ChlorideCull
commented
8 years ago A bit of a background: It was first deprecated mid-October 2012, in bottlepy/bottle@9e374eefda3eb2d226ed8dbc4f18eda530583e33, printing a deprecation warning with the warnings module. In my experience, warnings have never worked properly, and thus hasn't printed anything until December 2015, in bottlepy/bottle@e456b4fe389c6410db5c1a813d2991e9f65688ee where depr() started returning an exception which is then thrown.
Reading the initial commit message from 2012, sheds some light on why it was done.
The next release will tighten the rules a bit further: TEMPLATE_PATH must not be empty, and absolute paths are considered relative, too. This ensures that only templates from within TEMPLATE_PATH directries are loaded.
Personally, I think that's the wrong approach. An absolute path should never be treated as relative, and even if they were forbidden for security reasons, it's ridiculously easy to circumvent by just using ../.
However, since there seems to go half a year between minor releases, I'm not gonna go argue about it to get it upstreamed, just so I have to wait for a release, or support development releases. I can just test development versions, patch it myself, and put it in this repo - it's small and MIT licensed anyways.
The ancient "stable" bottle has issues when it comes to routes defined in more complex ways than using the decorator. My recommendation is simply running the 0.13-dev version, but CSG2 fails on it.