Skip to content

3.12.7
Compare
Choose a tag to compare
@github-actions github-actions released this 02 Jun 16:29
· 3066 commits to master since this release
v3.12.7
This tag was signed with the committer’s verified signature.
bdraco J. Nick Koston
SSH Key Fingerprint: yg7JSgeeILNaBQZstddaVlTaDn2euAb9Ngq4jVYLiEg
Verified
Learn about vigilant mode.
80bb38f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Warning

This release fixes an issue where the quote_cookie parameter was not being properly respected for shared cookies (domain="", path=""). If your server does not handle quoted cookies correctly, you may need to disable cookie quoting by setting quote_cookie=False when creating your ClientSession or CookieJar.
See https://docs.aiohttp.org/en/stable/client_advanced.html#cookie-quoting-routine for details.

Bug fixes

  • Fixed cookie parsing to be more lenient when handling cookies with special characters
    in names or values. Cookies with characters like {, }, and / in names are now
    accepted instead of causing a :exc:~http.cookies.CookieError and 500 errors. Additionally,
    cookies with mismatched quotes in values are now parsed correctly, and quoted cookie
    values are now handled consistently whether or not they include special attributes
    like Domain. Also fixed :class:~aiohttp.CookieJar to ensure shared cookies (domain="", path="")
    respect the quote_cookie parameter, making cookie quoting behavior consistent for
    all cookies -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #2683, #5397, #7993, #11112.

  • Fixed an issue where cookies with duplicate names but different domains or paths
    were lost when updating the cookie jar. The :class:~aiohttp.ClientSession
    cookie jar now correctly stores all cookies even if they have the same name but
    different domain or path, following the :rfc:6265#section-5.3 storage model -- by :user:bdraco.

    Note that :attr:ClientResponse.cookies <aiohttp.ClientResponse.cookies> returns
    a :class:~http.cookies.SimpleCookie which uses the cookie name as a key, so
    only the last cookie with each name is accessible via this interface. All cookies
    can be accessed via :meth:ClientResponse.headers.getall('Set-Cookie') <multidict.MultiDictProxy.getall> if needed.

    Related issues and pull requests on GitHub:
    #4486, #11105, #11106.

Miscellaneous internal changes

  • Avoided creating closed futures in ResponseHandler that will never be awaited -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #11107.

  • Downgraded the logging level for connector close errors from ERROR to DEBUG, as these are expected behavior with TLS 1.3 connections -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #11114.

Assets 260
Loading