3.8.4 (2023-02-12)
Bugfixes
--------
- Fixed incorrectly overwriting cookies with the same name and domain, but different path.
- Fixed ``ConnectionResetError`` not being raised after client disconnection in SSL environments.
3.8.3 (2022-09-21)
==================
This is the last :doc:`aiohttp <index>` release tested under
Python 3.6. The 3.9 stream is dropping it from the CI and the
distribution package metadata.
Bugfixes
--------
- Increased the upper boundary of the :doc:`multidict:index` dependency
to allow for the version 6 -- by :user:`hugovk`.
It used to be limited below version 7 in :doc:`aiohttp <index>` v3.8.1 but
was lowered in v3.8.2 via :pr:`6550` and never brought back, causing
problems with dependency pins when upgrading. :doc:`aiohttp <index>` v3.8.3
fixes that by recovering the original boundary of ``< 7``.
3.7.4 (2021-02-25)
Bugfixes
(SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.
Thanks to Beast Glatisant for finding the first instance of this issue and Jelmer Vernooij for reporting and tracking it down in aiohttp.
Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.
Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter.
3.7.3
=====
Features
--------
- Use Brotli instead of brotlipy
- Made exceptions pickleable. Also changed the repr of some exceptions.
Bugfixes
--------
- Raise a ClientResponseError instead of an AssertionError for a blank
HTTP Reason Phrase.
- Fix ``web_middlewares.normalize_path_middleware`` behavior for patch without slash.
- Fix overshadowing of overlapped sub-applications prefixes.
- Make `BaseConnector.close()` a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax.
- Reset the ``sock_read`` timeout each time data is received for a ``aiohttp.client`` response.
- Fixed type annotation for add_view method of UrlDispatcher to accept any subclass of View
- Fixed querying the address families from DNS that the current host supports.
- Change return type of MultipartReader.__aiter__() and BodyPartReader.__aiter__() to AsyncIterator.
- Provide x86 Windows wheels.
Improved Documentation
----------------------
- Add documentation for ``aiohttp.web.FileResponse``.
- Removed deprecation warning in tracing example docs
- Fixed wrong "Usage" docstring of ``aiohttp.client.request``.
- Add aiohttp-pydantic to third party libraries
3.7.1
Bugfixes
- Fixed a type error caused by the conditional import of `Protocol`.
- Server doesn't send Content-Length for 1xx or 204
- Fix run_app typing
- Always require ``typing_extensions`` library.
- Fix a variable-shadowing bug causing `ThreadedResolver.resolve` to
return the resolved IP as the ``hostname`` in each record, which prevented
validation of HTTPS connections.
- Added annotations to all public attributes.
- Fix flaky test_when_timeout_smaller_second
- Ensure sending a zero byte file does not throw an exception
- Fix a bug in ``web.run_app()`` about Python version checking on Windows
3.6.2:
Features
- Made exceptions pickleable. Also changed the repr of some exceptions.
- Use Iterable type hint instead of Sequence for Application *middleware*
parameter.
Bugfixes
- Reset the sock_read timeout each time data is received for a
aiohttp.ClientResponse.
- Fix handling of expired cookies so they are not stored in CookieJar.
- Fix misleading message in the string representation of ClientConnectorError;
self.ssl == None means default SSL context, not SSL disabled
- Don't clobber HTTP status when using FileResponse.
Improved Documentation
- Added minimal required logging configuration to logging documentation.
- Update docs to reflect proxy support.
- Fix typo in code example in testing docs.
3.6.1:
Features
- Compatibility with Python 3.8.
Bugfixes
- correct some exception string format
- Emit a warning when ``ssl.OP_NO_COMPRESSION`` is
unavailable because the runtime is built against
an outdated OpenSSL.
- Update multidict requirement to >= 4.5
Improved Documentation
- Provide pytest-aiohttp namespace for pytest fixtures in docs.
3.6.0:
Features
- Add support for Named Pipes (Site and Connector) under Windows. This feature requires Proactor event loop to work.
- Removed `Transfer-Encoding: chunked` header from websocket responses to be compatible with more http proxy servers.
- Accept non-GET request for starting websocket handshake on server side.
Bugfixes
- Raise a ClientResponseError instead of an AssertionError for a blank
HTTP Reason Phrase.
- Fix an issue where cookies would sometimes not be set during a redirect.
- Change normalize_path_middleware to use 308 redirect instead of 301.
This behavior should prevent clients from being unable to use PUT/POST
methods on endpoints that are redirected because of a trailing slash.
- Drop the processed task from ``all_tasks()`` list early. It prevents logging about a task with unhandled exception when the server is used in conjunction with ``asyncio.run()``.
- ``Signal`` type annotation changed from `Signal[Callable[['TraceConfig'], Awaitable[None]]]` to `Signal[Callable[ClientSession, SimpleNamespace, ...]`.
- Use sanitized URL as Location header in redirects
- Improve typing annotations for multipart.py along with changes required
by mypy in files that references multipart.py.
- Close session created inside ``aiohttp.request`` when unhandled exception occurs
- Cleanup per-chunk data in generic data read. Memory leak fixed.
- Use correct type for add_view and family
- Fix _keepalive field in __slots__ of web_protocol.RequestHandler.
- Properly handle ConnectionResetError, to silence the "Cannot write to closing
transport" exception when clients disconnect uncleanly.
- Suppress pytest warnings due to test util classes
- Fix overshadowing of overlapped subbaps prefixes.
- Fixed return type annotation for WSMessage.json()
- Properly expose TooManyRedirects publicly as documented.
- Fix missing brackets for IPv6 in proxy CONNECT request
- Make the signature of `aiohttp.test_utils.TestClient.request` match `asyncio.ClientSession.request` according to the docs
- Use correct style for re-exported imports, makes mypy ``--strict`` mode happy.
- Fixed type annotation for add_view method of UrlDispatcher to accept any subclass of View
- Made cython HTTP parser set Reason-Phrase of the response to an empty string if it is missing.
- Add URL to the string representation of ClientResponseError.
- Accept istr keys in LooseHeaders type hints.
- Fixed race conditions in _resolve_host caching and throttling when tracing is enabled.
- For URLs like "unix://localhost/..." set Host HTTP header to "localhost" instead of "localhost:None".
3.5.3:
Bugfixes
- Fix type stubs for aiohttp.web.run_app(access_log=True) and fix edge case of access_log=True and the event loop being in debug mode.
- Fix aiohttp.ClientTimeout type annotations to accept None for fields
- Send custom per-request cookies even if session jar is empty
- Restore Linux binary wheels publishing on PyPI
3.5.2:
Features
- FileResponse from web_fileresponse.py uses a ThreadPoolExecutor to work with files asynchronously.
I/O based payloads from payload.py uses a ThreadPoolExecutor to work with I/O objects asynchronously.
- Internal Server Errors in plain text if the browser does not support HTML.
Bugfixes
- Preserve MultipartWriter parts headers on write.
Refactor the way how Payload.headers are handled. Payload instances now always
have headers and Content-Type defined.
Fix Payload Content-Disposition header reset after initial creation.
- Log suppressed exceptions in GunicornWebWorker.
- Remove wildcard imports.
- Use the same task for app initialization and web server handling in gunicorn workers.
It allows to use Python3.7 context vars smoothly.
- Fix handling of chunked+gzipped response when first chunk does not give uncompressed data
- Replace collections.MutableMapping with collections.abc.MutableMapping to avoid a deprecation warning.
- Payload.size type annotation changed from Optional[float] to Optional[int].
- Ignore done tasks when cancels pending activities on web.run_app finalization.
3.5.0 (2018-12-22)
Features
The library type annotations are checked in strict mode now.
Add support for setting cookies for individual request
Application.add_domain implementation
The default app in the request returned by test_utils.make_mocked_request can now have objects assigned to it and retrieved using the [] operator.
Make request.url accessible when transport is closed.
Add zlib_executor_size argument to Response constructor to allow compression to run in a background executor to avoid blocking the main thread and potentially triggering health check failures.
Enable users to set ClientTimeout in aiohttp.request
Don’t raise a warning if NETRC environment variable is not set and ~/.netrc file doesn’t exist.
Add default logging handler to web.run_app
If the Application.debug flag is set and the default logger aiohttp.access is used, access logs will now be output using a stderr StreamHandler if no handlers are attached. Furthermore, if the default logger has no log level set, the log level will be set to DEBUG.
Add method argument to session.ws_connect().
Sometimes server API requires a different HTTP method for WebSocket connection establishment.
For example, Docker exec needs POST.
Create a task per request handling.
