My Release Notes

by Tiny Tools

/pallets/flask

Never miss a release that matters

AI-powered summaries of every GitHub release.

AI Summaries

Changelogs condensed into clear, actionable insights.

Always Free

Track up to 5 packages at no cost, forever.

Weekly Digest

A curated summary of every release, delivered weekly.

Get Started Free
pallets/flaskv3.x
8 releases

TL;DR

Flask now correctly handles session access checks, resolving a potential security vulnerability when only session keys are inspected.

Fixes Worth Knowing

Session access is now accurately tracked even when only keys (data names) are checked, preventing potential security issues.

3.1.3
Feb 19, 2026
3.1.2
Aug 19, 2025
3.1.1
May 13, 2025
3.1.0
Nov 13, 2024
3.0.3
Apr 7, 2024
3.0.2
Feb 3, 2024
3.0.1
Jan 18, 2024
3.0.03.0.0
Sep 30, 2023
pallets/flaskv2.x
18 releases

TL;DR

Flask now correctly handles URL schemes like javascript: and data: preventing potential security vulnerabilities and unexpected behavior.

Fixes Worth Knowing

Resolved a security issue where Flask would execute arbitrary JavaScript code via crafted URLs. This update prevents execution of non-HTTP/HTTPS schemes, improving application security (web application framework).

Before You Upgrade

No specific action is needed, but review your application’s URL handling to ensure it doesn’t rely on unsupported schemes.

2.3.3
Aug 21, 2023
2.2.5
May 2, 2023
2.3.2
May 1, 2023
2.3.1
Apr 25, 2023
2.3.0
Apr 25, 2023
2.2.4
Apr 25, 2023
2.2.3
Feb 15, 2023
2.2.2
Aug 8, 2022
2.2.1
Aug 3, 2022
2.2.0
Aug 2, 2022
2.1.3
Jul 13, 2022
2.1.2
Apr 28, 2022
2.1.1
Mar 30, 2022
2.1.0
Mar 28, 2022
2.0.3
Feb 14, 2022
2.0.2
Oct 4, 2021
2.0.1
May 21, 2021
2.0.0
May 12, 2021
pallets/flaskv2.xprerelease
2 releases

TL;DR

Flask 2.0 introduces significant changes under the hood, requiring users to explicitly specify the url_for endpoint when using blueprints to avoid ambiguity and improve application clarity.

Breaking

  • url_for with blueprint names now required (prevents unexpected routing).

New

  • Werkzeug 2.0 (WSGI utility library) is now required, offering performance improvements and security fixes.
  • ASGI support (asynchronous web framework) is improved, enabling more concurrent connections.

Fixes Worth Knowing

  • Session handling is more robust, addressing potential issues with concurrent requests.

Before You Upgrade

  • Update your url_for calls to include the blueprint name where applicable.
  • Ensure your dependencies include Werkzeug 2.0 or later.
2.0.0rc2
May 3, 2021
2.0.0rc1
Apr 16, 2021
pallets/flaskv1.x
8 releases

TL;DR

Flask no longer supports older Python versions, and developers should address deprecation warnings to prepare for Flask 2.0.

Breaking

  • Python 2.7 and 3.5 support dropped (older Python versions)
  • Deprecations will become removals (future compatibility)

Fixes Worth Knowing

No user-facing fixes were included in this release.

Before You Upgrade

Ensure your project is running a supported Python version (3.6+) and address any deprecation warnings displayed by your application.

1.1.2
Apr 3, 2020
1.1.1
Jul 9, 2019
1.1.0
Jul 9, 2019
1.0.4
Jul 9, 2019
1.0.3
Jul 9, 2019
1.0.2
May 2, 2018
1.0.1
Apr 30, 2018
1.0
Apr 26, 2018
pallets/flaskv0.x
2 releases

TL;DR

Flask now strictly enforces UTF-8 encoding for incoming JSON, improving security and preventing potential denial-of-service attacks.

Breaking

  • JSON decoding now requires UTF-8 encoding (prevents arbitrary encoding use).

New

(None - security fix is the primary change)

Fixes Worth Knowing

  • Improved CLI support within PyCharm.

Before You Upgrade

Ensure your applications send JSON data encoded as UTF-8 to avoid compatibility issues.

0.12.4
Apr 30, 2018
0.12.3
Apr 26, 2018