Changelog History
Page 3
-
v1.0.4 Changes
July 09, 2019๐ Released 2019-07-04
- The key information for
BadRequestKeyError
is no longer cleared outside debug mode, so error handlers can still access it. This requires upgrading to Werkzeug 0.15.5. :issue:3249
-
send_file
url quotes the ":" and "/" characters for more compatible UTF-8 filename support in some browsers. :issue:3074
- โ
Fixes for :pep:
451
import loaders and pytest 5.x. :issue:3275
- Show message about dotenv on stderr instead of stdout. :issue:
3285
- The key information for
-
v1.0.3 Changes
July 09, 2019๐ Released 2019-05-17
- :func:
send_file
encodes filenames as ASCII instead of Latin-1 (ISO-8859-1). This fixes compatibility with Gunicorn, which is stricter about header encodings than PEP 3333. :issue:2766
- Allow custom CLIs using
FlaskGroup
to set the debug flag without it always being overwritten based on environment variables. :pr:2765
-
flask --version
outputs Werkzeug's version and simplifies the Python version. :pr:2825
- :func:
send_file
handles anattachment_filename
that is a native Python 2 string (bytes) with UTF-8 coded bytes. :issue:2933
- A catch-all error handler registered for
HTTPException
will not handleRoutingException
, which is used internally during routing. This fixes the unexpected behavior that had been introduced in 1.0. :pr:2986
- โ
Passing the
json
argument toapp.test_client
does not push/pop an extra app context. :issue:2900
- :func:
-
v1.0.2 Changes
May 02, 2018 -
v1.0.1 Changes
April 30, 2018๐ Released 2018-04-29
- Fix registering partials (with no
__name__
) as view functions. :pr:2730
- Don't treat lists returned from view functions the same as tuples.
Only tuples are interpreted as response data. :issue:
2736
- ๐จ Extra slashes between a blueprint's
url_prefix
and a route URL are merged. This fixes some backwards compatibility issues with the change in 1.0. :issue:2731
, :issue:2742
- Only trap
BadRequestKeyError
errors in debug mode, not allBadRequest
errors. This allowsabort(400)
to continue working as expected. :issue:2735
- The
FLASK_SKIP_DOTENV
environment variable can be set to1
to skip automatically loading dotenv files. :issue:2722
- Fix registering partials (with no
-
v1.0 Changes
April 26, 2018๐ Released 2018-04-26
- ๐ Python 2.6 and 3.3 are no longer supported.
- โ
Bump minimum dependency versions to the latest stable versions:
Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1.
:issue:
2586
- Skip :meth:
app.run <Flask.run>
when a Flask application is run from the command line. This avoids some behavior that was confusing to debug. - ๐จ Change the default for :data:
JSONIFY_PRETTYPRINT_REGULAR
toFalse
. :func:~json.jsonify
returns a compact format by default, and an indented format in debug mode. :pr:2193
- :meth:
Flask.__init__ <Flask>
accepts thehost_matching
argument and sets it on :attr:~Flask.url_map
. :issue:1559
- :meth:
Flask.__init__ <Flask>
accepts thestatic_host
argument and passes it as thehost
argument when defining the static route. :issue:1559
- ๐ :func:
send_file
supports Unicode inattachment_filename
. :pr:2223
- Pass
_scheme
argument from :func:url_for
to :meth:~Flask.handle_url_build_error
. :pr:2017
- :meth:
~Flask.add_url_rule
accepts theprovide_automatic_options
argument to disable adding theOPTIONS
method. :pr:1489
- :class:
~views.MethodView
subclasses inherit method handlers from base classes. :pr:1936
- Errors caused while opening the session at the beginning of the
request are handled by the app's error handlers. :pr:
2254
- ๐จ Blueprints gained :attr:
~Blueprint.json_encoder
and :attr:~Blueprint.json_decoder
attributes to override the app's encoder and decoder. :pr:1898
- :meth:
Flask.make_response
raisesTypeError
instead ofValueError
for bad response types. The error messages have been improved to describe why the type is invalid. :pr:2256
- Add
routes
CLI command to output routes registered on the application. :pr:2259
- โ Show warning when session cookie domain is a bare hostname or an IP
address, as these may not behave properly in some browsers, such as
Chrome. :pr:
2282
- Allow IP address as exact session cookie domain. :pr:
2282
-
SESSION_COOKIE_DOMAIN
is set if it is detected throughSERVER_NAME
. :pr:2282
- Auto-detect zero-argument app factory called
create_app
ormake_app
fromFLASK_APP
. :pr:2297
- Factory functions are not required to take a
script_info
parameter to work with theflask
command. If they take a single parameter or a parameter namedscript_info
, the :class:~cli.ScriptInfo
object will be passed. :pr:2319
-
FLASK_APP
can be set to an app factory, with arguments if needed, for exampleFLASK_APP=myproject.app:create_app('dev')
. :pr:2326
- ๐ฆ
FLASK_APP
can point to local packages that are not installed in editable mode, althoughpip install -e
is still preferred. :pr:2414
- The :class:
~views.View
class attribute :attr:~views.View.provide_automatic_options
is set in :meth:~views.View.as_view
, to be detected by :meth:~Flask.add_url_rule
. :pr:2316
- ๐จ Error handling will try handlers registered for
blueprint, code
,app, code
,blueprint, exception
,app, exception
. :pr:2314
-
Cookie
is added to the response'sVary
header if the session is accessed at all during the request (and not deleted). :pr:2288
- :meth:
~Flask.test_request_context
acceptssubdomain
andurl_scheme
arguments for use when building the base URL. :pr:1621
- 0๏ธโฃ Set :data:
APPLICATION_ROOT
to'/'
by default. This was already the implicit default when it was set toNone
. - :data:
TRAP_BAD_REQUEST_ERRORS
is enabled by default in debug mode.BadRequestKeyError
has a message with the bad key in debug mode instead of the generic bad request message. :pr:2348
- Allow registering new tags with
:class:
~json.tag.TaggedJSONSerializer
to support storing other types in the session cookie. :pr:2352
- Only open the session if the request has not been pushed onto the
context stack yet. This allows :func:
~stream_with_context
generators to access the same session that the containing view uses. :pr:2354
- โ
Add
json
keyword argument for the test client request methods. This will dump the given object as JSON and set the appropriate content type. :pr:2358
- Extract JSON handling to a mixin applied to both the
:class:
Request
and :class:Response
classes. This adds the :meth:~Response.is_json
and :meth:~Response.get_json
methods to the response to make testing JSON response much easier. :pr:2358
- ๐ Removed error handler caching because it caused unexpected results
for some exception inheritance hierarchies. Register handlers
explicitly for each exception if you want to avoid traversing the
MRO. :pr:
2362
- Fix incorrect JSON encoding of aware, non-UTC datetimes. :pr:
2374
- Template auto reloading will honor debug mode even even if
:attr:
~Flask.jinja_env
was already accessed. :pr:2373
๐ The following old deprecated code was removed. :issue:
2385
-
flask.ext
- import extensions directly by their name instead of through theflask.ext
namespace. For example,import flask.ext.sqlalchemy
becomesimport flask_sqlalchemy
. -
Flask.init_jinja_globals
- extend :meth:Flask.create_jinja_environment
instead. -
Flask.error_handlers
- tracked by :attr:Flask.error_handler_spec
, use :meth:Flask.errorhandler
to register handlers. -
Flask.request_globals_class
- use :attr:Flask.app_ctx_globals_class
instead. -
Flask.static_path
- use :attr:Flask.static_url_path
instead. -
Request.module
- use :attr:Request.blueprint
instead.
