• Use importlib instead of imp with Python 3.


  • Additional fixes to next in iterators.

Thanks to cjwatson.


  • Replace deprecated threading.currentThread, getName and setDaemon with threading.current_thread, name and daemon.

Thanks to hugovk.


  • Python 3 fixes to auth and wsgi.errors handling; notably making wsgi.errors text.

Thanks to brondsem.


  • Explicit pkg_resource dependency to easy packaging.

Thanks to mgorny.


  • Remove deprecated dependencies paste/

Thanks to jhance.


  • Update to work with setuptools 50.1.0+

Thanks to hrnciar for the patch.


  • Patch auth ticket to be python3 compatible.

Thanks to TilmanSchaefer for the patch.


  • Correct sorting of items() in EvalHTMLFormatter.

Thanks to amitmarkel for the patch.


  • Fix next in iterators in


  • Allow binding IPv6 address when starting a server.

Thanks to Lekinho for this patch.


  • Use six.BytesIO when reading wsgi.input.
  • Remove use of pytest-runner.


  • Python 3 updates for use of StringIO and


  • Correctly handle HEAD requests (to send empty body) when gzip encoding requested.


  • Use is_alive instead of isAlive for Python 3.9 compatibility.
  • Use encodebytes instead of deprecated encodestring.
  • Fix Python 2 and 3 compatibility for base64.

Thanks to tirkarthi for these fixes.


  • Correct 100 Continue in Python 3


  • Avoid some reference cycles through tracebacks in


  • Handle io.UnsupportedOperation from socket.tell()


  • Ensure unicode URLs work in TestApp.
  • Make LimitedLengthFile file return empty bytes.
  • Protect against accidental close in FieldStorage.

Thanks to benjaminp for many recent contributions.


  • TestApp.encode_multipart handles bytes filenames and params.


  • Allow anything that can read() for a file-like response, not just a file instance.


  • Fix quoting of bytestrings (#23, via jelmer).


  • Send bytestrings when writing chunks from paste/


  • Revert the changes in the 3.0.5, which introduced unexpected errors in paste/ when using SSL.


  • Quiet a deprecation warning in OpenSSL.


  • Python 3 fix for deleting items from a dict.


  • Ensure pytest requirements set properly.


  • Encoding fixes in paste.fixture.





  • Fix for six dependency: move the six dependency from extras_require to install_requires.
  • Port paste.proxy to Python 3.
  • Fix paste.exceptions.serial_number_generator.hash_identifier() on Python 3.
  • Fix paste.util.threadedprint.uninstall(). Rename duplicated uninstall() function to uninstall_stdin() and fix typo in variable name (_oldstin => _oldstdin).
  • Add README.rst file.


  • Experimental Python 3 support.
  • paste now requires the six module.
  • Drop support of Python 2.5 and older.
  • Fixed egg:Paste#cgi
  • In paste.httpserver: give a 100 Continue response even when the server has been configured as an HTTP/1.0 server (clients may send Expect: 100-Continue before they know the version), and wrap 100 Continue environ['wsgi.input'] files with LimitedLengthFile just like normal request bodies are wrapped, keeping WSGI applications from over-reading from the socket.
  • Fixed parsing of paths beginning with multiple forward slashes.
  • Add tox.ini to run tests with tox on Python 2.6, 2.7 and 3.4.

  • Fix bug introduced in paste.auth.auth_tkt (with url_unquote)


  • Won’t install tests/ directory (also caused installation problems on some Mac systems).
  • Fixed problem with gzip middleware and zero-length responses.
  • Use X-Forwarded-For header in paste.translogger
  • Fixed problems with mimeparse code
  • Fixed some corner cases with CGI scripts
  • paste.auth.auth_tkt will URL-quote usernames, avoiding some errors with usernames with ! in them.
  • Improve handling of errors in fetching error pages in paste.errordocument.


  • Fix XSS bug (security issue) with not found handlers for paste.urlparser.StaticURLParser and paste.urlmap.URLMap. If you ask for a path with /--><script>... that will be inserted in the error page and can execute Javascript. Reported by Tim Wintle with further details from Georg-Christian Pranschke.
  • Replaced paste.util.mimeparse.desired_match()

  • Removed directory name from 404 errors in paste.urlparser.StaticURLParser.
  • Fixed packaging to include Javascript and images for paste.evalexception


  • I got a fever and the only prescription is more paste.cowbell!
  • Fix paste.httpserver on Python 2.6.
  • Fix paste.auth.cookie, which would insert newlines for long cookies.
  • paste.util.mimeparse parses a single * in Accept headers (sent by IE 6).
  • Fix some problems with the wdg_validate middleware.
  • Improvements to paste.auth.auth_tkt: add httponly support, don’t always aggressively set cookies without the wildcard_cookie option. Also on logout, make cookies expire.
  • In paste.proxy.Proxy handle Content-Length of -1.
  • In paste.httpexceptions avoid some unicode errors.
  • In paste.httpserver handle .read() from 100 Continue properly (because of a typo it was doing a readline).
  • Update paste.util.mimeparse from upstream.


  • In paste.proxy, added some more headers that are disallowed in WSGI (e.g., Keep-Alive). Send Content-Length. Also fix the missing query string when using paste.proxy.Proxy (paste.proxy.TransparentProxy already worked).
  • Make paste.debug.prints work with Google App Engine.
  • Make environ['wsgi.input'] with paste.httpserver only have a seek method if it is wrapping something with a seek method (which usually it is not).
  • In paste.httpserver re-raise KeyboardInterrupt in worker threads.
  • Added support for the HttpOnly Cookie property to paste.wsgiwrappers
  • Added paste.reloader.add_file_callback(), which lets you watch files based on a callback.
  • Quiet Python 2.6 deprecation warnings.
  • Fix paste.auth.cookie generating bad headers.
  • Added paste.reloader.JythonMonitor for an experimental, optimized reloader on Jython.


  • Normalize and make absolute the paths passed to paste.urlparser.StaticURLParser (before passing a relative-to-cwd path to that class would cause Forbidden errors).
  • Deprecate paste.fixture.setup_module()


  • Fixed bug in paste.fixture.TestApp that would submit forms with unnamed fields (like an unnamed submit button). Also made checkboxes with no explicit value send on instead of checked (which is what browsers do).
  • Fixed bug in paste.httpserver where environ['wsgi.input'].readline(max_size) ignored the max_size argument, which can lead to large memory usage (from Jakub Stolarski)
  • Make paste.cascade notice sockets that have stopped producing data. From Casey Zednick.
  • In paste.fixture.TestApp Accept MultiDict values for the params argument in requests. (Anything with a .items() method will have its items encoded as the request parameters.)
  • Fix paste.httpserver to allow binding to port 0.
  • In paste.auth.auth_tkt, set the same cookies (with the same domains) in set_cookie as get unset in logout_user_cookie.
  • In paste.translogger save REQUEST_METHOD in case it gets overridden somewhere (e.g., when using errordocuments POST would show up as GET).
  • Exceptions with unicode messages don’t cause the collector to fail.
  • Sometimes paste.exceptions.errormiddleware.ErrorMiddleware would not call start_response properly; this is fixed (from Andreas Kloecker).
  • paste.fixture.TestApp can store multiple cookie values (previously only one cookie was stored; from Andrey Lebedev)
  • u'' in TestApp(app).get('/') will work when the body isn’t ASCII (before it would give a unicode error). This problem wasn’t present in the recommended WebTest.
  • paste.debug.profile won’t break when content is served with no Content-Type.
  • Accept relative paths and paths with /../ in them for paste.urlparser.StaticURLParser (from Eric Larson). Also fix problem with case normalization on Windows (from Ionel Maries Cristian).
  • paste.registry.StackedObjectProxy’s now include the proxied object’s names via __dir__ (for Python 2.6).
  • Use environ['wsgi.file_wrapper'] when available (in paste.fileapp).
  • Make paste.debug.prints compatible with App Engine.
  • Fix the domain keyword in paste.wsgiwrappers.WSGIResponse.delete_cookie().


  • Fixed bug in paste lint where PATH_INFO would become unicode.


  • Make the import of socket.sslerror conditional in paste.exceptions.reporter (needed for Python interpreters compiled without SSL support).
  • In paste.proxy.TransparentProxy, don’t overwrite X-Forwarded-For header if it is already in the environment.
  • Added 226 IM Used status code to paste.wsgiwrappers
  • In paste.fixture.TestApp treat <image type="image"> the same as a submit button.
  • Use OpenSSL.tsafe.Connection for https with paste.httpserver, avoiding some possible errors (sslv3 alert bad record mac).
  • Fix small issue with paste.cgiapp and mod_wsgi.
  • Use BaseCookie instead of SimpleCookie for storing cookies (avoids quoting cookie values).


  • Make paste.cascade more tolerant of a missing or invalid Content-Length.


  • Fixed memory leak with paste.registry not properly removing all references to registered objects should register be called multiple times during a single context for a StackedObjectProxy.
  • paste.httpheaders.CONTENT_RANGE returns bytes START-END/LENGTH instead of just START-END/LENGTH
  • In paste.fixture.TestApp set CONTENT_TYPE to 'application/x-www-form-urlencoded' whenever there are parameters (and no other content type was provided).
  • In paste.session, when cleaning files ignore files that aren’t session files.
  • paste.httpexceptions.HTTPExceptionHandler will no longer catch exceptions raised during the app_iter iteration.
  • paste.cascade.Cascade copies wsgi.input when cascading, so that one of the applications cannot read the input and leave a later application blocked when it tries to read the input.
  • Fix assigning to WSGIResponse.charset breaking the content-type.
  • SMTP authentication is supported for the exception handler. You may now set smtp_username, smtp_password and smtp_use_tls to control this behavior. From pthy.


  • Remove FreeBSD threadpool condition in paste.httpserver (which was also breaking code for Windows users).
  • Fix problem with paste.wsgilib.intercept_output and passing up exceptions.


  • Allow customization of the paste.config.ConfigMiddleware environ key.
  • Added a current method (an alias of current_conf) to paste.config.DispatchingConfig.
  • Make test response .form attribute work when you have a single named form.
  • Try to encode any unicode input to paste.auth.auth_tkt
  • paste.wsgiwrappers.WSGIResponse now has a .content_type attribute (that does not include parameters), and a .charset attribute (that gets the charset parameter).
  • Inherit inherit show_exceptions_in_wsgi_errors from global configuration. Inherit debug more properly.


  • In paste.httpserver added lots of functionality to the threadpool. See the paste.httpserver threadpool documentation for details. This catches worker threads (and WSGI apps) that take too long to complete their task; killing them eventually, adding more worker threads when the pool is exhausted and it doesn’t look good that it’ll clear soon, and optionally killing the process when there are too many lost/zombie threads (you must be using some kind supervisor process for this last response to make sense).
  • Save host and scheme information during real HTTP proxy requests to paste.httpserver, into the keys paste.httpserver.proxy.scheme and
  • In paste.exceptions always call start_response; may help problems when there is an exception in start_response itself.
  • Added method to paste.registry.StackedObjectProxy, _object_stack(), which returns a list of all the registered objects. Useful if you want to search through the effective history of a stacked object.
  • Fixed infinite recursion problem with paste.request.EnvironHeaders.keys().
  • Fix paste.wsgiwrappers.WSGIRequest.urlvars to use wsgiorg.routing_args
  • Remove port from paste.request.construct_url if it’s the default port (e.g., port 80 for http).
  • paste.proxy works with headers with continuations in the response (i.e., a header that spans multiple lines). Also, treat a missing Content-Length as 0, not unlimited (may have previously caused freeze ups for some kinds of requests).
  • StackedObjectProxy supports __call__ (i.e., you can use StackedObjectProxy with callable objects).
  • Fixed ProfileMiddleware not calling close() on consumed app_iters.
  • httpheaders.AcceptLanguage now won’t give an exception when there is a malformed parameter in the header.
  • Fix paste.auth.form.auth_form Paste Deploy entry point.
  • Added REST methods to paste.fixture.TestApp, so you can more easily do requests like PUT and DELETE. From Anders Pearson.
  • Added {{default var=default_value}} command to paste.util.template. Make {{# comment}} work.


  • In paste.httpserver remove the reverse DNS lookup to set REMOTE_HOST
  • In paste.fileapp, if the client sends both If-None-Match and If-Modified-Since, prefer If-None-Match. Make ETags include the size as well as last modified timestamp. Make it possible to override how mimetypes are guessed.
  • HTTPException objects now have a exc.response(environ) method that returns a WSGIResponse object.
  • egg:Paste#watch_threads will show tracebacks of each thread under Python 2.5.
  • Made paste.util.template trim whitespace around statements that are on their own line.
  • paste.fileapp.DataApp now accepts allowed_headers=[...] to specify the allowed headers. By default only GET and HEAD are allowed.
  • Added paste.util.import_string.try_import_module, which imports modules and catches ImportError, but only if it’s an error importing the specific module, not an uncaught ImportError in the module being imported.