Bugfixes
Enable passing access_log_class via handler_args
Return empty bytes with end-of-chunk marker in empty stream reader.
Accept CIMultiDictProxy instances for headers argument in web.Response constructor.
Don’t uppercase HTTP method in parser
Make method match regexp RFC-7230 compliant
Add app.pre_frozen state to properly handle startup signals in sub-applications.
Enhanced parsing and validation of helpers.BasicAuth.decode.
Change imports from collections module in preparation for 3.8.
Ensure Host header is added first to ClientRequest to better replicate browser
Fix forward compatibility with Python 3.8: importing ABCs directly from the collections module will not be supported anymore.
Keep the query string by normalize_path_middleware.
Fix missing parameter raise_for_status for aiohttp.request()
Bracket IPv6 addresses in the HOST header
Fix default message for server ping and pong frames.
Fix tests/test_connector.py typo and tests/autobahn/server.py duplicate loop def.
Fix false-negative indicator end_of_HTTP_chunk in StreamReader.readchunk function
Release HTTP response before raising status exception
Fix task cancellation when sendfile() syscall is used by static file handling.
Fix stack trace for asyncio.TimeoutError which was not logged, when it is caught in the handler.
Improved Documentation
Improve documentation of Application.make_handler parameters.
Fix BaseRequest.raw_headers doc.
Fix typo in TypeError exception reason in web.Application._handle
Make server access log format placeholder %b documentation reflect behavior and docstring.
Deprecations and Removals
Deprecate modification of session.requote_redirect_url
Deprecate stream.unread_data()
Deprecated use of boolean in resp.enable_compression()
Encourage creation of aiohttp public objects inside a coroutine
Drop dead Connection.detach() and Connection.writer. Both methods were broken for more than 2 years.
Deprecate app.loop, request.loop, client.loop and connector.loop properties.
Deprecate explicit debug argument. Use asyncio debug mode instead.
Deprecate body parameter in HTTPException (and derived classes) constructor.
Deprecate bare connector close, use async with connector: and await connector.close() instead.
Deprecate obsolete read_timeout and conn_timeout in ClientSession constructor.
3.4.4:
Fix installation from sources when compiling toolkit is not available
3.4.3:
Add app.pre_frozen state to properly handle startup signals in sub-applications.
3.4.0:
Features
Add type hints
Add raise_for_status request parameter
Add type hints to HTTP client
Minor server optimizations
Preserve the cause when HTTPException is raised from another exception.
Add close_boundary option in MultipartWriter.write method. Support streaming
Added a remove_slash option to the normalize_path_middleware factory.
The class AbstractRouteDef is importable from aiohttp.web.
Bugfixes
Prevent double closing when client connection is released before the last data_received() callback.
Make redirect with normalize_path_middleware work when using url encoded paths.
Postpone web task creation to connection establishment.
Fix sock_read timeout.
When using a server-request body as the data= argument of a client request, iterate over the content with readany instead of readline to avoid Line too long errors.
fix UrlDispatcher has no attribute add_options, add web.options
correct filename in content-disposition with multipart body
Many HTTP proxies has buggy keepalive support. Let's not reuse connection but close it after processing every response.
raise 413 "Payload Too Large" rather than raising ValueError in request.post() Add helpful debug message to 413 responses
Fix StreamResponse equality, now that they are MutableMapping objects.
Fix server request objects comparison
Do not hang on 206 Partial Content response with Content-Encoding: gzip
Fix timeout precondition checkers
Improved Documentation
Add a new FAQ entry that clarifies that you should not reuse response objects in middleware functions.
Add FAQ section "Why is creating a ClientSession outside of an event loop dangerous?"
Fix link to Rambler
Fix TCPSite documentation on the Server Reference page.
Fix documentation build configuration file for Windows.
Remove no longer existing lingering_timeout parameter of Application.make_handler from documentation.
Mention that app.make_handler is deprecated, recommend to use runners API instead.
Deprecations and Removals
Drop loop.current_task() from helpers.current_task()
Drop reader parameter from request.multipart().
3.3.2:
- Many HTTP proxies has buggy keepalive support. Let's not reuse connection but
close it after processing every response.
- Provide vendor source files in tarball
3.3.1:
- Fix sock_read timeout.
- When using a server-request body as the data= argument of a client request,
iterate over the content with readany instead of readline to avoid Line
too long errors.
3.3.0:
Features
- Raise ConnectionResetError instead of CancelledError on trying to
write to a closed stream.
