This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Werkzeug/3.0.6/
Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6
- Fix how
max_form_memory_size
is applied when parsing large non-file fields. GHSA-q34m-jh98-gwm2 safe_join
catches certain paths on Windows that were not caught byntpath.isabs
on Python < 3.11. GHSA-f9vj-2wh5-fj8j