Aiohttp

==================

Security bugfixes
-----------------

- Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:`Dreamsorcerer`

Thanks to :user:`kenballus` for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9.

.. _llhttp: https://llhttp.org

`7647 <https://github.com/aio-libs/aiohttp/issues/7647>`_

- Updated Python parser to comply with RFCs 9110/9112 -- by :user:`Dreamorcerer`

Thanks to :user:`kenballus` for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg.

`7663 <https://github.com/aio-libs/aiohttp/issues/7663>`_


Deprecation
-----------

- Added ``fallback_charset_resolver`` parameter in ``ClientSession`` to allow a user-supplied
character set detection function.

Character set detection will no longer be included in 3.9 as a default. If this feature is needed,
please use `fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>`_.

`7561 <https://github.com/aio-libs/aiohttp/issues/7561>`_


Features
--------

- Enabled lenient response parsing for more flexible parsing in the client
(this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:`Dreamsorcerer`

`7490 <https://github.com/aio-libs/aiohttp/issues/7490>`_



Bugfixes
--------

- Fixed ``PermissionError`` when ``.netrc`` is unreadable due to permissions.

`7237 <https://github.com/aio-libs/aiohttp/issues/7237>`_

- Fixed output of parsing errors pointing to a ``\n``. -- by :user:`Dreamsorcerer`

`7468 <https://github.com/aio-libs/aiohttp/issues/7468>`_

- Fixed ``GunicornWebWorker`` max_requests_jitter not working.

`7518 <https://github.com/aio-libs/aiohttp/issues/7518>`_

- Fixed sorting in ``filter_cookies`` to use cookie with longest path. -- by :user:`marq24`.

`7577 <https://github.com/aio-libs/aiohttp/issues/7577>`_

- Fixed display of ``BadStatusLine`` messages from llhttp_. -- by :user:`Dreamsorcerer`

`7651 <https://github.com/aio-libs/aiohttp/issues/7651>`_


----

==================

Security bugfixes
-----------------

- Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:`webknjaz`
and :user:`Dreamsorcerer`.

Thanks to :user:`sethmlarson` for reporting this and providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`7346 <https://github.com/aio-libs/aiohttp/issues/7346>`_


Features
--------

- Added information to C parser exceptions to show which character caused the error. -- by :user:`Dreamsorcerer`

`7366 <https://github.com/aio-libs/aiohttp/issues/7366>`_


Bugfixes
--------

- Fixed a transport is :data:`None` error -- by :user:`Dreamsorcerer`.

`3355 <https://github.com/aio-libs/aiohttp/issues/3355>`_


----

==================

Bugfixes
--------

- Fixed incorrectly overwriting cookies with the same name and domain, but different path.
`6638 <https://github.com/aio-libs/aiohttp/issues/6638>`_
- Fixed ``ConnectionResetError`` not being raised after client disconnection in SSL environments.
`7180 <https://github.com/aio-libs/aiohttp/issues/7180>`_


----

==================

.. attention::

This is the last :doc:`aiohttp <index>` release tested under
Python 3.6. The 3.9 stream is dropping it from the CI and the
distribution package metadata.

Bugfixes
--------

- Increased the upper boundary of the :doc:`multidict:index` dependency
to allow for the version 6 -- by :user:`hugovk`.

It used to be limited below version 7 in :doc:`aiohttp <index>` v3.8.1 but
was lowered in v3.8.2 via :pr:`6550` and never brought back, causing
problems with dependency pins when upgrading. :doc:`aiohttp <index>` v3.8.3
fixes that by recovering the original boundary of ``< 7``.
`6950 <https://github.com/aio-libs/aiohttp/issues/6950>`_


----

=====================================================

Bugfixes
--------

- Support registering OPTIONS HTTP method handlers via RouteTableDef.
`4663 <https://github.com/aio-libs/aiohttp/issues/4663>`_
- Started supporting ``authority-form`` and ``absolute-form`` URLs on the server-side.
`6227 <https://github.com/aio-libs/aiohttp/issues/6227>`_
- Fix Python 3.11 alpha incompatibilities by using Cython 0.29.25
`6396 <https://github.com/aio-libs/aiohttp/issues/6396>`_
- Remove a deprecated usage of pytest.warns(None)
`6663 <https://github.com/aio-libs/aiohttp/issues/6663>`_
- Fix regression where ``asyncio.CancelledError`` occurs on client disconnection.
`6719 <https://github.com/aio-libs/aiohttp/issues/6719>`_
- Export :py:class:`~aiohttp.web.PrefixedSubAppResource` under
:py:mod:`aiohttp.web` -- by :user:`Dreamsorcerer`.

