Releases: corydolphin/flask-cors
Releases · corydolphin/flask-cors
5.0.0
What's Changed
- Breaking: Change default to disable private network access by @corydolphin in #368
This effectively resolves GHSA-hxwh-jpp2-84pm https://osv.dev/vulnerability/PYSEC-2024-71
Full Changelog: 4.0.2...5.0.0
Contributors
corydolphin
Assets 2
4.0.2
What's Changed
- Bump requests from 2.31.0 to 2.32.0 in /docs by @dependabot in #358
- Backwards Compatible Fix for CVE-2024-6221 by @adrianosela in #363
- Add unit tests for Private-Network by @corydolphin in #367
New Contributors
- @dependabot made their first contribution in #358
- @adrianosela made their first contribution in #363
Full Changelog: 4.0.1...4.0.2
Contributors
corydolphin, adrianosela, and dependabot
Assets 2
4.0.1
What's Changed
- Fix Read the Docs builds by @kurtmckee in #345
- Update extension.py to clean request.path before logging it by @aneshujevic in #351
- Update CI to include Python 3.12 and flask 3.0.3 by @corydolphin in #354
- Release 4.0.1 by @corydolphin in #353
New Contributors
- @kurtmckee made their first contribution in #345
- @aneshujevic made their first contribution in #351
Full Changelog: 4.0.0...4.0.1
Contributors
kurtmckee, corydolphin, and aneshujevic
Assets 2
Release 4.0.0
What's Changed
- Remove support for Python versions older than 3.8 by @WAKayser in #330
- Add GHA tooling by @corydolphin in #331
New Contributors
Full Changelog: 3.1.01...v4.0.0
Contributors
corydolphin and WAKayser
Assets 2
3.1.01
What's Changed
- Include examples to specify that schema and port must be included in … by @YPCrumble in #294
- two small changes to the documentation, based on issue #290 by @bbbart in #291
- Fix typo by @sunarch in #304
- FIX: typo in CSRF by @sattamjh in #315
- Test against recent Python versions by @pylipp in #314
- Correct spelling mistakes by @EdwardBetts in #311
- 'Access-Control-Allow-Private-Network = true' header for http response by @chelo-kjml in #318
- docs: Fix a few typos by @timgates42 in #323
- [Docs] Fix typo in configuration documentation by @sachit-shroff in #316
- Release Version 3.1.01 by @corydolphin in #329
New Contributors
- @YPCrumble made their first contribution in #294
- @sunarch made their first contribution in #304
- @sattamjh made their first contribution in #315
- @pylipp made their first contribution in #314
- @EdwardBetts made their first contribution in #311
- @chelo-kjml made their first contribution in #318
- @sachit-shroff made their first contribution in #316
Full Changelog: 3.0.10...3.1.01
Contributors
EdwardBetts, corydolphin, and 8 other contributors
Assets 2
Release 3.0.10
- Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370
- Fixes warnings for invalid escape sequences Thanks @tirkarthi
Release 3.0.9
Security
- Escape path before evaluating resource rules (thanks @praetorian-colby-morgan). Prior to this, flask-cors incorrectly
evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for
"/api/*" whereas the path actually expands simply to "/foo.txt"
Release 3.0.8
Fixes DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
Thank you @juanmaneo and @jdevera!
Release 3.0.7
Updated logging.warn to logging.warning (#234) Thanks Vaibhav
Release 3.0.6
Manual error in release process. Identical contents at 3.0.5.