Update dependency aiohttp to v3.13.2 (!880) · Merge requests · Water Mission Area / Internet of Water / waterdataui

This MR contains the following updates:

Package	Type	Update	Change
aiohttp	dependencies	minor	`3.9.5` -> `3.13.2`

⚠️ Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

aio-libs/aiohttp (aiohttp)

Bug fixes

Fixed cookie parser to continue parsing subsequent cookies when encountering a malformed cookie that fails regex validation, such as Google's g_state cookie with unescaped quotes -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11632.
Fixed loading netrc credentials from the default :file:~/.netrc (:file:~/_netrc on Windows) location when the :envvar:NETRC environment variable is not set -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11713, :issue:11714.
Fixed WebSocket compressed sends to be cancellation safe. Tasks are now shielded during compression to prevent compressor state corruption. This ensures that the stateful compressor remains consistent even when send operations are cancelled -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11725.

Features

Make configuration options in AppRunner also available in run_app() -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:11633.

Bug fixes

Switched to backports.zstd for Python <3.14 and fixed zstd decompression for chunked zstd streams -- by :user:ZhaoMJ.

Note: Users who installed zstandard for support on Python <3.14 will now need to install backports.zstd instead (installing aiohttp[speedups] will do this automatically).

Related issues and pull requests on GitHub: :issue:11623.
Updated Content-Type header parsing to return application/octet-stream when header contains invalid syntax. See :rfc:9110#section-8.3-5.

-- by :user:sgaist.

Related issues and pull requests on GitHub: :issue:10889.
Fixed Python 3.14 support when built without zstd support -- by :user:JacobHenner.

Related issues and pull requests on GitHub: :issue:11603.
Fixed blocking I/O in the event loop when using netrc authentication by moving netrc file lookup to an executor -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11634.
Fixed routing to a sub-application added via .add_domain() not working if the same path exists on the parent app. -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:11673.

Packaging updates and notes for downstreams

Moved core packaging metadata from :file:setup.cfg to :file:pyproject.toml per :pep:621 -- by :user:cdce8p.

Related issues and pull requests on GitHub: :issue:9951.

Features

Added support for Python 3.14.

Related issues and pull requests on GitHub: :issue:10851, :issue:10872.
Added support for free-threading in Python 3.14+ -- by :user:kumaraditya303.

Related issues and pull requests on GitHub: :issue:11466, :issue:11464.
Added support for Zstandard (aka Zstd) compression -- by :user:KGuillaume-chaps.

Related issues and pull requests on GitHub: :issue:11161.
Added StreamReader.total_raw_bytes to check the number of bytes downloaded -- by :user:robpats.

Related issues and pull requests on GitHub: :issue:11483.

Bug fixes

Fixed pytest plugin to not use deprecated :py:mod:asyncio policy APIs.

Related issues and pull requests on GitHub: :issue:10851.
Updated Content-Disposition header parsing to handle trailing semicolons and empty parts -- by :user:PLPeeters.

Related issues and pull requests on GitHub: :issue:11243.
Fixed saved CookieJar failing to be loaded if cookies have partitioned flag when http.cookie does not have partitioned cookies supports. -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:11523.

Improved documentation

Added Wireup to third-party libraries -- by :user:maldoinc.

Related issues and pull requests on GitHub: :issue:11233.

Packaging updates and notes for downstreams

The blockbuster test dependency is now optional; the corresponding test fixture is disabled when it is unavailable -- by :user:musicinybrain.

Related issues and pull requests on GitHub: :issue:11363.
Added riscv64 build to releases -- by :user:eshattow.

Related issues and pull requests on GitHub: :issue:11425.

Contributor-facing changes

Fixed test_send_compress_text failing when alternative zlib implementation is used. (zlib-ng in python 3.14 windows build) -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:11546.

Bug fixes

Fixed :class:~aiohttp.DigestAuthMiddleware to preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expecting algorithm=MD5-sess instead of algorithm=MD5-SESS) -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11352.

Improved documentation

Remove outdated contents of aiohttp-devtools and aiohttp-swagger from Web_advanced docs. -- by :user:Cycloctane

Related issues and pull requests on GitHub: :issue:11347.

Packaging updates and notes for downstreams

Started including the llhttp :file:LICENSE file in wheels by adding vendor/llhttp/LICENSE to license-files in :file:setup.cfg -- by :user:threexc.

Related issues and pull requests on GitHub: :issue:11226.

Contributor-facing changes

Updated a regex in test_aiohttp_request_coroutine for Python 3.14.

Related issues and pull requests on GitHub: :issue:11271.

Bug fixes

Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:9110#section-15.4.3-3.1 -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11270.
Fixed :py:meth:ClientSession.close() <aiohttp.ClientSession.close> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11273.
Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:11280.

Features

Added initial trailer parsing logic to Python HTTP parser -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:11269.

Improved documentation

Clarified exceptions raised by WebSocketResponse.send_frame et al. -- by :user:DoctorJohn.

Related issues and pull requests on GitHub: :issue:11234.

Bug fixes

Fixed auto-created :py:class:~aiohttp.TCPConnector not using the session's event loop when :py:class:~aiohttp.ClientSession is created without an explicit connector -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11147.

Bug fixes

Fixed cookie unquoting to properly handle octal escape sequences in cookie values (e.g., \012 for newline) by vendoring the correct _unquote implementation from Python's http.cookies module -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11173.
Fixed Cookie header parsing to treat attribute names as regular cookies per :rfc:6265#section-5.4 -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11178.

Features

Improved SSL connection handling by changing the default ssl_shutdown_timeout from 0.1 to 0 seconds. SSL connections now use Python's default graceful shutdown during normal operation but are aborted immediately when the connector is closed, providing optimal behavior for both cases. Also added support for ssl_shutdown_timeout=0 on all Python versions. Previously, this value was rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on Python < 3.11 now trigger a RuntimeWarning -- by :user:bdraco.

The ssl_shutdown_timeout parameter is now deprecated and will be removed in aiohttp 4.0 as there is no clear use case for changing the default.

Related issues and pull requests on GitHub: :issue:11148.

Deprecations (removal in next major release)

Improved SSL connection handling by changing the default ssl_shutdown_timeout from 0.1 to 0 seconds. SSL connections now use Python's default graceful shutdown during normal operation but are aborted immediately when the connector is closed, providing optimal behavior for both cases. Also added support for ssl_shutdown_timeout=0 on all Python versions. Previously, this value was rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on Python < 3.11 now trigger a RuntimeWarning -- by :user:bdraco.

The ssl_shutdown_timeout parameter is now deprecated and will be removed in aiohttp 4.0 as there is no clear use case for changing the default.

Related issues and pull requests on GitHub: :issue:11148.

Bug fixes

Fixed leak of aiodns.DNSResolver when :py:class:~aiohttp.TCPConnector is closed and no resolver was passed when creating the connector -- by :user:Tasssadar.

This was a regression introduced in version 3.12.0 (🇵🇷10897).

Related issues and pull requests on GitHub: :issue:11150.

Bug fixes

Fixed IOBasePayload and TextIOPayload reading entire files into memory when streaming large files -- by :user:bdraco.

When using file-like objects with the aiohttp client, the entire file would be read into memory if the file size was provided in the Content-Length header. This could cause out-of-memory errors when uploading large files. The payload classes now correctly read data in chunks of READ_SIZE (64KB) regardless of the total content length.

Related issues and pull requests on GitHub: :issue:11138.

Features

Added preemptive digest authentication to :class:~aiohttp.DigestAuthMiddleware -- by :user:bdraco.

The middleware now reuses authentication credentials for subsequent requests to the same protection space, improving efficiency by avoiding extra authentication round trips. This behavior matches how web browsers handle digest authentication and follows :rfc:7616#section-3.6.

Preemptive authentication is enabled by default but can be disabled by passing preemptive=False to the middleware constructor.

Related issues and pull requests on GitHub: :issue:11128, :issue:11129.

`v3.12.7`

Compare Source

===================

.. warning::

This release fixes an issue where the quote_cookie parameter was not being properly respected for shared cookies (domain="", path=""). If your server does not handle quoted cookies correctly, you may need to disable cookie quoting by setting quote_cookie=False when creating your :class:~aiohttp.ClientSession or :class:~aiohttp.CookieJar. See :ref:aiohttp-client-cookie-quoting-routine for details.

Bug fixes

Fixed cookie parsing to be more lenient when handling cookies with special characters in names or values. Cookies with characters like {, }, and / in names are now accepted instead of causing a :exc:~http.cookies.CookieError and 500 errors. Additionally, cookies with mismatched quotes in values are now parsed correctly, and quoted cookie values are now handled consistently whether or not they include special attributes like Domain. Also fixed :class:~aiohttp.CookieJar to ensure shared cookies (domain="", path="") respect the quote_cookie parameter, making cookie quoting behavior consistent for all cookies -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:2683, :issue:5397, :issue:7993, :issue:11112.
Fixed an issue where cookies with duplicate names but different domains or paths were lost when updating the cookie jar. The :class:~aiohttp.ClientSession cookie jar now correctly stores all cookies even if they have the same name but different domain or path, following the :rfc:6265#section-5.3 storage model -- by :user:bdraco.

Note that :attr:ClientResponse.cookies <aiohttp.ClientResponse.cookies> returns a :class:~http.cookies.SimpleCookie which uses the cookie name as a key, so only the last cookie with each name is accessible via this interface. All cookies can be accessed via :meth:ClientResponse.headers.getall('Set-Cookie') <multidict.MultiDictProxy.getall> if needed.

Related issues and pull requests on GitHub: :issue:4486, :issue:11105, :issue:11106.

Miscellaneous internal changes

Avoided creating closed futures in ResponseHandler that will never be awaited -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11107.
Downgraded the logging level for connector close errors from ERROR to DEBUG, as these are expected behavior with TLS 1.3 connections -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11114.

`v3.12.6`

Compare Source

===================

Bug fixes

Fixed spurious "Future exception was never retrieved" warnings for connection lost errors when the connector is not closed -- by :user:bdraco.

When connections are lost, the exception is now marked as retrieved since it is always propagated through other means, preventing unnecessary warnings in logs.

Related issues and pull requests on GitHub: :issue:11100.

`v3.12.4`

Compare Source

===================

Bug fixes

Fixed connector not waiting for connections to close before returning from :meth:~aiohttp.BaseConnector.close (partial backport of 🇵🇷3733) -- by :user:atemate and :user:bdraco.

Related issues and pull requests on GitHub: :issue:1925, :issue:11074.

`v3.12.3`

Compare Source

===================

Bug fixes

Fixed memory leak in :py:meth:~aiohttp.CookieJar.filter_cookies that caused unbounded memory growth when making requests to different URL paths -- by :user:bdraco and :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:11052, :issue:11054.

`v3.12.2`

Compare Source

===================

Bug fixes

Fixed Content-Length header not being set to 0 for non-GET requests with None body -- by :user:bdraco.

Non-GET requests (POST, PUT, PATCH, DELETE) with None as the body now correctly set the Content-Length header to 0, matching the behavior of requests with empty bytes (b""). This regression was introduced in aiohttp 3.12.1.

Related issues and pull requests on GitHub: :issue:11035.

`v3.12.1`

Compare Source

====================

Bug fixes

Fixed :class:~aiohttp.DigestAuthMiddleware to preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expecting algorithm=MD5-sess instead of algorithm=MD5-SESS) -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:11352.

Improved documentation

Remove outdated contents of aiohttp-devtools and aiohttp-swagger from Web_advanced docs. -- by :user:Cycloctane

Related issues and pull requests on GitHub: :issue:11347.

Packaging updates and notes for downstreams

Started including the llhttp :file:LICENSE file in wheels by adding vendor/llhttp/LICENSE to license-files in :file:setup.cfg -- by :user:threexc.

Related issues and pull requests on GitHub: :issue:11226.

Contributor-facing changes

Updated a regex in test_aiohttp_request_coroutine for Python 3.14.

Related issues and pull requests on GitHub: :issue:11271.

`v3.12.0`

Compare Source

===================

Bug fixes

Fixed :py:attr:~aiohttp.web.WebSocketResponse.prepared property to correctly reflect the prepared state, especially during timeout scenarios -- by :user:bdraco

Related issues and pull requests on GitHub: :issue:6009, :issue:10988.
Response is now always True, instead of using MutableMapping behaviour (False when map is empty)

Related issues and pull requests on GitHub: :issue:10119.
Fixed connection reuse for file-like data payloads by ensuring buffer truncation respects content-length boundaries and preventing premature connection closure race -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10325, :issue:10915, :issue:10941, :issue:10943.
Fixed pytest plugin to not use deprecated :py:mod:asyncio policy APIs.

Related issues and pull requests on GitHub: :issue:10851.
Fixed :py:class:~aiohttp.resolver.AsyncResolver not using the loop argument in versions 3.x where it should still be supported -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10951.

Features

Added a comprehensive HTTP Digest Authentication client middleware (DigestAuthMiddleware) that implements RFC 7616. The middleware supports all standard hash algorithms (MD5, SHA, SHA-256, SHA-512) with session variants, handles both 'auth' and 'auth-int' quality of protection options, and automatically manages the authentication flow by intercepting 401 responses and retrying with proper credentials -- by :user:feus4177, :user:TimMenninger, and :user:bdraco.

Related issues and pull requests on GitHub: :issue:2213, :issue:10725.
Added client middleware support -- by :user:bdraco and :user:Dreamsorcerer.

This change allows users to add middleware to the client session and requests, enabling features like authentication, logging, and request/response modification without modifying the core request logic. Additionally, the session attribute was added to ClientRequest, allowing middleware to access the session for making additional requests.

