v2.9.1

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team), Bruno

A huge 'Thank you!' to all sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @PossiblePanda made their first contribution in #3555
• @eltociear made their first contribution in #3563
• @evstratbg made their first contribution in #3533

Bugfixes 🐛

• fix: add OPTIONS to the default safe methods for CSRFConfig by @wer153 in #3538
• fix(docs): fixed typo in routing overview by @PossiblePanda in #3555
• fix(prometheus): capture templated route name for metrics by @evstratbg in #3533
• fix(testing): .websocket_connect does not respect base_url by @provinzkraut in #3567
• fix(warnings): Do not warn for default handlers by @Alc-Alc in #3569
• fix(CLI): Don't call rich_click.patch if rich_click is installed by @provinzkraut in #3570
• fix(OpenAPI): Correctly handle typing.NewType by @provinzkraut in #3580
• fix: encode response content object returned from an exception handler. by @rafalkrupinski in #3585

Other changes

• docs(logging): use queue_listener as mentioned in the warning by @jderrien in #3540
• docs: Changed cli to concurrency in concurrency.rst by @PossiblePanda in #3557
• docs: update ui_plugins.rst by @eltociear in #3563
• docs(logging): advise to use log_exceptions="always" by @jderrien in #3577
• refactor(logging): improve LoggingConfig & deprecate LoggingConfig.propagate by @jderrien in #3543

Full Changelog
v2.9.0...v2.9.1

v2.9.0

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team), Bruno

Thanks to these incredible personal sponsors:

• Polar.sh: @Nozavi, @cemrehancavdar, @thomastu, @skewty, @iRod3s

• GitHub Sponsors: @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev

• OpenCollective: Christian Y, Anonymous

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @JorenSix made their first contribution in #3475
• @tibor-reiss made their first contribution in #3497
• @ch-iv made their first contribution in #3434
• @0xE111 made their first contribution in #3511
• @maintain0404 made their first contribution in #3405

Bugfixes 🐛

• fix: asgi lifespan msg after lifespan context exception by @peterschutt in #3315
• fix: bug when pydantic==1.10 is installed by @peterschutt in #3335
• fix: OpenAPI router and controller on same app. by @peterschutt in #3338
• fix: pydantic v2 import tests for pydantic v1.10.15 by @peterschutt in #3347
• fix: Remove use of asserts for control flow. by @peterschutt in #3359
• fix: schema for generic wrapped return types with DTO by @peterschutt in #3371
• fix: Ambiguous default warning for no signature default by @peterschutt in #3378
• fix: Path param consumed by dependency treated as unconsumed by @peterschutt in #3380
• fix: "name" and "in" should not be included in openapi headers by @peterschutt in #3417
• fix: top-level import of optional package by @peterschutt in #3418
• fix: regular handler under mounted app by @peterschutt in #3430
• fix: logging to file with structlog by @peterschutt in #3425
• fix: clear session cookie if new session gt CHUNK_SIZE by @peterschutt in #3446
• fix: flash messages were not displayed on Redirect by @euri10 in #3420
• fix: Validation of optional sequence in multipart data with one value by @provinzkraut in #3408
• fix(ci): adjust issue template to not allow blank issues by @JacobCoffee in #3452
• fix(pydantic v1): field not optional if default value by @peterschutt in #3476
• fix: prevent starting multiple responses by @peterschutt in #3479
• fix: logging middleware with multi-body response by @peterschutt in #3478
• fix(dto): handle dto type nested in mapping by @peterschutt in #3486
• fix: examples omitted in schema produced by dto by @peterschutt in #3510
• fix(validation): fix: handling validation of subscribed generics by @provinzkraut in #3519
• fix: exclude static file from schema by @tibor-reiss in #3509
• fix: use re.match instead of re.search for mounted app path (#3501) by @0xE111 in #3511
• fix(logging): do not log exceptions twice, deprecate traceback_line_limit and fix: pretty_print_tty by @jderrien in #3507
• fix(OpenAPI): YAML schema dump by @floxay in #3537

New features 🚀

• Add async websocket_connect to AsyncTestClient by @kedod in #3328
• Add SecretString and SecretBytes datastructures by @peterschutt in #3322

Other changes

• Deprecate subclassing route handler decorators by @provinzkraut in #3439
• Deprecate CORSMiddleware from public interface. by @peterschutt in #3404

Full Changelog
v2.8.3...v2.9.0

v2.8.3

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @maintain0404 made their first contribution in #3405