  • paste.httpserver didn’t implement the readline that the cgi module wants (regression in 1.2).


  • Backward incompatible change: paste.fileapp.FileApp properly supports request methods, including HEAD. If you were subclassing FileApp or DataApp and overriding __call__() you may have to subclass get() instead.
  • paste.httpheaders now parses the HTTP Accept-Language header and returns a list of languages the browser supports in the order it prefers them.
  • paste.mimeparse module added that handles parsing HTTP Accept headers for quality and mime-types.
  • paste.request.construct_url was adding SERVER_PORT to HTTP_HOST; but HTTP_HOST (from the Host header) generally contains a port when necessary, and SERVER_PORT should only be used with SERVER_NAME.
  • Added entry point for paste.registry.RegistryManager (egg:Paste#registry).
  • paste.request.HeaderDict fixed to know that Content-Length maps to CONTENT_LENGTH.
  • Can use paste.urlparser.StaticURLParser with sub-instances other than paste.fileapp.FileApp (if you subclass and override make_app)
  • paste.fixture.TestApp.get(status=X) takes a list of allowed status codes for X.
  • Added a small templating system for internal use (paste.util.template)
  • Removed a bunch of long-deprecated modules (generally modules that have been moved to other names).

In paste.wsgiwrappers

  • paste.wsgiwrappers.WSGIRequest has match_accept() function to screen incoming HTPT Accept values against a list of mime-types.

  • paste.wsgiwrappers.WSGIRequest.defaults now accepts a new key:


    The i18n language that should be used as the fallback should a translation not occur in a language file. See docs for details.

  • paste.wsgiwrappers.WSGIRequest can now optionally decode form parameters to unicode when it has a charset value set.

  • Deprecated the paste.wsgiwrappers.settings StackedObjectProxy dictionary for paste.wsgiwrappers.WSGIResponse.defaults.

In paste.httpserver

  • Regression in 1.1 fixed, where Paste’s HTTP server would drop trailing slashes from paths.
  • paste.httpserver now puts a key in the environment when using a thread pool that allows you to track the thread pool and see any wedged threads. egg:Paste#watch_threads is an application that can display this information.
  • paste.httpserver now accepts all request methods, not just GET, PUT, etc. (Methods like MKCOL were previously rejected.)
  • paste.httpserver has a wsgi.input that now does not block if you try to read past the end (it is limited to returning the number of bytes given in Content-Length). Double-reading from wsgi.input won’t give you the same data, but it won’t cause blocking.


  • Fixed major issue with serving static files on Windows (a regression in Paste 1.1 where most static files would return 404 Not Found).
  • Fixed parse_dict_querystring returning empty dicts instead of MultiDicts.
  • Added paste.config, a rewrite of paste.deploy.config using paste.registry. This version of ConfigMiddleware will enable use of paste.config.CONFIG within the EvalException interactive debugger.
  • Fixed problem where paste.recursive would leave wsgi.input and CONTENT_LENGTH set for recursive requests.
  • Changed the static file servers to give 404 Not Found responses when you have extra parts after a static file, instead of 400 Bad Request (like when you request /file.html/extra/path)


