Release Date: 2025-01-16
- Security
- Change pypi release to use trusted publishing
Release Date: 2025-01-05
- Chores
- Fix typing error with exempt decorator
- Update types for window wrapper to use named tuple
Release Date: 2024-11-27
- Compatibility
- Ensure wheels are uploaded to pypi as well (for real)
Release Date: 2024-11-27
- Compatibility
- Ensure wheels are uploaded to pypi as well
Release Date: 2024-11-27
- Chores
- Update development dependencies
- Compatibility
- Drop support for python 3.8
- Add support for python 3.13
- Add CI matrix entry for flask 3.1
Release Date: 2024-07-20
- Bug fix
- Ensure cost is accounted for when testing conditional limits
Release Date: 2024-05-19
- Bug fix
- Fix errors with concurrent access to internal exemption maps during application startup.
Release Date: 2024-04-21
- Bug fix
- Ensure exempt routes are exempt from meta limits as well
Release Date: 2024-02-11
- Chores
- Update development dependencies
- Use ruff for all linting
- Update CI compatibility matrix
Release Date: 2023-08-30
- Feature
- Add meta_limits to allow for creating upper limits for requesting clients to breach application rate limits.
- Bug fix
- Ensure on breach callbacks can be configured using flask config
Release Date: 2023-08-26
- Bug fix
- Ensure _version.py has stable content when generated using git archive from a tag regardless of when it is run.
Release Date: 2023-08-22
- Feature
- Add extended configuration for application limits
- application_limits_exempt_when
- application_limits_deduct_when
- application_limits_per_method
- Add extended configuration for application limits
- Bug fix
- Ensure blueprint static routes are exempt
Release Date: 2023-05-03
- Chores
- Improve default limits documentation
- Update documentation dependencies
- Fix typing compatibility errors in headers
Release Date: 2023-02-26
- Bug Fix
- Ensure per route limits are preferred (over application limits) when populating rate limiting headers in the case where no rate limit has been breached in the request.
Release Date: 2023-02-15
- Feature
- Allow configuring request identity
- Chores
- Improve linting with ruff
- Update development dependencies
Release Date: 2022-12-29
- Feature
- Skip logging an error if a decorated limit uses a callable to return the "current" rate limit and returns an empty string. Treat this is a signal that the rate limit should be skipped for this request.
Release Date: 2022-12-28
- Breaking changes
- Change order of extension constructor arguments to only require
key_func
as the first positional argument and all other arguments as keyword arguments. - Separate positional/keyword arguments in limit/shared_limit decorators
- Remove deprecated config variable RATELIMIT_STORAGE_URL
- Remove legacy backward compatibility path for flask < 2
- Change order of extension constructor arguments to only require
- Features
- Allow scoping regular limit decorators / context managers
Release Date: 2022-12-28
- Breaking changes
- Remove deprecated config variable RATELIMIT_STORAGE_URL
- Remove legacy backward compatibility path for flask < 2
- Enforce key_func as a required argument
- Chores
- Simplify registration of decorated function & blueprint limits
Release Date: 2022-12-26
- Breaking changes
- Change order of extension constructor arguments to only require
key_func
as the first positional argument and all other arguments as keyword arguments. - Separate positional/keyword arguments in limit/shared_limit decorators
- Change order of extension constructor arguments to only require
- Features
- Allow scoping regular limit decorators / context managers
Release Date: 2022-12-26
- Feature
- Extend customization by http method to shared_limit decorator
Release Date: 2022-12-26
- Chores
- Update documentation quick start
- Refresh documentation for class based views
Release Date: 2022-12-24
- Features
- Allow using limit & shared_limit decorators on pure functions that are not decorated as routes. The functions when called from within a request context will get rate limited.
- Allow using limit as a context manager to rate limit a code block explicitly within a request
- Chores
- Updated development dependencies
- Fix error running tests depending on docker locally
- Update internals to use dataclasses
Release Date: 2022-11-15
- Chores
- Add sponsorship banner to rtd
- Update documentation dependencies
Release Date: 2022-11-13
- Breaking changes
- Any exception raised when calling an
on_breach
callback will be re-raised instead of being absorbed unlessswallow_errors
is set. In the case ofswallow_errors
the exception will now be logged atERROR
level instead ofWARN
- Reduce log level of rate limit exceeded log messages to
INFO
- Any exception raised when calling an
Release Date: 2022-10-25
- Bug Fix
- Add default value for RateLimitExceeded optional parameter
- Fix suppression of errors when using conditional deduction (Issue 363)
Release Date: 2022-09-22
- Compatibility
- Ensure typing_extensions dependency has a minimum version
- Chores
- Documentation tweaks
- Update CI to use 3.11 rc2
Release Date: 2022-08-24
- Chores
- Improve quick start documentation
Release Date: 2022-08-23
- Usability
- Emit warning when in memory storage is used as a default when no storage uri is provided
Release Date: 2022-08-11
- Feature
- Expand use of
on_breach
callback to return aResponse
object that will be used as the error response on rate limits being exceeded
- Expand use of
Release Date: 2022-08-05
- Compatibility
- Migrate use of flask._request_ctx_stack to flask.globals.request_ctx to support Flask 2.2+
- Chores
- Expand CI matrix to test against Flask 2.0,2.1 & 2.2
- Make tests compatible with Flask 2.2.+
Release Date: 2022-07-07
- Features
- Ensure multiple extension instances registered on a single application exercise before/after request hooks
- Chores
- Improve documentation
Release Date: 2022-06-06
- Chore
- Add python 3.11 to CI matrix
Release Date: 2022-04-22
- Chore
- Automate github releases
Release Date: 2022-04-21
- Chore
- Automate github releases
Release Date: 2022-04-21
- Chore
- Automate github releases
Release Date: 2022-04-21
- Chore
- Second attempt to generate release notes
Release Date: 2022-04-21
- Chore
- Test for automating github release notes
Release Date: 2022-04-21
- Chore
- Automate github releases
Release Date: 2022-04-20
- Feature
- Add CLI for inspecting & clearing rate limits
- Bug Fix
- Ensure exempt decorator can be used with flags for view functions
- Chores
- Refactor rate limit resolution to limit manager
Release Date: 2022-04-20
- Bug Fix
- Ensure request.blueprint is actually registered on the current app before using it for blueprint limits or exemptions. (Issue 336)
Release Date: 2022-04-17
- Feature
- Extend cost parameter to default & application limits
- Chore
- Improve type strictness / checking
- Improve documentation on landing page
Release Date: 2022-04-14
- Bug Fixes
- Add missing extras requirements for installation
- Add py.typed for PEP 561 compliance
Release Date: 2022-04-11
- Features
- Expose option to register a callback for rate limit breaches of default limits via the :paramref:`~flask_limiter.Limiter.on_breach` constructor parameter
- Replace use of flask.g with request context for keeping track of extension state (:issue:`327`)
- Rework implementation of :meth:`~flask_limiter.Limiter.exempt` to accomodate nested blueprints. (:issue:`326`)
- Chores
- Add python 3.11 to CI
- Extract management and filtering of limits to LimitManager
- Improve correctness of resolving inherited limits & extensions when working with Blueprints (especially nested ones)
Release Date: 2022-03-05
- Feature
- Allow a function to be used for the
cost
parameter to limiter decorators.
- Allow a function to be used for the
Release Date: 2022-01-30
- Chore
- Update documentation theme
Release Date: 2022-01-15
- Feature
- Add
current_limit
attribute to extension to allow clients to fetch the relevant current limit that was evaluated. - Update extension constructor parameters to match flask config for header control
- Add
on_breach
callback forlimit
andshared_limit
decorators to be used as hooks for when a limit is breached - Add
cost
argument tolimit
andshared_limit
to control how much is deducted when a hit occurs.
- Add
- Chore
- Improve documentation around configuration
- Deprecation
- Remove hacks for managing incorrectly ordered limit/route decorators
Release Date: 2021-12-22
- Chore
- Documentation theme upgrades
- Integrate pytest-docker plugin
- Mass linting
- Deprecation
- Removed deprecated RATELIMIT_GLOBAL config
- Added deprecation doc for RATELIMIT_STORAGE_URL config
Release Date: 2021-12-15
Documentation & test tweaks
Release Date: 2021-11-28
- Features
- Pin Flask, limits to >= 2
- Add type hints
Release Date: 2021-11-28
- Deprecations
- Remove deprecated get_ipaddr method
- Remove use of six
- Remove backward compatibility hacks for RateLimit exceptions
Release Date: 2021-11-27
Drop support for python < 3.7 & Flask < 2.0
Release Date: 2021-11-27
Final Release for python < 3.7
- Features
- Prepend
key_prefix
to extension variables attached tog
- Expose
g.view_limits
- Prepend
Release Date: 2020-08-25
- Bug Fix
- Always set headers for conditional limits
- Skip init_app sequence when the rate limiter is disabled
Release Date: 2020-05-21
- Bug Fix
- Ensure headers provided explictely by setting _header_mapping take precedence over configuration values.
Release Date: 2020-05-20
- Features
- Add new
deduct_when
argument that accepts a function to decorated limits to conditionally perform depletion of a rate limit (Pull Request 248) - Add new
default_limits_deduct_when
argument to Limiter constructor to conditionally perform depletion of default rate limits - Add
default_limits_exempt_when
argument that accepts a function to allow skipping the default limits in thebefore_request
phase
- Add new
- Bug Fix
- Fix handling of storage failures during
after_request
phase.
- Fix handling of storage failures during
- Code Quality
- Use github-actions instead of travis for CI
- Use pytest instaad of nosetests
- Add docker configuration for test dependencies
- Increase code coverage to 100%
- Ensure pyflake8 compliance
Release Date: 2020-02-26
- Bug fix
- Syntax error in version 1.2.0 when application limits are provided through configuration file (Issue 241)
Release Date: 2020-02-25
- Add override_defaults argument to decorated limits to allow combinined defaults with decorated limits.
- Add configuration parameter RATELIMIT_DEFAULTS_PER_METHOD to control whether defaults are applied per method.
- Add support for in memory fallback without override (Pull Request 236)
- Bug fix
- Ensure defaults are enforced when decorated limits are skipped (Issue 238)
Release Date: 2019-10-02
- Provide Rate limit information with Exception (Pull Request 202)
- Respect existing Retry-After header values (Pull Request 143)
- Documentation improvements
Release Date: 2017-12-08
- Bug fix
- Duplicate rate limits applied via application limits (Issue 108)
Release Date: 2017-11-06
- Improved documentation for handling ip addresses for applications behind proxiues (Issue 41)
- Execute rate limits for decorated routes in decorator instead of before_request (Issue 67)
- Bug Fix
Release Date: 2017-08-18
- Upgrade versioneer
Release Date: 2017-07-26
- Add support for key prefixes
Release Date: 2017-05-01
- Implemented application wide shared limits
Release Date: 2016-03-14
- Allow reset of limiter storage if available
Release Date: 2016-03-04
- Deprecation warning for default key_func get_ipaddr
- Support for Retry-After header
Release Date: 2015-11-21
- Re-expose enabled property on Limiter instance.
Release Date: 2015-11-13
- In-memory fallback option for unresponsive storage
- Rate limit exemption option per limit
Release Date: 2015-10-05
- Bug fix for reported issues of missing (limits) dependency upon installation.
Release Date: 2015-10-03
- Documentation tweaks.
Release Date: 2015-09-17
- Remove outdated files from egg
Release Date: 2015-08-06
- Fixed compatibility with latest version of Flask-Restful
Release Date: 2015-06-07
- No functional change
Release Date: 2015-04-02
- Bug fix for case sensitive methods whitelist for limits decorator
Release Date: 2015-03-20
- Hotfix for dynamic limits with blueprints
- Undocumented feature to pass storage options to underlying storage backend.
Release Date: 2015-03-02
- methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.
Release Date: 2015-02-16
Release Date: 2015-02-03
- Use Werkzeug TooManyRequests as the exception raised when available.
Release Date: 2015-01-30
- Bug Fix
- Fix for version comparison when monkey patching Werkzeug
- (Issue 24)
Release Date: 2015-01-09
- Refactor core storage & ratelimiting strategy out into the limits package.
- Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.
Release Date: 2015-01-09
- Refactoring of RedisStorage for extensibility (Issue 18)
- Bug fix: Correct default setting for enabling rate limit headers. (Issue 22)
Release Date: 2014-10-21
- Bug fix
- Fix for responses slower than rate limiting window. (Issue 17.)
Release Date: 2014-10-01
- Bug fix: in memory storage thread safety
Release Date: 2014-08-31
- Support for manually triggering rate limit check
Release Date: 2014-08-26
- Header name overrides
Release Date: 2014-07-13
Release Date: 2014-07-11
- per http method rate limit separation (Recipe)
- documentation improvements
Release Date: 2014-06-24
Release Date: 2014-06-13
Release Date: 2014-06-13
- Bug fix
- Werkzeug < 0.9 Compatibility (Issue 6.)
Release Date: 2014-06-12
- Hotfix : use HTTPException instead of abort to play well with other extensions.
Release Date: 2014-06-12
- Allow configuration overrides via extension constructor
Release Date: 2014-06-04
- Improved implementation of moving-window X-RateLimit-Reset value.
Release Date: 2014-05-28
Release Date: 2014-05-26
- Bug fix
- Memory leak when using
Limiter.storage.MemoryStorage
(Issue 4.)
- Memory leak when using
- Improved test coverage
Release Date: 2014-02-20
- Strict version requirement on six
- documentation tweaks
Release Date: 2014-02-19
- improved logging support for multiple handlers
- allow callables to be passed to
Limiter.limit
decorator to dynamically load rate limit strings. - add a global kill switch in flask config for all rate limits.
- Bug fixes
- default key function for rate limit domain wasn't accounting for X-Forwarded-For header.
Release Date: 2014-02-18
- add new decorator to exempt routes from limiting.
- Bug fixes
- versioneer.py wasn't included in manifest.
- configuration string for strategy was out of sync with docs.
Release Date: 2014-02-15
- python 2.6 support via counter backport
- source docs.
Release Date: 2014-02-15
- Implemented configurable strategies for rate limiting.
- Bug fixes
- better locking for in-memory storage
- multi threading support for memcached storage
Release Date: 2014-02-14
- Bug fixes
- fix initializing the extension without an app
- don't rate limit static files
Release Date: 2014-02-13
- first release.