27a4cf18a3
- Update to 3.1.3 (CVE-2026-27205, bsc#1258700) * The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726 - Update to 3.1.2 * stream_with_context does not fail inside async views. #5774 * When using follow_redirects in the test client, the final state of session is correct. #5786 * Relax type hint for passing bytes IO to send_file. #5776Markéta Machová2026-02-25 08:53:21 +00:00
d65a51862a
Accepting request 1277662 from devel:languages:python:flask
Ana Guerrero2025-05-23 12:27:10 +00:00
15bb0a5475
- Update to 3.1.1 (CVE-2025-47278, bsc#1243163): * Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g * Fix type hint for cli_runner.invoke. #5645 * flask --help loads the app and plugins first to make sure all commands are shown. #5673 * Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659Daniel Garcia2025-05-15 07:20:00 +00:00
df9e72bcc0
- Update to 3.1.0: * Drop support for Python 3.8. * Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. * Provide a configuration option to control automatic option responses. * Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. * Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. * Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. * -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. * Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. * Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. * Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config.
Steve Kowalik2025-02-07 01:51:18 +00:00
eee3f6f026
- Update to 3.1.0: * Drop support for Python 3.8. * Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. * Provide a configuration option to control automatic option responses. * Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. * Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. * Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. * -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. * Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. * Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. * Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config.
Steve Kowalik2025-02-07 01:51:18 +00:00
099aebf423
- update to 3.0.3 * The default hashlib.sha1 may not be available in FIPS builds. Don’t access it at import time so the developer has time to change the default. :issue:5448 * Don’t initialize the cli attribute in the sansio scaffold, but rather in the Flask concrete class. :issue:5270Matej Cepl2024-08-28 15:41:08 +00:00
a6794f567c
Accepting request 1194157 from home:yeey:branches:devel:languages:python:flask
Matej Cepl2024-08-28 15:41:08 +00:00
df9450c908
Accepting request 1166616 from devel:languages:python:flask
Ana Guerrero2024-04-10 15:48:42 +00:00
3a5e06bb58
Accepting request 1166616 from devel:languages:python:flask
Ana Guerrero2024-04-10 15:48:42 +00:00
b44f22a6c2
- Remove not needed dependency python-contextvars
Daniel Garcia2024-04-10 10:15:08 +00:00
2c4ff201e3
- Remove not needed dependency python-contextvars
Daniel Garcia2024-04-10 10:15:08 +00:00
dce0f6ff4d
Accepting request 1144168 from devel:languages:python:flask
Ana Guerrero2024-02-06 15:32:43 +00:00
9964793fb6
Accepting request 1144168 from devel:languages:python:flask
Ana Guerrero2024-02-06 15:32:43 +00:00
a293245a56
- update to 3.0.2: * Correct type for jinja_loader property. :issue:5388 * Fix error with --extra-files and --exclude-patterns CLI options. :issue:5391Dirk Mueller2024-02-05 10:05:08 +00:00
639b50d27c
- update to 3.0.2: * Correct type for jinja_loader property. :issue:5388 * Fix error with --extra-files and --exclude-patterns CLI options. :issue:5391Dirk Mueller2024-02-05 10:05:08 +00:00
545b10d759
Accepting request 1140137 from devel:languages:python:flask
Ana Guerrero2024-01-21 22:07:16 +00:00
a56c0d452b
Accepting request 1140137 from devel:languages:python:flask
Ana Guerrero2024-01-21 22:07:16 +00:00
8695adbbce
- update to 3.0.1: * Correct type for path argument to send_file. :issue:5230 * Fix a typo in an error message for the flask run --key option. :pr:5344 * Session data is untagged without relying on the built-in json.loads object_hook. This allows other JSON providers that don't implement that. :issue:5381 * Address more type findings when using mypy strict mode. :pr:5383 * Remove previously deprecated code. :pr:5223 * Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("flask"), instead. :issue:5230 * Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:5127 * Allow self as an argument to url_for. :pr:5264 * Require Werkzeug >= 3.0.0. * Add an --exclude-patterns option to the flask run CLI command to * Relax typing for errorhandler to allow the user to use more precise * From Werkzeug, for redirect responses the Location header URL will * Add Config.from_prefixed_env() to load config values from environment variables that start with FLASK_ or another prefix. This parses values as * Fixed the issue where typing requires template global decorators to - Set the default encoding to “UTF-8” when loading .env and .flaskenv - flask shell sets up tab and history completion like the default - add dependency on itsdangerous
Dirk Mueller2024-01-20 14:07:52 +00:00
c9a02c2d8f
- update to 3.0.1: * Correct type for path argument to send_file. :issue:5230 * Fix a typo in an error message for the flask run --key option. :pr:5344 * Session data is untagged without relying on the built-in json.loads object_hook. This allows other JSON providers that don't implement that. :issue:5381 * Address more type findings when using mypy strict mode. :pr:5383 * Remove previously deprecated code. :pr:5223 * Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("flask"), instead. :issue:5230 * Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:5127 * Allow self as an argument to url_for. :pr:5264 * Require Werkzeug >= 3.0.0. * Add an --exclude-patterns option to the flask run CLI command to * Relax typing for errorhandler to allow the user to use more precise * From Werkzeug, for redirect responses the Location header URL will * Add Config.from_prefixed_env() to load config values from environment variables that start with FLASK_ or another prefix. This parses values as * Fixed the issue where typing requires template global decorators to - Set the default encoding to “UTF-8” when loading .env and .flaskenv - flask shell sets up tab and history completion like the default - add dependency on itsdangerous
Dirk Mueller2024-01-20 14:07:52 +00:00
e55773ee4a
Accepting request 1113337 from devel:languages:python:flask
Ana Guerrero2023-09-26 20:00:43 +00:00
770f982125
Accepting request 1113337 from devel:languages:python:flask
Ana Guerrero2023-09-26 20:00:43 +00:00
bc0d890120
- Update to 2.3.3: * Python 3.12 compatibility. * Require Werkzeug >= 2.3.7. * Use `flit_core instead of setuptools` as build backend. * Refactor how an app's root and instance paths are determined. - Fiddle with captialisation again, I look forward to this flipping back to Flask at some point.
