|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Ensure that URL rules using path converters will redirect with strict slashes
when the trailing slash is missing. #2533
- Type signature for get_json specifies that return type is not optional when
silent=False. #2508
- parse_content_range_header returns None for a value like bytes */-1 where the
length is invalid, instead of raising an AssertionError. #2531
- Address remaining ResourceWarning related to the socket used by run_simple.
Remove prepare_socket, which now happens when creating the server. #2421
- Update pre-existing headers for multipart/form-data requests with the test
client. #2549
- Fix handling of header extended parameters such that they are no longer
quoted. #2529
- LimitedStream.read works correctly when wrapping a stream that may not return
the requested size in one read call. #2558
- A cookie header that starts with = is treated as an empty key and discarded,
rather than stripping the leading ==.
- Specify a maximum number of multipart parts, default 1000, after which a
RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS
attack where a larger number of form/file parts would result in
disproportionate resource use.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|