  • Security fix for paste.urlparser.StaticURLParser. The problem allowed escaping the root (and reading files) when used with paste.httpserver (this does not effect other servers, and does not apply when proxying requests from Apache to paste.httpserver).
  • paste.httpserver and paste.fixture.TestApp url-unquote SCRIPT_NAME and PATH_INFO, as specified in the CGI spec. Thanks to Jon Nelson for pointing out both these issues.
  • paste.registry now works within the EvalException interactive debugger.
  • Fixed paste.auth.open_id failures not returning a correct response.
  • Changed paste.httpexceptions.HTTPUnauthorized so that the WWW-Authenticate header is not required. 401 responses don’t have to have that header.
  • In paste.fixture.TestApp: <form> tags that have to action will preserve the existing query string. (Generally relative links that are completely empty should but were not preserving the query string)
  • Made paste.* compatible with py2exe by adding a modulefinder call in
  • The paste.gzipper gzipping middleware wasn’t changing the Content-Length header properly; thanks to Brad Clements for the fix.
  • Fixed paste.proxy to not use anything based on the dict form of httplib..HTTPMessage. This form folds headers together in a way that breaks Set-Cookie headers (two Set-Cookie headers would be merged into one).
  • paste.request.parse_formvars didn’t accept parameters in CONTENT_TYPE. prototype.js sets a charset parameter, which caused a problem.
  • Added a __traceback_decorator__ magic local variable, to allow arbitrary manipulation of the output of paste.exceptions.collector before formatting.
  • Added unicorn power to paste.pony (from Chad Whitacre)
  • For paste.httpserver SSL support: add support loading an explicit certificate context, and using ssl_pem='*' create an unsigned SSL certificate (from Jason Kirtland).
  • Fix some cases where paste.httpserver can have an orphaned thread pool (causing the process to not shut down properly). Patch from jek.


  • Fixed parsed_formvars potentially locking up on wsgi.input after modification of QUERY_STRING.
  • Fixed problem where paste.exceptions.errormiddleware didn’t expose the .close() method of the app_iter that it wraps (to catch exceptions). This is a problem if the server about the errormiddleware aborts the request; it should then call .close(), but won’t necessarily exhaust the iterator to do so.
  • Added entry point for paste.translogger (egg:Paste#translogger)
  • Fixed some cases where long data (e.g., a file upload) would show up in the error report, creating a very very large report. Also, put in a monkeypatch for the cgi module so that repr(uploaded_field) won’t load the entire field into memory (from its temporary file location).
  • Added a force_host option to paste.proxy.TransparentProxy, which will force all incoming requests to the same host, but leave the Host header intact.
  • Added automatic cleanup of old sessions for paste.session, from Amir Salihefendic.
  • Quote the function name in tracebacks in the exception formatter; Genshi has function names that use <>.


  • Fixed paste.response.HeaderDict get and setdefault methods to be case insensitive
  • Fix use of TestApp().post(params={'key': ['list of', 'values']}) as reported by Syver Enstad.
  • paste.fileapp.DataApp is now directly usable (was previously only usable as an abstract base class).


  • Fixed wsgiwrappers.WSGIResponse.delete_cookie. It also now takes optional path and domain arguments
  • wsgiwrappers.WSGIResponse now handles generator/iterator content more cleanly, and properly encodes unicode content according to its specified charset
  • Fixed wsgiwrappers.WSGIResponse mishandling multiple headers of the same name
  • Added a Paste Deploy entry point for paste.auth.cookie
  • Moved Paste Deploy dependencies out of top-level modules and into Paste-Deploy-specific entry point functions. This should make Paste more-or-less Paste Deploy independent. paste.urlparser and paste.exceptions.errormiddleware still have some leftover bits.
  • Added another redirector type to paste.recursive, environ['paste.recursive.include_app_iter'] which gives access to the original app_iter.
  • Bug with wsgilib.catch_errors and app_iters with no close() method.
  • Long words in tracebacks weren’t being wrapped correctly at all. Also, large data would cause the wrapping routine to give a recursion error. Now large data is truncated (at 1000 characters), and recursion won’t be a problem. Also, wrapping shouldn’t lose characters.
  • Better exception if you try to put a non-str into environ when using paste.auth.cookie
  • paste.exceptions.collector produces an exc_data.exception_type that is a class, not a string. This helps it get formatted better in Python 2.5.
  • All the tests pass on Python 2.5!
  • Added paste.proxy.TransparentProxy, which just sends the request described in the WSGI environ on without any modification. More useful for WSGI clients than servers, it effectively allows any WSGI-based request mechanism to act like an httplib-based request mechanism.
  • Added a cache_max_age argument to paste.urlparser.StaticURLParser, which allows you to encourage the caching of static files. Patch from Brad Clements.
  • Added suppress_http_headers to paste.proxy.Proxy, which will filter out HTTP headers from the request before passing it on. Patch from Brad Clements.


  • The EvalException ‘full traceback’ button is now only displayed when the full traceback differs from the regular (includes hidden frames).
  • Fixed EvalException returning a Content-type of ‘text-html’ instead of ‘text/html’ in some cases.


  • Renamed the paste.util.multidict.multidict class to paste.util.multidict.MultiDict


  • Fixed a security vulnerability in paste.urlparser’s StaticURLParser and PkgResourcesParser where, with some servers, you could escape the document root.

  • Significantly improved paste.httpserver’s (egg:Paste#http) performance. It now uses a thread pool: previously it created a new thread for every request. To revert back to the old, slower behavior, set:

    use_threadpool = false

    in the [server:main] section of the config file.

  • More control of where the output of paste.debug.prints goes.

  • Added a warning to paste.wsgilib.add_close if the upstream app_iter consumer doesn’t call the app_iter.close() method.

  • Fixed{})

  • Fixed paste.translogger.TransLogger to log to the Apache combined log format as advertised.

  • Fixed paste.urlparser classes to handle quoted characters (e.g. %20) in URL paths.

  • Changed paste.session to allow manipulating a session for the first time after start_response is called.

  • Added paste.wsgilib.add_start_close which calls a function just before returning the first chunk of the app_iter.

  • Changed paste.urlmap so that it matches domain-specific mappings before domain-neutral mappings.

  • Fixed IE 6 potentially receiving the following "400 Bad Request" error on file downloads:

    Please check your system clock.
    According to this server, the time provided in the
    If-Modified-Since header is in the future.
  • Added a ‘no’ keyword argument to TestResponse.mustcontain, so you can assert that a response does contain some strings at the same time that you assert that a response does not contain other strings, like:

    res = app.get('/')
    res.mustcontain('this must be there',
                    no=['error', 'unexpected'])
  • Fixed fileapp.FileApp to pay attention to the If-None-Match header, which does ETag matching; before only If-Modified-Since was supported, even though an ETag header was being sent; in particular Firefox would then only send If-None-Match and so conditional requests never worked.

  • Changed usage of paste.request.MultiDict to paste.util.multidict, particularly in paste.wsgiwrappers where request.GET returns a new style of dictionary interface.

  • Be more careful in paste.request.parse_formvars not to let the cgi module read from wsgi.input when there are no parsable variables in the input (based on CONTENT_TYPE).


  • This released was lost in a tragic clerical accident.


  • 0.9.2 Included a version of MochiKit that was no longer compatible with evalexception; 0.9.3 reverts to a previous version.
  • Change wsgi.run_once=False for paste.httpserver
  • Added entry points for debug apps


  • Fix in paste.urlmap when connecting with host:port.
  • Added /_debug/summary to evalexception, which gives a JSON-formatted list of all the exceptions in memory.


  • A fix for paste.errordocument, when doing an internal redirect from a POST request (the request is rewritten as a GET request)


  • Added paste.request.WSGIRequest, a request object that wraps the WSGI environment.
  • Added paste.registry, which is middleware for registering threadlocal objects in a request.
  • Avoid annoying warning from paste.recursive
  • paste.httpserver now removes HTTPServer’s transaction logging, which was doing a reverse DNS lookup.
  • Added has_session to paste.session
  • Allow for conditional paste.wsgilib.intercept_output which should be slightly faster (and streamable) compared to doing the condition manually.
  • Added entry point for paste.proxy, plus improvements from Brad Clements (support path in target, filter request methods)
  • Added paste.pony so pony power can be added to any WSGI application.
  • Added port matching to paste.urlmap.