- Implement ClientTimeout class and support socket read timeout.
- Enable logging when aiohttp.web is used as a program
- Add canonical property to resources
- Forbid reading response BODY after release
- Implement base protocol class to avoid a dependency from internal
asyncio.streams.FlowControlMixin
- Cythonize @helpers.reify, 5% boost on macro benchmark
- Optimize HTTP parser
- Implement runner.addresses property.
- Use bytearray instead of a list of bytes in websocket reader. It
improves websocket message reading a little.
- Remove heartbeat on closing connection on keepalive timeout. The used hack
violates HTTP protocol.
- Limit websocket message size on reading to 4 MB by default.
Bugfixes
- Don't reuse a connection with the same URL but different proxy/TLS settings
- When parsing the Forwarded header, the optional port number is now preserved.
Improved Documentation
- Make Change Log more visible in docs
- Make style and grammar improvements on the FAQ page.
- Document that signal handlers should be async functions since aiohttp 3.0
Deprecations and Removals
- Deprecate custom application's router.
3.2.0
Features
Raise TooManyRedirects exception when client gets redirected too many times instead of returning last response.
Extract route definitions into separate web_routedef.py file
Raise an exception on request body reading after sending response.
ClientResponse and RequestInfo now have real_url property, which is request url without fragment part being stripped
Speed up connector limiting
Added and links property for ClientResponse object
Add request.config_dict for exposing nested applications data.
Speed up HTTP headers serialization, server micro-benchmark runs 5% faster now.
Apply assertions in debug mode only
Bugfixes
expose property app for TestClient
Call on_chunk_sent when write_eof takes as a param the last chunk
A closing bracket was added to __repr__ of resources
Fix compression of FileResponse
Fixes some bugs in the limit connection feature
Improved Documentation
Drop async_timeout usage from documentation for client API in favor of timeout parameter.
Improve Gunicorn logging documentation
Replace multipart writer .serialize() method with .write() in documentation.
Deprecations and Removals
Deprecate Application.make_handler()
3.1.0:
Features
- Relax JSON content-type checking in the ClientResponse.json() to allow
"application/xxx+json" instead of strict "application/json".
- Bump C HTTP parser to version 2.8
- Accept a coroutine as an application factory in web.run_app and gunicorn
worker.
- Implement application cleanup context
- Make writer.write_headers a coroutine.
- Add tracking signals for getting request/response bodies.
- Deprecate ClientResponseError.code in favor of .status to keep similarity
with response classes.
- Implement app.add_routes() method.
- Implement web.static() and RouteTableDef.static() API.
- Install a test event loop as default by asyncio.set_event_loop(). The
change affects aiohttp test utils but backward compatibility is not broken
for 99.99% of use cases.
- Refactor ClientResponse constructor: make logically required constructor
arguments mandatory, drop _post_init() method.
- Use app.add_routes() in server docs everywhere
- Websockets refactoring, all websocket writer methods are converted into
coroutines.
- Provide Content-Range header for Range requests
Bugfixes
- Fix websocket client return EofStream.
- Fix websocket demo.
- Property BaseRequest.http_range now returns a python-like slice when
requesting the tail of the range. It's now indicated by a negative value in
range.start rather then in range.stop
- Close a connection if an unexpected exception occurs while sending a request
- Fix firing DNS tracing events.
Improved Documentation
- Change ClientResponse.json() documentation to reflect that it now
allows "application/xxx+json" content-types
- Document behavior when cchardet detects encodings that are unknown to Python.
- Add diagrams for tracing request life style.
- Drop removed functionality for passing StreamReader as data at client
side.
3.0.7:
Fix SSL proxy support by client.
Restore a imperative check in setup.py for python version. The check works in parallel to environment marker. As effect a error about unsupported Python versions is raised even on outdated systems with very old setuptools version installed.
3.0.2:
Security Fix
Prevent Windows absolute URLs in static files. Paths like /static/D:\path and /static/\\hostname\drive\path are forbidden.
3.0.1:
Technical release for fixing distribution problems.
aiohttp 3.0 release:
Major release, many already deprecated things are removed
Minimal supported Python version is 3.5.3.
aiohttp uses shiny async/await syntax everywhere internally (while old yield from is still supported).
Read https://docs.aiohttp.org/en/stable/whats_new_3_0.html for brief information about most important changes.