+=============
+
+.. toctree::
+   :maxdepth: 2
+
+   releases/v1.2.1
+   releases/v1.2.0
+   releases/v1.1.1
+   releases/v1.1.0
+   releases/v1.0.1
+   releases/v1.0.0

website/sphinx/releases/v1.0.0.rst

@@ -0,0 +1,61 @@
+What's new in Tornado 1.0
+=========================
+
+July 22, 2010
+-------------
+
+::
+
+    We are pleased to announce the release of Tornado 1.0, available
+    from
+    http://github.com/downloads/facebook/tornado/tornado-1.0.tar.gz.
+    There have been many changes since version 0.2; here are some of
+    the highlights:
+    
+    New features:
+    * Improved support for running other WSGI applications in a
+      Tornado server (tested with Django and CherryPy)
+    * Improved performance on Mac OS X and BSD (kqueue-based IOLoop),
+      and experimental support for win32
+    * Rewritten AsyncHTTPClient available as
+      tornado.httpclient.AsyncHTTPClient2 (this will become the
+      default in a future release)
+    * Support for standard .mo files in addition to .csv in the locale
+      module
+    * Pre-forking support for running multiple Tornado processes at
+      once (see HTTPServer.start())
+    * SSL and gzip support in HTTPServer
+    * reverse_url() function refers to urls from the Application
+      config by name from templates and RequestHandlers
+    * RequestHandler.on_connection_close() callback is called when the
+      client has closed the connection (subject to limitations of the
+      underlying network stack, any proxies, etc)
+    * Static files can now be served somewhere other than /static/ via
+      the static_url_prefix application setting
+    * URL regexes can now use named groups ("(?P<name>)") to pass
+      arguments to get()/post() via keyword instead of position
+    * HTTP header dictionary-like objects now support multiple values
+      for the same header via the get_all() and add() methods.
+    * Several new options in the httpclient module, including
+      prepare_curl_callback and header_callback
+    * Improved logging configuration in tornado.options.
+    * UIModule.html_body() can be used to return html to be inserted
+      at the end of the document body.
+    
+    Backwards-incompatible changes:
+    * RequestHandler.get_error_html() now receives the exception
+      object as a keyword argument if the error was caused by an
+      uncaught exception.
+    * Secure cookies are now more secure, but incompatible with
+      cookies set by Tornado 0.2.  To read cookies set by older
+      versions of Tornado, pass include_name=False to
+      RequestHandler.get_secure_cookie()
+    * Parameters passed to RequestHandler.get/post() by extraction
+      from the path now have %-escapes decoded, for consistency with
+      the processing that was already done with other query
+      parameters.
+    
+    Many thanks to everyone who contributed patches, bug reports, and
+    feedback that went into this release!
+    
+    -Ben

website/sphinx/releases/v1.0.1.rst

@@ -0,0 +1,11 @@
+What's new in Tornado 1.0.1
+===========================
+
+Aug 13, 2010
+------------
+
+::
+    
+    This release fixes a bug with RequestHandler.get_secure_cookie, which would
+    in some circumstances allow an attacker to tamper with data stored in the
+    cookie.

