v2.8.3

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @maintain0404 made their first contribution in #3405

Bugfixes 🐛

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf
• Remove use of asserts for control flow in Pydantic Plugin by @peterschutt in #3359
• Fix OpenAPI schema for generic wrapped return types with DTO by @peterschutt in #3371
• Fix ambiguous default warning for no signature default by @peterschutt in #3378
• Fix path param consumed by dependency treated as unconsumed by @peterschutt in #3380
• Fix remove name and in properties included in OpenAPI headers by @peterschutt in #3417
• Fix unconditional minijinja import in flash-messages plugin by @peterschutt in #3418
• Fix routing issues with regular handler under mounted app by @peterschutt in #3430
• Fix file logging with structlog by @peterschutt in #3425
• Fix clearing large session cookies by @peterschutt in #3446
• Fix flash messages were not displayed on redirects by @euri10 in #3420
• Fix alidation of optional sequence in multipart data with one value by @provinzkraut in #3408

Documentation

• Update usage/static_files by @JacobCoffee in #3358
• Fix broken url; swagger ui by @wer153 in #3368
• Correct a word by @wer153 in #3412
• Fix WebSockets documentation grammar by @marcuslimdw in #3413
• Fix intersphinx mapping for advanced-alchemy by @provinzkraut in #3438
• Update usage/caching by @JacobCoffee in #3345
• Update docs/usage/security/* by @JacobCoffee in #3344
• Improve sse by @euri10 in #3454

Full Changelog
v2.8.2...v2.8.3

v2.7.2

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf

v2.6.4

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf

v1.51.16

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf

v1.51.15

Maintenance release

• Update dependencies and release pipeline by @provinzkraut in #3469

Full Changelog: v1.51.14...v1.51.15

v2.8.2

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

Bugfixes 🐛

• fix: pydantic import differentiation for pydantic v1.10.15 by @peterschutt in #3347

Full Changelog
v2.8.1...v2.8.2

v2.8.1

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

Bugfixes 🐛

• fix: asgi lifespan msg after lifespan context exception by @peterschutt in #3315
• fix: bug when pydantic==1.10 is installed by @peterschutt in #3335
• fix: OpenAPI router and controller on same app. by @peterschutt in #3338

Other changes

• docs: add citation by @JacobCoffee in #3329
• refactor(routing): Move kwargs model creation to handler by @provinzkraut in #3331

Full Changelog
v2.8.0...v2.8.1

v2.8.0

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

Thanks to these incredible personal sponsors:

• Polar.sh: @thomastu, @skewty, @iRod3s

• GitHub Sponsors: (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev,

• OpenCollective: Christian Y, Anonymous

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @carlsmedstad made their first contribution in #3291
• @haryle made their first contribution in #3242
• @winbornejw made their first contribution in #3136

Bugfixes 🐛

• fix(cli): remove duplicate rich-click config options by @JacobCoffee in #3274
• fix: pydantic json_schema_extra examples. by @peterschutt in #3281
• fix(openapi): set default on schema from FieldDefinition by @guacs in #3280
• fix: Custom types cause serialisation error in exception response with non-JSON media-type by @provinzkraut in #3284
• fix(OpenAPI): Ensure default values are always represented in schema for dataclasses and msgspec.Structs by @provinzkraut in #3285
• fix(DTO): Pydantic v2 error handling/serialization when for non-pydantic exceptions by @provinzkraut in #3286
• fix(OpenAPI): Fix OpenAPI schema generation for paths with path parameters of different types on the same path by @provinzkraut in #3293
• fix(OpenAPI): Document unconsumed path parameters by @provinzkraut in #3295
• fix: Unique schema names for nested models (#3134) by @winbornejw in #3136

