kombu v3.0.0 Release Notes
-
π :release-date: 2013-10-14 04:00 P.M BST π :release-by: Ask Solem
Now depends on :mod:
amqp
version 1.3.π No longer supports Python 2.5
The minimum Python version supported is now Python 2.6.0 for Python 2, and Python 3.3 for Python 3.
π Dual codebase supporting both Python 2 and 3.
No longer using
2to3
, making it easier to maintain support for both versions.0οΈβ£ pickle, yaml and msgpack deserialization is now disabled by default.
This means that Kombu will by default refuse to handle any content type other than json.
Pickle is known to be a security concern as it will happily load any object that is embedded in a pickle payload, and payloads can be crafted to do almost anything you want. The default serializer in Kombu is json but it also supports a number of other serialization formats that it will evaluate if received: including pickle.
It was always assumed that users were educated about the security implications of pickle, but in hindsight we don't think users should be expected to secure their services if we have the ability to be secure by default.
By disabling any content type that the user did not explicitly want enabled we ensure that the user must be conscious when they add pickle as a serialization format to support.
The other built-in serializers (yaml and msgpack) are also disabled even though they aren't considered insecure [#f1]_ at this point. Instead they're disabled so that if a security flaw is found in one of these libraries in the future, you will only be affected if you have explicitly enabled them.
To have your consumer accept formats other than json you have to explicitly add the wanted formats to a white-list of accepted content types:
.. code-block:: pycon
>>> c = Consumer(conn, accept=['json', 'pickle', 'msgpack'])
or when using synchronous access:
.. code-block:: pycon
>>> msg = queue.get(accept=['json', 'pickle', 'msgpack'])
The
accept
argument was first supported for consumers in version 2.5.10, and first supported byQueue.get
in version 2.5.15 so to stay compatible with previous versions you can enable the previous behavior:>>> from kombu import enable_insecure_serializers >>> enable_insecure_serializers()
But note that this has global effect, so be very careful should you use it.
.. rubric:: Footnotes
.. [#f1] The PyYAML library has a :func:
yaml.load
function with some of the same security implications as pickle, but Kombu uses the :func:yaml.safe_load
function which is not known to be affected.kombu.async: Experimental event loop implementation.
This code was previously in Celery but was moved here to make it easier for async transport implementations.
The API is meant to match the Tulip API which will be included in Python 3.4 as the
asyncio
module. It's not a complete implementation obviously, but the goal is that it will be easy to change to it once that is possible.π Utility function
kombu.common.ipublish
has been removed.Use
Producer(..., retry=True)
instead.π Utility function
kombu.common.isend_reply
has been removedUse
send_reply(..., retry=True)
instead.kombu.common.entry_to_queue
andkombu.messaging.entry_to_queue
has been removed.Use
Queue.from_dict(name, **options)
instead.βͺ Redis: Messages are now restored at the end of the list.
Contributed by Mark Lavin.
π
StdConnectionError
andStdChannelError
is removed and :exc:amqp.ConnectionError
and :exc:amqp.ChannelError
is used instead.π Message object implementation has moved to :class:
kombu.message.Message
.Serailization: Renamed functions encode/decode to :func:
~kombu.serialization.dumps
and :func:~kombu.serialization.loads
.For backward compatibility the old names are still available as aliases.
π The
kombu.log.anon_logger
function has been removed.Use :func:
~kombu.log.get_logger
instead.queue_declare
now returns namedtuple withqueue
,message_count
, andconsumer_count
fields.π LamportClock: Can now set lock class
:mod:
kombu.utils.clock
: Utilities for ordering events added.:class:
~kombu.simple.SimpleQueue
now allows you to override the exchange type used.Contributed by Vince Gonzales.
β‘οΈ Zookeeper transport updated to support new changes in the :mod:
kazoo
library.Contributed by Mahendra M.
pyamqp/librabbitmq: Transport options are now forwarded as keyword arguments to the underlying connection (Issue #214).
Transports may now distinguish between recoverable and irrecoverable connection and channel errors.
π
kombu.utils.Finalize
has been removed: Use :mod:multiprocessing.util.Finalize
instead.π Memory transport now supports the fanout exchange type.
Contributed by Davanum Srinivas.
Experimental new
Pyro
_ transport (:mod:kombu.transport.pyro
).Contributed by Tommie McAfee.
.. _
Pyro
: http://pythonhosted.org/PyroExperimental new
SoftLayer MQ
_ transport (:mod:kombu.transport.SLMQ
).Contributed by Kevin McDonald
.. _
SoftLayer MQ
: http://www.softlayer.com/services/additional/message-queueEventio: Kqueue breaks in subtle ways so select is now used instead.
SQLAlchemy transport: Can now specify table names using the
queue_tablename
andmessage_tablename
transport options.Contributed by Ryan Petrello.
π Redis transport: Now supports using local UNIX sockets to communicate with the Redis server (Issue #1283)
To connect using a UNIX socket you have to use the ``redis+socket`` URL-prefix: ``redis+socket:///tmp/redis.sock``. This functionality was merged from the `celery-redis-unixsocket`_ project. Contributed by Maxime Rouyrre.
β± ZeroMQ transport: drain_events now supports timeout.
Contributed by Jesper ThomschΓΌtz.
.. _
celery-redis-unixsocket
: https://github.com/piquadrat/celery-redis-unixsocket.. _version-2.5.16: