Changes

Version 1.1.1

Released 2023-01-17

• Fixed validate extra_validators parameter. #548

Version 1.1.0

Released 2023-01-15

• Drop support for Python 3.6.

• validate_on_submit takes a extra_validators parameters #479

• Stop supporting Flask-Babelex #540

• Support for python 3.11 #542

• Remove unused call to JSONEncoder #536

Version 1.0.1

Released 2022-03-31

• Update compatibility with the latest Werkzeug release. #511

Version 1.0.0

Released 2021-11-07

• Deprecated items removal #484

• Support for alternatives captcha services #425 #342 #387 #384

Version 0.15.1

Released 2021-05-25

• Add python_requires metadata to avoid installing on unsupported Python versions. #442

Version 0.15.0

Released 2021-05-24

• Drop support for Python < 3.6. #416

• FileSize validator. #307, #365

• Extra requirement email installs the email_validator package. #423

• Fixed Flask 2.0 warnings. #434

• Various documentation fixes. #315, #321, #335, #344, #386, #400, #404, #420, #437

• Various CI fixes. #405, #438

Version 0.14.3

Released 2020-02-06

• Fix deprecated imports from werkzeug and collections.

Version 0.14.2

Released 2017-01-10

• Fix bug where FlaskForm assumed meta argument was not None if it was passed. #278

Version 0.14.1

Released 2017-01-10

• Fix bug where the file validators would incorrectly identify an empty file as valid data. #276, #277

  • FileField is no longer deprecated. The data is checked during processing and only set if it’s a valid file.

  • has_file is deprecated; it’s now equivalent to bool(field.data).

  • FileRequired and FileAllowed work with both the Flask-WTF and WTForms FileField classes.

  • The Optional validator now works with FileField.

Version 0.14

Released 2017-01-06

• Use ItsDangerous to sign CSRF tokens and check expiration instead of doing it ourselves. #264

  • All tokens are URL safe, removing the url_safe parameter from generate_csrf. #206

  • All tokens store a timestamp, which is checked in validate_csrf. The time_limit parameter of generate_csrf is removed.

• Remove the app attribute from CsrfProtect, use current_app. #264

• CsrfProtect protects the DELETE method by default. #264

• The same CSRF token is generated for the lifetime of a request. It is exposed as g.csrf_token for use during testing. #227, #264

• CsrfProtect.error_handler is deprecated. #264

  • Handlers that return a response work in addition to those that raise an error. The behavior was not clear in previous docs.

  • #200, #209, #243, #252

• Use Form.Meta instead of deprecated SecureForm for CSRF (and everything else). #216, #271

  • csrf_enabled parameter is still recognized but deprecated. All other attributes and methods from SecureForm are removed. #271

• Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token. #271

• validate_csrf raises wtforms.ValidationError with specific messages instead of returning True or False. This breaks anything that was calling the method directly. #239, #271

  • CSRF errors are logged as well as raised. #239

• CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued when using the old name. CsrfError is renamed to CSRFError without deprecation. #271

• FileField is deprecated because it no longer provides functionality over the provided validators. Use wtforms.FileField directly. #272

Version 0.13.1

Released 2016-10-6

• Deprecation warning for Form is shown during __init__ instead of immediately when subclassing. #262

• Don’t use pkg_resources to get version, for compatibility with GAE. #261

Version 0.13

Released 2016-09-29

• Form is renamed to FlaskForm in order to avoid name collision with WTForms’s base class. Using Form will show a deprecation warning. #250

• hidden_tag no longer wraps the hidden inputs in a hidden div. This is valid HTML5 and any modern HTML parser will behave correctly. #193, #217

• flask_wtf.html5 is deprecated. Import directly from wtforms.fields.html5. #251

• is_submitted is true for PATCH and DELETE in addition to POST and PUT. #187

• generate_csrf takes a token_key parameter to specify the key stored in the session. #206

• generate_csrf takes a url_safe parameter to allow the token to be used in URLs. #206

• form.data can be accessed multiple times without raising an exception. #248

• File extension with multiple parts (.tar.gz) can be used in the FileAllowed validator. #201

Version 0.12

Released 2015-07-09

• Abstract protect_csrf() into a separate method.

• Update reCAPTCHA configuration.

• Fix reCAPTCHA error handle.

Version 0.11

Released 2015-01-21

• Use the new reCAPTCHA API. #164

Version 0.10.3

Released 2014-11-16

• Add configuration: WTF_CSRF_HEADERS. #159

• Support customize hidden tags. #150

• And many more bug fixes.

Version 0.10.2

Released 2014-09-03

• Update translation for reCaptcha. #146

Version 0.10.1

Released 2014-08-26

• Update RECAPTCHA_API_SERVER_URL. #145

• Update requirement Werkzeug >= 0.9.5.

• Fix CsrfProtect exempt for blueprints. #143

Version 0.10.0

Released 2014-07-16

• Add configuration: WTF_CSRF_METHODS.

• Support WTForms 2.0 now.

• Fix CSRF validation without time limit (time_limit=False).

• csrf_exempt supports blueprint. #111

Version 0.9.5

Released 2014-03-21

• csrf_token for all template types. #112

• Make FileRequired a subclass of InputRequired. #108

Version 0.9.4

Released 2013-12-20

• Bugfix for csrf module when form has a prefix.

• Compatible support for WTForms 2.

• Remove file API for FileField

Version 0.9.3

Released 2013-10-02

• Fix validation of recaptcha when app in testing mode. #89

• Bugfix for csrf module. #91

Version 0.9.2

Released 2013-09-11

• Upgrade WTForms to 1.0.5.

• No lazy string for i18n. #77

• No DateInput widget in HTML5. #81

• PUT and PATCH for CSRF. #86

Version 0.9.1

Released 2013-08-21

• Compatibility with Flask < 0.10. #82

Version 0.9.0

Released 2013-08-15

• Add i18n support. #65

• Use default HTML5 widgets and fields provided by WTForms.

• Python 3.3+ support.

• Redesign form, replace SessionSecureForm.

• CSRF protection solution.

• Drop WTForms imports.

• Fix recaptcha i18n support.

• Fix recaptcha validator for Python 3.

• More test cases, it’s 90%+ coverage now.

• Redesign documentation.

Version 0.8.4

Released 2013-03-28

• Recaptcha Validator now returns provided message. #66

• Minor doc fixes.

• Fixed issue with tests barking because of nose/multiprocessing issue.

Version 0.8.3

Released 2013-03-13

• Update documentation to indicate pending deprecation of WTForms namespace facade.

• PEP8 fixes. #64

• Fix Recaptcha widget. #49

Version 0.8.2 and prior

Initial development by Dan Jacob and Ron Duplain.