CHANGES
*******

0.15 (2016-07-18)
=================

Removal & Deprecations
----------------------

- **Removed**: ``morepath.autosetup`` and ``morepath.autocommit`` are
  both removed from the Morepath API.

  Use ``autoscan``. Also use new explicit ``App.commit`` method, or
  rely on Morepath automatically committing during the first
  request. So instead of::

    morepath.autosetup()
    morepath.run(App())

  you do::

    morepath.autoscan()
    App.commit()  # optional
    morepath.run(App())

- **Removed**: the ``morepath.security`` module is removed, and you cannot
  import from it anymore. Change imports from it to the public API, so go
  from::

    from morepath.security import NO_IDENTITY

  to::

    from morepath import NO_IDENTITY

- **Deprecated** ``morepath.remember_identity`` and
  ``morepath.forget_identity`` are both deprecated.

  Use the ``morepath.App.remember_identity`` and
  ``morepath.App.forget_identity`` methods, respectively.

  Instead of ::

    remember_identity(response, request, identity, lookup=request.lookup)
    ...
    morepath.forget_identity(response, request, lookup=request.lookup)

  you do::

    request.app.remember_identity(response, request, identity)
    ...
    request.app.forget_identity(response, request)

- **Deprecated** ``morepath.settings`` is deprecated.

  Use the ``morepath.App.settings`` property instead.

- **Deprecated** ``morepath.enable_implicit`` and
  ``morepath.disable_implicit`` are both deprecated.

  You no longer need to choose between implicit or explicit lookup for
  generic functions, as the generic functions that are part of the API
  have all been deprecated.

Features
--------

- Factored out new ``App.mounted_app_classes()`` class method which
  can be used to determine the mounted app classes after a
  commit. This can used to get the argument to ``dectate.query_tool``
  if the commit is known to have already been done earlier.

- The ``morepath.run`` function now takes command-line arguments to
  set the host and port, and is friendlier in general.

- Add ``App.init_settings`` for pre-filling the settings registry with
  a python dictionary. This can be used to load the settings from a
  config file.

- Add a ``reset`` method to the ``Request`` class that resets it to
  the state it had when request processing started. This is used by
  ``more.transaction`` to reset request processing when it retries a
  transaction.

Bug fixes
---------

- Fix a bug where a double slash at the start of a path was not
  normalized.

Cleanups
--------

- Cleanups and testing of ``reify`` functionality.

- More doctests in the narrative documentation.

- A few small performance tweaks.

- Remove unused imports and fix pep8 in core.py.

Other
-----

- Add support for Python 3.5 and make it the default Python
  environment.

0.14 (2016-04-26)
=================

- **New** We have a new chat channel available. You can join us by clicking
  this link:

  https://discord.gg/0xRQrJnOPiRsEANa

  Please join and hang out! We are retiring the (empty) Freenode
  #morepath channel.

- **Breaking change**: Move the basic auth policy to
  ``more.basicauth`` extension extension. Basic auth is just one of
  the authentication choices you have and not the default. To update
  code, make your project depend on ``more.basicauth`` and import
  ``BasicAuthIdentityPolicy`` from ``more.basicauth``.

- **Breaking change**: Remove some exception classes that weren't
  used: ``morepath.error.ViewError``, ``morepath.error.ResolveError``.
  If you try to catch them in your code, just remove the whole
  ``except`` statement as they were never raised.

- **Deprecated** Importing from ``morepath.security`` directly. We
  moved a few things from it into the public API: ``enable_implicit``,
  ``disable_implicit``, ``remember_identity``, ``forget_identity``,
  ``Identity``, ``IdentityPolicy``, ``NO_IDENTITY``. Some of these
  were already documented as importable from ``morepath.security``.
  Although importing from ``morepath.security`` won't break yet, you
  should stop importing from it and import directly from ``morepath``
  instead.

- **Deprecated** ``morepath.autosetup`` and ``morepath.autocommit``
  are both deprecated.

  Use ``autoscan``. Also use new explicit ``App.commit`` method, or
  rely on Morepath automatically committing during the first
  request. So instead of::

    morepath.autosetup()
    morepath.run(App())

  you do::

    morepath.autoscan()
    App.commit()  # optional
    morepath.run(App())

- **Breaking change** Extensions that imported ``RegRegistry`` directly
  from ``morepath.app`` are going to be broken. This kind of import::

    from morepath.app import RegRegistry

  needs to become::

    from morepath.directive import RegRegistry

  This change was made to avoid circular imports in Morepath, and
  because ``App`` did not directly depend on ``RegRegistry`` anymore.

- **Breaking change**: the ``variables`` function for the ``path``
  directive *has* to be defined taking a first ``obj`` argument. In
  the past it was possible to define a ``variables`` function that
  took no arguments. This is now an error.

