Update dependency Werkzeug to v3 [SECURITY] #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

balena-renovate wants to merge 1 commit into master from renovate/pypi-Werkzeug-vulnerability

Contributor

balena-renovate bot commented May 6, 2025 •

edited

Loading

This PR contains the following updates:

Package	Update	Change
Werkzeug (changelog)	major	`==2.0.3` -> `==3.0.6`

GitHub Vulnerability Alerts

CVE-2023-23934

Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad for another subdomain.

Werkzeug <= 2.2.2 will parse the cookie =__Host-test=bad as __Host-test=bad. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.

CVE-2023-25577

Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage.

This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.

CVE-2024-34069

The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.

CVE-2024-49766

On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.

Release Notes

pallets/werkzeug (Werkzeug)

`v3.0.6`

Released 2024-10-25

Fix how max_form_memory_size is applied when parsing large non-file
fields. :ghsa:q34m-jh98-gwm2
safe_join catches certain paths on Windows that were not caught by
ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

`v3.0.5`

Released 2024-10-24

The Watchdog reloader ignores file closed no write events. :issue:2945
Logging works with client addresses containing an IPv6 scope :issue:2952
Ignore invalid authorization parameters. :issue:2955
Improve type annotation fore SharedDataMiddleware. :issue:2958
Compatibility with Python 3.13 when generating debugger pin and the current
UID does not have an associated name. :issue:2957

`v3.0.4`

Released 2024-08-21

Restore behavior where parsing multipart/x-www-form-urlencoded data with
invalid UTF-8 bytes in the body results in no form data parsed rather than a
413 error. :issue:2930
Improve parse_options_header performance when parsing unterminated
quoted string values. :issue:2904
Debugger pin auth is synchronized across threads/processes when tracking
failed entries. :issue:2916
Dev server handles unexpected SSLEOFError due to issue in Python < 3.13.
:issue:2926
Debugger pin auth works when the URL already contains a query string.
:issue:2918

`v3.0.3`

Released 2024-05-05

Only allow localhost, .localhost, 127.0.0.1, or the specified
hostname when running the dev server, to make debugger requests. Additional
hosts can be added by using the debugger middleware directly. The debugger
UI makes requests using the full URL rather than only the path.
:ghsa:2g68-c3qc-8985
Make reloader more robust when "" is in sys.path. :pr:2823
Better TLS cert format with adhoc dev certs. :pr:2891
Inform Python < 3.12 how to handle itms-services URIs correctly, rather
than using an overly-broad workaround in Werkzeug that caused some redirect
URIs to be passed on without encoding. :issue:2828
Type annotation for Rule.endpoint and other uses of endpoint is
Any. :issue:2836
Make reloader more robust when "" is in sys.path. :pr:2823

`v3.0.2`

Released 2024-04-01

Ensure setting merge_slashes to False results in NotFound for
repeated-slash requests against single slash routes. :issue:2834
Fix handling of TypeError in TypeConversionDict.get() to match
ValueError. :issue:2843
Fix response_wrapper type check in test client. :issue:2831
Make the return type of MultiPartParser.parse more precise.
:issue:2840
Raise an error if converter arguments cannot be parsed. :issue:2822

`v3.0.1`

Released 2023-10-24

Fix slow multipart parsing for large parts potentially enabling DoS attacks.

`v3.0.0`

Released 2023-09-30

Remove previously deprecated code. :pr:2768
Deprecate the __version__ attribute. Use feature detection, or
importlib.metadata.version("werkzeug"), instead. :issue:2770
generate_password_hash uses scrypt by default. :issue:2769
Add the "werkzeug.profiler" item to the WSGI environ dictionary
passed to ProfilerMiddleware's filename_format function. It contains
the elapsed and time values for the profiled request. :issue:2775
Explicitly marked the PathConverter as non path isolating. :pr:2784

`v2.3.8`

Released 2023-11-08

Fix slow multipart parsing for large parts potentially enabling DoS
attacks.

`v2.3.7`

Released 2023-08-14

Use flit_core instead of setuptools as build backend.
Fix parsing of multipart bodies. :issue:2734
Adjust index of last newline in data start. :issue:2761
Parsing ints from header values strips spacing first. :issue:2734
Fix empty file streaming when testing. :issue:2740
Clearer error message when URL rule does not start with slash. :pr:2750
Accept q value can be a float without a decimal part. :issue:2751

`v2.3.6`

Released 2023-06-08

FileStorage.content_length does not fail if the form data did not provide a
value. :issue:2726

`v2.3.5`

Released 2023-06-07

Python 3.12 compatibility. :issue:2704
Fix handling of invalid base64 values in Authorization.from_header. :issue:2717
The debugger escapes the exception message in the page title. :pr:2719
When binding routing.Map, a long IDNA server_name with a port does not fail
encoding. :issue:2700
iri_to_uri shows a deprecation warning instead of an error when passing bytes.
:issue:2708
When parsing numbers in HTTP request headers such as Content-Length, only ASCII
digits are accepted rather than any format that Python's int and float
accept. :issue:2716

`v2.3.4`

Released 2023-05-08

Authorization.from_header and WWWAuthenticate.from_header detects tokens
that end with base64 padding (=). :issue:2685
Remove usage of warnings.catch_warnings. :issue:2690
Remove max_form_parts restriction from standard form data parsing and only use
if for multipart content. :pr:2694
Response will avoid converting the Location header in some cases to preserve
invalid URL schemes like itms-services. :issue:2691

`v2.3.3`

Released 2023-05-01

Fix parsing of large multipart bodies. Remove invalid leading newline, and restore
parsing speed. :issue:2658, 2675
The cookie Path attribute is set to / by default again, to prevent clients
from falling back to RFC 6265's default-path behavior. :issue:2672, 2679

`v2.3.2`

Released 2023-04-28

Parse the cookie Expires attribute correctly in the test client. :issue:2669
max_content_length can only be enforced on streaming requests if the server
sets wsgi.input_terminated. :issue:2668

`v2.3.1`

Released 2023-04-27

Percent-encode plus (+) when building URLs and in test requests. :issue:2657
Cookie values don't quote characters defined in RFC 6265. :issue:2659
Include pyi files for datastructures type annotations. :issue:2660
Authorization and WWWAuthenticate objects can be compared for equality.
:issue:2665

