Releases: litestar-org/litestar
v2.8.3
This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.
You can find more background information in the related discussion #3473 .
Sponsors 🌟
Thanks to these incredible business sponsors:
Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!
What's changed
New contributors 🎉
- @maintain0404 made their first contribution in #3405
Bugfixes 🐛
- Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf
- Remove use of asserts for control flow in Pydantic Plugin by @peterschutt in #3359
- Fix OpenAPI schema for generic wrapped return types with DTO by @peterschutt in #3371
- Fix ambiguous default warning for no signature default by @peterschutt in #3378
- Fix path param consumed by dependency treated as unconsumed by @peterschutt in #3380
- Fix remove
name
andin
properties included in OpenAPI headers by @peterschutt in #3417 - Fix unconditional minijinja import in flash-messages plugin by @peterschutt in #3418
- Fix routing issues with regular handler under mounted app by @peterschutt in #3430
- Fix file logging with structlog by @peterschutt in #3425
- Fix clearing large session cookies by @peterschutt in #3446
- Fix flash messages were not displayed on redirects by @euri10 in #3420
- Fix alidation of optional sequence in multipart data with one value by @provinzkraut in #3408
Documentation
- Update
usage/static_files
by @JacobCoffee in #3358 - Fix broken url; swagger ui by @wer153 in #3368
- Correct a word by @wer153 in #3412
- Fix WebSockets documentation grammar by @marcuslimdw in #3413
- Fix intersphinx mapping for advanced-alchemy by @provinzkraut in #3438
- Update
usage/caching
by @JacobCoffee in #3345 - Update
docs/usage/security/*
by @JacobCoffee in #3344 - Improve sse by @euri10 in #3454
Full Changelog
v2.8.2...v2.8.3
v2.7.2
This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.
You can find more background information in the related discussion #3473 .
Sponsors 🌟
Thanks to these incredible business sponsors:
Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!
What's changed
- Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf
v2.6.4
This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.
You can find more background information in the related discussion #3473 .
Sponsors 🌟
Thanks to these incredible business sponsors:
Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!
What's changed
- Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf
v1.51.16
This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.
You can find more background information in the related discussion #3473 .
Sponsors 🌟
Thanks to these incredible business sponsors:
Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!
What's changed
- Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf
v1.51.15
Maintenance release
- Update dependencies and release pipeline by @provinzkraut in #3469
Full Changelog: v1.51.14...v1.51.15
v2.8.2
Sponsors 🌟
Thanks to these incredible business sponsors:
-
Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
-
A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!
What's changed
Bugfixes 🐛
- fix: pydantic import differentiation for pydantic v1.10.15 by @peterschutt in #3347
Full Changelog
v2.8.1...v2.8.2
v2.8.1
Sponsors 🌟
Thanks to these incredible business sponsors:
-
Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
-
A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!
What's changed
Bugfixes 🐛
- fix: asgi lifespan msg after lifespan context exception by @peterschutt in #3315
- fix: bug when pydantic==1.10 is installed by @peterschutt in #3335
- fix: OpenAPI router and controller on same app. by @peterschutt in #3338
Other changes
- docs: add citation by @JacobCoffee in #3329
- refactor(routing): Move kwargs model creation to handler by @provinzkraut in #3331
Full Changelog
v2.8.0...v2.8.1
v2.8.0
Sponsors 🌟
Thanks to these incredible business sponsors:
- Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
Thanks to these incredible personal sponsors:
-
GitHub Sponsors: (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev,
-
OpenCollective: Christian Y, Anonymous
-
A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!