Related issues and pull requests on GitHub: :issue:9732, :issue:10902, :issue:10945, :issue:10952, :issue:10959, :issue:10968.
Allow user setting zlib compression backend -- by :user:TimMenninger

This change allows the user to call :func:aiohttp.set_zlib_backend() with the zlib compression module of their choice. Default behavior continues to use the builtin zlib library.

Related issues and pull requests on GitHub: :issue:9798.
Added support for overriding the base URL with an absolute one in client sessions -- by :user:vivodi.

Related issues and pull requests on GitHub: :issue:10074.
Added host parameter to aiohttp_server fixture -- by :user:christianwbrock.

Related issues and pull requests on GitHub: :issue:10120.
Detect blocking calls in coroutines using BlockBuster -- by :user:cbornet.

Related issues and pull requests on GitHub: :issue:10433.
Added socket_factory to :py:class:aiohttp.TCPConnector to allow specifying custom socket options -- by :user:TimMenninger.

Related issues and pull requests on GitHub: :issue:10474, :issue:10520, :issue:10961, :issue:10962.
Started building armv7l manylinux wheels -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10797.
Implemented shared DNS resolver management to fix excessive resolver object creation when using multiple client sessions. The new _DNSResolverManager singleton ensures only one DNSResolver object is created for default configurations, significantly reducing resource usage and improving performance for applications using multiple client sessions simultaneously -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10847, :issue:10923, :issue:10946.
Upgraded to LLHTTP 9.3.0 -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:10972.
Optimized small HTTP requests/responses by coalescing headers and body into a single TCP packet -- by :user:bdraco.

This change enhances network efficiency by reducing the number of packets sent for small HTTP payloads, improving latency and reducing overhead. Most importantly, this fixes compatibility with memory-constrained IoT devices that can only perform a single read operation and expect HTTP requests in one packet. The optimization uses zero-copy writelines when coalescing data and works with both regular and chunked transfer encoding.

When aiohttp uses client middleware to communicate with an aiohttp server, connection reuse is more likely to occur since complete responses arrive in a single packet for small payloads.

This aligns aiohttp with other popular HTTP clients that already coalesce small requests.

Related issues and pull requests on GitHub: :issue:10991.

Improved documentation

Improved documentation for middleware by adding warnings and examples about request body stream consumption. The documentation now clearly explains that request body streams can only be read once and provides best practices for sharing parsed request data between middleware and handlers -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:2914.

Packaging updates and notes for downstreams

Removed non SPDX-license description from setup.cfg -- by :user:devanshu-ziphq.

Related issues and pull requests on GitHub: :issue:10662.
Added support for building against system llhttp library -- by :user:mgorny.

This change adds support for :envvar:AIOHTTP_USE_SYSTEM_DEPS environment variable that can be used to build aiohttp against the system install of the llhttp library rather than the vendored one.

Related issues and pull requests on GitHub: :issue:10759.
aiodns is now installed on Windows with speedups extra -- by :user:bdraco.

As of aiodns 3.3.0, SelectorEventLoop is no longer required when using pycares 4.7.0 or later.

Related issues and pull requests on GitHub: :issue:10823.
Fixed compatibility issue with Cython 3.1.1 -- by :user:bdraco

Related issues and pull requests on GitHub: :issue:10877.

Contributor-facing changes

Sped up tests by disabling blockbuster fixture for test_static_file_huge and test_static_file_huge_cancel tests -- by :user:dikos1337.

Related issues and pull requests on GitHub: :issue:9705, :issue:10761.
Updated tests to avoid using deprecated :py:mod:asyncio policy APIs and make it compatible with Python 3.14.

Related issues and pull requests on GitHub: :issue:10851.
Added Winloop to test suite to support in the future -- by :user:Vizonex.

Related issues and pull requests on GitHub: :issue:10922.

Miscellaneous internal changes

Added support for the partitioned attribute in the set_cookie method.

Related issues and pull requests on GitHub: :issue:9870.
Setting :attr:aiohttp.web.StreamResponse.last_modified to an unsupported type will now raise :exc:TypeError instead of silently failing -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10146.

`v3.11.18`

Compare Source

====================

Bug fixes

Disabled TLS in TLS warning (when using HTTPS proxies) for uvloop and newer Python versions -- by :user:lezgomatt.

Related issues and pull requests on GitHub: :issue:7686.
Fixed reading fragmented WebSocket messages when the payload was masked -- by :user:bdraco.

The problem first appeared in 3.11.17

Related issues and pull requests on GitHub: :issue:10764.

`v3.11.17`

Compare Source

====================

Miscellaneous internal changes

Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10713.
Improved web server performance when connection can be reused -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10714.
Improved performance of the WebSocket reader -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10740.
Improved performance of the WebSocket reader with large messages -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10744.

`v3.11.16`

Compare Source

====================

Bug fixes

Replaced deprecated asyncio.iscoroutinefunction with its counterpart from inspect -- by :user:layday.

Related issues and pull requests on GitHub: :issue:10634.
Fixed :class:multidict.CIMultiDict being mutated when passed to :class:aiohttp.web.Response -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10672.

`v3.11.15`

Compare Source

====================

Bug fixes

Reverted explicitly closing sockets if an exception is raised during create_connection -- by :user:bdraco.

This change originally appeared in aiohttp 3.11.13

Related issues and pull requests on GitHub: :issue:10464, :issue:10617, :issue:10656.

Miscellaneous internal changes

Improved performance of WebSocket buffer handling -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10601.
Improved performance of serializing headers -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10625.

`v3.11.14`

Compare Source

====================

Bug fixes

Fixed an issue where dns queries were delayed indefinitely when an exception occurred in a trace.send_dns_cache_miss -- by :user:logioniz.

Related issues and pull requests on GitHub: :issue:10529.
Fixed DNS resolution on platforms that don't support socket.AI_ADDRCONFIG -- by :user:maxbachmann.

Related issues and pull requests on GitHub: :issue:10542.
The connector now raises :exc:aiohttp.ClientConnectionError instead of :exc:OSError when failing to explicitly close the socket after :py:meth:asyncio.loop.create_connection fails -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10551.
Break cyclic references at connection close when there was a traceback -- by :user:bdraco.

Special thanks to :user:availov for reporting the issue.

Related issues and pull requests on GitHub: :issue:10556.
Break cyclic references when there is an exception handling a request -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10569.

Features

Improved logging on non-overlapping WebSocket client protocols to include the remote address -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10564.

Miscellaneous internal changes

Improved performance of parsing content types by adding a cache in the same manner currently done with mime types -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10552.

`v3.11.13`

Compare Source

====================

Bug fixes

Removed a break statement inside the finally block in :py:class:~aiohttp.web.RequestHandler -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:10434.
Changed connection creation to explicitly close sockets if an exception is raised in the event loop's create_connection method -- by :user:top-oai.

Related issues and pull requests on GitHub: :issue:10464.

Packaging updates and notes for downstreams

Fixed test test_write_large_payload_deflate_compression_data_in_eof_writelines failing with Python 3.12.9+ or 3.13.2+ -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10423.

Miscellaneous internal changes

Added human-readable error messages to the exceptions for WebSocket disconnects due to PONG not being received -- by :user:bdraco.

Previously, the error messages were empty strings, which made it hard to determine what went wrong.

Related issues and pull requests on GitHub: :issue:10422.

`v3.11.12`

Compare Source

====================

Bug fixes

MultipartForm.decode() now follows RFC1341 7.2.1 with a CRLF after the boundary -- by :user:imnotjames.

Related issues and pull requests on GitHub: :issue:10270.
Restored the missing total_bytes attribute to EmptyStreamReader -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10387.

Features

Updated :py:func:~aiohttp.request to make it accept _RequestOptions kwargs. -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:10300.
Improved logging of HTTP protocol errors to include the remote address -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10332.

Improved documentation

Added aiohttp-openmetrics to list of third-party libraries -- by :user:jelmer.

Related issues and pull requests on GitHub: :issue:10304.

Packaging updates and notes for downstreams

Added missing files to the source distribution to fix Makefile targets. Added a cythonize-nodeps target to run Cython without invoking pip to install dependencies.

Related issues and pull requests on GitHub: :issue:10366.
Started building armv7l musllinux wheels -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10404.

Contributor-facing changes

The CI/CD workflow has been updated to use upload-artifact v4 and download-artifact v4 GitHub Actions -- by :user:silamon.

Related issues and pull requests on GitHub: :issue:10281.

Miscellaneous internal changes

Restored support for zero copy writes when using Python 3.12 versions 3.12.9 and later or Python 3.13.2+ -- by :user:bdraco.

Zero copy writes were previously disabled due to :cve:2024-12254 which is resolved in these Python versions.

Related issues and pull requests on GitHub: :issue:10137.

`v3.11.11`

Compare Source

====================

Bug fixes

Updated :py:meth:~aiohttp.ClientSession.request to reuse the quote_cookie setting from ClientSession._cookie_jar when processing cookies parameter. -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:10093.
Fixed type of SSLContext for some static type checkers (e.g. pyright).

Related issues and pull requests on GitHub: :issue:10099.
Updated :meth:aiohttp.web.StreamResponse.write annotation to also allow :class:bytearray and :class:memoryview as inputs -- by :user:cdce8p.

Related issues and pull requests on GitHub: :issue:10154.
Fixed a hang where a connection previously used for a streaming download could be returned to the pool in a paused state. -- by :user:javitonino.

Related issues and pull requests on GitHub: :issue:10169.

Features

Enabled ALPN on default SSL contexts. This improves compatibility with some proxies which don't work without this extension. -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:10156.

Miscellaneous internal changes

Fixed an infinite loop that can occur when using aiohttp in combination with async-solipsism_ -- by :user:bmerry.

.. _async-solipsism: https://github.com/bmerry/async-solipsism

Related issues and pull requests on GitHub: :issue:10149.

`v3.11.10`

Compare Source

====================

Bug fixes

Fixed race condition in :class:aiohttp.web.FileResponse that could have resulted in an incorrect response if the file was replaced on the file system during prepare -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10101, :issue:10113.
Replaced deprecated call to :func:mimetypes.guess_type with :func:mimetypes.guess_file_type when using Python 3.13+ -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10102.
Disabled zero copy writes in the StreamWriter -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10125.

`v3.11.9`

Compare Source

===================

Bug fixes

Fixed invalid method logging unexpected being logged at exception level on subsequent connections -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10055, :issue:10076.

Miscellaneous internal changes

Improved performance of parsing headers when using the C parser -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10073.

`v3.11.8`

Compare Source

===================

Miscellaneous internal changes

Improved performance of creating :class:aiohttp.ClientResponse objects when there are no cookies -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10029.
Improved performance of creating :class:aiohttp.ClientResponse objects -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10030.
Improved performances of creating objects during the HTTP request lifecycle -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10037.
Improved performance of constructing :class:aiohttp.web.Response with headers -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10043.
Improved performance of making requests when there are no auto headers to skip -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10049.
Downgraded logging of invalid HTTP method exceptions on the first request to debug level -- by :user:bdraco.

HTTP requests starting with an invalid method are relatively common, especially when connected to the public internet, because browsers or other clients may try to speak SSL to a plain-text server or vice-versa. These exceptions can quickly fill the log with noise when nothing is wrong.

Related issues and pull requests on GitHub: :issue:10055.

`v3.11.7`

Compare Source

===================

Bug fixes

Fixed the HTTP client not considering the connector's force_close value when setting the Connection header -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10003.

Miscellaneous internal changes

Improved performance of serializing HTTP headers -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:10014.

`v3.11.6`

Compare Source

===================

Bug fixes

Restored the force_close method to the ResponseHandler -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9997.

`v3.11.5`

Compare Source

===================

Bug fixes

Fixed the ANY method not appearing in :meth:~aiohttp.web.UrlDispatcher.routes -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9899, :issue:9987.

`v3.11.4`

Compare Source

===================

Bug fixes

Fixed StaticResource not allowing the OPTIONS method after calling set_options_route -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9972, :issue:9975, :issue:9976.

Miscellaneous internal changes

Improved performance of creating web responses when there are no cookies -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9895.

`v3.11.3`

Compare Source

===================

Bug fixes

Removed non-existing __author__ from dir(aiohttp) -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9918.
Restored the FlowControlDataQueue class -- by :user:bdraco.

This class is no longer used internally, and will be permanently removed in the next major version.

Related issues and pull requests on GitHub: :issue:9963.

Miscellaneous internal changes

Improved performance of resolving resources when multiple methods are registered for the same route -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9899.

`v3.11.2`

Compare Source

===================

Bug fixes

Fixed improperly closed WebSocket connections generating an unhandled exception -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9883.

`v3.11.1`

Compare Source

====================

Bug fixes

Disabled TLS in TLS warning (when using HTTPS proxies) for uvloop and newer Python versions -- by :user:lezgomatt.

Related issues and pull requests on GitHub: :issue:7686.
Fixed reading fragmented WebSocket messages when the payload was masked -- by :user:bdraco.

The problem first appeared in 3.11.17

Related issues and pull requests on GitHub: :issue:10764.

`v3.11.0`

Compare Source

===================

Bug fixes

Raise :exc:aiohttp.ServerFingerprintMismatch exception on client-side if request through http proxy with mismatching server fingerprint digest: aiohttp.ClientSession(headers=headers, connector=TCPConnector(ssl=aiohttp.Fingerprint(mismatch_digest), trust_env=True).request(...) -- by :user:gangj.