`v2.3.0`

Released 2023-04-25

Drop support for Python 3.7. :pr:2648
Remove previously deprecated code. :pr:2592
Passing bytes where strings are expected is deprecated, as well as the charset
and errors parameters in many places. Anywhere that was annotated, documented,
or tested to accept bytes shows a warning. Removing this artifact of the transition
from Python 2 to 3 removes a significant amount of overhead in instance checks and
encoding cycles. In general, always work with UTF-8, the modern HTML, URL, and HTTP
standards all strongly recommend this. :issue:2602
Deprecate the werkzeug.urls module, except for the uri_to_iri and
iri_to_uri functions. Use the urllib.parse library instead. :issue:2600
Update which characters are considered safe when using percent encoding in URLs,
based on the WhatWG URL Standard. :issue:2601
Update which characters are considered safe when using percent encoding for Unicode
filenames in downloads. :issue:2598
Deprecate the safe_conversion parameter of iri_to_uri. The Location
header is converted to IRI using the same process as everywhere else. :issue:2609
Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter. :pr:2613
Use modern packaging metadata with pyproject.toml instead of setup.cfg.
:pr:2574
Request.get_json() will raise a 415 Unsupported Media Type error if the
Content-Type header is not application/json, instead of a generic 400.
:issue:2550
A URL converter's part_isolating defaults to False if its regex contains
a /. :issue:2582
A custom converter's regex can have capturing groups without breaking the router.
:pr:2596
The reloader can pick up arguments to python like -X dev, and does not
require heuristics to determine how to reload the command. Only available
on Python >= 3.10. :issue:2589
The Watchdog reloader ignores file opened events. Bump the minimum version of
Watchdog to 2.3.0. :issue:2603
When using a Unix socket for the development server, the path can start with a dot.
:issue:2595
Increase default work factor for PBKDF2 to 600,000 iterations. :issue:2611
parse_options_header is 2-3 times faster. It conforms to :rfc:9110, some
invalid parts that were previously accepted are now ignored. :issue:1628
The is_filename parameter to unquote_header_value is deprecated. :pr:2614
Deprecate the extra_chars parameter and passing bytes to quote_header_value,
the allow_token parameter to dump_header, and the cls parameter and
passing bytes to parse_dict_header. :pr:2618
Improve parse_accept_header implementation. Parse according to :rfc:9110.
Discard items with invalid q values. :issue:1623
quote_header_value quotes the empty string. :pr:2618
dump_options_header skips None values rather than using a bare key.
:pr:2618
dump_header and dump_options_header will not quote a value if the key ends
with an asterisk *.
parse_dict_header will decode values with charsets. :pr:2618
Refactor the Authorization and WWWAuthenticate header data structures.
:issue:1769, :pr:2619
- Both classes have type, parameters, and token attributes. The
  token attribute supports auth schemes that use a single opaque token rather
  than key=value parameters, such as Bearer.
- Neither class is a dict anymore, although they still implement getting,
  setting, and deleting auth[key] and auth.key syntax, as well as
  auth.get(key) and key in auth.
- Both classes have a from_header class method. parse_authorization_header
  and parse_www_authenticate_header are deprecated.
- The methods WWWAuthenticate.set_basic and set_digest are deprecated.
  Instead, an instance should be created and assigned to
  response.www_authenticate.
- A list of instances can be assigned to response.www_authenticate to set
  multiple header values. However, accessing the property only returns the first
  instance.
Refactor parse_cookie and dump_cookie. :pr:2637
- parse_cookie is up to 40% faster, dump_cookie is up to 60% faster.
- Passing bytes to parse_cookie and dump_cookie is deprecated. The
  dump_cookie charset parameter is deprecated.
- dump_cookie allows domain values that do not include a dot ., and
  strips off a leading dot.
- dump_cookie does not set path="/" unnecessarily by default.
Refactor the test client cookie implementation. :issue:1060, 1680
- The cookie_jar attribute is deprecated. http.cookiejar is no longer used
  for storage.
- Domain and path matching is used when sending cookies in requests. The
  domain and path parameters default to localhost and /.
- Added a get_cookie method to inspect cookies.
- Cookies have decoded_key and decoded_value attributes to match what the
  app sees rather than the encoded values a client would see.
- The first positional server_name parameter to set_cookie and
  delete_cookie is deprecated. Use the domain parameter instead.
- Other parameters to delete_cookie besides domain, path, and
  value are deprecated.
If request.max_content_length is set, it is checked immediately when accessing
the stream, and while reading from the stream in general, rather than only during
form parsing. :issue:1513
The development server, which must not be used in production, will exhaust the
request stream up to 10GB or 1000 reads. This allows clients to see a 413 error if
max_content_length is exceeded, instead of a "connection reset" failure.
:pr:2620
The development server discards header keys that contain underscores _, as they
are ambiguous with dashes - in WSGI. :pr:2622
secure_filename looks for more Windows reserved file names. :pr:2623
Update type annotation for best_match to make default parameter clearer.
:issue:2625
Multipart parser handles empty fields correctly. :issue:2632
The Map charset parameter and Request.url_charset property are
deprecated. Percent encoding in URLs must always represent UTF-8 bytes. Invalid
bytes are left percent encoded rather than replaced. :issue:2602
The Request.charset, Request.encoding_errors, Response.charset, and
Client.charset attributes are deprecated. Request and response data must always
use UTF-8. :issue:2602
Header values that have charset information only allow ASCII, UTF-8, and ISO-8859-1.
:pr:2614, 2641
Update type annotation for ProfilerMiddleware stream parameter.
:issue:2642
Use postponed evaluation of annotations. :pr:2644
The development server escapes ASCII control characters in decoded URLs before
logging the request to the terminal. :pr:2652
The FormDataParser parse_functions attribute and get_parse_func method,
and the invalid application/x-url-encoded content type, are deprecated.
:pr:2653
generate_password_hash supports scrypt. Plain hash methods are deprecated, only
scrypt and pbkdf2 are supported. :issue:2654

`v2.2.3`

Released 2023-02-14

Ensure that URL rules using path converters will redirect with strict slashes when
the trailing slash is missing. :issue:2533
Type signature for get_json specifies that return type is not optional when
silent=False. :issue:2508
parse_content_range_header returns None for a value like bytes */-1
where the length is invalid, instead of raising an AssertionError. :issue:2531
Address remaining ResourceWarning related to the socket used by run_simple.
Remove prepare_socket, which now happens when creating the server. :issue:2421
Update pre-existing headers for multipart/form-data requests with the test
client. :issue:2549
Fix handling of header extended parameters such that they are no longer quoted.
:issue:2529
LimitedStream.read works correctly when wrapping a stream that may not return
the requested size in one read call. :issue:2558
A cookie header that starts with = is treated as an empty key and discarded,
rather than stripping the leading ==.
Specify a maximum number of multipart parts, default 1000, after which a
RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS
attack where a larger number of form/file parts would result in disproportionate
resource use.

