Skip to content

Releases: encode/starlette

Version 0.41.2

27 Oct 08:19
afeb7c2
Compare
Choose a tag to compare

What's Changed


Full Changelog: 0.41.1...0.41.2

Version 0.41.1

24 Oct 14:40
18bbb5c
Compare
Choose a tag to compare

What's Changed

  • Change python-multipart import to python_multipart by @Kludex in #2733
  • Bump minimum python-multipart version to 0.0.13 by @Kludex in #2734

Full Changelog: 0.41.0...0.41.1

Version 0.41.0

15 Oct 17:31
46131a1
Compare
Choose a tag to compare

Added

  • Allow to raise HTTPException before websocket.accept() #2725

Version 0.40.0

15 Oct 06:51
4ded4b7
Compare
Choose a tag to compare

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

  • Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
    requests fd038f3.

Version 0.39.2

29 Sep 10:34
0b50b9c
Compare
Choose a tag to compare

Fixed

  • Allow use of request.url_for when only "app" scope is available #2672.
  • Fix internal type hints to support python-multipart==0.0.12 #2708.

Full Changelog: 0.39.1...0.39.2

Version 0.39.1

25 Sep 15:25
fa7b382
Compare
Choose a tag to compare

Fixed

  • Avoid regex re-compilation in responses.py and schemas.py #2700.
  • Improve performance of get_route_path by removing regular expression usage #2701.
  • Consider FileResponse.chunk_size when handling multiple ranges #2703.
  • Use token_hex for generating multipart boundary strings #2702.

Full Changelog: 0.39.0...0.39.1

Version 0.39.0

23 Sep 06:14
65bfd74
Compare
Choose a tag to compare

Added

  • Add support for HTTP Range to FileResponse #2697

Full Changelog: 0.38.6...0.39.0

Version 0.38.6

22 Sep 17:00
8d0cff8
Compare
Choose a tag to compare

Fixed

  • Close unclosed MemoryObjectReceiveStream in TestClient #2693.

Full Changelog: 0.38.5...0.38.6

Version 0.38.5

08 Sep 09:50
2d0dde8
Compare
Choose a tag to compare

Fixed

  • Schedule BackgroundTasks from within BaseHTTPMiddleware #2688.
    This behavior was removed in 0.38.3, and is now restored.

Full Changelog: 0.38.4...0.38.5

Version 0.38.4

01 Sep 15:15
831418a
Compare
Choose a tag to compare

Fixed

  • Ensure accurate root_path removal in get_route_path function #2600

Full Changelog: 0.38.3...0.38.4