🚀 pallets/flask - Release Notes

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as [pip-tools](https://pypi.org/project/pip-tools/) to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/
Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0
Milestone: https://github.com/pallets/flask/milestone/33?closed=1

- Drop support for Python 3.8. #5623
- Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
- Provide a configuration option to control automatic option responses. #5496
- `Flask.open_resource`/`open_instance_resource` and `Blueprint.open_resource` take an `encoding` parameter to use when opening in text mode. It defaults to `utf-8`. #5504
- `Request.max_content_length` can be customized per-request instead of only through the `MAX_CONTENT_LENGTH` config. Added `MAX_FORM_MEMORY_SIZE` and `MAX_FORM_PARTS` config. Added documentation about resource limits to the security page. #5625
- Add support for the `Partitioned` cookie attribute (CHIPS), with the `SESSION_COOKIE_PARTITIONED` config. #5472
- `-e path` takes precedence over default `.env` and `.flaskenv` files. `load_dotenv` loads default files in addition to a path unless `load_defaults=False` is passed. #5628
- Support key rotation with the `SECRET_KEY_FALLBACKS` config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
- Fix how setting `host_matching=True` or `subdomain_matching=False` interacts with `SERVER_NAME`. Setting `SERVER_NAME` no longer restricts requests to only that domain. #5553
- `Request.trusted_hosts` is checked during routing, and can be set through the `TRUSTED_HOSTS` config. #5636

This is a fix release for the 3.0.x feature branch.

PyPI: https://pypi.org/project/Flask/3.0.3/
Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-3
Milestone: https://github.com/pallets/flask/milestone/35?closed=1

-   The default `hashlib.sha1` may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. #5448
-   Don't initialize the `cli` attribute in the sansio scaffold, but rather in the `Flask` concrete class. #5270

This is a fix release for the 3.0.x feature release branch. It fixes bugs but does not otherwise change behavior and should not result in breaking changes.

* Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3.0.2
* Milestone: https://github.com/pallets/flask/milestone/34?closed=1
* PyPI: https://pypi.org/project/Flask/3.0.2/

This is a fix release for the 3.0.x feature release branch.

Fixes an issue where using other JSON providers, such as `flask-orjson`, previously caused loaded session data to have an incorrect format in some cases.

* Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-1
* Milestone: https://github.com/pallets/flask/milestone/32?closed=1
* PyPI: https://pypi.org/project/Flask/3.0.1/

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as [pip-tools](https://pypi.org/project/pip-tools/) to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

* Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-0
* Milestone: https://github.com/pallets/flask/milestone/20?closed=1

This is a fix release for the 2.3.x feature branch.

- Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-3
- Milestone: https://github.com/pallets/flask/milestone/31?closed=1

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

* Security advisory: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
* Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
* Milestone: https://github.com/pallets/flask/milestone/30?closed=1

This is a security fix release for the 2.3.x release branch.

* Security advisory: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
* Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-2
* Milestone: https://github.com/pallets/flask/milestone/29?closed=1

This is a fix release for the 2.3.x release branch.

* Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-1
* Milestone: https://github.com/pallets/flask/milestone/28?closed=1

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.3.x branch is now the supported fix branch, the 2.2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as [pip-tools](https://pypi.org/project/pip-tools/) to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

* Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-0
* Milestone: https://github.com/pallets/flask/milestone/24?closed=1

This is a fix release for the 2.2.x release branch.

* Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4
* Milestone: https://github.com/pallets/flask/milestone/27?closed=1

This is a fix release for the 2.2.x release branch.

* Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
* Milestone: https://github.com/pallets/flask/milestone/26?closed=1

This is a fix release for the [2.2.0](https://github.com/pallets/flask/releases/tag/2.2.0) feature release.

* Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
* Milestone: https://github.com/pallets/flask/milestone/25?closed=1

This is a fix release for the [2.2.0](https://github.com/pallets/flask/releases/tag/2.2.0) feature release.

* Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
* Milestone: https://github.com/pallets/flask/milestone/23?closed=1

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as [pip-tools](https://pypi.org/project/pip-tools/) to pin all dependencies and control upgrades.

* Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
* Milestone: https://github.com/pallets/flask/milestone/19?closed=1

* Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-3
* Milestone: https://github.com/pallets/flask/milestone/22?closed=1

This is a fix release for the [2.1.0](https://github.com/pallets/flask/releases/tag/2.1.0) feature release.

* Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
* Milestone: https://github.com/pallets/flask/milestone/21?closed=1

This is a fix release for the [2.1.0](https://github.com/pallets/flask/releases/tag/2.1.0) feature release.

* Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-1
* Milestone: https://github.com/pallets/flask/milestone/18?closed=1

This is a feature release, which includes new features and removes previously deprecated features. The 2.1.x branch is now the supported bugfix branch, the 2.0.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as [pip-tools](https://pypi.org/project/pip-tools/) to pin all dependencies and control upgrades.

* Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
* Milestone: https://github.com/pallets/flask/milestone/13?closed=1

We also encourage upgrading to the latest versions of the other Pallets projects as well.

* Werkzeug 2.1 changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
* Jinja 3.1 changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1
* Click 8.1 changes: https://click.palletsprojects.com/en/8.1.x/changes/#version-8-1-0
* MarkupSafe 2.1 changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1
* ItsDangerous 2.1 changes: https://itsdangerous.palletsprojects.com/en/2.1.x/changes/#version-2-1-2

* Changes: https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-3
* Milestone: https://github.com/pallets/flask/milestone/17?closed=1

* Changes: https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-2

* Changes: https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-1

New major versions of all the core Pallets libraries, including Flask 2.0, have been released! :tada: 

* Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
* Read the full list of changes: https://flask.palletsprojects.com/changes/#version-2-0-0
* Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
* Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

* Changes: https://flask.palletsprojects.com/en/master/changes#version-2-0-0

* Changes: https://flask.palletsprojects.com/en/master/changes/#version-2-0-0

1.1.x is the last version to support Python 2.7 and Python 3.5. It also contains deprecation warnings for code that will be removed in 2.0. Please pay attention to deprecation warnings in your project!

This release contains a couple bug fixes.

* Changelog: https://flask.palletsprojects.com/en/1.1.x/changelog/#version-1-1-2

* Blog: https://palletsprojects.com/blog/flask-1-1-released
* Changelog: https://flask.palletsprojects.com/en/1.1.x/changelog/#version-1-1-1

* Blog: https://palletsprojects.com/blog/flask-1-1-released
* Changelog: https://flask.palletsprojects.com/en/1.1.x/changelog/#version-1-1-0

* Changelog: https://flask.palletsprojects.com/en/1.0.x/changelog/#version-1-0-4

* Changelog: https://flask.palletsprojects.com/en/1.0.x/changelog/#version-1-0-3