Security bugfixes
-
Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:
Dreamsorcerer
Thanks to :user:
kenballus
for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9... _llhttp: https://llhttp.org
(#7647)
-
Updated Python parser to comply with RFCs 9110/9112 -- by :user:
Dreamorcerer
Thanks to :user:
kenballus
for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg.(#7663)
Deprecation
-
Added
fallback_charset_resolver
parameter inClientSession
to allow a user-supplied
character set detection function.Character set detection will no longer be included in 3.9 as a default. If this feature is needed,
please usefallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>
_.(#7561)
Features
-
Enabled lenient response parsing for more flexible parsing in the client
(this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer
(#7490)
Bugfixes
-
Fixed
PermissionError
when.netrc
is unreadable due to permissions.(#7237)
-
Fixed output of parsing errors pointing to a
\n
. -- by :user:Dreamsorcerer
(#7468)
-
Fixed
GunicornWebWorker
max_requests_jitter not working.(#7518)
-
Fixed sorting in
filter_cookies
to use cookie with longest path. -- by :user:marq24
.(#7577)
-
Fixed display of
BadStatusLine
messages from llhttp_. -- by :user:Dreamsorcerer
(#7651)