Flask v0.12.3

Version Release Notes from April 26, 2018 (almost 6 years ago)

« Changelog History

Flask v0.12.3 Release Notes

Release Date: 2018-04-26 // almost 6 years ago

🚀 This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the 1.0 announcement and update to it instead if possible.

🔒 JSON Security Fix

Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.

👍 Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.

⬆️ Upgrade

⬆️ Upgrade from PyPI with pip. Use a version identifier if you want to stay at 0.12:
```
pip install -U 'Flask~=0.12.3'
```
⬆️ Or upgrade to 1.0:
```
pip install -U Flask
```

Awesome Python is part of the LibHunt network. Terms. Privacy Policy.