Bugfixes 🐛

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf
• Remove use of asserts for control flow in Pydantic Plugin by @peterschutt in #3359
• Fix OpenAPI schema for generic wrapped return types with DTO by @peterschutt in #3371
• Fix ambiguous default warning for no signature default by @peterschutt in #3378
• Fix path param consumed by dependency treated as unconsumed by @peterschutt in #3380
• Fix remove name and in properties included in OpenAPI headers by @peterschutt in #3417
• Fix unconditional minijinja import in flash-messages plugin by @peterschutt in #3418
• Fix routing issues with regular handler under mounted app by @peterschutt in #3430
• Fix file logging with structlog by @peterschutt in #3425
• Fix clearing large session cookies by @peterschutt in #3446
• Fix flash messages were not displayed on redirects by @euri10 in #3420
• Fix alidation of optional sequence in multipart data with one value by @provinzkraut in #3408

Documentation

• Update usage/static_files by @JacobCoffee in #3358
• Fix broken url; swagger ui by @wer153 in #3368
• Correct a word by @wer153 in #3412
• Fix WebSockets documentation grammar by @marcuslimdw in #3413
• Fix intersphinx mapping for advanced-alchemy by @provinzkraut in #3438
• Update usage/caching by @JacobCoffee in #3345
• Update docs/usage/security/* by @JacobCoffee in #3344
• Improve sse by @euri10 in #3454

Full Changelog
v2.8.2...v2.8.3

v2.7.2

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf

v2.6.4

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf

v1.51.16

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf

v1.51.15

Maintenance release

• Update dependencies and release pipeline by @provinzkraut in #3469

Full Changelog: v1.51.14...v1.51.15

v2.8.2

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

Bugfixes 🐛

• fix: pydantic import differentiation for pydantic v1.10.15 by @peterschutt in #3347

Full Changelog
v2.8.1...v2.8.2

v2.8.1

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

Bugfixes 🐛

• fix: asgi lifespan msg after lifespan context exception by @peterschutt in #3315
• fix: bug when pydantic==1.10 is installed by @peterschutt in #3335
• fix: OpenAPI router and controller on same app. by @peterschutt in #3338

Other changes

• docs: add citation by @JacobCoffee in #3329
• refactor(routing): Move kwargs model creation to handler by @provinzkraut in #3331

Full Changelog
v2.8.0...v2.8.1

v2.8.0

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

Thanks to these incredible personal sponsors:

• Polar.sh: @thomastu, @skewty, @iRod3s

• GitHub Sponsors: (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev,

• OpenCollective: Christian Y, Anonymous

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @carlsmedstad made their first contribution in #3291
• @haryle made their first contribution in #3242
• @winbornejw made their first contribution in #3136

Bugfixes 🐛

• fix(cli): remove duplicate rich-click config options by @JacobCoffee in #3274
• fix: pydantic json_schema_extra examples. by @peterschutt in #3281
• fix(openapi): set default on schema from FieldDefinition by @guacs in #3280
• fix: Custom types cause serialisation error in exception response with non-JSON media-type by @provinzkraut in #3284
• fix(OpenAPI): Ensure default values are always represented in schema for dataclasses and msgspec.Structs by @provinzkraut in #3285
• fix(DTO): Pydantic v2 error handling/serialization when for non-pydantic exceptions by @provinzkraut in #3286
• fix(OpenAPI): Fix OpenAPI schema generation for paths with path parameters of different types on the same path by @provinzkraut in #3293
• fix(OpenAPI): Document unconsumed path parameters by @provinzkraut in #3295
• fix: Unique schema names for nested models (#3134) by @winbornejw in #3136

New features 🚀

• feat: add Scalar.com as an OpenAPI docs generator option
• feat: allow for console output to be silenced by @cofin in #3180
• feat: add flash plugin by @euri10 in #3145
• feat: Use memoized request_class and response_class values by @kedod in #3205
• feat(DTO): Enable codegen backend by default by @provinzkraut in #3215
• feat: Added precedence of CLI parameters over envs by @kedod in #3190
• feat: only print when terminal is TTY enabled by @cofin in #3219
• feat: Support schema_extra in Parameter and Body by @tuukkamustonen in #3204
• feat: add typevar expansion by @haryle in #3242
• feat: Add LITESTAR_ prefix before WEB_CONCURRENCY env option by @kedod in #3227
• feat: Warn about ambiguous default values in parameter specifications by @provinzkraut in #3283
• feat: support declaring DTOField via Annotated by @peterschutt in #3289
• feat: Add TRACE to HttpMethod enum by @provinzkraut in #3294
• feat: Pydantic dto non instantiable types by @peterschutt in #3296
• feat: Add path parameter to Litestar application class by @kedod in #3314

Other changes

• docs(channels): Fix subscriber examples by @provinzkraut in #3287
• docs: Expand the acronym for Data Transfer Object in What's New in v2 by @cclauss in #3288
• docs: Add examples for auth exclude configuration by @aranvir in #3246
• refactor: Reduce module import time by @provinzkraut in #3282
• refactor: remove CacheControlHeader dependency on AbstractDTO by @peterschutt in #3307

Full Changelog
v2.7.1...v2.8.0