Steve Kowalik2023-09-25 02:32:52 +00:00
36ecd3535e
- Update to 2.3.3: * Python 3.12 compatibility. * Require Werkzeug >= 2.3.7. * Use `flit_core instead of setuptools` as build backend. * Refactor how an app's root and instance paths are determined. - Fiddle with captialisation again, I look forward to this flipping back to Flask at some point.
Steve Kowalik2023-09-25 02:32:52 +00:00
43e8d956fa
Accepting request 1109078 from devel:languages:python:flask
Ana Guerrero2023-09-06 16:56:32 +00:00
bead461ac4
Accepting request 1109078 from devel:languages:python:flask
Ana Guerrero2023-09-06 16:56:32 +00:00
7eefcf0b84
- Update to 2.3.2: * Set `Vary: Cookie header when the session is accessed, modified, or refreshed. * Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes. * Restore deprecated from flask import Markup. * Drop support for Python 3.7. * Update minimum requirements to the latest versions. * Remove previously deprecated code. * Importing escape and Markup from flask is deprecated. * The app.got_first_request property is deprecated. * The locked_cached_property decorator is deprecated. * Signals are always available. blinker>=1.6.2 is a required dependency. * Signals support async subscriber functions. * Remove uses of locks that could cause requests to block each other very briefly. * Use modern packaging metadata with pyproject.toml. * Ensure subdomains are applied with nested blueprints. * If a blueprint is created with an empty name it raises a ValueError. * SESSION_COOKIE_DOMAIN does not fall back to SERVER_NAME. * The routes command shows each rule's subdomain or host` when domain matching is in use. * Use postponed evaluation of annotations. - Switch to pyproject macros. - Delete unneeded .gitignore files, update rpmlintrc
Steve Kowalik2023-08-02 06:48:59 +00:00
3cdb9cb654
- Update to 2.3.2: * Set `Vary: Cookie header when the session is accessed, modified, or refreshed. * Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes. * Restore deprecated from flask import Markup. * Drop support for Python 3.7. * Update minimum requirements to the latest versions. * Remove previously deprecated code. * Importing escape and Markup from flask is deprecated. * The app.got_first_request property is deprecated. * The locked_cached_property decorator is deprecated. * Signals are always available. blinker>=1.6.2 is a required dependency. * Signals support async subscriber functions. * Remove uses of locks that could cause requests to block each other very briefly. * Use modern packaging metadata with pyproject.toml. * Ensure subdomains are applied with nested blueprints. * If a blueprint is created with an empty name it raises a ValueError. * SESSION_COOKIE_DOMAIN does not fall back to SERVER_NAME. * The routes command shows each rule's subdomain or host` when domain matching is in use. * Use postponed evaluation of annotations. - Switch to pyproject macros. - Delete unneeded .gitignore files, update rpmlintrc
Steve Kowalik2023-08-02 06:48:59 +00:00
90a78ed1bf
- update to 2.2.5 (bsc#1211246, CVE-2023-30861): * Set `Vary: Cookie header when the session is accessed, modified, or refreshed. * Update for compatibility with Werkzeug 2.3. * Autoescape is enabled by default for .svg template files. :issue:4831 * Fix the type of template_folder to accept pathlib.Path. :issue:4892 * Add --debug option to the flask run command. :issue:4777`
Dirk Mueller2023-05-10 09:19:40 +00:00
7a31aba8fc
- update to 2.2.5 (bsc#1211246, CVE-2023-30861): * Set `Vary: Cookie header when the session is accessed, modified, or refreshed. * Update for compatibility with Werkzeug 2.3. * Autoescape is enabled by default for .svg template files. :issue:4831 * Fix the type of template_folder to accept pathlib.Path. :issue:4892 * Add --debug option to the flask run command. :issue:4777`
Dirk Mueller2023-05-10 09:19:40 +00:00
Ana Guerrero
Markéta Machová
Adrian Schröter
Daniel Garcia
Dominique Leuenberger
Steve Kowalik
Matej Cepl
Dirk Mueller
Richard Brown
John Vandenberg
Antonio Larrosa
Petr Cervinka
Ondřej Súkup