Back to Explore

Kludex/starlette

GitHub
5 updates · last 90 days1 watchersOpen source

Last release: 3 days ago

Starlette is a lightweight ASGI framework and toolkit for building async web services in Python. It provides HTTP and WebSocket support, plus features like startup and shutdown events, background tasks, and common web middleware options (such as CORS and static files), making it useful for production-ready async APIs and web apps.

Project status

  • Kludex/starlette (GitHub) appears actively maintained, with a recent upstream push on 2026-05-27 and multiple version-tagged updates in May 2026 (1.1.0 on 2026-05-23, 1.0.1 on 2026-05-21).
  • The apparent update cadence is moderate and clustered, about every 1 to 3 weeks through late May 2026 (1.0.1 then 1.1.0), after larger steps in the March 2026 timeframe (1.0.0 on 2026-03-22).

AI summary generated 6 days ago

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • 1.2.1

    3 days ago

    Release 1.2.1 primarily addresses type-checking improvements around the `testclient` module and adds clearer assertion failures when authentication `requires()` is used with an incorrect request type. The release notes do not mention broader tooling and dependency updates that are present in the diff.

  • 1.2.0

    5 days ago

    Version 1.2.0 updates Starlette to support httpx2 in its test client, adding httpx2 related dependencies and adjusting test expectations. The release notes mention only httpx2 support, but the code also changes warning behavior and HTTP headers produced by the test client.

    BreakingFeatures

  • 1.1.0

    1 week ago

    Version 1.1.0 updates Starlette's behavior around file responses, endpoint dispatching, and static file path handling. The release notes document three main changes: new default media type for FileResponse when guessing fails, restricting HTTPEndpoint dispatch to allowed HTTP verbs, and rejecting absolute paths in StaticFiles.lookup_path.

    BreakingSecurity

  • 1.0.1

    1 week ago

    Starlette 1.0.1 primarily fixes URL construction when the incoming ASGI scope includes a malformed Host header. The code now ignores invalid Host values when building `request.url`, falling back to the server tuple. The rest of the diff is mostly documentation, CI, and development tooling updates.

  • 1.0.0

    2 months ago

    Starlette 1.0.0 promotes the 1.0 release candidate to a stable release. Most functional changes highlighted in the release notes are centered around SessionMiddleware tracking (access and modification), multipart/form parsing robustness, and improved websocket denial handling in responses.

    Features

  • 1.0.0rc1

    3 months ago

    Starlette 1.0.0rc1 is the first release candidate for the 1.0 line, focused on removing deprecated features slated for 1.0.0 plus some last-minute bug fixes. The release notes also document the required migration away from startup/shutdown and various decorator-based APIs toward the lifespan and parameter-based configuration model.

    Breaking

  • 0.52.1

    4 months ago

    Starlette 0.52.1 is a small patch release. The documented change limits usage of `typing_extensions` to older Python versions, while newer Python versions use the standard library `typing` equivalents.

  • 0.52.0

    4 months ago

    Starlette 0.52.0 adds dictionary-style access to lifespan state (for example, `request.state['http_client']`) to improve type safety. The release notes primarily focus on this new access pattern and its typing example.

    Features

  • 0.51.0

    4 months ago

    Starlette 0.51.0 adds a new CORSMiddleware option, allow_private_network, to support browser Private Network Access (PNA) preflight requests. It also updates the stacklevel for the wsgi middleware deprecation DeprecationWarning to improve where the warning points in user code.

    Features

  • 0.50.0

    7 months ago

    Starlette 0.50.0 primarily drops Python 3.9 support, raising the minimum supported Python version. The code diff also includes widespread modernization of type imports and union syntax across the codebase, plus dependency/CI/test adjustments aligned with the Python floor change.

    Breaking

  • 0.49.3

    7 months ago

    Starlette 0.49.3 primarily updates type annotations for the `Middleware` typing to be less strict. The accompanying release notes mention this typing relaxation, and the code change is confined to type definitions in `starlette/middleware/__init__.py`, plus a version bump and a release notes documentation update.

  • 0.49.2

    7 months ago

    Version 0.49.2 is a small update that fixes StaticFiles caching behavior when both ETag and conditional timestamp headers are involved. The release notes only mention one functional fix, and the code diff confirms that logic change in `starlette/staticfiles.py`. Additionally, multiple CI workflow action versions were bumped, and one internal error-handling path in `StaticFiles.is_not_modified` was removed.

  • 0.49.1

    7 months ago

    Starlette 0.49.1 addresses a security vulnerability related to how `FileResponse` parses the HTTP `Range` header. The code changes replace the previous regex-based parsing with new, more defensive range parsing logic and add test coverage for malformed or edge-case `Range` values.

    Security

  • 0.49.0

    7 months ago

    Starlette 0.49.0 adds an `encoding` option to `starlette.config.Config`, improves `Request.cookies` to support multiple cookie headers, and tightens `WebSocketEndpoint` typing for its `encoding` values. It also tweaks `Middleware` behavior to avoid polluting exception context when used with `BaseHTTPMiddleware.\n

    Features