Skip to content

3.1.5

Choose a tag to compare

View all tags
@github-actionsgithub-actions released this 08 Jan 17:49
· 145 commits to main since this release
3.1.5
This tag was signed with the committer’s verified signature.
davidism David Lord
GPG key ID: 43368A7AA8CC5926
Verified
Learn about vigilant mode.
e3d06f4
This commit was signed with the committer’s verified signature.
davidism David Lord
GPG key ID: 43368A7AA8CC5926
Verified
Learn about vigilant mode.

This is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.5/
Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5
Milestone: https://github.com/pallets/werkzeug/milestone/43?closed=1

  • safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. GHSA-87hc-h4r5-73f7
  • The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. #3065 #3077
  • Fix AttributeError when initializing DebuggedApplication with pin_security=False. #3075
Assets 4
Loading