python · python-multipartHeads-up
python-multipart: QuerystringParser no longer treats ';' as separator
QuerystringParser no longer treats ';' as a field separator in application/x-www-form-urlencoded bodies; only '&' is used, aligning with the WHATWG URL standard
What changed
QuerystringParser no longer treats ';' as a field separator in application/x-www-form-urlencoded bodies; only '&' is used, aligning with the WHATWG URL standard.
Who it affects
Applications using python-multipart for parsing url-encoded form data, especially those behind a WAF or gateway that follows WHATWG rules, and users of Starlette/FastAPI request.form().
What to do today
Upgrade python-multipart to version 0.0.30 or later.
The trail
Collected→
Audited→
Written→
Published