New features 🚀

• feat: add Scalar.com as an OpenAPI docs generator option
• feat: allow for console output to be silenced by @cofin in #3180
• feat: add flash plugin by @euri10 in #3145
• feat: Use memoized request_class and response_class values by @kedod in #3205
• feat(DTO): Enable codegen backend by default by @provinzkraut in #3215
• feat: Added precedence of CLI parameters over envs by @kedod in #3190
• feat: only print when terminal is TTY enabled by @cofin in #3219
• feat: Support schema_extra in Parameter and Body by @tuukkamustonen in #3204
• feat: add typevar expansion by @haryle in #3242
• feat: Add LITESTAR_ prefix before WEB_CONCURRENCY env option by @kedod in #3227
• feat: Warn about ambiguous default values in parameter specifications by @provinzkraut in #3283
• feat: support declaring DTOField via Annotated by @peterschutt in #3289
• feat: Add TRACE to HttpMethod enum by @provinzkraut in #3294
• feat: Pydantic dto non instantiable types by @peterschutt in #3296
• feat: Add path parameter to Litestar application class by @kedod in #3314

Other changes

• docs(channels): Fix subscriber examples by @provinzkraut in #3287
• docs: Expand the acronym for Data Transfer Object in What's New in v2 by @cclauss in #3288
• docs: Add examples for auth exclude configuration by @aranvir in #3246
• refactor: Reduce module import time by @provinzkraut in #3282
• refactor: remove CacheControlHeader dependency on AbstractDTO by @peterschutt in #3307

Full Changelog
v2.7.1...v2.8.0

v2.7.1

Sponsors 🌟

• Thanks to these incredible business sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
• A huge 'Thank you!' to all sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

New contributors 🎉

• @jderrien made their first contribution in #3185
• @sherbang made their first contribution in #3258

What's changed

Bugfixes 🐛

• fix: replace TestClient.enter return type with Self by @cbscsm in #3194
• fix: use the full path for fetching openapi.json by @guacs in #3196
• fix: JSON schema examples were OpenAPI formatted by @tuukkamustonen in #3224
• fix(logging): queue_listener handler for Python >= 3.12 by @jderrien in #3185
• fix: extend openapi meta collected from domain models by @peterschutt in #3237
• fix: kwarg ambiguity exc msg for path params by @peterschutt in #3261

Other changes

• docs: fix included line range from example by @hugovk in #3208
• docs: fix included line range from example by @hugovk in #3209
• docs: add missing api docs for plugins by @JacobCoffee in #3169
• docs: add missing alembic class references by @cofin in #3220
• docs: Removed double parsing from the codegen backend docs by @kedod in #3216
• docs: document guards behavior when placed at controller and app level by @guacs in #3230
• docs: Add missing layered parameters by @kedod in #3245
• docs: Update test_client fixture documentation by @sherbang in #3258
• docs(csrf): Add usage example by @Alc-Alc in #3256
• docs: build develop and v3 branch docs by @JacobCoffee in #3264

Full Changelog
v2.7.0...v2.7.1

v2.7.0

Sponsors ❤️

GitHub Sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev, @iRod3s
OpenCollective: Christian Y, Anonymous

What's changed

Bugfixes

• Fix missing cors headers in response by @crisog in #3179
• Fix sending empty data in sse in js client by @euri10 in #3176

New features

• Support ResponseSpec(..., examples=[...]) by @tuukkamustonen in #3100
• Support "+json"-suffixed response media types by @bunny-therapist in #3096
• Allow re-usable Router instances by @tuukkamustonen in #3103
• Only display path in ValidationExceptions by @floxay in #3064
• Expose request_class to other layers by @kedod in #3125
• Expose websocket_class by @kedod in #3152
• Add type_decoders Router and route handlers by @kedod in #3153
• Pass type_decoders in WebsocketListenerRouteHandler by @kedod in #3162
• 3116 enhancement session middleware by @aranvir in #3127
• Make random seed for openapi example generation configurable by @guacs in #3166
• Generate openapi components schemas in a deterministic order by @guacs in #3172

New contributors

• @crisog made their first contribution in #3179
• @error418 made their first contribution in #3167
• @bunny-therapist made their first contribution in #3096
• @tuukkamustonen made their first contribution in #3100

Full Changelog
v2.6.3...v2.7.0