v1.51.16

⚠️ Important ⚠️

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in GHSA-83pv-qr33-2vcf

v1.51.15

Maintenance release

• Update dependencies and release pipeline by @provinzkraut in #3469

Full Changelog: v1.51.14...v1.51.15

v2.8.2

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

Bugfixes 🐛

• fix: pydantic import differentiation for pydantic v1.10.15 by @peterschutt in #3347

Full Changelog
v2.8.1...v2.8.2

v2.8.1

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

Bugfixes 🐛

• fix: asgi lifespan msg after lifespan context exception by @peterschutt in #3315
• fix: bug when pydantic==1.10 is installed by @peterschutt in #3335
• fix: OpenAPI router and controller on same app. by @peterschutt in #3338

Other changes

• docs: add citation by @JacobCoffee in #3329
• refactor(routing): Move kwargs model creation to handler by @provinzkraut in #3331

Full Changelog
v2.8.0...v2.8.1

v2.8.0

Sponsors 🌟

Thanks to these incredible business sponsors:

• Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

Thanks to these incredible personal sponsors:

• Polar.sh: @thomastu, @skewty, @iRod3s

• GitHub Sponsors: (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev,

• OpenCollective: Christian Y, Anonymous

• A huge 'Thank you!' to all sponsors, subscribers, and contributors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @carlsmedstad made their first contribution in #3291
• @haryle made their first contribution in #3242
• @winbornejw made their first contribution in #3136

Bugfixes 🐛

• fix(cli): remove duplicate rich-click config options by @JacobCoffee in #3274
• fix: pydantic json_schema_extra examples. by @peterschutt in #3281
• fix(openapi): set default on schema from FieldDefinition by @guacs in #3280
• fix: Custom types cause serialisation error in exception response with non-JSON media-type by @provinzkraut in #3284
• fix(OpenAPI): Ensure default values are always represented in schema for dataclasses and msgspec.Structs by @provinzkraut in #3285
• fix(DTO): Pydantic v2 error handling/serialization when for non-pydantic exceptions by @provinzkraut in #3286
• fix(OpenAPI): Fix OpenAPI schema generation for paths with path parameters of different types on the same path by @provinzkraut in #3293
• fix(OpenAPI): Document unconsumed path parameters by @provinzkraut in #3295
• fix: Unique schema names for nested models (#3134) by @winbornejw in #3136

New features 🚀

• feat: add Scalar.com as an OpenAPI docs generator option
• feat: allow for console output to be silenced by @cofin in #3180
• feat: add flash plugin by @euri10 in #3145
• feat: Use memoized request_class and response_class values by @kedod in #3205
• feat(DTO): Enable codegen backend by default by @provinzkraut in #3215
• feat: Added precedence of CLI parameters over envs by @kedod in #3190
• feat: only print when terminal is TTY enabled by @cofin in #3219
• feat: Support schema_extra in Parameter and Body by @tuukkamustonen in #3204
• feat: add typevar expansion by @haryle in #3242
• feat: Add LITESTAR_ prefix before WEB_CONCURRENCY env option by @kedod in #3227
• feat: Warn about ambiguous default values in parameter specifications by @provinzkraut in #3283
• feat: support declaring DTOField via Annotated by @peterschutt in #3289
• feat: Add TRACE to HttpMethod enum by @provinzkraut in #3294
• feat: Pydantic dto non instantiable types by @peterschutt in #3296
• feat: Add path parameter to Litestar application class by @kedod in #3314

Other changes

• docs(channels): Fix subscriber examples by @provinzkraut in #3287
• docs: Expand the acronym for Data Transfer Object in What's New in v2 by @cclauss in #3288
• docs: Add examples for auth exclude configuration by @aranvir in #3246
• refactor: Reduce module import time by @provinzkraut in #3282
• refactor: remove CacheControlHeader dependency on AbstractDTO by @peterschutt in #3307

Full Changelog
v2.7.1...v2.8.0

v2.7.1

Sponsors 🌟

• Thanks to these incredible business sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)
• A huge 'Thank you!' to all sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

New contributors 🎉

• @jderrien made their first contribution in #3185
• @sherbang made their first contribution in #3258

What's changed

Bugfixes 🐛

• fix: replace TestClient.enter return type with Self by @cbscsm in #3194
• fix: use the full path for fetching openapi.json by @guacs in #3196
• fix: JSON schema examples were OpenAPI formatted by @tuukkamustonen in #3224
• fix(logging): queue_listener handler for Python >= 3.12 by @jderrien in #3185
• fix: extend openapi meta collected from domain models by @peterschutt in #3237
• fix: kwarg ambiguity exc msg for path params by @peterschutt in #3261

Other changes

• docs: fix included line range from example by @hugovk in #3208
• docs: fix included line range from example by @hugovk in #3209
• docs: add missing api docs for plugins by @JacobCoffee in #3169
• docs: add missing alembic class references by @cofin in #3220
• docs: Removed double parsing from the codegen backend docs by @kedod in #3216
• docs: document guards behavior when placed at controller and app level by @guacs in #3230
• docs: Add missing layered parameters by @kedod in #3245
• docs: Update test_client fixture documentation by @sherbang in #3258
• docs(csrf): Add usage example by @Alc-Alc in #3256
• docs: build develop and v3 branch docs by @JacobCoffee in #3264

Full Changelog
v2.7.0...v2.7.1

v2.7.0

Sponsors ❤️

GitHub Sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev, @iRod3s
OpenCollective: Christian Y, Anonymous

What's changed

Bugfixes

• Fix missing cors headers in response by @crisog in #3179
• Fix sending empty data in sse in js client by @euri10 in #3176

New features

• Support ResponseSpec(..., examples=[...]) by @tuukkamustonen in #3100
• Support "+json"-suffixed response media types by @bunny-therapist in #3096
• Allow re-usable Router instances by @tuukkamustonen in #3103
• Only display path in ValidationExceptions by @floxay in #3064
• Expose request_class to other layers by @kedod in #3125
• Expose websocket_class by @kedod in #3152
• Add type_decoders Router and route handlers by @kedod in #3153
• Pass type_decoders in WebsocketListenerRouteHandler by @kedod in #3162
• 3116 enhancement session middleware by @aranvir in #3127
• Make random seed for openapi example generation configurable by @guacs in #3166
• Generate openapi components schemas in a deterministic order by @guacs in #3172

New contributors

• @crisog made their first contribution in #3179
• @error418 made their first contribution in #3167
• @bunny-therapist made their first contribution in #3096
• @tuukkamustonen made their first contribution in #3100

Full Changelog
v2.6.3...v2.7.0

v2.6.3

What's changed

Bugfixes

• fix(pydantic): Pydantic V1 schema generation for PrivateAttr in GenericModel by @provinzkraut in #3161

Full Changelog
v2.6.2...v2.6.3

v2.6.2

Sponsors ❤️

GitHub Sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev, @iRod3s
OpenCollective: Christian Y, Anonymous

New contributors 🎉

• @aranvir made their first contribution in #3114
• @benluo made their first contribution in #3138
• @hugovk made their first contribution in #3141

What's changed

Bugfixes

• Fix msgspec meta constraints not being included in DTO transfer model by @provinzkraut in #3113
• Fix missing cache control header for static files by @guacs in #3131
• Fix OpenAPI schema generation for Pydantic v2 constrained secrets by @provinzkraut in #3149
• Fix OpenAPI schema generation for Pydantic private attributes by @provinzkraut in #3151
• Fix missing OpenAPI description for UUID path parameters by @Alc-Alc in #3118
• Fix RedisStore client created with with_client unclosed by @euri10 in #3111

Full Changelog
v2.6.1...v2.6.2

v2.6.1

Sponsors ❤️

GitHub Sponsors: Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team), @benjamin-kirkbride, @crisog, @geeshta, @cbscsm, @ruslan-korneev, @iRod3s
OpenCollective: Christian Y, Anonymous

New contributors 🎉

• @tuukkamustonen made their first contribution in #3098
• @betaprior made their first contribution in #3095

What's changed

Bugfixes

• SQLAlchemy: Use IntegrityError instead of deprecated ConflictError by @cofin in #3094
• Sessions: Fix cookie naming for short cookies by @betaprior in #3095
• Static files: Fix Path resolution for windows by @provinzkraut in #3102
• Logging: Fix middleware with structlog causes application to return HTTP 500 when request body is malformed by @provinzkraut in #3109
• OpenAPI: Generate correct response schema for ResponseSpec(None) (#3069) by @tuukkamustonen in #3098
• CLI: rich_click.cli.patch before importing click by @guacs in #3089
• Fix exception handlers extracting details from non-litestar exceptions by @provinzkraut in #3106
• Replace usage of deprecated static_files property by @cbscsm in #3087

Full Changelog
v2.6.0...v2.6.1