- Introduce a new ``commit`` method on ``App`` that commits the App
  and also recursively commits all mounted apps. This is more explicit
  than ``autocommit`` and less verbose than using the lower-level
  ``dectate.commit``.

- Automatic commit of the app is done during the first request if the
  app wasn't committed previously. See issue #392.

- Introduce a deprecation warnings (for ``morepath.security``,
  ``morepath.autosetup``) and document how a user can deal with such
  warnings.

- Adds host header validation to protect against header poisoning attacks.

  See https://github.com/morepath/morepath/issues/271

  You can use ``morepath.HOST_HEADER_PROTECTION`` in your own tween
  factory to wrap before or under it.

- Refactor internals of publishing/view engine. Reg is used more
  effectively for view lookup, order of some parameters is reversed
  for consistency with public APIs.

- Document the internals of Morepath, see implementation document.
  This includes docstrings for all the internal APIs.

- The framehack module was merged into ``autosetup``. Increased
  the coverage to this module to 100%.

- New cookiecutter template for Morepath, and added references in the
  documentation for it.

  See https://github.com/morepath/morepath-cookiecutter

- Test cleanup; scan in many tests turns out to be superfluous. Issue
  #379

- Add a test that verifies we can instantiate an app before configuration
  is done. See issue #378 for discussion.

- Started doctesting some of the docs.

- Renamed ``RegRegistry.lookup`` to ``RegRegistry.caching_lookup`` as
  the ``lookup`` property was shadowing a lookup property on
  ``reg.Registry``.  This wasn't causing bugs but made debugging
  harder.

- Refactored link generation. Introduce a new ``defer_class_links``
  directive that lets you defer link generation using
  ``Request.class_link()`` in addition to ``Request.link()``. This is
  an alternative to ``defer_links``, which cannot support
  ``Request.class_link``.

- Morepath now has extension API docs that are useful when you want to
  create your own directive and build on one of Morepath's registries
  or directives.

- A friendlier ``morepath.run`` that tells you how to quit it with
  ``ctrl-C``.

- A new document describing how to write a test for Morepath-based
  applications.

- Document how to create a Dectate-based command-line query tool that
  lets you query Morepath directives.

- Uses the topological sort implementation in Dectate. Sort out a mess
  where there were too many ``TopologicalSortError`` classes.

0.13.2 (2016-04-13)
===================

- Undid change in 0.13.1 where ``App`` could not be instantiated if
  not committed, as ran into real-world code where this assumption
  was broken.

0.13.1 (2016-04-13)
===================

- Enable queries by the Dectate query tool.

- Document ``scan`` function in API docs.

- Work around an issue in Python where ``~`` (tilde) is quoted by
  ``urllib.quote`` & ``urllib.encode``, even though it should not be
  according to the RFC, as ``~`` is considered unreserved.

  https://www.ietf.org/rfc/rfc3986.txt

- Document some tricks you can do with directives in a new "Directive
  tricks" document.

- Refactor creation of tweens into function on TweenRegistry.

- Update the REST document; it was rather old and made no mention of
  ``body_model``.

- Bail out with an error if an App is instantiated without being
  committed.

0.13 (2016-04-06)
=================

- **Breaking change**. Morepath has a new, extensively refactored
  configuration system based on dectate_ and importscan_. Dectate is
  an extracted, and heavily refactored version of Morepath's
  configuration system that used to be in ``morepath.config``
  module. It's finally documented too!

  .. _dectate: http://dectate.readthedocs.org

  .. _importscan: http://importscan.readthedocs.org

  Dectate and thus Morepath does not use Venusian (or Venusifork)
  anymore so that dependency is gone.

  Code that uses ``morepath.autosetup`` should still work.

  Code that uses ``morepath.setup`` and scans and commits manually
  needs to change. Change this::

    from morepath import setup

    config = morepath.setup()
    config.scan(package)
    config.commit()

  into this::

    import morepath

    morepath.scan(package)
    morepath.autocommit()

  Similarly ``config.scan()`` without arguments to scan its own
  package needs to be rewritten to use ``morepath.scan()`` without
  arguments.

  Anything you import directly now does not need to be scanned
  anymore; the act of importing a module directly registers the
  directives with Morepath, though as before they won't be active
  until you commit. But scanning something you've imported before
  won't do any harm.

  The signature for ``morepath.scan`` is somewhat different than that
  of the old ``config.scan``. There is no third argument
  ``recursive=True`` anymore. The ``onerror`` argument has been
  renamed to ``handle_error`` and has different behavior; the
  importscan_ documentation describes the details.

  If you were writing tests that involve Morepath, the old structure of
  the test was::

    import morepath

    def test_foo():
        config = morepath.setup()

        class App(morepath.App):
            testing_config = config

        ... use directives on App ...

        config.commit()

        ... do asserts ...

  This now needs to change to::

    import morepath

    def test_foo():
        class App(morepath.App):
            pass

        ... use directives on App ...

        morepath.commit([App])

        ... do asserts ...

  So, you need to use the ``morepath.commit()`` function and give it a
  list of the application objects you want to commit,
  explicitly. ``morepath.autocommit()`` won't work in the context of a
  test.

  If you used a test that scanned code you need to adjust it too, from::

    import morepath
    import some_package

    def test_foo():
        config = morepath.setup()

        config.scan(some_package)

        config.commit()

        ... do asserts ...

  to this::

    import morepath
    import some_package

    def test_foo():
        morepath.scan(some_package)
        morepath.commit([some_package.App])

        ... do asserts ...

  Again you need to be explicit and use ``morepath.commit`` to commit
  those apps you want to test.

  If you had a low-level reference to ``app.registry`` in your code it
  will break; the registry has been split up and is now under
  `app.config``. If you want access to ``lookup`` you can use
  ``app.lookup``.

  If you created custom directives, the way to create directives
  is now documented as part of the dectate_ project. The main updates you
  need to do are:

  * subclass from `dectate.Action` instead of `morepath.Directive`.

  * no more ``app`` first argument.

  * no ``super`` call is needed anymore in ``__init__``.

  * add a ``config`` class variable to declare the registries
    you want to affect. Until we break up the main registry this
    is::

      from morepath.app import Registry

      ...
      config = { 'registry': Registry }


  * reverse the arguments to ``perform``, so that the object
    being registered comes first. So change::

      def perform(self, registry, obj):
         ...

    into::

      def perform(self, obj, registry):
         ...

    But instead of ``registry`` use the registry you set up in your
    action's ``config``.

  * no more ``prepare``. Do error checking inside the ``perform``
    method and raise a ``DirectiveError`` if something is wrong.

    If you created sub-actions from ``prepare``, subclass from
    `dectate.Composite` instead and implement an ``actions`` method.

  * ``group_key`` method has changed to ``group_class`` class variable.

  If you were using ``morepath.sphinxext`` to document directives
  using Sphinx autodoc, use ``dectate.sphinxext`` instead.

- **Breaking change** If you want to use Morepath directives on
  ``@staticmethod``, you need to change the order in which these are
  applied. In the past::

    @App.path(model=Foo, path='bar')
    @staticmethod
    def get_foo():
        ....

  But now you need to write::

    @staticmethod
    @App.path(model=Foo, path='bar')
    def get_foo():
        ....

- **Breaking change** You cannot use a Morepath ``path`` directive on
  a ``@classmethod`` directly anymore. Instead you can do this::

    class Foo(object):
        @classmethod
        def get_something():
            pass

    @App.path('/', model=Something)(Foo.get_something)

- **Breaking change**. Brought `app.settings` back, a shortcut to the
  settings registry. If you use settings, you need to replace any
  references to ``app.registry.settings`` to ``app.settings``.

- Add `request.class_link`. This lets you link using classes instead
  of instances as an optimization. In some cases instantiating an
  object just so you can generate a link to it is relatively
  expensive. In that case you can use `request.class_link`
  instead. This lets you link to a model class and supply a
  `variables` dictionary manually.

- **Breaking change**. In Morepath versions before this there was an
  class attribute on ``App`` subclasses called ``registry``. This was
  a giant mixed registry which subclassed a lot of different
  registries used by Morepath (reg registry, converter registry,
  traject registry, etc). The Dectate configuration system allows us
  to break this registry into a lot of smaller interdependent registries
  that are configured in the ``config`` of the directives.

  While normally you shouldn't be, if you were somehow relying on
  ``App.registry`` in your code you should now rewrite it to use
  ``App.config.reg_registry``, ``App.config.setting_registry``,
  ``App.config.path_registry`` etc.

0.12 (2016-01-27)
=================

- **Breaking change**. The ``request.after`` function is now called even if
  the response was directly created by the view (as opposed to the view
  returning a value to be rendered by morepath). Basically, ``request.after``
  is now guaranteed to be called if the response's HTTP status code lies within
  the 2XX-3XX range.

  See https://github.com/morepath/morepath/issues/346

- Fixed a typo in the `defer_link` documentation.

- Morepath's link generation wasn't properly quoting paths and
  parameters in all circumstances where non-ascii characters or
  URL-quoted characters were used. See issue #337.

- Morepath could not handle varargs or keyword arguments properly
  in path functions. Now bails out with an error early during
  configuration time. To fix existing code, get rid of any ``*args`` or
  ``**kw``.

- Morepath could not properly generate links if a path directive
  defines a path variable for the path but does not actually use it in
  the path function. Now we complain during configuration time. To fix
  existing code, add all variables that are defined in the path
  (i.e. ``{id}``) to the function signature.

