Releases: PoorHttp/PoorWSGI
Releases · PoorHttp/PoorWSGI
2.8.0
- Fix I/O operation on closed file/buffer error in Response classes (#21)
- Validate route filter definitions to reject spaces with clear error
messages (#25) - Bad PATH_INFO encoding exception handling (#37, #38)
- Updated openapi3.py example to openapi-core 0.23+ API (Spec replaced
by OpenAPI) - Drop Python 3.9 and 3.10 support, require Python >= 3.11
- Session base class - plain cookie wrapper for server-side session IDs or
JWTs; PoorSession inherits from Session - PoorSession cookie encryption - ! existing cookies are invalidated !
- Self-contained encrypted session cookie using shake_256 XOF keystream
(1024 B) and byte-substitution (no external dependencies) - HMAC-SHA256 authentication (Encrypt-then-MAC); tampered or forged
cookies are rejected - Domain-separated key derivation for keystream, MAC and permutation
- Users will be logged out after upgrading from a previous version
- Self-contained encrypted session cookie using shake_256 XOF keystream
- AESSession - stronger self-contained session cookie (requires pyaes)
- AES-256-CTR encryption with a fresh random 16-byte nonce per write
(prevents CTR nonce-reuse attacks) - HMAC-SHA256 authentication with domain-separated keys (Encrypt-then-MAC)
- Inherits from Session; same interface as PoorSession
- AES-256-CTR encryption with a fresh random 16-byte nonce per write
2.7.0
- Reserved Request.db attribute for usage
- Right HTTPException type annotation
- Fix ETag header
- FieldStorage and FieldStorageParser implementation based on legacy cgi.FieldStorage (#22)
- that means Python 3.13 support (#36)
- Stop Python 3.8 support - some mypy annotation didn't work
- Field refactoring - ! possible break change ! - sorry for that
- FieldStorageInterface - getvalue, getfist, getlist methods
- new func converter name, and no default converter
- all default values are not convert now
- Some old classes, functions, attributes and parameters are notified as deprecated, and will be deleted in next major version.
- Automatic JSONResponse from dict or list, just like from text.
- Debug info, documentation and Error improvements.
- Automatic NoContentResponse from None (#28)
2.6.3
2.6.1
2.6.0
- Running on MS Windows fix
- UTF-8 HTTP Digest username support
- JSONResponse support all response type now (data argument)
- EmptyResponse replaced by NoContentResponse
- new NotModifiedResponse
- time_to_http, datetime_to_http, http_to_datetime and http_to_time header functions for manipulating Date type headers
- FileResponse generates Last-Modified header now
- Response and FileObjResponse can be partial
- JSONResponse Encoder arguments
- Generator responses can be partial
- Special PartialResponse class
- Fix set_profile method
- Fix logging messages