Changes
=======

Version 1.2.1
-------------

Released 2023-10-02

- Fix a bug introduced with :pr:`556` where file validators were editing
  the file fields content. :pr:`578`

Version 1.2.0
-------------

Released 2023-10-01

-   Add field ``MultipleFileField``. ``FileRequired``, ``FileAllowed``, ``FileSize``
    now can be used to validate multiple files :pr:`556` :issue:`338`

Version 1.1.2
-------------

Released 2023-09-29

-   Fixed Flask 2.3 deprecations of ``werkzeug.urls.url_encode`` and
    ``flask.Markup`` :pr:`565` :issue:`561`
-   Stop support for python 3.7 :pr:`574`
-   Use `pyproject.toml` instead of `setup.cfg` :pr:`576`
-   Fixed nested blueprint CSRF exemption :pr:`572`

Version 1.1.1
-------------

Released 2023-01-17

-   Fixed `validate` `extra_validators` parameter. :pr:`548`

Version 1.1.0
-------------

Released 2023-01-15

-   Drop support for Python 3.6.
-   ``validate_on_submit`` takes a ``extra_validators`` parameters :pr:`479`
-   Stop supporting Flask-Babelex :pr:`540`
-   Support for python 3.11 :pr:`542`
-   Remove unused call to `JSONEncoder` :pr:`536`

Version 1.0.1
-------------

Released 2022-03-31

-   Update compatibility with the latest Werkzeug release. :issue:`511`


Version 1.0.0
--------------

Released 2021-11-07

-   Deprecated items removal :pr:`484`
-   Support for alternatives captcha services :pr:`425` :pr:`342`
    :pr:`387` :issue:`384`

Version 0.15.1
--------------

Released 2021-05-25

-   Add ``python_requires`` metadata to avoid installing on unsupported
    Python versions. :pr:`442`


Version 0.15.0
--------------

Released 2021-05-24

-   Drop support for Python < 3.6. :pr:`416`
-   ``FileSize`` validator. :pr:`307, 365`
-   Extra requirement ``email`` installs the ``email_validator``
    package. :pr:`423`
-   Fixed Flask 2.0 warnings. :pr:`434`
-   Various documentation fixes. :pr:`315, 321, 335, 344, 386, 400`,
    :pr:`404, 420, 437`
-   Various CI fixes. :pr:`405, 438`


Version 0.14.3
--------------

Released 2020-02-06

-   Fix deprecated imports from ``werkzeug`` and ``collections``.


Version 0.14.2
--------------

Released 2017-01-10

-   Fix bug where ``FlaskForm`` assumed ``meta`` argument was not
    ``None`` if it was passed. :issue:`278`


Version 0.14.1
--------------

Released 2017-01-10

-   Fix bug where the file validators would incorrectly identify an
    empty file as valid data. :issue:`276`, :pr:`277`

    -   ``FileField`` is no longer deprecated. The data is checked
        during processing and only set if it's a valid file.
    -   ``has_file`` *is* deprecated; it's now equivalent to
        ``bool(field.data)``.
    -   ``FileRequired`` and ``FileAllowed`` work with both the
        Flask-WTF and WTForms ``FileField`` classes.
    -   The ``Optional`` validator now works with ``FileField``.


Version 0.14
------------

Released 2017-01-06

-   Use ItsDangerous to sign CSRF tokens and check expiration instead of
    doing it ourselves. :issue:`264`

    -   All tokens are URL safe, removing the ``url_safe`` parameter
        from ``generate_csrf``. :issue:`206`
    -   All tokens store a timestamp, which is checked in
        ``validate_csrf``. The ``time_limit`` parameter of
        ``generate_csrf`` is removed.

-   Remove the ``app`` attribute from ``CsrfProtect``, use
    ``current_app``. :issue:`264`
-   ``CsrfProtect`` protects the ``DELETE`` method by default.
    :issue:`264`
-   The same CSRF token is generated for the lifetime of a request. It
    is exposed as ``g.csrf_token`` for use during testing.
    :issue:`227, 264`
-   ``CsrfProtect.error_handler`` is deprecated. :issue:`264`

    -   Handlers that return a response work in addition to those that
        raise an error. The behavior was not clear in previous docs.
    -   :issue:`200, 209, 243, 252`

-   Use ``Form.Meta`` instead of deprecated ``SecureForm`` for CSRF (and
    everything else). :issue:`216, 271`

    -   ``csrf_enabled`` parameter is still recognized but deprecated.
        All other attributes and methods from ``SecureForm`` are
        removed. :issue:`271`

-   Provide ``WTF_CSRF_FIELD_NAME`` to configure the name of the CSRF
    token. :issue:`271`
-   ``validate_csrf`` raises ``wtforms.ValidationError`` with specific
    messages instead of returning ``True`` or ``False``. This breaks
    anything that was calling the method directly. :issue:`239, 271`