Related issues and pull requests on GitHub: :issue:6652.
Modified websocket :meth:aiohttp.ClientWebSocketResponse.receive_str, :py:meth:aiohttp.ClientWebSocketResponse.receive_bytes, :py:meth:aiohttp.web.WebSocketResponse.receive_str & :py:meth:aiohttp.web.WebSocketResponse.receive_bytes methods to raise new :py:exc:aiohttp.WSMessageTypeError exception, instead of generic :py:exc:TypeError, when websocket messages of incorrect types are received -- by :user:ara-25.

Related issues and pull requests on GitHub: :issue:6800.
Made TestClient.app a Generic so type checkers will know the correct type (avoiding unneeded client.app is not None checks) -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8977.
Fixed the keep-alive connection pool to be FIFO instead of LIFO -- by :user:bdraco.

Keep-alive connections are more likely to be reused before they disconnect.

Related issues and pull requests on GitHub: :issue:9672.

Features

Added strategy parameter to :meth:aiohttp.web.StreamResponse.enable_compression The value of this parameter is passed to the :func:zlib.compressobj function, allowing people to use a more sufficient compression algorithm for their data served by :mod:aiohttp.web -- by :user:shootkin

Related issues and pull requests on GitHub: :issue:6257.
Added server_hostname parameter to ws_connect.

Related issues and pull requests on GitHub: :issue:7941.
Exported :py:class:~aiohttp.ClientWSTimeout to top-level namespace -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8612.
Added secure/httponly/samesite parameters to .del_cookie() -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8956.
Updated :py:class:~aiohttp.ClientSession's auth logic to include default auth only if the request URL's origin matches _base_url; otherwise, the auth will not be included -- by :user:MaximZemskov

Related issues and pull requests on GitHub: :issue:8966, :issue:9466.
Added proxy and proxy_auth parameters to :py:class:~aiohttp.ClientSession -- by :user:meshya.

Related issues and pull requests on GitHub: :issue:9207.
Added default_to_multipart parameter to FormData.

Related issues and pull requests on GitHub: :issue:9335.
Added :py:meth:~aiohttp.ClientWebSocketResponse.send_frame and :py:meth:~aiohttp.web.WebSocketResponse.send_frame for WebSockets -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9348.
Updated :py:class:~aiohttp.ClientSession to support paths in base_url parameter. base_url paths must end with a / -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:9530.
Improved performance of reading WebSocket messages with a Cython implementation -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9543, :issue:9554, :issue:9556, :issue:9558, :issue:9636, :issue:9649, :issue:9781.
Added writer_limit to the :py:class:~aiohttp.web.WebSocketResponse to be able to adjust the limit before the writer forces the buffer to be drained -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9572.
Added an :attr:~aiohttp.abc.AbstractAccessLogger.enabled property to :class:aiohttp.abc.AbstractAccessLogger to dynamically check if logging is enabled -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9822.

Deprecations (removal in next major release)

Deprecate obsolete timeout: float and receive_timeout: Optional[float] in :py:meth:~aiohttp.ClientSession.ws_connect. Change default websocket receive timeout from None to 10.0.

Related issues and pull requests on GitHub: :issue:3945.

Removals and backward incompatible breaking changes

Dropped support for Python 3.8 -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8797.
Increased minimum yarl version to 1.17.0 -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8909, :issue:9079, :issue:9305, :issue:9574.
Removed the is_ipv6_address and is_ip4_address helpers are they are no longer used -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9344.
Changed ClientRequest.connection_key to be a NamedTuple to improve client performance -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9365.
FlowControlDataQueue has been replaced with the WebSocketDataQueue -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9685.
Changed ClientRequest.request_info to be a NamedTuple to improve client performance -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9692.

Packaging updates and notes for downstreams

Switched to using the :mod:propcache <propcache.api> package for property caching -- by :user:bdraco.

The :mod:propcache <propcache.api> package is derived from the property caching code in :mod:yarl and has been broken out to avoid maintaining it for multiple projects.

Related issues and pull requests on GitHub: :issue:9394.
Separated aiohttp.http_websocket into multiple files to make it easier to maintain -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9542, :issue:9552.

Contributor-facing changes

Changed diagram images generator from blockdiag to GraphViz. Generating documentation now requires the GraphViz executable to be included in $PATH or sphinx build configuration.

Related issues and pull requests on GitHub: :issue:9359.

Miscellaneous internal changes

Added flake8 settings to avoid some forms of implicit concatenation. -- by :user:booniepepper.

Related issues and pull requests on GitHub: :issue:7731.
Enabled keep-alive support on proxies (which was originally disabled several years ago) -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8920.
Changed web entry point to not listen on TCP when only a Unix path is passed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9033.
Disabled automatic retries of failed requests in :class:aiohttp.test_utils.TestClient's client session (which could potentially hide errors in tests) -- by :user:ShubhAgarwal-dev.

Related issues and pull requests on GitHub: :issue:9141.
Changed web keepalive_timeout default to around an hour in order to reduce race conditions on reverse proxies -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9285.
Reduced memory required for stream objects created during the client request lifecycle -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9407.
Improved performance of the internal DataQueue -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9659.
Improved performance of calling receive for WebSockets for the most common message types -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9679.
Replace internal helper methods method_must_be_empty_body and status_code_must_be_empty_body with simple set lookups -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9722.
Improved performance of :py:class:aiohttp.BaseConnector when there is no limit_per_host -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9756.
Improved performance of sending HTTP requests when there is no body -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9757.
Improved performance of the WebsocketWriter when the protocol is not paused -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9796.
Implemented zero copy writes for StreamWriter -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9839.

`v3.10.11`

Compare Source

====================

Bug fixes

Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

Related issues and pull requests on GitHub: :issue:9436.
Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

Related issues and pull requests on GitHub: :issue:9506.
Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

The connector was not cancellation-safe.

Related issues and pull requests on GitHub: :issue:9670, :issue:9671.
Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9686.
Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9851.
Fixed system routes polluting the middleware cache -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9852.

Removals and backward incompatible breaking changes

Improved performance of the connector when a connection can be reused -- by :user:bdraco.

If BaseConnector.connect has been subclassed and replaced with custom logic, the ceil_timeout must be added.

Related issues and pull requests on GitHub: :issue:9600.

Miscellaneous internal changes

Improved performance of the client request lifecycle when there are no cookies -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9470.
Improved performance of sending client requests when the writer can finish synchronously -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9485.
Improved performance of serializing HTTP headers -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9603.
Passing enable_cleanup_closed to :py:class:aiohttp.TCPConnector is now ignored on Python 3.12.7+ and 3.13.1+ since the underlying bug that caused asyncio to leak SSL connections has been fixed upstream -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9726, :issue:9736.

`v3.10.10`

Compare Source

====================

Bug fixes

Fixed error messages from :py:class:~aiohttp.resolver.AsyncResolver being swallowed -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9451, :issue:9455.

Features

Added :exc:aiohttp.ClientConnectorDNSError for differentiating DNS resolution errors from other connector errors -- by :user:mstojcevich.

Related issues and pull requests on GitHub: :issue:8455.

Miscellaneous internal changes

Simplified DNS resolution throttling code to reduce chance of race conditions -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9454.

`v3.10.9`

Compare Source

===================

Bug fixes

Fixed proxy headers being used in the ConnectionKey hash when a proxy was not being used -- by :user:bdraco.

If default headers are used, they are also used for proxy headers. This could have led to creating connections that were not needed when one was already available.

Related issues and pull requests on GitHub: :issue:9368.
Widened the type of the trace_request_ctx parameter of :meth:ClientSession.request() <aiohttp.ClientSession.request> and friends -- by :user:layday.

Related issues and pull requests on GitHub: :issue:9397.

Removals and backward incompatible breaking changes

Fixed failure to try next host after single-host connection timeout -- by :user:brettdh.

The default client :class:aiohttp.ClientTimeout params has changed to include a sock_connect timeout of 30 seconds so that this correct behavior happens by default.

Related issues and pull requests on GitHub: :issue:7342.

Miscellaneous internal changes

Improved performance of resolving hosts with Python 3.12+ -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9342.
Reduced memory required for timer objects created during the client request lifecycle -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9406.

`v3.10.8`

Compare Source

===================

Bug fixes

Fixed cancellation leaking upwards on timeout -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9326.

`v3.10.7`

Compare Source

===================

Bug fixes

Fixed assembling the :class:~yarl.URL for web requests when the host contains a non-default port or IPv6 address -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9309.

Miscellaneous internal changes

Improved performance of determining if a URL is absolute -- by :user:bdraco.

The property :attr:~yarl.URL.absolute is more performant than the method URL.is_absolute() and preferred when newer versions of yarl are used.

Related issues and pull requests on GitHub: :issue:9171.
Replaced code that can now be handled by yarl -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9301.

`v3.10.6`

Compare Source

===================

Bug fixes

Added :exc:aiohttp.ClientConnectionResetError. Client code that previously threw :exc:ConnectionResetError will now throw this -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9137.
Fixed an unclosed transport ResourceWarning on web handlers -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8875.
Fixed resolve_host() 'Task was destroyed but is pending' errors -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8967.
Fixed handling of some file-like objects (e.g. tarfile.extractfile()) which raise AttributeError instead of OSError when fileno fails for streaming payload data -- by :user:ReallyReivax.

Related issues and pull requests on GitHub: :issue:6732.
Fixed web router not matching pre-encoded URLs (requires yarl 1.9.6+) -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8898, :issue:9267.
Fixed an error when trying to add a route for multiple methods with a path containing a regex pattern -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8998.
Fixed Response.text when body is a Payload -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:6485.
Fixed compressed requests failing when no body was provided -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9108.
Fixed client incorrectly reusing a connection when the previous message had not been fully sent -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8992.
Fixed race condition that could cause server to close connection incorrectly at keepalive timeout -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9140.
Fixed Python parser chunked handling with multiple Transfer-Encoding values -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8823.
Fixed error handling after 100-continue so server sends 500 response instead of disconnecting -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8876.
Stopped adding a default Content-Type header when response has no content -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8858.
Added support for URL credentials with empty (zero-length) username, e.g. https://:password@host -- by :user:shuckc

Related issues and pull requests on GitHub: :issue:6494.
Stopped logging exceptions from web.run_app() that would be raised regardless -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:6807.
Implemented binding to IPv6 addresses in the pytest server fixture.

Related issues and pull requests on GitHub: :issue:4650.
Fixed the incorrect use of flags for getnameinfo() in the Resolver --by :user:GitNMLee

Link-Local IPv6 addresses can now be handled by the Resolver correctly.

Related issues and pull requests on GitHub: :issue:9032.
Fixed StreamResponse.prepared to return True after EOF is sent -- by :user:arthurdarcet.

Related issues and pull requests on GitHub: :issue:5343.
Changed make_mocked_request() to use empty payload by default -- by :user:rahulnht.

Related issues and pull requests on GitHub: :issue:7167.
Used more precise type for ClientResponseError.headers, fixing some type errors when using them -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8768.
Changed behavior when returning an invalid response to send a 500 response -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8845.
Fixed response reading from closed session to throw an error immediately instead of timing out -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8878.
Fixed CancelledError from one cleanup context stopping other contexts from completing -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8908.
Fixed changing scheme/host in Response.clone() for absolute URLs -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8990.
Fixed Site.name when host is an empty string -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8929.
Updated Python parser to reject messages after a close message, matching C parser behaviour -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9018.
Fixed creation of SSLContext inside of :py:class:aiohttp.TCPConnector with multiple event loops in different threads -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9029.
Fixed (on Python 3.11+) some edge cases where a task cancellation may get incorrectly suppressed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9030.
Fixed exception information getting lost on HttpProcessingError -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9052.
Fixed If-None-Match not using weak comparison -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9063.
Fixed badly encoded charset crashing when getting response text instead of falling back to charset detector.

Related issues and pull requests on GitHub: :issue:9160.
Rejected \n in reason values to avoid sending broken HTTP messages -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9167.
Changed :py:meth:ClientResponse.raise_for_status() <aiohttp.ClientResponse.raise_for_status> to only release the connection when invoked outside an async with context -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9239.

Features

Improved type on params to match the underlying type allowed by yarl -- by :user:lpetre.

Related issues and pull requests on GitHub: :issue:8564.
Declared Python 3.13 supported -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8748.

Removals and backward incompatible breaking changes

Improved middleware performance -- by :user:bdraco.

The set_current_app method was removed from UrlMappingMatchInfo because it is no longer used, and it was unlikely external caller would ever use it.

Related issues and pull requests on GitHub: :issue:9200.
Increased minimum yarl version to 1.12.0 -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9267.

Improved documentation

Clarified that GracefulExit needs to be handled in AppRunner and ServerRunner when using handle_signals=True. -- by :user:Daste745

Related issues and pull requests on GitHub: :issue:4414.
Clarified that auth parameter in ClientSession will persist and be included with any request to any origin, even during redirects to different origins. -- by :user:MaximZemskov.

Related issues and pull requests on GitHub: :issue:6764.
Clarified which timeout exceptions happen on which timeouts -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8968.
Updated ClientSession parameters to match current code -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8991.

Packaging updates and notes for downstreams

Fixed test_client_session_timeout_zero to not require internet access -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:9004.

Miscellaneous internal changes

Improved performance of making requests when there are no auto headers to skip -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8847.
Exported aiohttp.TraceRequestHeadersSentParams -- by :user:Hadock-is-ok.

Related issues and pull requests on GitHub: :issue:8947.
Avoided tracing overhead in the http writer when there are no active traces -- by user:bdraco.

Related issues and pull requests on GitHub: :issue:9031.
Improved performance of reify Cython implementation -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9054.
Use :meth:URL.extend_query() <yarl.URL.extend_query> to extend query params (requires yarl 1.11.0+) -- by :user:bdraco.

If yarl is older than 1.11.0, the previous slower hand rolled version will be used.

Related issues and pull requests on GitHub: :issue:9068.
Improved performance of checking if a host is an IP Address -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9095.
Significantly improved performance of middlewares -- by :user:bdraco.

The construction of the middleware wrappers is now cached and is built once per handler instead of on every request.

Related issues and pull requests on GitHub: :issue:9158, :issue:9170.
Improved performance of web requests -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9168, :issue:9169, :issue:9172, :issue:9174, :issue:9175, :issue:9241.
Improved performance of starting web requests when there is no response prepare hook -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9173.
Significantly improved performance of expiring cookies -- by :user:bdraco.

Expiring cookies has been redesigned to use :mod:heapq instead of a linear search, to better scale.

Related issues and pull requests on GitHub: :issue:9203.
Significantly sped up filtering cookies -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9204.

`v3.10.5`

Compare Source

=========================

Bug fixes

Fixed :meth:aiohttp.ClientResponse.json() not setting status when :exc:aiohttp.ContentTypeError is raised -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8742.

Miscellaneous internal changes

Improved performance of the WebSocket reader -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8736, :issue:8747.

`v3.10.4`

Compare Source

===================

Bug fixes

Fixed decoding base64 chunk in BodyPartReader -- by :user:hyzyla.

Related issues and pull requests on GitHub: :issue:3867.
Fixed a race closing the server-side WebSocket where the close code would not reach the client -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8680.
Fixed unconsumed exceptions raised by the WebSocket heartbeat -- by :user:bdraco.

If the heartbeat ping raised an exception, it would not be consumed and would be logged as an warning.

Related issues and pull requests on GitHub: :issue:8685.
Fixed an edge case in the Python parser when chunk separators happen to align with network chunks -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8720.

Improved documentation

Added aiohttp-apischema to supported libraries -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8700.

Miscellaneous internal changes

Improved performance of starting request handlers with Python 3.12+ -- by :user:bdraco.

This change is a followup to :issue:8661 to make the same optimization for Python 3.12+ where the request is connected.

Related issues and pull requests on GitHub: :issue:8681.

`v3.10.3`

Compare Source

========================

Bug fixes

Fixed multipart reading when stream buffer splits the boundary over several read() calls -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8653.
Fixed :py:class:aiohttp.TCPConnector doing blocking I/O in the event loop to create the SSLContext -- by :user:bdraco.

The blocking I/O would only happen once per verify mode. However, it could cause the event loop to block for a long time if the SSLContext creation is slow, which is more likely during startup when the disk cache is not yet present.

Related issues and pull requests on GitHub: :issue:8672.

Miscellaneous internal changes

Improved performance of :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive when there is no timeout. -- by :user:bdraco.

The timeout context manager is now avoided when there is no timeout as it accounted for up to 50% of the time spent in the :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive methods.

Related issues and pull requests on GitHub: :issue:8660.
Improved performance of starting request handlers with Python 3.12+ -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8661.
Improved performance of HTTP keep-alive checks -- by :user:bdraco.

Previously, when processing a request for a keep-alive connection, the keep-alive check would happen every second; the check is now rescheduled if it fires too early instead.

Related issues and pull requests on GitHub: :issue:8662.
Improved performance of generating random WebSocket mask -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8667.

`v3.10.2`

Compare Source

===================

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8565.
Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8597.
Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8611.
Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8632.
Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: :issue:8641.
Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8652.

Removals and backward incompatible breaking changes

Removed Request.wait_for_disconnection(), which was mistakenly added briefly in 3.10.0 -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8636.

Contributor-facing changes

Fixed monkey patches for Path.stat() and Path.is_dir() for Python 3.13 compatibility -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8551.

Miscellaneous internal changes

Improved WebSocket performance when messages are sent or received frequently -- by :user:bdraco.

The WebSocket heartbeat scheduling algorithm was improved to reduce the asyncio scheduling overhead by decreasing the number of asyncio.TimerHandle creations and cancellations.

Related issues and pull requests on GitHub: :issue:8608.
Minor improvements to various type annotations -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8634.

`v3.10.1`

Compare Source

====================

Bug fixes

Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

Related issues and pull requests on GitHub: :issue:9436.
Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

Related issues and pull requests on GitHub: :issue:9506.
Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

The connector was not cancellation-safe.

Related issues and pull requests on GitHub: :issue:9670, :issue:9671.
Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9686.
Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9851.
Fixed system routes polluting the middleware cache -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9852.

Removals and backward incompatible breaking changes

Improved performance of the connector when a connection can be reused -- by :user:bdraco.

If BaseConnector.connect has been subclassed and replaced with custom logic, the ceil_timeout must be added.

Related issues and pull requests on GitHub: :issue:9600.

Miscellaneous internal changes

Improved performance of the client request lifecycle when there are no cookies -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9470.
Improved performance of sending client requests when the writer can finish synchronously -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9485.
Improved performance of serializing HTTP headers -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9603.
Passing enable_cleanup_closed to :py:class:aiohttp.TCPConnector is now ignored on Python 3.12.7+ and 3.13.1+ since the underlying bug that caused asyncio to leak SSL connections has been fixed upstream -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:9726, :issue:9736.

`v3.10.0`

Compare Source

========================

Bug fixes

Fixed server response headers for Content-Type and Content-Encoding for static compressed files -- by :user:steverep.

Server will now respond with a Content-Type appropriate for the compressed file (e.g. "application/gzip"), and omit the Content-Encoding header. Users should expect that most clients will no longer decompress such responses by default.

Related issues and pull requests on GitHub: :issue:4462.
Fixed duplicate cookie expiration calls in the CookieJar implementation

Related issues and pull requests on GitHub: :issue:7784.
Adjusted FileResponse to check file existence and access when preparing the response -- by :user:steverep.

The :py:class:~aiohttp.web.FileResponse class was modified to respond with 403 Forbidden or 404 Not Found as appropriate. Previously, it would cause a server error if the path did not exist or could not be accessed. Checks for existence, non-regular files, and permissions were expected to be done in the route handler. For static routes, this now permits a compressed file to exist without its uncompressed variant and still be served. In addition, this changes the response status for files without read permission to 403, and for non-regular files from 404 to 403 for consistency.

Related issues and pull requests on GitHub: :issue:8182.
Fixed AsyncResolver to match ThreadedResolver behavior -- by :user:bdraco.

On system with IPv6 support, the :py:class:~aiohttp.resolver.AsyncResolver would not fallback to providing A records when AAAA records were not available. Additionally, unlike the :py:class:~aiohttp.resolver.ThreadedResolver, the :py:class:~aiohttp.resolver.AsyncResolver did not handle link-local addresses correctly.

This change makes the behavior consistent with the :py:class:~aiohttp.resolver.ThreadedResolver.

Related issues and pull requests on GitHub: :issue:8270.
Fixed ws_connect not respecting receive_timeout`` on WS(S) connection. -- by :user:arcivanov`.

Related issues and pull requests on GitHub: :issue:8444.
Removed blocking I/O in the event loop for static resources and refactored exception handling -- by :user:steverep.

File system calls when handling requests for static routes were moved to a separate thread to potentially improve performance. Exception handling was tightened in order to only return 403 Forbidden or 404 Not Found responses for expected scenarios; 500 Internal Server Error would be returned for any unknown errors.

Related issues and pull requests on GitHub: :issue:8507.

Features

Added a Request.wait_for_disconnection() method, as means of allowing request handlers to be notified of premature client disconnections.

Related issues and pull requests on GitHub: :issue:2492.
Added 5 new exceptions: :py:exc:~aiohttp.InvalidUrlClientError, :py:exc:~aiohttp.RedirectClientError, :py:exc:~aiohttp.NonHttpUrlClientError, :py:exc:~aiohttp.InvalidUrlRedirectClientError, :py:exc:~aiohttp.NonHttpUrlRedirectClientError

:py:exc:~aiohttp.InvalidUrlRedirectClientError, :py:exc:~aiohttp.NonHttpUrlRedirectClientError are raised instead of :py:exc:ValueError or :py:exc:~aiohttp.InvalidURL when the redirect URL is invalid. Classes :py:exc:~aiohttp.InvalidUrlClientError, :py:exc:~aiohttp.RedirectClientError, :py:exc:~aiohttp.NonHttpUrlClientError are base for them.

The :py:exc:~aiohttp.InvalidURL now exposes a description property with the text explanation of the error details.

-- by :user:setla, :user:AraHaan, and :user:bdraco

Related issues and pull requests on GitHub: :issue:2507, :issue:3315, :issue:6722, :issue:8481, :issue:8482.
Added a feature to retry closed connections automatically for idempotent methods. -- by :user:Dreamsorcerer

Related issues and pull requests on GitHub: :issue:7297.

Implemented filter_cookies() with domain-matching and path-matching on the keys, instead of testing every single cookie. This may break existing cookies that have been saved with CookieJar.save(). Cookies can be migrated with this script::

import pickle
with file_path.open("rb") as f:
    cookies = pickle.load(f)

morsels = [(name, m) for c in cookies.values() for name, m in c.items()]
cookies.clear()
for name, m in morsels:
    cookies[(m["domain"], m["path"].rstrip("/"))][name] = m

with file_path.open("wb") as f:
    pickle.dump(cookies, f, pickle.HIGHEST_PROTOCOL)

Related issues and pull requests on GitHub: :issue:7583, :issue:8535.

Separated connection and socket timeout errors, from ServerTimeoutError.

Related issues and pull requests on GitHub: :issue:7801.
Implemented happy eyeballs

Related issues and pull requests on GitHub: :issue:7954.
Added server capability to check for static files with Brotli compression via a .br extension -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8062.

Removals and backward incompatible breaking changes

The shutdown logic in 3.9 waited on all tasks, which caused issues with some libraries. In 3.10 we've changed this logic to only wait on request handlers. This means that it's important for developers to correctly handle the lifecycle of background tasks using a library such as aiojobs. If an application is using handler_cancellation=True then it is also a good idea to ensure that any :func:asyncio.shield calls are replaced with :func:aiojobs.aiohttp.shield.

Please read the updated documentation on these points:
https://docs.aiohttp.org/en/stable/web_advanced.html#graceful-shutdown
https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation

-- by :user:Dreamsorcerer

Related issues and pull requests on GitHub: :issue:8495.

Improved documentation

Added documentation for aiohttp.web.FileResponse.

Related issues and pull requests on GitHub: :issue:3958.
Improved the docs for the ssl params.

Related issues and pull requests on GitHub: :issue:8403.

Contributor-facing changes

Enabled HTTP parser tests originally intended for 3.9.2 release -- by :user:pajod.

Related issues and pull requests on GitHub: :issue:8088.

Miscellaneous internal changes

Improved URL handler resolution time by indexing resources in the UrlDispatcher. For applications with a large number of handlers, this should increase performance significantly. -- by :user:bdraco

Related issues and pull requests on GitHub: :issue:7829.
Added nacl_middleware <https://github.com/CosmicDNA/nacl_middleware>_ to the list of middlewares in the third party section of the documentation.

Related issues and pull requests on GitHub: :issue:8346.
Minor improvements to static typing -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8364.
Added a 3.11-specific overloads to ClientSession -- by :user:max-muoto.

Related issues and pull requests on GitHub: :issue:8463.
Simplified path checks for UrlDispatcher.add_static() method -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8491.
Avoided creating a future on every websocket receive -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8498.
Updated identity checks for all WSMsgType type compares -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8501.
When using Python 3.12 or later, the writer is no longer scheduled on the event loop if it can finish synchronously. Avoiding event loop scheduling reduces latency and improves performance. -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8510.
Restored :py:class:~aiohttp.resolver.AsyncResolver to be the default resolver. -- by :user:bdraco.

:py:class:~aiohttp.resolver.AsyncResolver was disabled by default because of IPv6 compatibility issues. These issues have been resolved and :py:class:~aiohttp.resolver.AsyncResolver is again now the default resolver.

Related issues and pull requests on GitHub: :issue:8522.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Oct 29, 2025 by igswsihw-wmadepbot

Admin message

Update dependency aiohttp to v3.13.2

Release Notes

Bug fixes

Features

Bug fixes

Packaging updates and notes for downstreams

Features

Bug fixes

Improved documentation

Packaging updates and notes for downstreams

Contributor-facing changes

Bug fixes

Improved documentation

Packaging updates and notes for downstreams

Contributor-facing changes

Bug fixes

Features

Improved documentation

Bug fixes

Bug fixes

Features

Deprecations (removal in next major release)

Bug fixes

Bug fixes

Features

Bug fixes

Miscellaneous internal changes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Improved documentation

Packaging updates and notes for downstreams

Contributor-facing changes

Bug fixes

Features

Improved documentation

Packaging updates and notes for downstreams

Contributor-facing changes

Miscellaneous internal changes

Bug fixes

Miscellaneous internal changes

Bug fixes

Bug fixes

Miscellaneous internal changes

Bug fixes

Features

Miscellaneous internal changes

Bug fixes

Packaging updates and notes for downstreams

Miscellaneous internal changes

Bug fixes

Features

Improved documentation

Packaging updates and notes for downstreams

Contributor-facing changes

Miscellaneous internal changes

Bug fixes

Features

Miscellaneous internal changes

Bug fixes

Bug fixes

Miscellaneous internal changes

Miscellaneous internal changes

Bug fixes

Miscellaneous internal changes

Bug fixes

Bug fixes

Bug fixes

Miscellaneous internal changes

Bug fixes

Miscellaneous internal changes

Bug fixes

Bug fixes

Bug fixes

Features

Deprecations (removal in next major release)

Removals and backward incompatible breaking changes