-
๐ The :attr:
Request.json
property is no longer deprecated. :issue:1421
โ Support passing a :class:
~werkzeug.test.EnvironBuilder
ordict
to :meth:test_client.open <werkzeug.test.Client.open>
. :pr:2412
The
flask
command and :meth:Flask.run
will load environment variables from.env
and.flaskenv
files if python-dotenv is installed. :pr:2416
โ When passing a full URL to the test client, the scheme in the URL is used instead of :data:
PREFERRED_URL_SCHEME
. :pr:2430
:attr:
Flask.logger
has been simplified.LOGGER_NAME
andLOGGER_HANDLER_POLICY
config was removed. The logger is always namedflask.app
. The level is only set on first access, it doesn't check :attr:Flask.debug
each time. Only one format is used, not different ones depending on :attr:Flask.debug
. No handlers are removed, and a handler is only added if no handlers are already configured. :pr:2436
๐จ Blueprint view function names may not contain dots. :pr:
2450
Fix a
ValueError
caused by invalidRange
requests in some cases. :issue:2526
0๏ธโฃ The development server uses threads by default. :pr:
2529
Loading config files with
silent=True
will ignore :data:~errno.ENOTDIR
errors. :pr:2581
Pass
--cert
and--key
options toflask run
to run the development server over HTTPS. :pr:2606
Added :data:
SESSION_COOKIE_SAMESITE
to control theSameSite
attribute on the session cookie. :pr:2607
Added :meth:
~flask.Flask.test_cli_runner
to create a Click runner that can invoke Flask CLI commands for testing. :pr:2636
0๏ธโฃ Subdomain matching is disabled by default and setting :data:
SERVER_NAME
does not implicitly enable it. It can be enabled by passingsubdomain_matching=True
to theFlask
constructor. :pr:2635
๐จ A single trailing slash is stripped from the blueprint
url_prefix
when it is registered with the app. :pr:2629
๐ :meth:
Request.get_json
doesn't cache the result if parsing fails whensilent
is true. :issue:2651
:func:
Request.get_json
no longer accepts arbitrary encodings. Incoming JSON should be encoded using UTF-8 per :rfc:8259
, but Flask will autodetect UTF-8, -16, or -32. :pr:2691
Added :data:
MAX_COOKIE_SIZE
and :attr:Response.max_cookie_size
to control when Werkzeug warns about large cookies that browsers may ignore. :pr:2693
๐ Updated documentation theme to make docs look better in small windows. :pr:
2709
๐ Rewrote the tutorial docs and example project to take a more structured approach to help new users avoid common pitfalls. :pr:
2676
-
v0.12.5 Changes
February 10, 2020๐ Released 2020-02-10
- ๐ Pin Werkzeug to < 1.0.0. :issue:
3497
- ๐ Pin Werkzeug to < 1.0.0. :issue:
-
v0.12.4 Changes
April 30, 2018 -
v0.12.3 Changes
April 26, 2018๐ This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the 1.0 announcement and update to it instead if possible.
๐ JSON Security Fix
Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.
๐ Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.
โฌ๏ธ Upgrade
โฌ๏ธ Upgrade from PyPI with pip. Use a version identifier if you want to stay at 0.12:
pip install -U 'Flask~=0.12.3'
โฌ๏ธ Or upgrade to 1.0:
pip install -U Flask
-
v0.12.2 Changes
๐ Released 2017-05-16
- ๐ Fix a bug in
safe_join
on Windows.
- ๐ Fix a bug in
-
v0.12.1 Changes
๐ Released 2017-03-31
- Prevent
flask run
from showing aNoAppException
when anImportError
occurs within the imported application module. - Fix encoding behavior of
app.config.from_pyfile
for Python 3. :issue:2118
- 0๏ธโฃ Use the
SERVER_NAME
config if it is present as default values forapp.run
. :issue:2109
, :pr:2152
- ๐ป Call
ctx.auto_pop
with the exception object instead ofNone
, in the event that aBaseException
such asKeyboardInterrupt
is raised in a request handler.
- Prevent