Esmerald

Latest version: v3.6.7

Safety actively analyzes 714860 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 19

3.6.7

Added
- `before_request` and `after_request` WebSocketGateway handler added.
- `before_request` and `after_request` added as default to the settings. This was not required
as the settings loading system of Esmerald defaults values but this should be added to the settings
for consistency reasons of the framework.
Changed

- Reverse order on Gateway `after_request`.

Fixed

- `override_settings` was not taking into account async functions.

3.6.6

Added

- `Esmerald`, `Include`, `Host`, `Gateway`, `HTTPHandler` and `Router` now support `before_request` and `after_request`
life cycles. This can be particularly useful to those who want to perform actions before and after
a request is performed. E.g.: Telemetry.
- Missing before and after request in the handler helpers.
- `BaseController` alias for the `View`. This serves a preparation for the internal renaming.

Fixed

- Internal permission checking for Lilya and Esmerald was not extended to `View` base of Controllers.
- Inheritance extending previous permissions on Controllers.

3.6.5

Added

- Esmerald now **also** supports **Pure ASGI Permissions**. That means you can pass the same
style of permissions as the ones used in Lilya as alternative to the native Esmerald permission
system.
- New [Lilya permissions](https://lilya.dev/permissions/lilya.md) documentation section.

Changed

- [Permissions section](https://lilya.dev/permissions/esmerald.md) moved and renamed to Esmerald Permissions.

Fixed

- `set_cookie` was causing an issue when multiple were being generated.

3.6.4

Added

- Support for `async` jinja templates.
- Missing `esmerald --version` command to the cli.

Changed

- Removed hard dependency of `nest_asyncio`.
- Use ORJSON as parsing json.

Fixed

- Internal pattern for OAuth2 form password.
- Fixed internal typings of passthrough in Response and TemplateResponse.
- Esmerald permissions on Include were being overriten by Lilya too early.

3.6.3

Added

- [Requires()](./dependencies.mdrequires-and-security) as a new independent way to manage dependencies.
- A more thorough explanation about the [Security()](./dependencies.mdrequires-and-security), how to use it and examples.

Changed

- Expose `Controller` in `esmerald` as alternative to `APIView`. This was already available to use but not directly
accessible via `from esmerald import Controller`.

Fixed

- Fix escaped " in TemplateResponse.
- Fix TemplateResponse's auto-detection of the media-type when used directly.
- Don't mangle strings by default for other media-types than json.
- Don't mangle returned responses.
- Reverse lookup or Class based views and nested naming using `path_for`.

3.6.2

Added

- `name` parameter to StaticFiles config allowing to reverse lookup internally.
- Support for Python 3.13
- Support for `redirect_slashes` in the Include.
- `status_code` to ResponseContainer to be parameter detectable.

Changed

- Cleanup Response.
- Move `transform` method to lilya but provide speedup in a mixin.
- Esmerald `Response` behaves like `make_response` in lilya with a plain `Response`.
- Special handle None (nothing is returned) in `Response`. It shouldn't map to `null` so not all handlers have to return a value.

Fixed

- `data` and `payload` special kwargs are now allowed when a not-bodyless method is available for the handler. They default to None.
- `bytes` won't be encoded as json when returned from a handler. This would unexpectly lead to a base64 encoding.
- SessionConfig has a unneccessarily heavily restricted secret_key parameter.
- Gracefully handle situations where cookies are None in `get_cookies`.
- Fix validation of parameters requiring a body.

Page 1 of 19

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.