Releases: pallets/werkzeug
3.0.3
This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Werkzeug/3.0.3/
Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3
Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1
- Only allow
localhost
,.localhost
,127.0.0.1
, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985 - Make reloader more robust when
""
is insys.path
. #2823 - Better TLS cert format with
adhoc
dev certs. #2891 - Inform Python < 3.12 how to handle
itms-services
URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828 - Type annotation for
Rule.endpoint
and other uses ofendpoint
isAny
. #2836
3.0.2
This is a fix release for the 3.0.x feature branch.
2.3.8
This is a security release for the 2.3.x feature branch.
3.0.1
This is a security release for the 3.0.x feature branch.
3.0.0
This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.
2.3.7
This is a fix release for the 2.3.x feature branch.
2.3.6
This is a fix release for the 2.3.x feature branch.
2.3.5
This is a fix release for the 2.3.x feature branch.
2.3.4
This is a fix release for the 2.3.x release branch.
2.3.3
This is a fix release for the 2.3.x release branch.