Releases: pallets/flask
3.1.0
This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.
PyPI: https://pypi.org/project/Flask/3.1.0/
Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0
Milestone: https://github.com/pallets/flask/milestone/33?closed=1
- Drop support for Python 3.8. #5623
- Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
- Provide a configuration option to control automatic option responses. #5496
Flask.open_resource
/open_instance_resource
andBlueprint.open_resource
take anencoding
parameter to use when opening in text mode. It defaults toutf-8
. #5504Request.max_content_length
can be customized per-request instead of only through theMAX_CONTENT_LENGTH
config. AddedMAX_FORM_MEMORY_SIZE
andMAX_FORM_PARTS
config. Added documentation about resource limits to the security page. #5625- Add support for the
Partitioned
cookie attribute (CHIPS), with theSESSION_COOKIE_PARTITIONED
config. #5472 -e path
takes precedence over default.env
and.flaskenv
files.load_dotenv
loads default files in addition to a path unlessload_defaults=False
is passed. #5628- Support key rotation with the
SECRET_KEY_FALLBACKS
config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621 - Fix how setting
host_matching=True
orsubdomain_matching=False
interacts withSERVER_NAME
. SettingSERVER_NAME
no longer restricts requests to only that domain. #5553 Request.trusted_hosts
is checked during routing, and can be set through theTRUSTED_HOSTS
config. #5636
3.0.3
This is a fix release for the 3.0.x feature branch.
PyPI: https://pypi.org/project/Flask/3.0.3/
Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-3
Milestone: https://github.com/pallets/flask/milestone/35?closed=1
3.0.2
This is a fix release for the 3.0.x feature release branch. It fixes bugs but does not otherwise change behavior and should not result in breaking changes.
3.0.1
This is a fix release for the 3.0.x feature release branch.
Fixes an issue where using other JSON providers, such as flask-orjson
, previously caused loaded session data to have an incorrect format in some cases.
3.0.0
This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.
2.3.3
This is a fix release for the 2.3.x feature branch.
2.2.5
This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.
- Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
- Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
- Milestone: https://github.com/pallets/flask/milestone/30?closed=1
2.3.2
This is a security fix release for the 2.3.x release branch.
- Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
- Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-2
- Milestone: https://github.com/pallets/flask/milestone/29?closed=1
2.3.1
This is a fix release for the 2.3.x release branch.
2.3.0
This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.3.x branch is now the supported fix branch, the 2.2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.