3.13.3

This release contains fixes for several vulnerabilities. It is advised to upgrade as soon as possible.

Bug fixes

Fixed proxy authorization headers not being passed when reusing a connection, which caused 407 (Proxy authentication required) errors -- by :user:GLeurquin.

Related issues and pull requests on GitHub: #2596.
Fixed multipart reading failing when encountering an empty body part -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #11857.
Fixed a case where the parser wasn't raising an exception for a websocket continuation frame when there was no initial frame in context.

Related issues and pull requests on GitHub: #11862.

Brotli and brotlicffi minimum version is now 1.2. Decompression now has a default maximum output size of 32MiB per decompress call -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #11898.

Moved dependency metadata from :file:setup.cfg to :file:pyproject.toml per :pep:621 -- by :user:cdce8p.

Related issues and pull requests on GitHub: #11643.

Removed unused update-pre-commit github action workflow -- by :user:Cycloctane.

Related issues and pull requests on GitHub: #11689.

Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:bdraco.

Related issues and pull requests on GitHub: #10713.
Added regression test for cached logging status -- by :user:meehand.

Related issues and pull requests on GitHub: #11778.

This release contains fixes for several vulnerabilities. It is advised to upgrade as soon as possible.

Fixed proxy authorization headers not being passed when reusing a connection, which caused 407 (Proxy authentication required) errors -- by :user:GLeurquin.

Related issues and pull requests on GitHub: #2596.
Fixed multipart reading failing when encountering an empty body part -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #11857.
Fixed a case where the parser wasn't raising an exception for a websocket continuation frame when there was no initial frame in context.

Related issues and pull requests on GitHub: #11862.

Brotli and brotlicffi minimum version is now 1.2. Decompression now has a default maximum output size of 32MiB per decompress call -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #11898.

Moved dependency metadata from :file:setup.cfg to :file:pyproject.toml per :pep:621 -- by :user:cdce8p.

Related issues and pull requests on GitHub: #11643.

Removed unused update-pre-commit github action workflow -- by :user:Cycloctane.

Related issues and pull requests on GitHub: #11689.

Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:bdraco.

Related issues and pull requests on GitHub: #10713.
Added regression test for cached logging status -- by :user:meehand.

Related issues and pull requests on GitHub: #11778.