Version 0.49.1 (#3047)

author Marcelo Trylesinski <marcelotryle@gmail.com>

Tue, 28 Oct 2025 17:31:53 +0000 (18:31 +0100)

committer GitHub <noreply@github.com>

Tue, 28 Oct 2025 17:31:53 +0000 (18:31 +0100)
author Marcelo Trylesinski <marcelotryle@gmail.com>
Tue, 28 Oct 2025 17:31:53 +0000 (18:31 +0100)
committer GitHub <noreply@github.com>
Tue, 28 Oct 2025 17:31:53 +0000 (18:31 +0100)
diff --git a/docs/release-notes.md b/docs/release-notes.md

index 2b36ccdb49baf14395dbf71cecb0947de574d15d..bf0c1160bab1f5b0ee115e71ef114daf1dbba682 100644 (file)
--- a/docs/release-notes.md
+++ b/docs/release-notes.md
@@ -2,6 +2,16 @@
  toc_depth: 2
  ---
  
+## 0.49.1 (October 28, 2025)
+
+This release fixes a security vulnerability in the parsing logic of the `Range` header in `FileResponse`.
+
+You can view the full security advisory: [GHSA-7f5h-v6xp-fcq8](https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8)
+
+#### Fixed
+
+* Optimize the HTTP ranges parsing logic [4ea6e22b489ec388d6004cfbca52dd5b147127c5](https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5)
+
  ## 0.49.0 (October 28, 2025)
  
  #### Added
diff --git a/starlette/__init__.py b/starlette/__init__.py

index d4ace94dd69b1ceea88d595c55a508411191771d..e72de01efcc2093bc482b52878043bb3efb4f705 100644 (file)
--- a/starlette/__init__.py
+++ b/starlette/__init__.py
@@ -1 +1 @@
-__version__ = "0.49.0"
+__version__ = "0.49.1"
author	Marcelo Trylesinski <marcelotryle@gmail.com>
	Tue, 28 Oct 2025 17:31:53 +0000 (18:31 +0100)
committer	GitHub <noreply@github.com>
	Tue, 28 Oct 2025 17:31:53 +0000 (18:31 +0100)
docs/release-notes.md		patch \| blob \| blame \| history
starlette/__init__.py		patch \| blob \| blame \| history