chore(deps): update dependency werkzeug to v3 [security] #375

renovate · 2024-08-06T07:38:01Z

This PR contains the following updates:

Package	Change	Age	Confidence
Werkzeug (changelog)	`==2.3.6` -> `==3.1.4`

GitHub Vulnerability Alerts

CVE-2023-46136

Werkzeug multipart data parser needs to find a boundary that may be between consecutive chunks. That's why parsing is based on looking for newline characters. Unfortunately, code looking for partial boundary in the buffer is written inefficiently, so if we upload a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer.

This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.

CVE-2024-34069

The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.

CVE-2024-49767

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.max_form_memory_size setting.

The Request.max_content_length setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.

CVE-2024-49766

On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.

CVE-2025-66221

Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.

Release Notes

pallets/werkzeug (Werkzeug)

`v3.1.4`

Compare Source

Released 2025-11-28

safe_join on Windows does not allow special device names. This prevents
reading from these when using send_from_directory. secure_filename
already prevented writing to these. :ghsa:hgf8-39gv-g3f2
The debugger pin fails after 10 attempts instead of 11. :pr:3020
The multipart form parser handles a \r\n sequence at a chunk boundary.
:issue:3065
Improve CPU usage during Watchdog reloader. :issue:3054
Request.json annotation is more accurate. :issue:3067
Traceback rendering handles when the line number is beyond the available
source lines. :issue:3044
HTTPException.get_response annotation and doc better conveys the
distinction between WSGI and sans-IO responses. :issue:3056

`v3.1.3`

Compare Source

Released 2024-11-08

Initial data passed to MultiDict and similar interfaces only accepts
list, tuple, or set when passing multiple values. It had been
changed to accept any Collection, but this matched types that should be
treated as single values, such as bytes. :issue:2994
When the Host header is not set and Request.host falls back to the
WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped
in [] to match the Host header. :issue:2993

`v3.1.2`

Compare Source

Released 2024-11-04

Improve type annotation for TypeConversionDict.get to allow the type
parameter to be a callable. :issue:2988
Headers does not inherit from MutableMapping, as it is does not
exactly match that interface. :issue:2989

`v3.1.1`

Compare Source

Released 2024-11-01

Fix an issue that caused str(Request.headers) to always appear empty.
:issue:2985

`v3.1.0`

Compare Source

Released 2024-10-31

Drop support for Python 3.8. :pr:2966
Remove previously deprecated code. :pr:2967
Request.max_form_memory_size defaults to 500kB instead of unlimited.
Non-file form fields over this size will cause a RequestEntityTooLarge
error. :issue:2964
OrderedMultiDict and ImmutableOrderedMultiDict are deprecated.
Use MultiDict and ImmutableMultiDict instead. :issue:2968
Behavior of properties on request.cache_control and
response.cache_control has been significantly adjusted.
- Dict values are always str | None. Setting properties will convert
  the value to a string. Setting a property to False is equivalent to
  setting it to None. Getting typed properties will return None if
  conversion raises ValueError, rather than the string. :issue:2980
- max_age is None if present without a value, rather than -1.
  :issue:2980
- no_cache is a boolean for requests, it is True instead of
  "*" when present. It remains a string for responses. :issue:2980
- max_stale is True if present without a value, rather
  than "*". :issue:2980
- no_transform is a boolean. Previously it was mistakenly always
  None. :issue:2881
- min_fresh is None if present without a value, rather than
  "*". :issue:2881
- private is True if present without a value, rather than "*".
  :issue:2980
- Added the must_understand property. :issue:2881
- Added the stale_while_revalidate, and stale_if_error
  properties. :issue:2948
- Type annotations more accurately reflect the values. :issue:2881
Support Cookie CHIPS (Partitioned Cookies). :issue:2797
Add 421 MisdirectedRequest HTTP exception. :issue:2850
Increase default work factor for PBKDF2 to 1,000,000 iterations.
:issue:2969
Inline annotations for datastructures, removing stub files.
:issue:2970
MultiDict.getlist catches TypeError in addition to ValueError
when doing type conversion. :issue:2976
Implement | and |= operators for MultiDict, Headers, and
CallbackDict, and disallow |= on immutable types. :issue:2977

`v3.0.6`

Compare Source

Released 2024-10-25

Fix how max_form_memory_size is applied when parsing large non-file
fields. :ghsa:q34m-jh98-gwm2
safe_join catches certain paths on Windows that were not caught by
ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

`v3.0.5`

Compare Source

Released 2024-10-24

The Watchdog reloader ignores file closed no write events. :issue:2945
Logging works with client addresses containing an IPv6 scope :issue:2952
Ignore invalid authorization parameters. :issue:2955
Improve type annotation fore SharedDataMiddleware. :issue:2958
Compatibility with Python 3.13 when generating debugger pin and the current
UID does not have an associated name. :issue:2957

`v3.0.4`

Compare Source

Released 2024-08-21

Restore behavior where parsing multipart/x-www-form-urlencoded data with
invalid UTF-8 bytes in the body results in no form data parsed rather than a
413 error. :issue:2930
Improve parse_options_header performance when parsing unterminated
quoted string values. :issue:2904
Debugger pin auth is synchronized across threads/processes when tracking
failed entries. :issue:2916
Dev server handles unexpected SSLEOFError due to issue in Python < 3.13.
:issue:2926
Debugger pin auth works when the URL already contains a query string.
:issue:2918

`v3.0.3`

Compare Source

Released 2024-05-05

Only allow localhost, .localhost, 127.0.0.1, or the specified
hostname when running the dev server, to make debugger requests. Additional
hosts can be added by using the debugger middleware directly. The debugger
UI makes requests using the full URL rather than only the path.
:ghsa:2g68-c3qc-8985
Make reloader more robust when "" is in sys.path. :pr:2823
Better TLS cert format with adhoc dev certs. :pr:2891
Inform Python < 3.12 how to handle itms-services URIs correctly, rather
than using an overly-broad workaround in Werkzeug that caused some redirect
URIs to be passed on without encoding. :issue:2828
Type annotation for Rule.endpoint and other uses of endpoint is
Any. :issue:2836
Make reloader more robust when "" is in sys.path. :pr:2823

`v3.0.2`

Compare Source

Released 2024-04-01

Ensure setting merge_slashes to False results in NotFound for
repeated-slash requests against single slash routes. :issue:2834
Fix handling of TypeError in TypeConversionDict.get() to match
ValueError. :issue:2843
Fix response_wrapper type check in test client. :issue:2831
Make the return type of MultiPartParser.parse more precise.
:issue:2840
Raise an error if converter arguments cannot be parsed. :issue:2822

`v3.0.1`

Compare Source

Released 2023-10-24

Fix slow multipart parsing for large parts potentially enabling DoS attacks.

`v3.0.0`

Compare Source

Released 2023-09-30

Remove previously deprecated code. :pr:2768
Deprecate the __version__ attribute. Use feature detection, or
importlib.metadata.version("werkzeug"), instead. :issue:2770
generate_password_hash uses scrypt by default. :issue:2769
Add the "werkzeug.profiler" item to the WSGI environ dictionary
passed to ProfilerMiddleware's filename_format function. It contains
the elapsed and time values for the profiled request. :issue:2775
Explicitly marked the PathConverter as non path isolating. :pr:2784