9dcc206ed6
Add CVE-2025-54121.patch to fix CVE-2025-54121 (bsc#1246855)
nkrapp2025-10-29 15:28:20 +01:00
18f290f9d4
- Update to 0.49.1 (fixes CVE-2025-62727, bsc#1252805) * This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse. You can view the full security advisory: GHSA-7f5h-v6xp-fcq8 * Optimize the HTTP ranges parsing logic - Update to 0.49.0 * Add encoding parameter to Config class * Support multiple cookie headers in Request.cookies * Use Literal type for WebSocketEndpoint encoding values * Do not pollute exception context in Middleware when using BaseHTTPMiddleware
Markéta Machová2025-10-29 13:30:59 +00:00
1607edbe99
- Update to 0.48.0 * Add official Python 3.14 support #3013. * Implement RFC9110 http status names #2939.
Matej Cepl2025-10-16 21:32:28 +00:00
b6c3537d32
- Update to 0.47.2 (fixes CVE-2025-54121, bsc#1246855) * Make UploadFile check for future rollover #2962. - Update to 0.47.1 * Use Self in TestClient.__enter__ #2951 * Allow async exception handlers to type-check #2949Dirk Mueller2025-07-23 10:51:03 +00:00
67a23d4b52
Accepting request 1283002 from devel:languages:python
Ana Guerrero2025-06-27 21:00:13 +00:00
4a028ea762
Accepting request 1282735 from home:glaubitz:branches:devel:languages:python
Dirk Mueller2025-06-05 07:48:42 +00:00
e5a174588e
- Update to 0.46.2: * Added + GZipMiddleware: Make sure Vary header is always added if a response can be compressed + Add max_part_size parameter to Request.form() + Add client parameter to TestClient + Make UUID path parameter conversion more flexible + Raise ClientDisconnect on StreamingResponse * Fixed + Use correct index on backwards compatible logic in TemplateResponse + Prevents reraising of exception from BaseHTTPMiddleware + w relative directory path when follow_symlinks=True + Raise exception from background task on BaseHTTPMiddleware + GZipMiddleware: Don't compress on server sent events + Turn directory into string on lookup_path on commonpath comparison + Make create_memory_object_stream compatible with old anyio versions once again, and bump anyio minimum version to 3.6.2 + Collect errors more reliably from WebSocket test client + Fix unclosed MemoryObjectReceiveStream upon exception in BaseHTTPMiddleware children + Use ETag from headers when parsing If-Range in FileResponse + Follow directory symlinks in StaticFiles when follow_symlinks=True + Bump minimum python-multipart version to 0.0.18 + Bump minimum httpx version to 0.27.0 * Removed + Drop Python 3.8 + Remove ExceptionMiddleware import proxy from starlette.exceptions module + Remove deprecated WS_1004_NO_STATUS_RCVD and WS_1005_ABNORMAL_CLOSURE + Remove deprecated allow_redirects argument from TestClient
Steve Kowalik2025-05-01 06:06:15 +00:00
973c2f89e0
Accepting request 1230643 from home:bnavigator:branches:devel:languages:python
Steve Kowalik2024-12-12 23:52:34 +00:00
ab72e566b1
Accepting request 1225373 from devel:languages:python
Ana Guerrero2024-11-21 14:13:26 +00:00
6efb479e30
- update to 0.41.3: * Exclude the query parameters from the scope[raw_path] on the TestClient#2716. * Replace dict by Mapping on HTTPException.headers#2749. * Correct middleware argument passing and improve factory pattern #2752. - update to 0.41.2: * Revert bump on python-multipart - update to 0.41.1: * Bump minimum python-multipart version to 0.0.13
Dirk Mueller2024-11-20 17:28:57 +00:00
6435e99b98
Accepting request 1222062 from devel:languages:python
Ana Guerrero2024-11-08 10:56:06 +00:00
5b45d99ec9
Accepting request 1208248 from devel:languages:python
Ana Guerrero2024-10-20 08:12:53 +00:00
b44c5d4bb2
- Update to 0.41.0: * Allow to raise HTTPException before websocket.accept(). * Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests. (bsc#1231689, CVE-2024-47874) * Allow use of request.url_for when only "app" scope is available. * Avoid regex re-compilation in responses.py and schemas.py. * Improve performance of get_route_path by removing regular expression usage. * Consider FileResponse.chunk_size when handling multiple ranges. * Use token_hex for generating multipart boundary strings. * Add support for HTTP Range to FileResponse. * Close unclosed MemoryObjectReceiveStream in TestClient.