- Certain errors (``ConfigError``) were not reporting directive line number
  information. They now do.

- Better ``ConfigError`` reporting when ``setting_section`` is in use.

- Removed the unused ``request`` parameter from the ``link`` method in
  ``morepath.request``. See issue #351.

- Require venusifork 2.0a3. This is a hacked version which works around
  some unusual compatibility issues with ``six``.

0.11.1 (2015-06-29)
===================

- setuptools has the nasty habit to change underscores in project
  names to minus characters. This broke the new autoscan machinery for
  packages with an underscore in their name (such as
  `morepath_sqlalchemy`). This was fixed.

0.11 (2015-06-29)
=================

- **Breaking change**. The ``morepath.autoconfig`` and ``morepath.autosetup``
  methods had to be rewritten. Before, Morepath was unable to autoload packages
  installed using ``pip``.

  As a result, Morepath won't be able to autoload packages if the setup.py
  name differs from the name of the distributed package or module.

  For example: A package named ``my-app`` containing a module named ``myapp``
  won't be automatically loaded anymore.

  Packages like this need to be loaded manually now::

    import morepath
    import myapp

    config = morepath.setup()
    config.scan(myapp)
    config.commit()

  See https://github.com/morepath/morepath/issues/319

- The ``config.scan`` method now excludes 'test' and 'tests' directories
  by default.

  See https://github.com/morepath/morepath/issues/326

- The ``template_directory`` directive will no longer inspect the current
  module if the template directory refers to an absolute path. This makes it
  easier to write tests where the current module might not be available.

  Fixes https://github.com/morepath/morepath/issues/299

- The ``identity_policy`` passes ``settings`` to the function if it
  defines such an argument. This way an identity policy can be created
  that takes settings into account.

  See https://github.com/morepath/morepath/issues/309

- Dots in the request path are now always normalized away. Before, Morepath
  basically relied on the client to do this, which was a potential security
  issue.

  See https://github.com/morepath/morepath/issues/329

- Additional documentation on the Morepath config system:
  http://morepath.readthedocs.org/en/latest/configuration.html

- Additional documentation on how to serve static images in
  https://morepath.readthedocs.org/en/latest/more.static.html

- Move undocumented ``pdb`` out of ``__init__.py`` as it could
  sometimes trip up things. Instead documented it in the API docs in
  the special `morepath.pdbsupport` module.

  https://github.com/morepath/morepath/issues/328


0.10 (2015-04-09)
=================

- Server-side templating language support: there is now a ``template``
  argument for the ``html`` directive (and ``view`` and ``json``).
  You need to use a plugin to add particular template languages to
  your project, such as ``more.chameleon`` and ``more.jinja2``, but
  you can also add your own.

  See http://morepath.readthedocs.org/en/latest/templates.html

- Add a new "A Review of the Web" document to the docs to show how
  Morepath fits within the web.

  http://morepath.readthedocs.org/en/latest/web.html

- The publisher does not respond to a ``None`` render function
  anymore. Instead, the ``view`` directive now uses a default
  ``render_view`` if ``None`` is configured. This simplifies the
  publisher guaranteeing a ``render`` function always exists.

  Fixes https://github.com/morepath/morepath/issues/283

- Introduce a ``request.resolve_path`` method that allows you to resolve
  paths to objects programmatically.

- Modify ``setup.py`` to use ``io.open`` instead of ``open`` to
  include the README and the CHANGELOG and hardcode UTF-8 so it works
  on all versions of Python with all default encodings.

- Various documentation fixes.

0.9 (2014-11-25)
================

- **Breaking change**. In previous releases of Morepath, Morepath did
  not include the full hostname in generated links (so ``/a`` instead
  of ``http://example.com/a``). Morepath 0.9 does include the full
  hostname in generated links by default. This to support the
  non-browser client use case better. In the previous system without
  fully qualified URLs, client code needs to manually add the base of
  links itself in order to be able to access them. That makes client
  code more complicated than it should be. To make writing such client
  code as easy as possible Morepath now generates complete URLs.

  This should not break any code, though it can break tests that rely
  on the previous behavior. To fix ``webtest`` style tests, prefix
  the expected links with ``http://localhost/``.

  If for some reason you want the old behavior back in an application,
  you can use the ``link_prefix`` directive::

    @App.link_prefix()
    def my_link_prefix(request):
        return '' # prefix nothing again

- Directives are now logged to the ``morepath.directive`` log, which
  is using the standard Python ``logging`` infrastructure. See
  http://morepath.readthedocs.org/en/latest/logging.html

- Document ``more.forwarded`` proxy support in
  http://morepath.readthedocs.org/en/latest/paths_and_linking.html

- Document behavior of ``request.after`` in combination with directly
  returning a response object from a view.