What's changed
New contributors 🎉
- @carlsmedstad made their first contribution in #3291
- @haryle made their first contribution in #3242
- @winbornejw made their first contribution in #3136
Bugfixes 🐛
- fix(cli): remove duplicate rich-click config options by @JacobCoffee in #3274
- fix: pydantic
json_schema_extra
examples. by @peterschutt in #3281 - fix(openapi): set default on schema from
FieldDefinition
by @guacs in #3280 - fix: Custom types cause serialisation error in exception response with non-JSON media-type by @provinzkraut in #3284
- fix(OpenAPI): Ensure default values are always represented in schema for dataclasses and
msgspec.Struct
s by @provinzkraut in #3285 - fix(DTO): Pydantic v2 error handling/serialization when for non-pydantic exceptions by @provinzkraut in #3286
- fix(OpenAPI): Fix OpenAPI schema generation for paths with path parameters of different types on the same path by @provinzkraut in #3293
- fix(OpenAPI): Document unconsumed path parameters by @provinzkraut in #3295
- fix: Unique schema names for nested models (#3134) by @winbornejw in #3136
New features 🚀
- feat: add Scalar.com as an OpenAPI docs generator option
- feat: allow for console output to be silenced by @cofin in #3180
- feat: add flash plugin by @euri10 in #3145
- feat: Use memoized
request_class
andresponse_class
values by @kedod in #3205 - feat(DTO): Enable codegen backend by default by @provinzkraut in #3215
- feat: Added precedence of CLI parameters over envs by @kedod in #3190
- feat: only print when terminal is
TTY
enabled by @cofin in #3219 - feat: Support
schema_extra
inParameter
andBody
by @tuukkamustonen in #3204 - feat: add typevar expansion by @haryle in #3242
- feat: Add LITESTAR_ prefix before WEB_CONCURRENCY env option by @kedod in #3227
- feat: Warn about ambiguous default values in parameter specifications by @provinzkraut in #3283
- feat: support declaring
DTOField
viaAnnotated
by @peterschutt in #3289 - feat: Add
TRACE
to HttpMethod enum by @provinzkraut in #3294 - feat: Pydantic dto non instantiable types by @peterschutt in #3296
- feat: Add
path
parameter to Litestar application class by @kedod in #3314
Other changes
- docs(channels): Fix subscriber examples by @provinzkraut in #3287
- docs: Expand the acronym for Data Transfer Object in
What's New in v2
by @cclauss in #3288 - docs: Add examples for auth
exclude
configuration by @aranvir in #3246 - refactor: Reduce module import time by @provinzkraut in #3282
- refactor: remove CacheControlHeader dependency on AbstractDTO by @peterschutt in #3307
Full Changelog
v2.7.1...v2.8.0
v2.7.1
Sponsors 🌟
- Thanks to these incredible business sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
- A huge 'Thank you!' to all sponsors across Polar.sh, OpenCollective and GitHub Sponsors!
New contributors 🎉
What's changed
Bugfixes 🐛
- fix: replace TestClient.enter return type with Self by @cbscsm in #3194
- fix: use the full path for fetching openapi.json by @guacs in #3196
- fix: JSON schema
examples
were OpenAPI formatted by @tuukkamustonen in #3224 - fix(logging): queue_listener handler for Python >= 3.12 by @jderrien in #3185
- fix: extend openapi meta collected from domain models by @peterschutt in #3237
- fix: kwarg ambiguity exc msg for path params by @peterschutt in #3261
Other changes
- docs: fix included line range from example by @hugovk in #3208
- docs: fix included line range from example by @hugovk in #3209
- docs: add missing api docs for plugins by @JacobCoffee in #3169
- docs: add missing
alembic
class references by @cofin in #3220 - docs: Removed double
parsing
from the codegen backend docs by @kedod in #3216 - docs: document guards behavior when placed at controller and app level by @guacs in #3230
- docs: Add missing layered parameters by @kedod in #3245
- docs: Update test_client fixture documentation by @sherbang in #3258
- docs(csrf): Add usage example by @Alc-Alc in #3256
- docs: build develop and v3 branch docs by @JacobCoffee in #3264
Full Changelog
v2.7.0...v2.7.1
v2.7.0
Sponsors ❤️
GitHub Sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev, @iRod3s
OpenCollective: Christian Y, Anonymous
What's changed
Bugfixes
- Fix missing cors headers in response by @crisog in #3179
- Fix sending empty data in sse in js client by @euri10 in #3176
New features
- Support
ResponseSpec(..., examples=[...])
by @tuukkamustonen in #3100 - Support "+json"-suffixed response media types by @bunny-therapist in #3096
- Allow re-usable
Router
instances by @tuukkamustonen in #3103 - Only display path in
ValidationException
s by @floxay in #3064 - Expose request_class to other layers by @kedod in #3125
- Expose websocket_class by @kedod in #3152
- Add
type_decoders
Router and route handlers by @kedod in #3153 - Pass
type_decoders
in WebsocketListenerRouteHandler by @kedod in #3162 - 3116 enhancement session middleware by @aranvir in #3127
- Make random seed for openapi example generation configurable by @guacs in #3166
- Generate openapi components schemas in a deterministic order by @guacs in #3172
New contributors
- @crisog made their first contribution in #3179
- @error418 made their first contribution in #3167
- @bunny-therapist made their first contribution in #3096
- @tuukkamustonen made their first contribution in #3100
Full Changelog
v2.6.3...v2.7.0