- update to 2.2.3 (bsc#1208283, CVE-2023-25577):
* Ensure that URL rules using path converters will redirect
with strict slashes when the trailing slash is missing.
* Type signature for ``get_json`` specifies that return type
is not optional when ``silent=False``.
* ``parse_content_range_header`` returns ``None`` for a value
like ``bytes */-1`` where the length is invalid, instead of
raising an ``AssertionError``.
* Address remaining ``ResourceWarning`` related to the socket
used by ``run_simple``.
* Remove ``prepare_socket``, which now happens when
creating the server.
* Update pre-existing headers for ``multipart/form-data``
requests with the test client.
* Fix handling of header extended parameters such that they
are no longer quoted.
* ``LimitedStream.read`` works correctly when wrapping a
stream that may not return the requested size in one
``read`` call.
* A cookie header that starts with ``=`` is treated as an
empty key and discarded, rather than stripping the leading ``==``.
* Specify a maximum number of multipart parts, default 1000,
after which a ``RequestEntityTooLarge`` exception is
raised on parsing. This mitigates a DoS attack where a
larger number of form/file parts would result in disproportionate
resource use.
OBS-URL: https://build.opensuse.org/request/show/1071237
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=40
* Ensure that URL rules using path converters will redirect
with strict slashes when the trailing slash is missing.
* Type signature for ``get_json`` specifies that return type
is not optional when ``silent=False``.
* ``parse_content_range_header`` returns ``None`` for a value
like ``bytes */-1`` where the length is invalid, instead of
raising an ``AssertionError``.
* Address remaining ``ResourceWarning`` related to the socket
used by ``run_simple``.
* Remove ``prepare_socket``, which now happens when
creating the server.
* Update pre-existing headers for ``multipart/form-data``
requests with the test client.
* Fix handling of header extended parameters such that they
are no longer quoted.
* ``LimitedStream.read`` works correctly when wrapping a
stream that may not return the requested size in one
``read`` call.
* A cookie header that starts with ``=`` is treated as an
empty key and discarded, rather than stripping the leading ``==``.
* Specify a maximum number of multipart parts, default 1000,
after which a ``RequestEntityTooLarge`` exception is
raised on parsing. This mitigates a DoS attack where a
larger number of form/file parts would result in disproportionate
resource use.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=76
- test failed due to markupsafe module missing
Included markupsafe module
- Update to 2.2.2:
* Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. #2489
* Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. #2489
* Update subpackage imports in werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. #2493
* Parsing of some invalid header characters is more robust. #2494
* When starting the development server, a warning not to use it in a production deployment is always shown. #2480
* LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. #2485
* Address one ResourceWarning related to the socket used by run_simple. #2421
- Update to Version 2.2.1:
* Fix router so that /path/ will match a rule /path if strict slashes mode is disabled for the rule. #2467
* Fix router so that partial part matches are not allowed i.e. /2df does not match /<int>. #2470
* Fix router static part weighting, so that simpler routes are matched before more complex ones. #2471
* Restore ValidationError to be importable from werkzeug.routing. #2465
- Update to Version 2.2.0
* Deprecated get_script_name, get_query_string, peek_path_info, pop_path_info, and extract_path_info. #2461
* Remove previously deprecated code. #2461
* Add MarkupSafe as a dependency and use it to escape values when rendering HTML. #2419
* Added the werkzeug.debug.preserve_context mechanism for restoring context-local data for a request when running code in the debug console. #2439
* Fix compatibility with Python 3.11 by ensuring that end_lineno and end_col_offset are present on AST nodes. #2425
* Add a new faster matching router based on a state machine. #2433
* Fix branch leaf path masking branch paths when strict-slashes is disabled. #1074
* Names within options headers are always converted to lowercase. This matches RFC 6266 that the case is not relevant. #2442
* AnyConverter validates the value passed for it when building URLs. #2388
* The debugger shows enhanced error locations in tracebacks in Python 3.11. #2407
* Added Sans-IO is_resource_modified and parse_cookie functions based on WSGI versions. #2408
* Added Sans-IO get_content_length function. #2415
* Don’t assume a mimetype for test responses. #2450
OBS-URL: https://build.opensuse.org/request/show/1003019
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=70
- update to 2.1.2:
* The development server does not set ``Transfer-Encoding: chunked``
for 1xx, 204, 304, and HEAD responses. :issue:`2375`
* Response HTML for exceptions and redirects starts with
``<!doctype html>`` and ``<html lang=en>``. :issue:`2390`
* Fix ability to set some ``cache_control`` attributes to ``False``.
:issue:`2379`
* Disable ``keep-alive`` connections in the development server, which
are not supported sufficiently by Python's ``http.server``.
:issue:`2397`
- drop 2402-dev_server.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/976285
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=37
* The development server does not set ``Transfer-Encoding: chunked``
for 1xx, 204, 304, and HEAD responses. :issue:`2375`
* Response HTML for exceptions and redirects starts with
``<!doctype html>`` and ``<html lang=en>``. :issue:`2390`
* Fix ability to set some ``cache_control`` attributes to ``False``.
:issue:`2379`
* Disable ``keep-alive`` connections in the development server, which
are not supported sufficiently by Python's ``http.server``.
:issue:`2397`
- drop 2402-dev_server.patch (upstream)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=66
- Update to 2.1.1:
- ResponseCacheControl.s_maxage converts its value to an int,
like max_age.
- Drop support for Python 3.6.
- Using gevent or eventlet requires greenlet>=1.0 or
PyPy>=7.3.7. werkzeug.locals and contextvars will not work
correctly with older versions.
- Remove previously deprecated code.
- Remove the non-standard shutdown function from the WSGI
environ when running the development server. See the docs
for alternatives.
- Request and response mixins have all been merged into the
Request and Response classes.
- The user agent parser and the useragents module is
removed. The user_agent module provides an interface that
can be subclassed to add a parser, such as ua-parser. By
default it only stores the whole string.
- The test client returns TestResponse instances and can no
longer be treated as a tuple. All data is available as
properties on the response.
- Remove locals.get_ident and related thread-local code from
locals, it no longer makes sense when moving to
a contextvars-based implementation.
- Remove the python -m werkzeug.serving CLI.
- The has_key method on some mapping datastructures; use key
in data instead.
- Request.disable_data_descriptor is removed, pass
shallow=True instead.
- Remove the no_etag parameter from Response.freeze().
- Remove the HTTPException.wrap class method.
- Remove the cookie_date function. Use http_date instead.
- Remove the pbkdf2_hex, pbkdf2_bin, and safe_str_cmp
functions. Use equivalents in hashlib and hmac modules
instead.
- Remove the Href class.
- Remove the HTMLBuilder class.
- Remove the invalidate_cached_property function. Use del
obj.attr instead.
- Remove bind_arguments and validate_arguments. Use
Signature.bind() and inspect.signature() instead.
- Remove detect_utf_encoding, it’s built-in to json.loads.
- Remove format_string, use string.Template instead.
- Remove escape and unescape. Use MarkupSafe instead.
- The multiple parameter of parse_options_header is
deprecated.
- Rely on PEP 538 and PEP 540 to handle decoding file names
with the correct filesystem encoding. The filesystem module
is removed.
- Default values passed to Headers are validated the same way
values added later are.
- Setting CacheControl int properties, such as max_age, will
convert the value to an int.
- Always use socket.fromfd when restarting the dev server.
- When passing a dict of URL values to Map.build, list values
do not filter out None or collapse to a single value.
Passing a MultiDict does collapse single items. This undoes
a previous change that made it difficult to pass a list, or
None values in a list, to custom URL converters.
- run_simple shows instructions for dealing with “address
already in use” errors, including extra instructions for
macOS.
- Extend list of characters considered always safe in URLs
based on RFC 3986.
- Optimize the stat reloader to avoid watching unnecessary
files in more cases. The watchdog reloader is still
recommended for performance and accuracy.
- The development server uses Transfer-Encoding: chunked for
streaming responses when it is configured for HTTP/1.1.
