Werkzeug v1.0.0 Release Notes

Release Date: 2020-02-06 // about 4 years ago
  • ๐Ÿš€ Released 2020-02-06

    • ๐Ÿ‘ Drop support for Python 3.4. (:issue:1478)
    • ๐Ÿšš Remove code that issued deprecation warnings in version 0.15. (:issue:1477)
    • ๐Ÿšš Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. :issue:2, :pr:1640
    • Added utils.invalidate_cached_property() to invalidate cached properties. (:pr:1474)
    • Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as "expires" and "version". (:issue:1495)
    • ๐Ÿ“œ Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. :issue:1562, :pr:1458
    • ๐Ÿ‘ป Add charset=utf-8 to an HTTP exception response's CONTENT_TYPE header. (:pr:1526)
    • The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. :issue:913, :issue:1037, :pr:1532
    • The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". :issue:1556
    • The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (:pr:1572)
    • โš  Issue a warning when the current server name does not match the configured server name. :issue:760
    • ๐Ÿ”ง A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. :pr:1584
    • :exc:~exceptions.InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. :pr:1590
    • โœ… Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. :pr:1605
    • :meth:http.dump_cookie accepts 'None' as a value for samesite. :issue:1549
    • โœ… :meth:~test.Client.set_cookie accepts a samesite argument. :pr:1705
    • ๐Ÿ”’ Support the Content Security Policy header through the Response.content_security_policy data structure. :pr:1617
    • LanguageAccept will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. :issue:450, :pr:1507
    • MIMEAccept uses MIME parameters for specificity when matching. :issue:458, :pr:1574
    • If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. :pr:1469
    • is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. :issue:409
    • SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. :issue:1599
    • Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. :issue:1185
    • ๐ŸŒฒ Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:1235
    • ๐Ÿ‘ Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. :pr:1555
    • ๐Ÿ‘ FileStorage.save() supports pathlib and :pep:519 PathLike objects. :issue:1653
    • ๐Ÿ”’ The debugger security pin is unique in containers managed by Podman. :issue:1661
    • ๐Ÿ— Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. :issue:488
    • The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. :issue:1657
    • ๐Ÿ”€ Map and Rule have a merge_slashes option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. :pr:1286, 1694
    • Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. :pr:1678
    • โšก๏ธ Add update, setlist, and setlistdefault methods to the Headers data structure. extend method can take MultiDict and kwargs. :pr:1687, 1697
    • The development server accepts paths that start with two slashes, rather than stripping off the first path segment. :issue:491
    • Add access control (Cross Origin Request Sharing, CORS) header properties to the Request and Response wrappers. :pr:1699
    • Accept values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. :issue:1686
    • Added Map.lock_class attribute for alternative implementations. :pr:1702
    • ๐Ÿ— Support matching and building WebSocket rules in the routing system, for use by async frameworks. :pr:1709
    • Range requests that span an entire file respond with 206 instead of 200, to be more compliant with :rfc:7233. This may help serving media to older browsers. :issue:410, 1704
    • 0๏ธโƒฃ The :class:~middleware.shared_data.SharedDataMiddleware default fallback_mimetype is application/octet-stream. If a filename looks like a text mimetype, the utf-8 charset is added to it. This matches the behavior of :class:~wrappers.BaseResponse and Flask's send_file(). :issue:1689