`v2.2.2`

Released 2022-08-08

Fix router to restore the 2.1 strict_slashes == False behaviour
whereby leaf-requests match branch rules and vice
versa. :pr:2489
Fix router to identify invalid rules rather than hang parsing them,
and to correctly parse / within converter arguments. :pr:2489
Update subpackage imports in :mod:werkzeug.routing to use the
import as syntax for explicitly re-exporting public attributes.
:pr:2493
Parsing of some invalid header characters is more robust. :pr:2494
When starting the development server, a warning not to use it in a
production deployment is always shown. :issue:2480
LocalProxy.__wrapped__ is always set to the wrapped object when
the proxy is unbound, fixing an issue in doctest that would cause it
to fail. :issue:2485
Address one ResourceWarning related to the socket used by
run_simple. :issue:2421

`v2.2.1`

Released 2022-07-27

Fix router so that /path/ will match a rule /path if strict
slashes mode is disabled for the rule. :issue:2467
Fix router so that partial part matches are not allowed
i.e. /2df does not match /<int>. :pr:2470
Fix router static part weighting, so that simpler routes are matched
before more complex ones. :issue:2471
Restore ValidationError to be importable from
werkzeug.routing. :issue:2465

`v2.2.0`

Released 2022-07-23

Deprecated get_script_name, get_query_string,
peek_path_info, pop_path_info, and
extract_path_info. :pr:2461
Remove previously deprecated code. :pr:2461
Add MarkupSafe as a dependency and use it to escape values when
rendering HTML. :issue:2419
Added the werkzeug.debug.preserve_context mechanism for
restoring context-local data for a request when running code in the
debug console. :pr:2439
Fix compatibility with Python 3.11 by ensuring that end_lineno
and end_col_offset are present on AST nodes. :issue:2425
Add a new faster URL matching router based on a state machine. If a custom converter
needs to match a / it must set the class variable part_isolating = False.
:pr:2433
Fix branch leaf path masking branch paths when strict-slashes is
disabled. :issue:1074
Names within options headers are always converted to lowercase. This
matches :rfc:6266 that the case is not relevant. :issue:2442
AnyConverter validates the value passed for it when building
URLs. :issue:2388
The debugger shows enhanced error locations in tracebacks in Python
3.11. :issue:2407
Added Sans-IO is_resource_modified and parse_cookie functions
based on WSGI versions. :issue:2408
Added Sans-IO get_content_length function. :pr:2415
Don't assume a mimetype for test responses. :issue:2450
Type checking FileStorage accepts os.PathLike. :pr:2418

`v2.1.2`

Released 2022-04-28

The development server does not set Transfer-Encoding: chunked
for 1xx, 204, 304, and HEAD responses. :issue:2375
Response HTML for exceptions and redirects starts with
<!doctype html> and <html lang=en>. :issue:2390
Fix ability to set some cache_control attributes to False.
:issue:2379
Disable keep-alive connections in the development server, which
are not supported sufficiently by Python's http.server.
:issue:2397

`v2.1.1`

Released 2022-04-01

ResponseCacheControl.s_maxage converts its value to an int, like
max_age. :issue:2364

