diff --git a/CHANGES.rst b/CHANGES.rst index c302755c543..21e1f4490ba 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,6 +10,102 @@ .. towncrier release notes start +3.13.3 (2026-01-03) +=================== + +This release contains fixes for several vulnerabilities. It is advised to +upgrade as soon as possible. + +Bug fixes +--------- + +- Fixed proxy authorization headers not being passed when reusing a connection, which caused 407 (Proxy authentication required) errors + -- by :user:`GLeurquin`. + + + *Related issues and pull requests on GitHub:* + :issue:`2596`. + + + +- Fixed multipart reading failing when encountering an empty body part -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`11857`. + + + +- Fixed a case where the parser wasn't raising an exception for a websocket continuation frame when there was no initial frame in context. + + + *Related issues and pull requests on GitHub:* + :issue:`11862`. + + + + +Removals and backward incompatible breaking changes +--------------------------------------------------- + +- ``Brotli`` and ``brotlicffi`` minimum version is now 1.2. + Decompression now has a default maximum output size of 32MiB per decompress call -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`11898`. + + + + +Packaging updates and notes for downstreams +------------------------------------------- + +- Moved dependency metadata from :file:`setup.cfg` to :file:`pyproject.toml` per :pep:`621` + -- by :user:`cdce8p`. + + + *Related issues and pull requests on GitHub:* + :issue:`11643`. + + + + +Contributor-facing changes +-------------------------- + +- Removed unused ``update-pre-commit`` github action workflow -- by :user:`Cycloctane`. + + + *Related issues and pull requests on GitHub:* + :issue:`11689`. + + + + +Miscellaneous internal changes +------------------------------ + +- Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`10713`. + + + +- Added regression test for cached logging status -- by :user:`meehand`. + + + *Related issues and pull requests on GitHub:* + :issue:`11778`. + + + + +---- + + 3.13.2 (2025-10-28) =================== diff --git a/CHANGES/11643.packaging.rst b/CHANGES/11643.packaging.rst deleted file mode 100644 index 8ef91a18788..00000000000 --- a/CHANGES/11643.packaging.rst +++ /dev/null @@ -1,2 +0,0 @@ -Moved dependency metadata from :file:`setup.cfg` to :file:`pyproject.toml` per :pep:`621` --- by :user:`cdce8p`. diff --git a/CHANGES/11689.contrib.rst b/CHANGES/11689.contrib.rst deleted file mode 100644 index 1f6404aa4bd..00000000000 --- a/CHANGES/11689.contrib.rst +++ /dev/null @@ -1 +0,0 @@ -Removed unused ``update-pre-commit`` github action workflow -- by :user:`Cycloctane`. diff --git a/CHANGES/11778.misc.rst b/CHANGES/11778.misc.rst deleted file mode 100644 index ad29aea920a..00000000000 --- a/CHANGES/11778.misc.rst +++ /dev/null @@ -1 +0,0 @@ -Added regression test for cached logging status -- by :user:`meehand`. diff --git a/CHANGES/11857.bugfix.rst b/CHANGES/11857.bugfix.rst deleted file mode 100644 index 7933efeb074..00000000000 --- a/CHANGES/11857.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed multipart reading failing when encountering an empty body part -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/11862.bugfix.rst b/CHANGES/11862.bugfix.rst deleted file mode 100644 index c2ce176c2c3..00000000000 --- a/CHANGES/11862.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -A test for websocket parser was marked to fail, which was actually failing because the parser wasn't raising an exception for a continuation frame when there was no initial frame in context. diff --git a/CHANGES/11898.breaking.rst b/CHANGES/11898.breaking.rst deleted file mode 100644 index cfbf2ae4727..00000000000 --- a/CHANGES/11898.breaking.rst +++ /dev/null @@ -1,2 +0,0 @@ -``Brotli`` and ``brotlicffi`` minimum version is now 1.2. -Decompression now has a default maximum output size of 32MiB per decompress call -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/2596.bugfix.rst b/CHANGES/2596.bugfix.rst deleted file mode 100644 index e172506bcde..00000000000 --- a/CHANGES/2596.bugfix.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fixed proxy authorization headers not being passed when reusing a connection, which caused 407 (Proxy authentication required) errors --- by :user:`GLeurquin`.