website/sphinx/releases/v1.1.0.rst

@@ -0,0 +1,53 @@
+What's new in Tornado 1.1
+=========================
+
+Sep 7, 2010
+-----------
+
+::
+    
+    We are pleased to announce the release of Tornado 1.1, available from
+    http://github.com/downloads/facebook/tornado/tornado-1.1.tar.gz
+    
+    Changes in this release:
+    * RequestHandler.async_callback and related functions in other classes
+      are no longer needed in most cases (although it's harmless to continue
+      using them).  Uncaught exceptions will now cause the request to be closed
+      even in a callback.  If you're curious how this works, see the new
+      tornado.stack_context module.
+    * The new tornado.testing module contains support for unit testing
+      asynchronous IOLoop-based code.
+    * AsyncHTTPClient has been rewritten (the new implementation was
+      available as AsyncHTTPClient2 in Tornado 1.0; both names are
+      supported for backwards compatibility).
+    * The tornado.auth module has had a number of updates, including support
+      for OAuth 2.0 and the Facebook Graph API, and upgrading Twitter and
+      Google support to OAuth 1.0a.
+    * The websocket module is back and supports the latest version (76) of the
+      websocket protocol.  Note that this module's interface is different
+      from the websocket module that appeared in pre-1.0 versions of Tornado.
+    * New method RequestHandler.initialize() can be overridden in subclasses
+      to simplify handling arguments from URLSpecs.  The sequence of methods
+      called during initialization is documented at
+      http://tornadoweb.org/documentation#overriding-requesthandler-methods
+    * get_argument() and related methods now work on PUT requests in addition
+      to POST.
+    * The httpclient module now supports HTTP proxies.
+    * When HTTPServer is run in SSL mode, the SSL handshake is now non-blocking.
+    * Many smaller bug fixes and documentation updates
+    
+    Backwards-compatibility notes:
+    * While most users of Tornado should not have to deal with the stack_context
+      module directly, users of worker thread pools and similar constructs may
+      need to use stack_context.wrap and/or NullContext to avoid memory leaks.
+    * The new AsyncHTTPClient still works with libcurl version 7.16.x, but it
+      performs better when both libcurl and pycurl are at least version 7.18.2.
+    * OAuth transactions started under previous versions of the auth module
+      cannot be completed under the new module.  This applies only to the
+      initial authorization process; once an authorized token is issued that
+      token works with either version.
+    
+    Many thanks to everyone who contributed patches, bug reports, and feedback
+    that went into this release!
+    
+    -Ben

website/sphinx/releases/v1.1.1.rst

@@ -0,0 +1,22 @@
+What's new in Tornado 1.1.1
+===========================
+
+Feb 8, 2011
+-----------
+
+::
+    
+    Tornado 1.1.1 is a BACKWARDS-INCOMPATIBLE security update that fixes an
+    XSRF vulnerability.  It is available at
+    http://github.com/downloads/facebook/tornado/tornado-1.1.1.tar.gz
+    
+    This is a backwards-incompatible change.  Applications that previously
+    relied on a blanket exception for XMLHTTPRequest may need to be modified
+    to explicitly include the XSRF token when making ajax requests.
+    
+    The tornado chat demo application demonstrates one way of adding this
+    token (specifically the function postJSON in demos/chat/static/chat.js).
+    
+    More information about this change and its justification can be found at
+    http://www.djangoproject.com/weblog/2011/feb/08/security/
+    http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

website/sphinx/releases/v1.2.0.rst

@@ -0,0 +1,107 @@
+What's new in Tornado 1.2
+=========================
+
+Feb 20, 2011
+------------
+
+::
+    
+    We are pleased to announce the release of Tornado 1.2, available from
+    http://github.com/downloads/facebook/tornado/tornado-1.2.tar.gz
+    
+    Backwards compatibility notes:
+    * This release includes the backwards-incompatible security change from
+      version 1.1.1.  Users upgrading from 1.1 or earlier should read the
+      release notes from that release:
+      http://groups.google.com/group/python-tornado/browse_thread/thread/b36191c781580cde
+    * StackContexts that do something other than catch exceptions may need to
+      be modified to be reentrant.
+      https://github.com/facebook/tornado/commit/7a7e24143e77481d140fb5579bc67e4c45cbcfad
+    * When XSRF tokens are used, the token must also be present on PUT and
+      DELETE requests (anything but GET and HEAD)
+    
+    New features:
+    * A new HTTP client implementation is available in the module
+      tornado.simple_httpclient.  This HTTP client does not depend on pycurl.
+      It has not yet been tested extensively in production, but is intended
+      to eventually replace the pycurl-based HTTP client in a future release of
+      Tornado.  To transparently replace tornado.httpclient.AsyncHTTPClient with
+      this new implementation, you can set the environment variable
+      USE_SIMPLE_HTTPCLIENT=1 (note that the next release of Tornado will
+      likely include a different way to select HTTP client implementations)
+    * Request logging is now done by the Application rather than the
+      RequestHandler.  Logging behavior may be customized by either overriding
+      Application.log_request in a subclass or by passing log_function
+      as an Application setting
+    * Application.listen(port): Convenience method as an alternative to
+      explicitly creating an HTTPServer
+    * tornado.escape.linkify(): Wrap urls in <a> tags
+    * RequestHandler.create_signed_value(): Create signatures like the
+      secure_cookie methods without setting cookies.
+    * tornado.testing.get_unused_port(): Returns a port selected in the same
+      way as inAsyncHTTPTestCase
+    * AsyncHTTPTestCase.fetch(): Convenience method for synchronous fetches
+    * IOLoop.set_blocking_signal_threshold(): Set a callback to be run when
+      the IOLoop is blocked.
+    * IOStream.connect(): Asynchronously connect a client socket
+    * AsyncHTTPClient.handle_callback_exception(): May be overridden
+      in subclass for custom error handling
+    * httpclient.HTTPRequest has two new keyword arguments, validate_cert and
+      ca_certs. Setting validate_cert=False will disable all certificate checks
+      when fetching https urls.  ca_certs may be set to a filename containing
+      trusted certificate authorities (defaults will be used if this is
+      unspecified)
+    * HTTPRequest.get_ssl_certificate(): Returns the client's SSL certificate
+      (if client certificates were requested in the server's ssl_options
+    * StaticFileHandler can be configured to return a default file (e.g.
+      index.html) when a directory is requested
+    * Template directives of the form "{% from x import y %}" are now
+      supported (in addition to the existing support for "{% import x
+      %}"
+    * FacebookGraphMixin.get_authenticated_user now accepts a new
+      parameter 'extra_fields' which may be used to request additional
+      information about the user
+    
+    Bug fixes:
+    * auth: Fixed KeyError with Facebook offline_access
+    * auth: Uses request.uri instead of request.path as the default redirect
+      so that parameters are preserved.
+    * escape: xhtml_escape() now returns a unicode string, not
+      utf8-encoded bytes
+    * ioloop: Callbacks added with add_callback are now run in the order they
+      were added
+    * ioloop: PeriodicCallback.stop can now be called from inside the callback.
+    * iostream: Fixed several bugs in SSLIOStream
+    * iostream: Detect when the other side has closed the connection even with
+      the select()-based IOLoop
+    * iostream: read_bytes(0) now works as expected
+    * iostream: Fixed bug when writing large amounts of data on windows
+    * iostream: Fixed infinite loop that could occur with unhandled exceptions
+    * httpclient: Fix bugs when some requests use proxies and others don't
+    * httpserver: HTTPRequest.protocol is now set correctly when using the
+      built-in SSL support
+    * httpserver: When using multiple processes, the standard library's
+      random number generator is re-seeded in each child process
+    * httpserver: With xheaders enabled, X-Forwarded-Proto is supported as an
+      alternative to X-Scheme
+    * httpserver: Fixed bugs in multipart/form-data parsing
+    * locale: format_date() now behaves sanely with dates in the future
+    * locale: Updates to the language list
+    * stack_context: Fixed bug with contexts leaking through reused IOStreams
+    * stack_context: Simplified semantics and improved performance
+    * web: The order of css_files from UIModules is now preserved
+    * web: Fixed error with default_host redirect
+    * web: StaticFileHandler works when os.path.sep != '/' (i.e. on Windows)
+    * web: Fixed a caching-related bug in StaticFileHandler when a file's
+      timestamp has changed but its contents have not.
+    * web: Fixed bugs with HEAD requests and e.g. Etag headers
+    * web: Fix bugs when different handlers have different static_paths
+    * web: @removeslash will no longer cause a redirect loop when applied to the
+      root path
+    * websocket: Now works over SSL
+    * websocket: Improved compatibility with proxies
+    
+    Many thanks to everyone who contributed patches, bug reports, and feedback
+    that went into this release!
+    
+    -Ben

website/sphinx/releases/v1.2.1.rst

@@ -0,0 +1,20 @@
+What's new in Tornado 1.2.1
+===========================
+
+Mar 3, 2011
+-----------
+
+::
+    
+    We are pleased to announce the release of Tornado 1.2.1, available from
+    http://github.com/downloads/facebook/tornado/tornado-1.2.1.tar.gz
+    
+    This release contains only two small changes relative to version 1.2:
+    * FacebookGraphMixin has been updated to work with a recent change to the
+      Facebook API.
+    * Running "setup.py install" will no longer attempt to automatically
+      install pycurl.  This wasn't working well on platforms where the best way
+      to install pycurl is via something like apt-get instead of easy_install.
+    
+    This is an important upgrade if you are using FacebookGraphMixin, but
+    otherwise it can be safely ignored.