What's new in Tornado 2.1
=========================

Sep 20, 2011
------------

Backwards-incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Support for secure cookies written by pre-1.0 releases of Tornado has
  been removed.  The `RequestHandler.get_secure_cookie` method no longer
  takes an ``include_name`` parameter.
* The ``debug`` application setting now causes stack traces to be displayed
  in the browser on uncaught exceptions.  Since this may leak sensitive
  information, debug mode is not recommended for public-facing servers.

Security fixes
~~~~~~~~~~~~~~

* Diginotar has been removed from the default CA certificates file used
  by `SimpleAsyncHTTPClient`.

New modules
~~~~~~~~~~~

* `tornado.gen`:  A generator-based interface to simplify writing 
  asynchronous functions.
* `tornado.netutil`:  Parts of `tornado.httpserver` have been extracted into
  a new module for use with non-HTTP protocols.
* `tornado.platform.twisted`:  A bridge between the Tornado IOLoop and the
  Twisted Reactor, allowing code written for Twisted to be run on Tornado.
* `tornado.process`:  Multi-process mode has been improved, and can now restart
  crashed child processes.  A new entry point has been added at 
  `tornado.process.fork_processes`, although
  `tornado.httpserver.HTTPServer.start` is still supported.

``tornado.web``
~~~~~~~~~~~~~~~

* `tornado.web.RequestHandler.write_error` replaces ``get_error_html`` as the
  preferred way to generate custom error pages (``get_error_html`` is still
  supported, but deprecated)
* In `tornado.web.Application`, handlers may be specified by
  (fully-qualified) name instead of importing and passing the class object
  itself.
* It is now possible to use a custom subclass of ``StaticFileHandler``
  with the ``static_handler_class`` application setting, and this subclass
  can override the behavior of the ``static_url`` method.
* `~tornado.web.StaticFileHandler` subclasses can now override 
  ``get_cache_time`` to customize cache control behavior.
* `tornado.web.RequestHandler.get_secure_cookie` now has a ``max_age_days``
  parameter to allow applications to override the default one-month expiration.
* `~tornado.web.RequestHandler.set_cookie` now accepts a ``max_age`` keyword
  argument to set the ``max-age`` cookie attribute (note underscore vs dash)
* `tornado.web.RequestHandler.set_default_headers` may be overridden to set
  headers in a way that does not get reset during error handling.
* `RequestHandler.add_header` can now be used to set a header that can
  appear multiple times in the response.
* `RequestHandler.flush` can now take a callback for flow control.
* The ``application/json`` content type can now be gzipped.
* The cookie-signing functions are now accessible as static functions
  `tornado.web.create_signed_value` and `tornado.web.decode_signed_value`.

``tornado.httpserver``
~~~~~~~~~~~~~~~~~~~~~~

* To facilitate some advanced multi-process scenarios, ``HTTPServer``
  has a new method ``add_sockets``, and socket-opening code is
  available separately as `tornado.netutil.bind_sockets`.
* The ``cookies`` property is now available on `tornado.httpserver.HTTPRequest`
  (it is also available in its old location as a property of
  `~tornado.web.RequestHandler`)
* `tornado.httpserver.HTTPServer.bind` now takes a backlog argument with the
  same meaning as ``socket.listen``.
* `~tornado.httpserver.HTTPServer` can now be run on a unix socket as well
  as TCP.
* Fixed exception at startup when ``socket.AI_ADDRCONFIG`` is not available,
  as on Windows XP

``IOLoop`` and ``IOStream``
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* `~tornado.iostream.IOStream` performance has been improved, especially for
  small synchronous requests.
* New methods `tornado.iostream.IOStream.read_until_close` and 
  `tornado.iostream.IOStream.read_until_regex`.
* `IOStream.read_bytes` and `IOStream.read_until_close` now take a
  ``streaming_callback`` argument to return data as it is received rather
  than all at once.
* `IOLoop.add_timeout` now accepts `datetime.timedelta` objects in addition
  to absolute timestamps.
* `~tornado.ioloop.PeriodicCallback` now sticks to the specified period
  instead of creeping later due to accumulated errors.
* `tornado.ioloop.IOLoop` and `tornado.httpclient.HTTPClient` now have
  ``close()`` methods that should be used in applications that create
  and destroy many of these objects.
* `IOLoop.install` can now be used to use a custom subclass of IOLoop
  as the singleton without monkey-patching.
* `~tornado.iostream.IOStream` should now always call the close callback
  instead of the connect callback on a connection error.
* The `IOStream` close callback will no longer be called while there
  are pending read callbacks that can be satisfied with buffered data.


``tornado.simple_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Now supports client SSL certificates with the ``client_key`` and 
  ``client_cert`` parameters to `tornado.httpclient.HTTPRequest`
* Now takes a maximum buffer size, to allow reading files larger than 100MB
* Now works with HTTP 1.0 servers that don't send a Content-Length header
* The ``allow_nonstandard_methods`` flag on HTTP client requests now
  permits methods other than ``POST`` and ``PUT`` to contain bodies.
* Fixed file descriptor leaks and multiple callback invocations in
  `SimpleAsyncHTTPClient`
* No longer consumes extra connection resources when following redirects.
* Now works with buggy web servers that separate headers with ``\n`` instead
  of ``\r\n\r\n``.
* Now sets ``response.request_time`` correctly.
* Connect timeouts now work correctly.


Other modules
~~~~~~~~~~~~~

* `tornado.auth.OpenIDMixin` now uses the correct realm when the
  callback URI is on a different domain.
* `tornado.autoreload` has a new command-line interface which can be used
  to wrap any script.  This replaces the ``--autoreload`` argument to
  `tornado.testing.main` and is more robust against syntax errors.
* `tornado.autoreload.watch` can be used to watch files other than
  the sources of imported modules.
* `tornado.database.Connection` has new variants of ``execute`` and
  ``executemany`` that return the number of rows affected instead of
  the last inserted row id.
* `tornado.locale.load_translations` now accepts any properly-formatted
  locale name, not just those in the predefined ``LOCALE_NAMES`` list.
* `tornado.options.define` now takes a ``group`` parameter to group options
  in ``--help`` output.
* Template loaders now take a ``namespace`` constructor argument to add
  entries to the template namespace.
* `tornado.websocket` now supports the latest ("hybi-10") version of the
  protocol (the old version, "hixie-76" is still supported; the correct
  version is detected automatically).
* `tornado.websocket` now works on Python 3


Bug fixes
~~~~~~~~~

* Windows support has been improved.  Windows is still not an officially
  supported platform, but the test suite now passes and
  `tornado.autoreload` works.
* Uploading files whose names contain special characters will now work.
* Cookie values containing special characters are now properly quoted
  and unquoted.
* Multi-line headers are now supported.
* Repeated Content-Length headers (which may be added by certain proxies)
  are now supported in `HTTPServer`.
* Unicode string literals now work in template expressions.
* The template ``{% module %}`` directive now works even if applications
  use a template variable named ``modules``.
* Requests with "Expect: 100-continue" now work on python 3