- Expose ``body_model_predicate`` to the public Morepath API. You
  can now say your predicate comes after it.

- Expose ``LAST_VIEW_PREDICATE`` to the Morepath API. This is the last
  predicate defined by the Morepath core.

- Update the predicate documentation.

- Updated the more.static doc to reflect changes in it.

- Fix doc for grouping views with the ``with`` statement.

- Suggest a few things to try when your code doesn't appear to be
  scanned properly.

- A new view predicate without a fallback resulted in an internal
  server error if the predicate did not match. Now it results in a 404
  Not Found by default. To override this default, define a predicate
  fallback.

0.8 (2014-11-13)
================

- **Breaking change**. Reg 0.9 introduces a new, more powerful
  way to create dispatch functions, and this has resulted in
  a new, incompatible Reg API.

  Morepath has been adjusted to make use of the new Reg. This won't
  affect many Morepath applications, and they should be able to
  continue unchanged. But some Morepath extensions and advanced
  applications may break, so you should be aware of the changes.

  * The ``@App.function`` directive has changed from this::

      class A(object):
          pass

      class B(object):
          pass

      @reg.generic
      def dispatch_function(a, b):
          pass

      @App.function(dispatch_function, A, B)
      def dispatched_to(a, b):
          return 'dispatched to A and B'

    to this::

      class A(object):
          pass

      class B(object):
          pass

      @reg.dispatch('a', 'b')
      def dispatch_function(a, b):
          pass

      @App.function(dispatch_function, a=A, b=B)
      def dispatched_to(a, b):
          return 'dispatched to A and B'

    The new system in Reg (see its docs_) is a lot more flexible than
    what we had before. When you use ``function`` you don't need to
    know about the order of the predicates anymore -- this is
    determined by the arguments to ``@reg.dispatch()``. You can now
    also have function arguments that Reg ignores for dispatch.

  * The ``@App.predicate`` and ``@App.predicate_fallback`` directive
    have changed. You can now install custom predicates and fallbacks
    for *any* generic function that's marked with
    ``@reg.dispatch_external_predicates()``. The Morepath view code
    has been simplified to be based on this, and is also more powerful
    as it can now be extended with new predicates that use
    predicate-style dispatch.

  .. _docs: http://reg.readthedocs.org

- Introduce the ``body_model`` predicate for views. You can give it
  the class of the ``request.body_obj`` you want to handle with this
  view. In combination with the ``load_json`` directive this allows
  you to write views that respond only to the POSTing or PUTing of a
  certain type of object.

- Internals refactoring: we had a few potentially overridable dispatch
  functions in ``morepath.generic`` that actually were never
  overridden in any directives. Simplify this by moving their
  implementation into ``morepath.publish`` and
  ``morepath.request``. ``generic.link``, ``generic.consume`` and
  ``generic.response`` are now gone.

- Introduce a ``link_prefix`` directive that allows you to set the
  URL prefix used by every link generated by the request.

- A bug fix in ``request.view()``; the ``lookup`` on the ``request``
  was not properly updated.

- Another bug fix in ``request.view()``; if ``deferred_link_app`` app
  is used, ``request.app`` should be adjusted to the app currently
  being deferred to.

- ``request.after`` behavior is clarified: it does not run for any
  exceptions raised during the handling of the request, only for the
  "proper" response. Fix a bug where it *did* sometimes run.

- Previously if you returned ``None`` for a path in a ``variables``
  function for a path, you would get a path with ``None`` in it. Now
  it is a ``LinkError``.

- If you return a non-dict for ``variables`` for a path, you get a proper
  ``LinkError`` now.

- One test related to defer_links did not work correctly in Python 3. Fixed.

- Add API doc for ``body_obj``. Also fix JSON and objects doc to talk
  about ``request.body_obj`` instead of ``request.obj``.

- Extend API docs for security: detail the API an identity policy
  needs to implement and fix a few bugs.

- Fix ReST error in API docs for ``autoconfig`` and ``autosetup``.

- Fix a few ReST links to the API docs in the app reuse document.

0.7 (2014-11-03)
================

- **Breaking change**. There has been a change in the way the mount
  directive works. There has also been a change in the way linking
  between application works. The changes result in a simpler, more
  powerful API and implementation.

  The relevant changes are:

  * You can now define your own custom ``__init__`` for
    ``morepath.App`` subclasses. Here you can specify the arguments
    with which your application object should be mounted. The previous
    ``variables`` class attribute is now ignored.

    It's not necessary to use ``super()`` when you subclass from
    ``morepath.App`` directly.

