kombu v3.0.0

« Changelog History

kombu v3.0.0 Release Notes

• 🚀 :release-date: 2013-10-14 04:00 P.M BST 🚀 :release-by: Ask Solem

  • Now depends on :mod:amqp version 1.3.

  • 👍 No longer supports Python 2.5

    The minimum Python version supported is now Python 2.6.0 for Python 2, and Python 3.3 for Python 3.

  • 👍 Dual codebase supporting both Python 2 and 3.

    No longer using 2to3, making it easier to maintain support for both versions.

  • 0️⃣ pickle, yaml and msgpack deserialization is now disabled by default.

    This means that Kombu will by default refuse to handle any content type other than json.

    Pickle is known to be a security concern as it will happily load any object that is embedded in a pickle payload, and payloads can be crafted to do almost anything you want. The default serializer in Kombu is json but it also supports a number of other serialization formats that it will evaluate if received: including pickle.

    It was always assumed that users were educated about the security implications of pickle, but in hindsight we don't think users should be expected to secure their services if we have the ability to be secure by default.

    By disabling any content type that the user did not explicitly want enabled we ensure that the user must be conscious when they add pickle as a serialization format to support.

    The other built-in serializers (yaml and msgpack) are also disabled even though they aren't considered insecure [#f1]_ at this point. Instead they're disabled so that if a security flaw is found in one of these libraries in the future, you will only be affected if you have explicitly enabled them.

    To have your consumer accept formats other than json you have to explicitly add the wanted formats to a white-list of accepted content types:

    .. code-block:: pycon

    >>> c = Consumer(conn, accept=['json', 'pickle', 'msgpack'])
    

    or when using synchronous access:

    .. code-block:: pycon

    >>> msg = queue.get(accept=['json', 'pickle', 'msgpack'])
    

    The accept argument was first supported for consumers in version 2.5.10, and first supported by Queue.get in version 2.5.15 so to stay compatible with previous versions you can enable the previous behavior:

    >>> from kombu import enable_insecure_serializers
    >>> enable_insecure_serializers()
    

    But note that this has global effect, so be very careful should you use it.

    .. rubric:: Footnotes

    .. [#f1] The PyYAML library has a :func:yaml.load function with some of the same security implications as pickle, but Kombu uses the :func:yaml.safe_load function which is not known to be affected.

  • kombu.async: Experimental event loop implementation.

    This code was previously in Celery but was moved here to make it easier for async transport implementations.

    The API is meant to match the Tulip API which will be included in Python 3.4 as the asyncio module. It's not a complete implementation obviously, but the goal is that it will be easy to change to it once that is possible.

  • 🚚 Utility function kombu.common.ipublish has been removed.

    Use Producer(..., retry=True) instead.

  • 🚚 Utility function kombu.common.isend_reply has been removed

    Use send_reply(..., retry=True) instead.

  • kombu.common.entry_to_queue and kombu.messaging.entry_to_queue has been removed.

    Use Queue.from_dict(name, **options) instead.

  • ⏪ Redis: Messages are now restored at the end of the list.

    Contributed by Mark Lavin.

  • 🚚 StdConnectionError and StdChannelError is removed and :exc:amqp.ConnectionError and :exc:amqp.ChannelError is used instead.

  • 🚚 Message object implementation has moved to :class:kombu.message.Message.

  • Serailization: Renamed functions encode/decode to :func:~kombu.serialization.dumps and :func:~kombu.serialization.loads.

    For backward compatibility the old names are still available as aliases.

  • 🚚 The kombu.log.anon_logger function has been removed.

    Use :func:~kombu.log.get_logger instead.

  • queue_declare now returns namedtuple with queue, message_count, and consumer_count fields.

  • 🔒 LamportClock: Can now set lock class

  • :mod:kombu.utils.clock: Utilities for ordering events added.

  • :class:~kombu.simple.SimpleQueue now allows you to override the exchange type used.

    Contributed by Vince Gonzales.

  • ⚡️ Zookeeper transport updated to support new changes in the :mod:kazoo library.

    Contributed by Mahendra M.

  • pyamqp/librabbitmq: Transport options are now forwarded as keyword arguments to the underlying connection (Issue #214).

  • Transports may now distinguish between recoverable and irrecoverable connection and channel errors.

  • 🚚 kombu.utils.Finalize has been removed: Use :mod:multiprocessing.util.Finalize instead.

  • 👍 Memory transport now supports the fanout exchange type.

    Contributed by Davanum Srinivas.

  • Experimental new Pyro_ transport (:mod:kombu.transport.pyro).

    Contributed by Tommie McAfee.

  .. _Pyro: http://pythonhosted.org/Pyro

  • Experimental new SoftLayer MQ_ transport (:mod:kombu.transport.SLMQ).

    Contributed by Kevin McDonald

  .. _SoftLayer MQ: http://www.softlayer.com/services/additional/message-queue

  • Eventio: Kqueue breaks in subtle ways so select is now used instead.

  • SQLAlchemy transport: Can now specify table names using the queue_tablename and message_tablename transport options.

    Contributed by Ryan Petrello.

  👍 Redis transport: Now supports using local UNIX sockets to communicate with the Redis server (Issue #1283)

  To connect using a UNIX socket you have to use the ``redis+socket``
  URL-prefix: ``redis+socket:///tmp/redis.sock``.
  
  This functionality was merged from the `celery-redis-unixsocket`_ project.
  Contributed by Maxime Rouyrre.
  

  ⏱ ZeroMQ transport: drain_events now supports timeout.

  Contributed by Jesper Thomschütz.
  

  .. _celery-redis-unixsocket: https://github.com/piquadrat/celery-redis-unixsocket

  .. _version-2.5.16:

• All Versions
• Previous v2.5.16
• Next v3.0.1
• Latest Version