Werkzeug 0.15.3 has been released, followed closely by 0.15.4. Both fix bugs and compatibility issues. The changelog lists the changes in detail, which include:
Unauthorized
HTTP exception.ProfilerMiddleware
filenames, and get LintMiddleware
working
on Python 3.b
prefix.A minor security issue was addressed in this release. The debugger generates a unique pin per host to prevent unauthorized code execution. However, in Docker this pin would be identical across all containers. This release ensures each container uses a unique pin.
Thank you to Nikita Tikhomirov for responsibly reporting the issue. If you think you have discovered a security issue in Werkzeug or another of the Pallets projects, please email [email protected] with details.
Install from PyPI with pip:
pip install -U Werkzeug