    So, instead of this::

       class MyApp(morepath.App):
           variables = ['mount_id']

    You should now write this::

       class MyApp(morepath.App):
           def __init__(self, mount_id):
               self.mount_id = mount_id

  * The ``mount`` directive should now return an *instance* of the
    application being mounted, not a dictionary with mount
    parameters. The application is specified using the ``app``
    argument to the directive. So instead of this::

      @RootApp.mount(app=MyApp, path='sub/{id}')
      def mount_sub(id):
          return {
             'mount_id': id
          }

    You should now use this::

      @RootApp.mount(app=MyApp, path='sub/{id}')
      def mount_sub(id):
          return MyApp(mount_id=id)

  * The ``mount`` directive now takes a ``variables`` argument. This
    works like the ``variables`` argument to the ``path``
    directive and is used to construct links.

    It is given an instance of the app being mounted, and it should
    reconstruct those variables needed in its path as a dictionary. If
    omitted, Morepath tries to get them as attributes from the
    application instance, just like it tries to get attributes of any
    model instance.

    ``MyApp`` above is a good example of where this is required: it
    does store the correct information, but as the ``mount_id``
    attribute, not the ``id`` attribute. You should add a ``variables``
    argument to the ``mount`` directive to explain to Morepath how
    to obtain ``id``::

      @RootApp.mount(app=MyApp, path='sub/{id}',
                     variables=lambda app: dict(id=app.mount_id))
      def mount_sub(id):
          return MyApp(mount_id=id)

    The simplest way to avoid having to do this is to name the
    attributes the same way as the variables in the paths, just like
    you can do for model classes.

  * In the past you'd get additional mount context variables as extra
    variables in the function decorated by the ``path`` decorator.
    This does not happen anymore. Instead you can add a special
    ``app`` parameter to this function. This gives you access to the
    current application object, and you can extract its attributes
    there.

    So instead of this::

       @MyApp.path(path='models/{id}', model=Model)
       def get_root(mount_id, id):
           return Model(mount_id, id)

    where ``mount_id`` is magically retrieved from the way ``MyApp`` was
    mounted, you now write this::

       @MyApp.path(path='models/{id}', model=Model)
       def get_root(app, id):
           return Model(app.mount_id, id)

  * There was an ``request.mounted`` attribute. This was a special an
    instance of a special ``Mounted`` class. This ``Mounted`` class is
    now gone -- instead mounted applications are simply instances of
    their class. To access the currently mounted application, use
    ``request.app``.

  * The ``Request`` object had ``child`` and ``sibling`` methods as
    well as a ``parent`` attribute to navigate to different "link
    makers".  You'd navigate to the link maker of an application in
    order to create links to objects in that application. These are
    now gone. Instead you can do this navigation from the application
    object directly, and instead of link makers, you get application
    instances. You can pass an application instance as a special
    ``app`` argument to ``request.link`` and ``request.view``.

    So instead of this::

       request.child(foo).link(obj)

    You now write this::

       request.link(obj, app=request.app.child(foo))

    And instead of this::

       request.parent.link(obj)

    You now write this::

       request.link(obj, app=request.app.parent)

    Note that the new ``defer_links`` directive can be used to
    automate this behavior for particular models.

  * The ``.child`` method on ``App`` can the app class as well as the
    parameters for the function decorated by the ``mount`` directive::

       app.child(MyApp, id='foo')

    This can also be done by name. So, assuming ``MyApp`` was mounted
    under ``my_app``::

       app.child('my_app', id='foo')

    This is how ``request.child`` worked already.

    As an alternative you can now instead pass an app *instance*::

       app.child(MyApp(mount_id='foo'))

    Unlike the other ways to get the child, this takes the parameters
    need to create the app instance, as opposed to taking the
    parameters under which the app was mounted.

  Motivation behind these changes:

  Morepath used to have a ``Mount`` class separate from the ``App``
  classes you define. Since Morepath 0.4 application objects became
  classes, and it made sense to make their instances the same as the
  mounted application. This unification has now taken place.

  It then also made sense to use its navigation methods (``child`` and
  friend) to navigate the mount tree, instead of using the rather
  complicated "link maker" infrastructure we had before.

  This change simplifies the implementation of mounting considerably,
  without taking away features and actually making the APIs involved
  more clear. This simplification in turn made it easier to implement
  the new ``defer_links`` directive.

- **Breaking change**. The arguments to the ``render`` function have
  changed. This is a function you can pass to a view directive.  The
  render function now takes a second argument, the request. You need
  to update your render functions to take this into account. This only
  affects code that supplies an explicit ``render`` function to the
  ``view``, ``json`` and ``html`` directives, and since not a lot of
  those functions exist, the impact is expected to be minimal.

- **Breaking change**. In certain circumstances it was useful to
  access the settings through an application instance using
  ``app.settings``. This does not work anymore; access the settings
  through ``app.registry.settings`` instead.

- ``dump_json`` and ``load_json`` directives. This lets you
  automatically convert an object going to a response to JSON, and
  converts JSON coming in as a request body from JSON to an
  object. See http://morepath.readthedocs.org/en/latest/json.html for
  more information.