  • Fixed up paste documentation (especially for new packages/modules)
  • Added paste.auth package for authentication related WSGI middle-ware components:
    • basic and digest HTTP authentication as described by RFC 2617
    • support for Yale’s Central Authentication System (cas)
    • open_id supports single sign-on originally developed for LiveJournal (see
    • cookie digitally signs cookies to record the current authenticated user (REMOTE_USER), session identifier (REMOTE_SESSION), and other WSGI entries in the environ.
    • a form module (to be used with cookie or an equivalent) provides a simple HTML based form authentication.
    • the multi module is an experimental mechanism for choosing an authentication mechanism based on the WSGI environ
  • Added paste.httpserver module which provides a very simple WSGI server built upon python’s BaseHTTPServer; this server has support for several features:
    • support for SSL connections via OpenSSL
    • support for HTTP/1.1 100 Continue messages as required by the WSGI specification (many HTTP server implementations don’t do this)
    • implemented as a Mix-In so that it can be used with other more enchanted versions of BaseHTTPServer
    • support for ‘Keep-Alive’ (standard in HTTP/1.1) by either providing a content-length or closing a connection if one is not available
  • Improved the paste.httpexceptions module:
    • added missing exception objects, and better descriptions
    • fixed several bugs in how exceptions are caught and propagated
    • usage as a wsgi_application() enables exceptions to be returned without throwing or catching the error
    • support for plain/text messages for text-only clients such as curl, python’s urllib, or Microsoft Excel
    • allows customization of the HTML template for higher-level frameworks
  • Added paste.httpheaders module to provide a uniform mechanism to access/update standard HTTP headers in a WSGI environ and response_headers collection; it includes specific support for:
    • providing “common” header names and sorting them as suggested by RFC 2616
    • validated support for Cache-Control header construction
    • validated support for Content-Disposition header construction
    • parsing of If-Modified-Since and other date oriented headers
    • parsing of Range header for partial-content delivery
    • composition of HTTP/1.1 digest Authorization responses
  • Improved paste.fileapp to support:
    • static in-memory resources
    • incremental downloading of files from disk
    • responding to ‘Range’ requests to handle partial downloads
    • allowing cache settings to be easily provided; including support for HTTP/1.0 ‘Expires’ and HTTP/1.1 ‘Cache-Control’
  • Added an experimental paste.transaction module for handling commit/rollback of standard DBAPI database connections
  • Added a paste.util.datetimeutil module for parsing standard date/time user-generated text values
  • Added a debug package, which includes:
    • previous top-level modules prints, profile, wdg_validate and doctest_webapp
    • a testserver module suitable to test HTTP socket connections via pytest
  • Re-factored paste.wsgilib into several other modules:
  • Significant improvements to wsgiutils.wsgilib module:
    • added a dump_environ application to help debugging
    • fixes to raw_interactive to comply with WSGI specifications
    • raw_interactive now logs all 5xx exceptions and sets HTTP_HOST
  • Added an argument no_profile to paste.debug.profile.profile_decorator; if that option is false, then don’t profile the function at all.
  • Changed paste.lint to check that the status contains a message (e.g., "404 Not Found" instead of just "404"). Check that environmental variables HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are no present. Made unknown REQUEST_METHOD a warning (not an error).
  • Added parameter cwd to
  • paste.fixture.TestApp:
    • Form filling code (use response.forms[0] to get a form object)
    • Added click method.
    • Better attribute errors.
    • You can force set hidden fields using form.fields[name].force_value(value) (normally setting the value of a hidden field is an error).
    • Frameworks can now add custom attributes to the response object.
  • paste.wsgilib.capture_output is deprecated in favor of paste.wsgilib.intercept_output
  • Remove use of exceptions in paste.cascade.Cascade, which causes weird effects in some cases. Generally we aren’t using exceptions internally now, only return status codes. Also in cascade, be careful to keep cascaded requests from sharing the same environment.
  • paste.wsgilib.error_response is deprecated (paste.httpexceptions replaces this with exception’s .wsgi_application method).
  • Moved paste.login to the attic, since paste.auth pretty much replaces it.
  • paste.urlparser improvements:
    • Added an application urlparser.StaticURLParser for serving static files.
    • Added an application urlparser.PkgResourcesParser for serving static files found with pkg_resources (e.g., out of zipped Eggs).
    • Be less picky about ambiguous filenames when using URLParser; if an exact file match exists, use that. (file.gif.bak would cause a request for file.gif to be ambiguous before)
    • Now looks for a .wsgi_application attribute when serving Python files/modules, as a general hook for returning a WSGI application version of an object.
  • The ErrorMiddleware:
    • Returns trimmed-down exceptions if there is a _ GET variable in the request (which is meant to signal an XMLHttpRequest). Exceptions displayed in this context are best when they are smaller and easier to display.
    • Includes a text version of the traceback, for easier copy-and-paste.
    • Avoid printing exceptions to wsgi.errors if they are already displayed elsewhere (at least by default).
    • Highlight Python code.
  • Use pkg_resources.declare_namespace so that there are less problems about confusing the paste package that is provided by Paste, Paste Script, Paste Deploy, and Paste WebKit. Before you could get one of these at random if you didn’t use pkg_resources.require first.
  • Cleaned up use of exc_info argument in start_response calls (both accepting and producing), in a variety of places.