Steve Kowalik2024-10-16 04:18:55 +00:00
2a6ee2b320
Accepting request 1199466 from devel:languages:python
Ana Guerrero2024-09-09 12:43:25 +00:00
6c55d1424a
- update to 0.38.5: * Schedule BackgroundTasks from within BaseHTTPMiddleware#2688. - update to 0.38.4: * Ensure accurate root_path removal in get_route_path function #2600 - update to 0.38.3: * Support for Python 3.13 #2662. * Don't poll for disconnects in BaseHTTPMiddleware via StreamingResponse#2620.
Dirk Mueller2024-09-08 15:06:36 +00:00
673187f1e3
- Update to 0.38.2: * Fix routing.get_name() not to assume all routines have __name__ #2648 - 0.38.1: * Revert "Add support for ASGI pathsend extension" #2649. - 0.38.0: * Allow use of memoryview in StreamingResponse and Response #2576 and #2577. * Send 404 instead of 500 when filename requested is too long on StaticFiles #2583. * Fail fast on invalid Jinja2Template instantiation parameters #2568. * Check endpoint handler is async only once #2536. * Add proper synchronization to WebSocketTestSession #2597.
Daniel Garcia2024-08-13 11:28:43 +00:00
4602f6e0d1
Accepting request 1170764 from devel:languages:python
Ana Guerrero2024-04-30 15:25:47 +00:00
38d0edc9a6
- update to 0.37.2: * Add bytes to _RequestData type #2510. * Revert "Turn scope["client"] to None on TestClient * Remove deprecated app argument passed to httpx.Client on the TestClient#2526. - update to 0.37.1: * Warn instead of raise for missing env file on Config#2485. - update to 0.37.0: * Support the WebSocket Denial Response ASGI extension #2041. - update to 0.36.3: * Create anyio.Event on async context #2459. - update to 0.36.2: * Upgrade python-multipart to 0.0.7 13e5c26. * Avoid duplicate charset on Content-Type#2443. - update to 0.36.1: * Check if "extensions" in scope before checking the extension - update to 0.36.0: * Add support for ASGI pathsend extension #2435. * Cancel WebSocketTestSession on close#2427. * Raise WebSocketDisconnect when WebSocket.send() excepts IOError#2425. * Raise FileNotFoundError when the env_file parameter on Config is not valid #2422.
Dirk Mueller2024-04-20 08:11:06 +00:00
475ba22aed
Accepting request 1138590 from devel:languages:python
Ana Guerrero2024-01-21 22:07:37 +00:00
3903e45210
Accepting request 1138504 from home:bnavigator:branches:devel:languages:python
Dirk Mueller2024-01-14 15:17:57 +00:00
381e74524e
- update to 0.34.0: * Use ParamSpec for run_in_threadpool#2375. * Add UploadFile.__repr__#2360. * Merge URLs properly on TestClient#2376. * Take weak ETags in consideration on StaticFiles#2334. * Deprecate FileResponse(method=...) parameter #2366. * Add middleware per Route/WebSocketRoute#2349. * Add middleware per Router#2351. * Do not overwrite "path" and "root_path" scope keys #2352. * Set ensure_ascii=False on json.dumps() for WebSocket.send_json()#2341. - update to 0.32.0.post1: * Revert mkdocs-material from 9.1.17 to 9.4.7 #2326. - update to 0.32.0: * Send reason on WebSocketDisconnect#2309. * Add domain parameter to SessionMiddleware#2280. * Inherit from HTMLResponse instead of Response on _TemplateResponse#2274. * Restore the Response.render type annotation to its pre-0.31.0 state #2264. - Deprecate on_startup and on_shutdown events #2070. - Limit the number of fields and files when parsing - Fix test package by adding 'exceptiongroup' python module as a - Remove unneeded BuildRequires on contextlib2. * Host now ignores port on routing #1322.
