Safety vulnerability ID: 53325
The information on this page was manually curated by our Cybersecurity Intelligence Team.
[This advisory has been limited. Please create a free account to view the full advisory.]
Latest version: 3.1.4
The comprehensive WSGI web application library.
[This affected versions has been limited. Please create a free account to view the full affected versions.]
[This fixed versions has been limited. Please create a free account to view the full fixed versions.]
-------------
Released 2023-02-14
- Ensure that URL rules using path converters will redirect with strict slashes when
the trailing slash is missing. :issue:`2533`
- Type signature for ``get_json`` specifies that return type is not optional when
``silent=False``. :issue:`2508`
- ``parse_content_range_header`` returns ``None`` for a value like ``bytes */-1``
where the length is invalid, instead of raising an ``AssertionError``. :issue:`2531`
- Address remaining ``ResourceWarning`` related to the socket used by ``run_simple``.
Remove ``prepare_socket``, which now happens when creating the server. :issue:`2421`
- Update pre-existing headers for ``multipart/form-data`` requests with the test
client. :issue:`2549`
- Fix handling of header extended parameters such that they are no longer quoted.
:issue:`2529`
- ``LimitedStream.read`` works correctly when wrapping a stream that may not return
the requested size in one ``read`` call. :issue:`2558`
- A cookie header that starts with ``=`` is treated as an empty key and discarded,
rather than stripping the leading ``==``.
- Specify a maximum number of multipart parts, default 1000, after which a
``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
attack where a larger number of form/file parts would result in disproportionate
resource use.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application