- ``defer_links`` directive. This directive can be used to declare
  that a particular mounted application takes care of linking to
  instances of a class. Besides deferring ``request.link()`` it will
  also defer ``request.view``. This lets you combine applications with
  more ease. By returning ``None`` from it you can also defer links to
  this app's parent app.

- ``app.ancestors()`` method and ``app.root`` attribute. These can be
  used for convenient access to the ancestor apps of a mounted
  application. To access from the request, use ``request.app.root``
  and ``request.app.ancestors()``.

- The ``App`` class now has a ``request_class`` class attribute. This
  determines the class of the request that is created and can be
  overridden by subclasses. ``more.static`` now makes use of this.

- Several generic functions that weren't really pulling their weight
  are now gone as part of the mount simplification:
  ``generic.context`` and ``generic.traject`` are not needed anymore,
  along with ``generic.link_maker``.

- Change documentation to use uppercase class names for App classes
  everywhere. This reflects a change in 0.4 and should help clarity.

- Added documentation about auto-reloading Morepath during development.

- No longer silently suppress ImportError during scanning: this can
  hide genuine ``ImportError`` in the underlying code.

  We were suppressing ``ImportError`` before as it can be triggered
  by packages that rely on optional dependencies.

  This is a common case in the ``.tests`` subdirectory of a package
  which may import a test runner like ``pytest``. ``pytest`` is only a
  test dependency of the package and not a mainline dependencies, and
  this can break scanning. To avoid this problem, Morepath's autosetup
  and autoconfig now automatically ignore ``.tests`` and ``.test``
  sub-packages.

  Enhanced the API docs for ``autosetup`` and ``autoconfig`` to describe
  scenarios which can generate legitimate ``ImportError`` exceptions
  and how to handle them.

- Fix of examples in tween documentation.

- Minor improvement in docstrings.

0.6 (2014-09-08)
================

- Fix documentation on the ``with`` statement; it was not using the local
  ``view`` variable correctly.

- Add #morepath IRC channel to the community docs.

- Named mounts. Instead of referring to the app class when
  constructing a link to an object in an application mounted
  elsewhere, you can put in the name of the mount. The name of the
  mount can be given explicitly in the mount directive but defaults to
  the mount path.

  This helps when an application is mounted several times and needs to
  generate different links depending on where it's mounted; by
  referring to the application by name this is loosely coupled and
  will work no matter what application is mounted under that name.

  This also helps when linking to an application that may or may not
  be present; instead of doing an import while looking for
  ``ImportError``, you can try to construct the link and you'll get a
  ``LinkError`` exception if the application is not there. Though this
  still assumes you can import the model class of what you're linking
  to.

  (see issue #197)

- Introduce a ``sibling`` method on Request. This combines the
  ``.parent.child`` step in one for convenience when you want to
  link to a sibling app.

0.5.1 (2014-08-28)
==================

- Drop usage of sphinxcontrib.youtube in favor of raw HTML embedding,
  as otherwise too many things broke on readthedocs.

0.5 (2014-08-28)
================

- Add ``more.static`` documentation on local components.

- Add links to youtube videos on Morepath: the keynote at PyCon DE
  2013, and the talk on Morepath at EuroPython 2014.

- Add a whole bunch of extra code quality tools to buildout.

- ``verify_identity`` would be called even if no identity could be
  established. Now skip calling ``verify_identity`` when we already
  have ``NO_IDENTITY``. See issue #175.

- Fix issue #186: mounting an app that is absorbing paths could
  sometimes generate the wrong link. Thanks to Ying Zhong for the bug
  report and test case.

- Upgraded to a newer version of Reg (0.8) for ``@reg.classgeneric``
  support as well as performance improvements.

- Add a note in the documentation on how to deal with URL parameters
  that are not Python names (such as ``foo@``, or ``blah[]``). You can
  use a combination of ``extra_parameters`` and ``get_converters`` to
  handle them.

- Document the use of the ``with`` statement for directive
  abbreviation (see the Views document).

- Created a mailing list:

  https://groups.google.com/forum/#!forum/morepath

  Please join!

  Add a new page on community to document this.

0.4.1 (2014-07-08)
==================

- Compatibility for Python 3. I introduced a meta class in Morepath
  0.4 and Python 3 did not like this. Now the tests pass again in
  Python 3.

- remove ``generic.lookup``, unused since Morepath 0.4.

- Increase test coverage back to 100%.

0.4 (2014-07-07)
================

- **BREAKING CHANGE** Move to class-based application registries. This
  breaks old code and it needs to be updated. The update is not
  difficult and amounts to:

  * subclass ``morepath.App`` instead of instantiating it to create a
    new app. Use subclasses for extension too.

  * To get a WSGI object you can plug into a WSGI server, you need to
    instantiate the app class first.