Dirk Mueller2023-12-29 10:04:45 +00:00
1c354549fe
Accepting request 1128182 from devel:languages:python
Ana Guerrero2023-11-23 20:39:01 +00:00
c1a06f1d84
- Override pytest configuration to do not handle warnings as errors.
Daniel Garcia2023-11-22 17:27:30 +00:00
731083eadd
Accepting request 1118530 from devel:languages:python
Ana Guerrero2023-10-20 21:16:12 +00:00
342993c12a
Accepting request 1118529 from home:david.anes:branches:devel:languages:python
Ondřej Súkup2023-10-18 07:51:10 +00:00
102797fda2
- Update to 0.18.0: * Change default chunk size from 4Kb to 64Kb on FileResponse #1345. * Add support for functools.partial in WebSocketRoute #1356. * Add StaticFiles packages with directory #1350. * Allow environment options in Jinja2Templates #1401. * Allow HEAD method on HttpEndpoint #1346. * Accept additional headers on websocket.accept message #1361 and #1422. * Add reason to WebSocket close ASGI event #1417. * Add headers attribute to UploadFile #1382. * Don't omit Content-Length header for Content-Length: 0 cases #1395. * Don't set headers for responses with 1xx, 204 and 304 status code #1397. * SessionMiddleware.max_age now accepts None, so cookie can last as long as the browser session #1387. * Tweak hashlib.md5() function on FileResponses ETag generation. The parameter usedforsecurity flag is set to False, if the flag is available on the system. This fixes an error raised on systems with FIPS enabled #1366 and #1410. * Fix path_params type on url_path_for() method i.e. turn str into Any #1341. * Host now ignores port on routing #1322. - Set asyncio_mode when running pytest, and stop turning warnings into errors.
Steve Kowalik2022-02-23 01:10:08 +00:00
ca429ae453
- Update to 0.16.0: - Added Encode funding option #1219 - Starlette now supports Trio as an async runtime via AnyIO - #1157. - TestClient.websocket_connect() now must be used as a context manager. - Initial support for Python 3.10 - #1201. - The compression level used in GZipMiddleware is now adjustable - #1128. - starlette.websockets.WebSocket instances are now hashable and compare by identity #1039 - A number of fixes related to running task groups in lifespan #1213, #1227 - Several fixes to CORSMiddleware. See #1111, #1112, #1113, #1199. - Improved exception messages in the case of duplicated path parameter names - #1177. - RedirectResponse now uses quote instead of quote_plus encoding for the Location header to better match the behaviour in other frameworks such as Django - #1164. - Exception causes are now preserved in more cases - #1158. - Session cookies now use the ASGI root path in the case of mounted applications - #1147. - Fixed a cache invalidation bug when static files were deleted in certain circumstances - #1023. - Improved memory usage of BaseHTTPMiddleware when handling large responses - #1012 fixed via #1157 - The method starlette.templates.Jinja2Templates.get_env was removed #1218 - The ClassVar starlette.testclient.TestClient.async_backend
Matej Cepl2021-07-22 10:21:44 +00:00
Dominique Leuenberger
nkrapp
Markéta Machová
Matej Cepl
Steve Kowalik
Dirk Mueller
Ana Guerrero
Daniel Garcia
Ondřej Súkup
David Anes
Richard Brown