- The development server uses HTTP/1.1, which enables
keep-alive connections and chunked streaming responses,
when threaded or processes is enabled.
- cached_property works for classes with __slots__ if
a corresponding _cache_{name} slot is added.
- Refactor the debugger traceback formatter to use Python’s
built-in traceback module as much as possible.
- The TestResponse.text property is a shortcut for
r.get_data(as_text=True), for convenient testing against
text instead of bytes.
- safe_join ensures that the path remains relative if the
trusted directory is the empty string.
- Percent-encoded newlines (%0a), which are decoded by WSGI
servers, are considered when routing instead of terminating
the match early.
- The test client doesn’t set duplicate headers for
CONTENT_LENGTH and CONTENT_TYPE.
- append_slash_redirect handles PATH_INFO with internal
slashes.
- The default status code for append_slash_redirect is 308
instead of 301. This preserves the request body, and
matches a previous change to strict_slashes in routing.
- Fix ValueError: I/O operation on closed file. with the test
client when following more than one redirect.
- Response.autocorrect_location_header is disabled by
default. The Location header URL will remain relative, and
exclude the scheme and domain, by default.
- Request.get_json() will raise a 400 BadRequest error if the
Content-Type header is not application/json. This makes
a very common source of confusion more visible.
- Add no-network-testing.patch to mark all tests requiring
network access (so they can be skipped by pytest test runner,
gh#pallets/werkzeug#2393).
OBS-URL: https://build.opensuse.org/request/show/970992
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=35
- Update to 2.1.1:
- ResponseCacheControl.s_maxage converts its value to an int,
like max_age.
- Drop support for Python 3.6.
- Using gevent or eventlet requires greenlet>=1.0 or
PyPy>=7.3.7. werkzeug.locals and contextvars will not work
correctly with older versions.
- Remove previously deprecated code.
- Remove the non-standard shutdown function from the WSGI
environ when running the development server. See the docs
for alternatives.
- Request and response mixins have all been merged into the
Request and Response classes.
- The user agent parser and the useragents module is
removed. The user_agent module provides an interface that
can be subclassed to add a parser, such as ua-parser. By
default it only stores the whole string.
- The test client returns TestResponse instances and can no
longer be treated as a tuple. All data is available as
properties on the response.
- Remove locals.get_ident and related thread-local code from
locals, it no longer makes sense when moving to
a contextvars-based implementation.
- Remove the python -m werkzeug.serving CLI.
- The has_key method on some mapping datastructures; use key
in data instead.
- Request.disable_data_descriptor is removed, pass
shallow=True instead.
- Remove the no_etag parameter from Response.freeze().
- Remove the HTTPException.wrap class method.
OBS-URL: https://build.opensuse.org/request/show/970987
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=62
- update to 2.0.3:
* ``ProxyFix`` supports IPv6 addresses.
* Type annotation for ``Response.make_conditional``,
``HTTPException.get_response``, and ``Map.bind_to_environ`` accepts
``Request`` in addition to ``WSGIEnvironment`` for the first
parameter.
* Fix type annotation for ``Request.user_agent_class``.
* Accessing ``LocalProxy.__class__`` and ``__doc__`` on an unbound
proxy returns the fallback value instead of a method object.
* Redirects with the test client set ``RAW_URI`` and ``REQUEST_URI``
correctly.
OBS-URL: https://build.opensuse.org/request/show/954652
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=34
* ``ProxyFix`` supports IPv6 addresses.
* Type annotation for ``Response.make_conditional``,
``HTTPException.get_response``, and ``Map.bind_to_environ`` accepts
``Request`` in addition to ``WSGIEnvironment`` for the first
parameter.
* Fix type annotation for ``Request.user_agent_class``.
* Accessing ``LocalProxy.__class__`` and ``__doc__`` on an unbound
proxy returns the fallback value instead of a method object.
* Redirects with the test client set ``RAW_URI`` and ``REQUEST_URI``
correctly.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=61
- update to 2.0.2:
* Handle multiple tokens in ``Connection`` header when routing
WebSocket requests.
