Werkzeug v1.0.0 Release Notes
Release Date: 2020-02-06 // about 4 years ago-
๐ Released 2020-02-06
- ๐ Drop support for Python 3.4. (:issue:
1478
) - ๐ Remove code that issued deprecation warnings in version 0.15.
(:issue:
1477
) - ๐ Remove most top-level attributes provided by the
werkzeug
module in favor of direct imports. For example, instead ofimport werkzeug; werkzeug.url_quote
, dofrom werkzeug.urls import url_quote
. Install version 0.16 first to see deprecation warnings while upgrading. :issue:2
, :pr:1640
- Added
utils.invalidate_cached_property()
to invalidate cached properties. (:pr:1474
) - Directive keys for the
Set-Cookie
response header are not ignored when parsing theCookie
request header. This allows cookies with names such as "expires" and "version". (:issue:1495
) - ๐ Request cookies are parsed into a
MultiDict
to capture all values for cookies with the same key.cookies[key]
returns the first value rather than the last. Usecookies.getlist(key)
to get all values.parse_cookie
also defaults to aMultiDict
. :issue:1562
, :pr:1458
- ๐ป Add
charset=utf-8
to an HTTP exception response'sCONTENT_TYPE
header. (:pr:1526
) - The interactive debugger handles outer variables in nested scopes
such as lambdas and comprehensions. :issue:
913
, :issue:1037
, :pr:1532
- The user agent for Opera 60 on Mac is correctly reported as
"opera" instead of "chrome". :issue:
1556
- The platform for Crosswalk on Android is correctly reported as
"android" instead of "chromeos". (:pr:
1572
) - โ Issue a warning when the current server name does not match the
configured server name. :issue:
760
- ๐ง A configured server name with the default port for a scheme will
match the current server name without the port if the current scheme
matches. :pr:
1584
- :exc:
~exceptions.InternalServerError
has aoriginal_exception
attribute that frameworks can use to track the original cause of the error. :pr:1590
- โ
Headers are tested for equality independent of the header key case,
such that
X-Foo
is the same asx-foo
. :pr:1605
- :meth:
http.dump_cookie
accepts'None'
as a value forsamesite
. :issue:1549
- โ
:meth:
~test.Client.set_cookie
accepts asamesite
argument. :pr:1705
- ๐ Support the Content Security Policy header through the
Response.content_security_policy
data structure. :pr:1617
-
LanguageAccept
will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. :issue:450
, :pr:1507
-
MIMEAccept
uses MIME parameters for specificity when matching. :issue:458
, :pr:1574
- If the development server is started with an
SSLContext
configured to verify client certificates, the certificate in PEM format will be available asenviron["SSL_CLIENT_CERT"]
. :pr:1469
-
is_resource_modified
will run for methods other thanGET
andHEAD
, rather than always returningFalse
. :issue:409
-
SharedDataMiddleware
returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. :issue:1599
- Add a
response.cache_control.immutable
flag. Keep in mind that browser support for thisCache-Control
header option is still experimental and may not be implemented. :issue:1185
- ๐ฒ Optional request log highlighting with the development server is
handled by Click instead of termcolor. :issue:
1235
- ๐ Optional ad-hoc TLS support for the development server is handled
by cryptography instead of pyOpenSSL. :pr:
1555
- ๐
FileStorage.save()
supportspathlib
and :pep:519
PathLike
objects. :issue:1653
- ๐ The debugger security pin is unique in containers managed by Podman.
:issue:
1661
- ๐ Building a URL when
host_matching
is enabled takes into account the current host when there are duplicate endpoints with different hosts. :issue:488
- The
429 TooManyRequests
and503 ServiceUnavailable
HTTP exceptions takes aretry_after
parameter to set theRetry-After
header. :issue:1657
- ๐
Map
andRule
have amerge_slashes
option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. :pr:1286, 1694
- Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status
codes. :pr:
1678
- โก๏ธ Add
update
,setlist
, andsetlistdefault
methods to theHeaders
data structure.extend
method can takeMultiDict
and kwargs. :pr:1687, 1697
- The development server accepts paths that start with two slashes,
rather than stripping off the first path segment. :issue:
491
- Add access control (Cross Origin Request Sharing, CORS) header
properties to the
Request
andResponse
wrappers. :pr:1699
-
Accept
values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. :issue:1686
- Added
Map.lock_class
attribute for alternative implementations. :pr:1702
- ๐ Support matching and building WebSocket rules in the routing system,
for use by async frameworks. :pr:
1709
- Range requests that span an entire file respond with 206 instead of
200, to be more compliant with :rfc:
7233
. This may help serving media to older browsers. :issue:410, 1704
- 0๏ธโฃ The :class:
~middleware.shared_data.SharedDataMiddleware
defaultfallback_mimetype
isapplication/octet-stream
. If a filename looks like a text mimetype, theutf-8
charset is added to it. This matches the behavior of :class:~wrappers.BaseResponse
and Flask'ssend_file()
. :issue:1689
- ๐ Drop support for Python 3.4. (:issue: