Sourced from djangorestframework's releases.
Version 3.15.1
What's Changed
- Update the message to be consistent with the Django `HttpResponseBa… by
@maycuatroi
in encode/django-rest-framework#9287- Make
inflection
package truly optional by@browniebroke
in encode/django-rest-framework#9303- Fix broken links in release notes for 3.15 by
@browniebroke
in encode/django-rest-framework#9305- TokenAdmin.autocomplete_fields Breaks Some Use Cases, Revert by
@alexdlaird
in encode/django-rest-framework#9301- Add drf-sendables to third-party-packages.md by
@amikrop
in encode/django-rest-framework#9261- Revert "feat: Add some changes to ValidationError to support django style vad…" by
@auvipy
in encode/django-rest-framework#9326- Revert "Re-prefetch related objects after updating" by
@auvipy
in encode/django-rest-framework#9327- Revert #8863 by
@tomchristie
in encode/django-rest-framework#9330- Revert #8009 by
@tomchristie
in encode/django-rest-framework#9332- Revert #9030 by
@tomchristie
in encode/django-rest-framework#9333- Revert "Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespaces" by
@auvipy
in encode/django-rest-framework#9335SearchFilter.get_search_terms
returns list. by@tomchristie
in encode/django-rest-framework#9338- Version 3.15.1 by
@tomchristie
in encode/django-rest-framework#9339New Contributors
@maycuatroi
made their first contribution in encode/django-rest-framework#9287@alexdlaird
made their first contribution in encode/django-rest-framework#9301Full Changelog: https://github.com/encode/django-rest-framework/compare/3.15.0...3.15.1
c7a7eae
Version 3.15.2 (#9439)3b41f01
Fix potential XSS vulnerability in break_long_headers template filter
(#9435)fe92f0d
Add __hash__
method for
permissions.OperandHolder
class (#9417)fbdab09
docs: Correct some evaluation results and a httpie option in Tutorial1
(#9421)36d5c0e
tests: Check urlpatterns after cleanups (#9400)9d4ed05
Don't use Windows line endingsb34bde4
Fix typo in setup.cfg settingab681f2
Update requirements in docs2237724
bump pygments (security hygiene)d58b8da
Update deprecation hintsSourced from aiohttp's releases.
3.10.2
Bug fixes
Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:
steverep
.Related issues and pull requests on GitHub: #8565.
Fixed request body not being read when ignoring an Upgrade request -- by :user:
Dreamsorcerer
.Related issues and pull requests on GitHub: #8597.
Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:
Dreamsorcerer
.Related issues and pull requests on GitHub: #8611.
Fixed connecting to
npipe://
,tcp://
, andunix://
urls -- by :user:bdraco
.Related issues and pull requests on GitHub: #8632.
Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:
bdraco
.There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.
Related issues and pull requests on GitHub: #8641.
Fixed incorrectly following symlinks for compressed file variants -- by :user:
steverep
.Related issues and pull requests on GitHub:
... (truncated)
Sourced from aiohttp's changelog.
3.10.2 (2024-08-08)
Bug fixes
Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:
steverep
.Related issues and pull requests on GitHub: :issue:
8565
.Fixed request body not being read when ignoring an Upgrade request -- by :user:
Dreamsorcerer
.Related issues and pull requests on GitHub: :issue:
8597
.Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:
Dreamsorcerer
.Related issues and pull requests on GitHub: :issue:
8611
.Fixed connecting to
npipe://
,tcp://
, andunix://
urls -- by :user:bdraco
.Related issues and pull requests on GitHub: :issue:
8632
.Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:
bdraco
.There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.
Related issues and pull requests on GitHub: :issue:
8641
.Fixed incorrectly following symlinks for compressed file variants -- by :user:
steverep
.
... (truncated)
491106e
Release 3.10.2 (#8655)ce2e975
[PR #8652/b0536ae6
backport][3.10] Do not follow symlinks for compressed file...6a77806
[PR #8636/51d872e
backport][3.10] Remove Request.wait_for_disconnection() met...1f92213
[PR #8642/e4942771
backport][3.10] Fix response to circular symlinks with Pyt...2ef14a6
[PR #8641/0a88bab
backport][3.10] Fix WebSocket ping tasks being prematurely ...68e8496
[PR #8608/c4acabc
backport][3.10] Fix timer handle churn in websocket heartbe...72f41aa
[PR #8632/b2691f2
backport][3.10] Fix connecting to npipe://, tcp://, and uni...bf83dbe
[PR #8634/c7293e19
backport][3.10] Backport #8620
as improvements to various ...4815765
[PR #8597/c99a1e27
backport][3.10] Fix reading of body when ignoring an upgra...266608d
[PR #8611/1fcef940
backport][3.10] Fix handler waiting on shutdown (#8627)Sourced from urllib3's releases.
1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
- Added the
Proxy-Authorization
header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect
.Full Changelog: https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19
Note that due to an issue with our release automation, no
multiple.intoto.jsonl
file is available for this release.
Sourced from urllib3's changelog.
1.26.19 (2024-06-17)
- Added the
Proxy-Authorization
header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect
.- Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. (
[#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>
__)
d9d85c8
Release 1.26.198528b63
[1.26] Fix downstream tests (#3409)40b6d16
Merge pull request from GHSA-34jh-p97f-mpxf29cfd02
Fix handling of OpenSSL 3.2.0 new error message "record layer
failure" (#3405)b600643
[1.26] Bump RECENT_DATE (#3404)7e2d389
[1.26] Fix running CPython 2.7 tests in CI (#3137)4d32ebc
[4.2.x] Bumped version for 4.2.15 release.f4af67b
[4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL
injection att...efea1ef
[4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in
django.utils.htm...d0a82e2
[4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and
urlizet...fc76660
[4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption
in flo...7b1a76f
[4.2.x] Added stub release notes and release date for 4.2.15.96a3497
[4.2.x] Fixed #35627
-- Raised a LookupError rather than an unhandled ValueEr...c5d196a
[4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.8e59e33
[4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and
CVE-2024-39...72f6c7d
[4.2.x] Post-release version bump.