`v2.1.0`

Released 2022-03-28

Drop support for Python 3.6. :pr:2277
Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
werkzeug.locals and contextvars will not work correctly with
older versions. :pr:2278
Remove previously deprecated code. :pr:2276
- Remove the non-standard shutdown function from the WSGI
  environ when running the development server. See the docs for
  alternatives.
- Request and response mixins have all been merged into the
  Request and Response classes.
- The user agent parser and the useragents module is removed.
  The user_agent module provides an interface that can be
  subclassed to add a parser, such as ua-parser. By default it
  only stores the whole string.
- The test client returns TestResponse instances and can no
  longer be treated as a tuple. All data is available as
  properties on the response.
- Remove locals.get_ident and related thread-local code from
  locals, it no longer makes sense when moving to a
  contextvars-based implementation.
- Remove the python -m werkzeug.serving CLI.
- The has_key method on some mapping datastructures; use
  key in data instead.
- Request.disable_data_descriptor is removed, pass
  shallow=True instead.
- Remove the no_etag parameter from Response.freeze().
- Remove the HTTPException.wrap class method.
- Remove the cookie_date function. Use http_date instead.
- Remove the pbkdf2_hex, pbkdf2_bin, and safe_str_cmp
  functions. Use equivalents in hashlib and hmac modules
  instead.
- Remove the Href class.
- Remove the HTMLBuilder class.
- Remove the invalidate_cached_property function. Use
  del obj.attr instead.
- Remove bind_arguments and validate_arguments. Use
  :meth:Signature.bind and :func:inspect.signature instead.
- Remove detect_utf_encoding, it's built-in to json.loads.
- Remove format_string, use :class:string.Template instead.
- Remove escape and unescape. Use MarkupSafe instead.
The multiple parameter of parse_options_header is
deprecated. :pr:2357
Rely on :pep:538 and :pep:540 to handle decoding file names
with the correct filesystem encoding. The filesystem module is
removed. :issue:1760
Default values passed to Headers are validated the same way
values added later are. :issue:1608
Setting CacheControl int properties, such as max_age, will
convert the value to an int. :issue:2230
Always use socket.fromfd when restarting the dev server.
:pr:2287
When passing a dict of URL values to Map.build, list values do
not filter out None or collapse to a single value. Passing a
MultiDict does collapse single items. This undoes a previous
change that made it difficult to pass a list, or None values in
a list, to custom URL converters. :issue:2249
run_simple shows instructions for dealing with "address already
in use" errors, including extra instructions for macOS. :pr:2321
Extend list of characters considered always safe in URLs based on
:rfc:3986. :issue:2319
Optimize the stat reloader to avoid watching unnecessary files in
more cases. The watchdog reloader is still recommended for
performance and accuracy. :issue:2141
The development server uses Transfer-Encoding: chunked for
streaming responses when it is configured for HTTP/1.1.
:issue:2090, 1327, :pr:2091
The development server uses HTTP/1.1, which enables keep-alive
connections and chunked streaming responses, when threaded or
processes is enabled. :pr:2323
cached_property works for classes with __slots__ if a
corresponding _cache_{name} slot is added. :pr:2332
Refactor the debugger traceback formatter to use Python's built-in
traceback module as much as possible. :issue:1753
The TestResponse.text property is a shortcut for
r.get_data(as_text=True), for convenient testing against text
instead of bytes. :pr:2337
safe_join ensures that the path remains relative if the trusted
directory is the empty string. :pr:2349
Percent-encoded newlines (%0a), which are decoded by WSGI
servers, are considered when routing instead of terminating the
match early. :pr:2350
The test client doesn't set duplicate headers for CONTENT_LENGTH
and CONTENT_TYPE. :pr:2348
append_slash_redirect handles PATH_INFO with internal
slashes. :issue:1972, :pr:2338
The default status code for append_slash_redirect is 308 instead
of 301. This preserves the request body, and matches a previous
change to strict_slashes in routing. :issue:2351
Fix ValueError: I/O operation on closed file. with the test
client when following more than one redirect. :issue:2353
Response.autocorrect_location_header is disabled by default.
The Location header URL will remain relative, and exclude the
scheme and domain, by default. :issue:2352
Request.get_json() will raise a 400 BadRequest error if the
Content-Type header is not application/json. This makes a
very common source of confusion more visible. :issue:2339

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

balena-renovate bot added the renovate label

balena-renovate bot force-pushed the renovate/pypi-Werkzeug-vulnerability branch 8 times, most recently from fde5667 to 2808fcd Compare

May 6, 2025 20:54


          Update dependency Werkzeug to v3 [SECURITY]

ccdee04

Update Werkzeug from 2.0.3 to 3.0.6

Change-type: patch

balena-renovate bot force-pushed the renovate/pypi-Werkzeug-vulnerability branch from 2808fcd to ccdee04 Compare

May 6, 2025 21:53

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels