:warning: Important :warning:

This release contains a patch for a vulnerability that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.

You can find more background information in the related discussion #3473 .

Sponsors 🌟

Thanks to these incredible business sponsors:

Scalar (@scalar), Telemetry Sports (via @chris-telemetry), Stok (@stok-team)

A huge 'Thank you!' to all other sponsors across Polar.sh, OpenCollective and GitHub Sponsors!

What's changed

New contributors 🎉

• @maintain0404 made their first contribution in https://github.com/litestar-org/litestar/pull/3405

Bugfixes 🐛

• Fix improper Limitation of a Pathname to a Restricted Directory by @peterschutt in https://github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf
• Remove use of asserts for control flow in Pydantic Plugin by @peterschutt in https://github.com/litestar-org/litestar/pull/3359
• Fix OpenAPI schema for generic wrapped return types with DTO by @peterschutt in https://github.com/litestar-org/litestar/pull/3371
• Fix ambiguous default warning for no signature default by @peterschutt in https://github.com/litestar-org/litestar/pull/3378
• Fix path param consumed by dependency treated as unconsumed by @peterschutt in https://github.com/litestar-org/litestar/pull/3380
• Fix remove name and in properties included in OpenAPI headers by @peterschutt in https://github.com/litestar-org/litestar/pull/3417
• Fix unconditional minijinja import in flash-messages plugin by @peterschutt in https://github.com/litestar-org/litestar/pull/3418
• Fix routing issues with regular handler under mounted app by @peterschutt in https://github.com/litestar-org/litestar/pull/3430
• Fix file logging with structlog by @peterschutt in https://github.com/litestar-org/litestar/pull/3425
• Fix clearing large session cookies by @peterschutt in https://github.com/litestar-org/litestar/pull/3446
• Fix flash messages were not displayed on redirects by @euri10 in https://github.com/litestar-org/litestar/pull/3420
• Fix alidation of optional sequence in multipart data with one value by @provinzkraut in https://github.com/litestar-org/litestar/pull/3408

Documentation

• Update usage/static_files by @JacobCoffee in https://github.com/litestar-org/litestar/pull/3358
• Fix broken url; swagger ui by @wer153 in https://github.com/litestar-org/litestar/pull/3368
• Correct a word by @wer153 in https://github.com/litestar-org/litestar/pull/3412
• Fix WebSockets documentation grammar by @marcuslimdw in https://github.com/litestar-org/litestar/pull/3413
• Fix intersphinx mapping for advanced-alchemy by @provinzkraut in https://github.com/litestar-org/litestar/pull/3438
• Update usage/caching by @JacobCoffee in https://github.com/litestar-org/litestar/pull/3345
• Update docs/usage/security/* by @JacobCoffee in https://github.com/litestar-org/litestar/pull/3344
• Improve sse by @euri10 in https://github.com/litestar-org/litestar/pull/3454

Full Changelog https://github.com/litestar-org/litestar/compare/v2.8.2...v2.8.3