This fixes a regression introduced by :pr:`3469`.
`6889 <https://github.com/aio-libs/aiohttp/issues/6889>`_
- Dropped the :class:`object` type possibility from
the :py:attr:`aiohttp.ClientSession.timeout`
property return type declaration.
`6917 <https://github.com/aio-libs/aiohttp/issues/6917>`_,
`6923 <https://github.com/aio-libs/aiohttp/issues/6923>`_


Improved Documentation
----------------------

- Added clarification on configuring the app object with settings such as a db connection.
`4137 <https://github.com/aio-libs/aiohttp/issues/4137>`_
- Edited the web.run_app declaration.
`6401 <https://github.com/aio-libs/aiohttp/issues/6401>`_
- Dropped the :class:`object` type possibility from
the :py:attr:`aiohttp.ClientSession.timeout`
property return type declaration.
`6917 <https://github.com/aio-libs/aiohttp/issues/6917>`_,
`6923 <https://github.com/aio-libs/aiohttp/issues/6923>`_


Deprecations and Removals
-------------------------

- Drop Python 3.5 support, aiohttp works on 3.6+ now.
`4046 <https://github.com/aio-libs/aiohttp/issues/4046>`_


Misc
----

- `6369 <https://github.com/aio-libs/aiohttp/issues/6369>`_, `#6399 <https://github.com/aio-libs/aiohttp/issues/6399>`_, `#6550 <https://github.com/aio-libs/aiohttp/issues/6550>`_, `#6708 <https://github.com/aio-libs/aiohttp/issues/6708>`_, `#6757 <https://github.com/aio-libs/aiohttp/issues/6757>`_, `#6857 <https://github.com/aio-libs/aiohttp/issues/6857>`_, `#6872 <https://github.com/aio-libs/aiohttp/issues/6872>`_


----

==================

Bugfixes
--------

- Fix the error in handling the return value of `getaddrinfo`.
`getaddrinfo` will return an `(int, bytes)` tuple, if CPython could not handle the address family.
It will cause an index out of range error in aiohttp. For example, if user compile CPython with
`--disable-ipv6` option, but his system enable the ipv6.
`5901 <https://github.com/aio-libs/aiohttp/issues/5901>`_
- Do not install "examples" as a top-level package.
`6189 <https://github.com/aio-libs/aiohttp/issues/6189>`_
- Restored ability to connect IPv6-only host.
`6195 <https://github.com/aio-libs/aiohttp/issues/6195>`_
- Remove ``Signal`` from ``__all__``, replace ``aiohttp.Signal`` with ``aiosignal.Signal`` in docs
`6201 <https://github.com/aio-libs/aiohttp/issues/6201>`_
- Made chunked encoding HTTP header check stricter.
`6305 <https://github.com/aio-libs/aiohttp/issues/6305>`_


Improved Documentation
----------------------

- update quick starter demo codes.
`6240 <https://github.com/aio-libs/aiohttp/issues/6240>`_
- Added an explanation of how tiny timeouts affect performance to the client reference document.
`6274 <https://github.com/aio-libs/aiohttp/issues/6274>`_
- Add flake8-docstrings to flake8 configuration, enable subset of checks.
`6276 <https://github.com/aio-libs/aiohttp/issues/6276>`_
- Added information on running complex applications with additional tasks/processes -- :user:`Dreamsorcerer`.
`6278 <https://github.com/aio-libs/aiohttp/issues/6278>`_


Misc
----

- `6205 <https://github.com/aio-libs/aiohttp/issues/6205>`_


----