  Old way::

     app = morepath.App()

  So, the ``app`` object that you use directives on is an
  instance. New way::

    class app(morepath.App):
        pass

  So, now it's a class. The directives look the same as before, so this
  hasn't changed::

     @app.view(model=Foo)
     def foo_default(self, request):
        ...

  To extend an application with another one, you used to have to pass
  the ``extends`` arguments. Old way::

    sub_app = morepath.App(extends=[core_app])

  This has now turned into subclassing. New way::

    class sub_app(core_app):
        pass

  There was also a ``variables`` argument to specify an application
  that can be mounted. Old way::

     app = morepath.App(variables=['foo'])

  This is now a class attribute. New way::

     class app(morepath.App):
         variables = ['foo']

  The ``name`` argument to help debugging is gone; we can look at the
  class name now. The ``testing_config`` argument used internally in
  the Morepath tests has also become a class attribute.

  In the old system, the application object was both configuration
  point and WSGI object. Old way::

      app = morepath.App()

      # configuration
      @app.path(...)
      ...

      # wsgi
      morepath.run(app)

  In the Morepath 0.4 this has been split. As we've already seen, the
  application *class* serves. To get a WSGI object, you need to first
  *instantiate* it. New way::

     class app(morepath.App):
       pass

     # configuration
     @app.path(...)
     ...

     # wsgi
     morepath.run(app())

  To mount an application manually with variables, we used to need the
  special ``mount()`` method. Old way::

    mounted_wiki_app = wiki_app.mount(wiki_id=3)

  In the new system, mounting is done during instantiation of the app::

    mounted_wiki_app = wiki_app(wiki_id=3)

  Class names in Python are usually spelled with an upper case. In the
  Morepath docs the application object has been spelled with a lower
  case. We've used lower-case class names for application objects even
  in the updated docs for example code, but feel free to make them
  upper-case in your own code if you wish.

  Why this change? There are some major benefits to this change:

  * both extending and mounting app now use natural Python mechanisms:
    subclassing and instantation.

  * it allows us to expose the facility to create new directives to
    the API. You can create application-specific directives.

- You can define your own directives on your applications using the
  ``directive`` directive::

    @my_app.directive('my_directive')

  This exposes details of the configuration system which is
  underdocumented for now; study the ``morepath.directive`` module
  source code for examples.

- Document how to use more.static to include static resources into
  your application.

- Add a ``recursive=False`` option to the config.scan method. This
  allows the non-recursive scanning of a package. Only its
  ``__init__.py`` will be scanned.

- To support scanning a single module non-recursively we need a
  feature that hasn't landed in mainline Venusian yet, so depend on
  Venusifork for now.

- A small optimization in the publishing machinery. Less work is done
  to update the generic function lookup context during routing.

0.3 (2014-06-23)
================

- Ability to absorb paths entirely in path directive, as per issue #132.

- Refactor of config engine to make Venusian and immediate config more
  clear.

- Typo fix in docs (Remco Wendt).

- Get version number in docs from setuptools.

- Fix changelog so that PyPI page generates HTML correctly.

- Fix PDF generation so that the full content is generated.

- Ability to mark a view as internal. It will be available to
  ``request.view()`` but will give 404 on the web. This is useful for
  structuring JSON views for reusability where you don't want them to
  actually show up on the web.

- A ``request.child(something).view()`` that had this view in turn
  call a ``request.view()`` from the context of the ``something``
  application would fail -- it would not be able to look up the view
  as lookups still occurred in the context of the mounting
  application. This is now fixed. (thanks Ying Zhong for reporting it)

  Along with this fix refactored the request object so it keeps a
  simple ``mounted`` attribute instead of a stack of ``mounts``; the
  stack-like nature was not in use anymore as mounts themselves have
  parents anyway. The new code is simpler.

0.2 (2014-04-24)
================

- Python 3 support, in particular Python 3.4 (Alec Munro - fudomunro
  on github).

- Link generation now takes ``SCRIPT_NAME`` into account.

- Morepath 0.1 had a security system, but it was undocumented. Now
  it's documented (docs now in `Morepath Security`_), and some of its
  behavior was slightly tweaked:

  * new ``verify_identity`` directive.

  * ``permission`` directive was renamed to ``permission_rule``.

  * default unauthorized error is 403 Forbidden, not 401 Unauthorized.

  * ``morepath.remember`` and ``morepath.forbet`` renamed to
    ``morepath.remember_identity`` and ``morepath.forget_identity``.

- Installation documentation tweaks. (Auke Willem Oosterhoff)

- ``.gitignore`` tweaks (Auke Willem Oosterhoff)

.. _`Morepath Security`: http://blog.startifact.com/posts/morepath-security.html

0.1 (2014-04-08)
================

- Initial public release.