* Set the debugger pin cookie secure flag when on https.
* Fix type annotation for ``MultiDict.update`` to accept iterable
values :pr:`2142`
* Prevent double encoding of redirect URL when ``merge_slash=True``
for ``Rule.match``.
* ``CombinedMultiDict.to_dict`` with ``flat=False`` considers all
component dicts when building value lists. :issue:`2189`
* ``send_file`` only sets a detected ``Content-Encoding`` if
``as_attachment`` is disabled to avoid browsers saving
decompressed ``.tar.gz`` files.
* Fix type annotations for ``TypeConversionDict.get`` to not return an
``Optional`` value if both ``default`` and ``type`` are not
``None``.
* Fix type annotation for routing rule factories to accept
``Iterable[RuleFactory]`` instead of ``Iterable[Rule]`` for the
``rules`` parameter. :issue:`2183`
* Add missing type annotation for ``FileStorage.__getattr__``
* The debugger pin cookie is set with ``SameSite`` set to ``Strict``
instead of ``None`` to be compatible with modern browser security.
* Type annotations use ``IO[bytes]`` and ``IO[str]`` instead of
``BinaryIO`` and ``TextIO`` for wider type compatibility.
* Ad-hoc TLS certs are generated with SAN matching CN. :issue:`2158`
* Fix memory usage for locals when using Python 3.6 or pre 0.4.17
greenlet versions. :pr:`2212`
* Fix type annotation in ``CallbackDict``, because it is not
utilizing a bound TypeVar. :issue:`2235`
* Fix setting CSP header options on the response. :pr:`2237`
OBS-URL: https://build.opensuse.org/request/show/925758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=33
* Handle multiple tokens in ``Connection`` header when routing
WebSocket requests.
* Set the debugger pin cookie secure flag when on https.
* Fix type annotation for ``MultiDict.update`` to accept iterable
values :pr:`2142`
* Prevent double encoding of redirect URL when ``merge_slash=True``
for ``Rule.match``.
* ``CombinedMultiDict.to_dict`` with ``flat=False`` considers all
component dicts when building value lists. :issue:`2189`
* ``send_file`` only sets a detected ``Content-Encoding`` if
``as_attachment`` is disabled to avoid browsers saving
decompressed ``.tar.gz`` files.
* Fix type annotations for ``TypeConversionDict.get`` to not return an
``Optional`` value if both ``default`` and ``type`` are not
``None``.
* Fix type annotation for routing rule factories to accept
``Iterable[RuleFactory]`` instead of ``Iterable[Rule]`` for the
``rules`` parameter. :issue:`2183`
* Add missing type annotation for ``FileStorage.__getattr__``
* The debugger pin cookie is set with ``SameSite`` set to ``Strict``
instead of ``None`` to be compatible with modern browser security.
* Type annotations use ``IO[bytes]`` and ``IO[str]`` instead of
``BinaryIO`` and ``TextIO`` for wider type compatibility.
* Ad-hoc TLS certs are generated with SAN matching CN. :issue:`2158`
* Fix memory usage for locals when using Python 3.6 or pre 0.4.17
greenlet versions. :pr:`2212`
* Fix type annotation in ``CallbackDict``, because it is not
utilizing a bound TypeVar. :issue:`2235`
* Fix setting CSP header options on the response. :pr:`2237`
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=60
* Drop support for Python 3.4. (#1478)
* Remove code that issued deprecation warnings in version 0.15. (#1477)
* Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. #2, #1640
* Added utils.invalidate_cached_property() to invalidate cached properties. (#1474)
* Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as “expires” and “version”. (#1495)
* Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. #1562, #1458
* Add charset=utf-8 to an HTTP exception response’s CONTENT_TYPE header. (#1526)
* The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. #913, #1037, #1532
* The user agent for Opera 60 on Mac is correctly reported as “opera” instead of “chrome”. #1556
* The platform for Crosswalk on Android is correctly reported as “android” instead of “chromeos”. (#1572)
* Issue a warning when the current server name does not match the configured server name. #760
* A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. #1584
* InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. #1590
* Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. #1605
* http.dump_cookie() accepts 'None' as a value for samesite. #1549
* set_cookie() accepts a samesite argument. #1705
* Support the Content Security Policy header through the Response.content_security_policy data structure. #1617
* LanguageAccept will fall back to matching “en” for “en-US” or “en-US” for “en” to better support clients or translations that only match at the primary language tag. #450, #1507
* MIMEAccept uses MIME parameters for specificity when matching. #458, #1574
* If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. #1469
* is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. #409
* SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. #1599
* Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. #1185
* Optional request log highlighting with the development server is handled by Click instead of termcolor. #1235
* Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. #1555
* FileStorage.save() supports pathlib and PEP 519 PathLike objects. #1653
* The debugger security pin is unique in containers managed by Podman. #1661
* Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. #488
* The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. #1657
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=54
- Update to 1.0.0:
* Drop support for Python 3.4. (#1478)
* Remove code that issued deprecation warnings in version 0.15. (#1477)
* Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. #2, #1640
* Added utils.invalidate_cached_property() to invalidate cached properties. (#1474)
* Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as “expires” and “version”. (#1495)
* Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. #1562, #1458
* Add charset=utf-8 to an HTTP exception response’s CONTENT_TYPE header. (#1526)
* The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. #913, #1037, #1532
* The user agent for Opera 60 on Mac is correctly reported as “opera” instead of “chrome”. #1556
* The platform for Crosswalk on Android is correctly reported as “android” instead of “chromeos”. (#1572)
* Issue a warning when the current server name does not match the configured server name. #760
* A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. #1584
* InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. #1590
* Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. #1605
* http.dump_cookie() accepts 'None' as a value for samesite. #1549
* set_cookie() accepts a samesite argument. #1705
* Support the Content Security Policy header through the Response.content_security_policy data structure. #1617
* LanguageAccept will fall back to matching “en” for “en-US” or “en-US” for “en” to better support clients or translations that only match at the primary language tag. #450, #1507
* MIMEAccept uses MIME parameters for specificity when matching. #458, #1574
* If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. #1469
* is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. #409
* SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. #1599
* Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. #1185
* Optional request log highlighting with the development server is handled by Click instead of termcolor. #1235
* Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. #1555
* FileStorage.save() supports pathlib and PEP 519 PathLike objects. #1653
* The debugger security pin is unique in containers managed by Podman. #1661
* Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. #488
* The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. #1657
OBS-URL: https://build.opensuse.org/request/show/777800
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=28
* Drop support for Python 3.4. (#1478)
* Remove code that issued deprecation warnings in version 0.15. (#1477)
* Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. #2, #1640
* Added utils.invalidate_cached_property() to invalidate cached properties. (#1474)
* Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as “expires” and “version”. (#1495)
* Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. #1562, #1458
* Add charset=utf-8 to an HTTP exception response’s CONTENT_TYPE header. (#1526)
* The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. #913, #1037, #1532
* The user agent for Opera 60 on Mac is correctly reported as “opera” instead of “chrome”. #1556
* The platform for Crosswalk on Android is correctly reported as “android” instead of “chromeos”. (#1572)
* Issue a warning when the current server name does not match the configured server name. #760
* A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. #1584
* InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. #1590
* Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. #1605
* http.dump_cookie() accepts 'None' as a value for samesite. #1549
* set_cookie() accepts a samesite argument. #1705
* Support the Content Security Policy header through the Response.content_security_policy data structure. #1617
* LanguageAccept will fall back to matching “en” for “en-US” or “en-US” for “en” to better support clients or translations that only match at the primary language tag. #450, #1507
* MIMEAccept uses MIME parameters for specificity when matching. #458, #1574
* If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. #1469
* is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. #409
* SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. #1599
* Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. #1185
* Optional request log highlighting with the development server is handled by Click instead of termcolor. #1235
* Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. #1555
* FileStorage.save() supports pathlib and PEP 519 PathLike objects. #1653
* The debugger security pin is unique in containers managed by Podman. #1661
* Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. #488
* The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. #1657
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=49
