python-Werkzeug
Werkzeug started as simple collection of various utilities for WSGI
applications and has become one of the most advanced WSGI utility
modules. It includes a powerful debugger, full featured request and
response objects, HTTP utilities to handle entity tags, cache control
headers, HTTP dates, cookie handling, file uploads, a powerful URL
routing system and a bunch of community contributed addon modules.
Werkzeug is unicode aware and doesn't enforce a specific template
engine, database adapter or anything else. It doesn't even enforce
a specific way of handling requests and leaves all that up to the
developer. It's most useful for end user applications which should work
on as many server environments as possible (such as blogs, wikis,
bulletin boards, etc.).
- Developed at devel:languages:python
- Sources inherited from project openSUSE:Factory
-
11
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/python-Werkzeug && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| Werkzeug-2.2.3.tar.gz | 0000845884 826 KB | |
| _multibuild | 0000000053 53 Bytes | |
| moved_root.patch | 0000001558 1.52 KB | |
| python-Werkzeug.changes | 0000066760 65.2 KB | |
| python-Werkzeug.spec | 0000004063 3.97 KB |
Revision 40 (latest revision is 45)
Dominique Leuenberger (dimstar_suse)
accepted
request 1071237
from
Dirk Mueller (dirkmueller)
(revision 40)
- update to 2.2.3 (bsc#1208283, CVE-2023-25577):
* Ensure that URL rules using path converters will redirect
with strict slashes when the trailing slash is missing.
* Type signature for ``get_json`` specifies that return type
is not optional when ``silent=False``.
* ``parse_content_range_header`` returns ``None`` for a value
like ``bytes */-1`` where the length is invalid, instead of
raising an ``AssertionError``.
* Address remaining ``ResourceWarning`` related to the socket
used by ``run_simple``.
* Remove ``prepare_socket``, which now happens when
creating the server.
* Update pre-existing headers for ``multipart/form-data``
requests with the test client.
* Fix handling of header extended parameters such that they
are no longer quoted.
* ``LimitedStream.read`` works correctly when wrapping a
stream that may not return the requested size in one
``read`` call.
* A cookie header that starts with ``=`` is treated as an
empty key and discarded, rather than stripping the leading ``==``.
* Specify a maximum number of multipart parts, default 1000,
after which a ``RequestEntityTooLarge`` exception is
raised on parsing. This mitigates a DoS attack where a
larger number of form/file parts would result in disproportionate
resource use.
Comments 0