Bottle

Latest version: v0.13.2

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

3.8

versions should not update to Bottle 0.13 and stick with 0.12 instead.

.. rubric:: Stabilized APIs

* The documented API of the :class:`ConfigDict` class is now considered stable and ready to use.

.. rubric:: Deprecated APIs

* Python 2 support is now deprecated and will be dropped with the next release.
* The command line executable installed along with bottle will be renamed from `bottle.py` to just `bottle`. You can still execute bottle directly as a script (e.g. `./bottle.py` or `python3 bottle.py`) or as a module (via `python3 -m bottle`). Just the executable installed by your packaging tool (e.g. `pip`) into the `bin` folder of your (virtual) environment will change.
* The old route syntax (``/hello/:name``) is deprecated in favor of the more readable and flexible ``/hello/<name>`` syntax.
* :meth:`Bottle.mount` now recognizes Bottle instance and will warn about parameters that are not compatible with the new mounting behavior. The old behavior (mount applications as WSGI callable) still works and is used as a fallback automatically.
* The undocumented :func:`local_property` helper is now deprecated.
* The server adapter for google app engine is not useful anymore and marked as deprecated.
* Bottle uses pickle to store arbitrary objects into signed cookies. This is safe, as long as the signature key remains a secret. Unfortunately, people tend to push code with signature keys to github all the time, so we decided to remove pickle-support from bottle. Signed cookies will now issue a deprecation warning if the value is not a string, and support for non-string values will be removed in 0.14. The global :func:`cookie_encode`, :func:`cookie_decode` and :func:`is_cookie_encoded` are now also deprecated. If you are using this feature, think about using json to serialize your objects before storing them into cookies, or switch to a session system that stores data server-side instead of client-side.

0.14

=============================

0.13

==============

.. warning:: This release contains breaking changers, please read the notes below

.. rubric:: Dropped support for Python versions that reached their end-of-life.

Bottle up to 0.12 supported an absurd range of Python versions (2.5 to 3.12) and
keeping support for Python versions as ancient as 2.5 required a ton of workarounds
and compromises, but served no real purpose. If you need support for older Python
versions, you can stay on bottle 0.12. The updated list of tested and supported python
releases is as follows:

* Python 2 >= 2.7.3
* Python 3 >= 3.8

Support for Python 2.5 was marked as deprecated since 0.12. We decided to go a step further
and also remove support for 2.6 and 3.1 to 3.7 even if it was never deprecated explicitly
in bottle. This means that this release is *not* backwards compatible in Python <2.7.3 or

0.12

==============

* New SimpleTemplate parser implementation

* Support for multi-line code blocks (`<% ... %>`).
* The keywords `include` and `rebase` are functions now and can accept variable template names.

* The new :attr:`Request.route <BaseRequest.route>` property returns the :class:`Route` that originally matched the request.
* Removed the ``Request.MAX_PARAMS`` limit. The hash collision bug in CPythons dict() implementation was fixed over a year ago. If you are still using Python 2.5 in production, consider upgrading or at least make sure that you get security fixed from your distributor.
* New :class:`ConfigDict` API (see :doc:`configuration`)

More information can be found in this `development blog post <http://blog.bottlepy.org/2013/07/19/preview-bottle-012.html>`_.

0.11

==============

* Native support for Python 2.x and 3.x syntax. No need to run 2to3 anymore.
* Support for partial downloads (``Range`` header) in :func:`static_file`.
* The new :class:`ResourceManager` interface helps locating files bundled with an application.
* Added a server adapter for `waitress <http://docs.pylonsproject.org/projects/waitress/en/latest/>`_.
* New :meth:`Bottle.merge` method to install all routes from one application into another.
* New :attr:`Request.app <BaseRequest.app>` property to get the application object that handles a request.
* Added :meth:`FormsDict.decode()` to get an all-unicode version (needed by WTForms).
* :class:`MultiDict` and subclasses are now pickle-able.

.. rubric:: API Changes

* :attr:`Response.status <BaseResponse.status>` is a read-write property that can be assigned either a numeric status code or a status string with a reason phrase (``200 OK``). The return value is now a string to better match existing APIs (WebOb, werkzeug). To be absolutely clear, you can use the read-only properties :attr:`Response.status_code <BaseResponse.status_code>` and :attr:`Response.status_line <BaseResponse.status_line>`.

.. rubric:: API Deprecations

* :class:`SimpleTALTemplate` is now deprecating. There seems to be no demand.

0.10

==============

* Plugin API v2

* To use the new API, set :attr:`Plugin.api` to ``2``.
* :meth:`Plugin.apply` receives a :class:`Route` object instead of a context dictionary as second parameter. The new object offers some additional information and may be extended in the future.
* Plugin names are considered unique now. The topmost plugin with a given name on a given route is installed, all other plugins with the same name are silently ignored.

* The Request/Response Objects

* Added :attr:`Request.json <BaseRequest.json>`, :attr:`Request.remote_route <BaseRequest.remote_route>`, :attr:`Request.remote_addr <BaseRequest.remote_addr>`, :attr:`Request.query <BaseRequest.query>` and :attr:`Request.script_name <BaseRequest.script_name>`.
* Added :attr:`Response.status_line <BaseResponse.status_line>` and :attr:`Response.status_code <BaseResponse.status_code>` attributes. In future releases, :attr:`Response.status <BaseResponse.status>` will return a string (e.g. ``200 OK``) instead of an integer to match the API of other common frameworks. To make the transition as smooth as possible, you should use the verbose attributes from now on.
* Replaced :class:`MultiDict` with a specialized :class:`FormsDict` in many places. The new dict implementation allows attribute access and handles unicode form values transparently.

* Templates

* Added three new functions to the SimpleTemplate default namespace that handle undefined variables: :func:`stpl.defined`, :func:`stpl.get` and :func:`stpl.setdefault`.
* The default escape function for SimpleTemplate now additionally escapes single and double quotes.

* Routing

* A new route syntax (e.g. ``/object/<id:int>``) and support for route wildcard filters.
* Four new wildcard filters: `int`, `float`, `path` and `re`.

* Other changes

* Added command line interface to load applications and start servers.
* Introduced a :class:`ConfigDict` that makes accessing configuration a lot easier (attribute access and auto-expanding namespaces).
* Added support for raw WSGI applications to :meth:`Bottle.mount`.
* :meth:`Bottle.mount` parameter order changed.
* :meth:`Bottle.route` now accepts an import string for the ``callback`` parameter.
* Dropped Gunicorn 0.8 support. Current supported version is 0.13.
* Added custom options to Gunicorn server.
* Finally dropped support for type filters. Replace with a custom plugin of needed.

Page 1 of 2

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.