    -   CSRF errors are logged as well as raised. :issue:`239`

-   ``CsrfProtect`` is renamed to ``CSRFProtect``. A deprecation warning
    is issued when using the old name. ``CsrfError`` is renamed to
    ``CSRFError`` without deprecation. :issue:`271`
-   ``FileField`` is deprecated because it no longer provides
    functionality over the provided validators. Use
    ``wtforms.FileField`` directly. :issue:`272`


Version 0.13.1
--------------

Released 2016-10-6

-   Deprecation warning for ``Form`` is shown during ``__init__``
    instead of immediately when subclassing. :issue:`262`
-   Don't use ``pkg_resources`` to get version, for compatibility with
    GAE. :issue:`261`


Version 0.13
------------

Released 2016-09-29

-   ``Form`` is renamed to ``FlaskForm`` in order to avoid name
    collision with WTForms's base class.  Using ``Form`` will show a
    deprecation warning. :issue:`250`
-   ``hidden_tag`` no longer wraps the hidden inputs in a hidden div.
    This is valid HTML5 and any modern HTML parser will behave
    correctly. :issue:`193, 217`
-   ``flask_wtf.html5`` is deprecated. Import directly from
    ``wtforms.fields.html5``. :issue:`251`
-   ``is_submitted`` is true for ``PATCH`` and ``DELETE`` in addition to
    ``POST`` and ``PUT``. :issue:`187`
-   ``generate_csrf`` takes a ``token_key`` parameter to specify the key
    stored in the session. :issue:`206`
-   ``generate_csrf`` takes a ``url_safe`` parameter to allow the token
    to be used in URLs. :issue:`206`
-   ``form.data`` can be accessed multiple times without raising an
    exception. :issue:`248`
-   File extension with multiple parts (``.tar.gz``) can be used in the
    ``FileAllowed`` validator. :issue:`201`


Version 0.12
------------

Released 2015-07-09

-   Abstract ``protect_csrf()`` into a separate method.
-   Update reCAPTCHA configuration.
-   Fix reCAPTCHA error handle.


Version 0.11
------------

Released 2015-01-21

-   Use the new reCAPTCHA API. :pr:`164`


Version 0.10.3
--------------

Released 2014-11-16

-   Add configuration: ``WTF_CSRF_HEADERS``. :pr:`159`
-   Support customize hidden tags. :pr:`150`
-   And many more bug fixes.


Version 0.10.2
--------------

Released 2014-09-03

-   Update translation for reCaptcha. :pr:`146`


Version 0.10.1
--------------

Released 2014-08-26

-   Update ``RECAPTCHA_API_SERVER_URL``. :pr:`145`
-   Update requirement Werkzeug >= 0.9.5.
-   Fix ``CsrfProtect`` exempt for blueprints. :pr:`143`


Version 0.10.0
--------------

Released 2014-07-16

-   Add configuration: ``WTF_CSRF_METHODS``.
-   Support WTForms 2.0 now.
-   Fix CSRF validation without time limit (``time_limit=False``).
-   ``csrf_exempt`` supports blueprint. :issue:`111`


Version 0.9.5
-------------

Released 2014-03-21

-   ``csrf_token`` for all template types. :pr:`112`
-   Make ``FileRequired`` a subclass of ``InputRequired``. :pr:`108`


Version 0.9.4
-------------

Released 2013-12-20

-   Bugfix for ``csrf`` module when form has a prefix.
-   Compatible support for WTForms 2.
-   Remove file API for ``FileField``


Version 0.9.3
-------------

Released 2013-10-02

-   Fix validation of recaptcha when app in testing mode. :pr:`89`
-   Bugfix for ``csrf`` module. :pr:`91`


Version 0.9.2
-------------

Released 2013-09-11

-   Upgrade WTForms to 1.0.5.
-   No lazy string for i18n. :issue:`77`
-   No ``DateInput`` widget in HTML5. :issue:`81`
-   ``PUT`` and ``PATCH`` for CSRF. :issue:`86`


Version 0.9.1
-------------

Released 2013-08-21

-   Compatibility with Flask < 0.10. :issue:`82`


Version 0.9.0
-------------

Released 2013-08-15

-   Add i18n support. :issue:`65`
-   Use default HTML5 widgets and fields provided by WTForms.
-   Python 3.3+ support.
-   Redesign form, replace ``SessionSecureForm``.
-   CSRF protection solution.
-   Drop WTForms imports.
-   Fix recaptcha i18n support.
-   Fix recaptcha validator for Python 3.
-   More test cases, it's 90%+ coverage now.
-   Redesign documentation.


Version 0.8.4
-------------

Released 2013-03-28

-   Recaptcha Validator now returns provided message. :issue:`66`
-   Minor doc fixes.
-   Fixed issue with tests barking because of nose/multiprocessing
    issue.


Version 0.8.3
-------------

Released 2013-03-13

-   Update documentation to indicate pending deprecation of WTForms
    namespace facade.
-   PEP8 fixes. :issue:`64`
-   Fix Recaptcha widget. :issue:`49`


Version 0.8.2 and prior
-----------------------

Initial development by Dan Jacob and Ron Duplain.
