Releases: pallets/werkzeug
3.0.4
This is the Werkzeug 3.0.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Werkzeug/3.0.4/
Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4
Milestone: https://github.com/pallets/werkzeug/milestone/36?closed=1
- Restore behavior where parsing
multipart/x-www-form-urlencoded
data with
invalid UTF-8 bytes in the body results in no form data parsed rather than a
413 error. #2930 - Improve
parse_options_header
performance when parsing unterminated
quoted string values. #2904 - Debugger pin auth is synchronized across threads/processes when tracking
failed entries. #2916 - Dev server handles unexpected
SSLEOFError
due to issue in Python < 3.13.
#2926 - Debugger pin auth works when the URL already contains a query string.
#2918
3.0.3
This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Werkzeug/3.0.3/
Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3
Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1
- Only allow
localhost
,.localhost
,127.0.0.1
, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985 - Make reloader more robust when
""
is insys.path
. #2823 - Better TLS cert format with
adhoc
dev certs. #2891 - Inform Python < 3.12 how to handle
itms-services
URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828 - Type annotation for
Rule.endpoint
and other uses ofendpoint
isAny
. #2836
3.0.2
This is a fix release for the 3.0.x feature branch.
2.3.8
This is a security release for the 2.3.x feature branch.
3.0.1
This is a security release for the 3.0.x feature branch.
3.0.0
This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.
2.3.7
This is a fix release for the 2.3.x feature branch.
2.3.6
This is a fix release for the 2.3.x feature branch.
2.3.5
This is a fix release for the 2.3.x feature branch.
2.3.4
This is a fix release for the 2.3.x release branch.