aiohttp 3.8.6

on Python PyPI

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:Dreamsorcerer

  Thanks to :user:kenballus for reporting this, see
  https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9.

  .. _llhttp: https://llhttp.org

  (#7647)

• Updated Python parser to comply with RFCs 9110/9112 -- by :user:Dreamorcerer

  Thanks to :user:kenballus for reporting this, see
  https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg.

  (#7663)

Deprecation

• Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied
  character set detection function.

  Character set detection will no longer be included in 3.9 as a default. If this feature is needed,
  please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>_.

  (#7561)

Features

• Enabled lenient response parsing for more flexible parsing in the client
  (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer

  (#7490)

Bugfixes

• Fixed PermissionError when .netrc is unreadable due to permissions.

  (#7237)

• Fixed output of parsing errors pointing to a \n. -- by :user:Dreamsorcerer

  (#7468)

• Fixed GunicornWebWorker max_requests_jitter not working.

  (#7518)

• Fixed sorting in filter_cookies to use cookie with longest path. -- by :user:marq24.

  (#7577)

• Fixed display of BadStatusLine messages from llhttp_. -- by :user:Dreamsorcerer

  (#7651)