Updates Changelog

2013-04-11 14:11:16 +01:00 · 2013-04-11 14:11:16 +01:00 · b1a8d2f868
parent b66c6135e4
commit b1a8d2f868
3 changed files with 52 additions and 0 deletions
--- a/29
+++ b/29
@ -4,6 +4,35 @@
 Change history
 ================

+.. _version-2.5.10:
+
+2.5.10
+======
+:release-date: 2013-04-11 XX:XX P.M BST
+
+Note about upcoming changes for Kombu 3.0
+-----------------------------------------
+
+Kombu 3 consumers will no longer accept pickle/yaml or msgpack
+by default, and you will have to explicitly enable untrusted deserializers
+either globally using :func:`kombu.enable_insecure_serializers`, or
+using the ``accept`` argument to :class:`~kombu.Consumer`.
+
+Changes
+-------
+
+- New utility to disable untrusted serializers.
+
+      - :func:`kombu.disable_insecure_serializers`
+      - :func:`kombu.enable_insecure_serializers`.
+
+- Redis: More friendly error for when keys are missing.
+
+- Connection URLs: The parser did not work well when there were
+  multiple '+' tokens.
+
+
+
 .. _version-2.5.9:

 2.5.9
--- a/docs/reference/kombu.rst
+++ b/docs/reference/kombu.rst
@ -5,6 +5,10 @@

 .. automodule:: kombu

+    .. autofunction:: enable_insecure_serializers
+
+    .. autofunction:: disable_insecure_serializers
+
    Connection
    ----------

--- a/kombu/serialization.py
+++ b/kombu/serialization.py
@ -394,6 +394,13 @@ _setupfuns = {


 def enable_insecure_serializers(choices=['pickle', 'yaml', 'msgpack']):
+    """Enable serializers that are considered to be unsafe.
+
+    Will enable ``pickle``, ``yaml`` and ``msgpack`` by default,
+    but you can also specify a list of serializers (by name or content type)
+    to enable.
+
+    """
    for choice in choices:
        try:
            registry.enable(choice)
@ -402,6 +409,18 @@ def enable_insecure_serializers(choices=['pickle', 'yaml', 'msgpack']):


 def disable_insecure_serializers(allowed=['json']):
+    """Disable untrusted serializers.
+
+    Will disable all serializers except ``json``
+    or you can specify a list of deserializers to allow.
+
+    .. note::
+
+        Producers will still be able to serialize data
+        in these formats, but consumers will not accept
+        incoming data using the untrusted content types.
+
+    """
    for name in registry._decoders:
        registry.disable(name)
    if allowed is not None: