MarkupSafe provides a Python text wrapper that escapes special characters so untrusted strings can be safely included in HTML and XML. It helps mitigate injection attacks by converting characters with special meanings into their escaped forms, and it integrates with template engines like Jinja.
Project status
- MarkupSafe appears actively maintained, with the latest upstream push and recent update dated 2025-09-27, which is within about 8.5 months of today (2026-06-09).
- Update cadence looks steady but not frequent, with a prior tagged update in 2024-10-18 and then updates again in late 2025 (roughly 10 to 12 months between those visible points).
AI summary generated 2026-06-09
Recent updates
3.0.3
2025-09-27MarkupSafe 3.0.3 is presented as a bugfix-only release. The documented user-facing change is that the deprecated `__version__` attribute now emits a `DeprecationWarning` (instead of `UserWarning`), and it also updates the C extension initialization approach and wheel build targets.
3.0.2
2024-10-18MarkupSafe 3.0.2 is a bugfix release intended to avoid breaking behavior, with changes focused on escaping compatibility. The release notes mention a fix for cases where `__str__` returns a `str` subclass, plus an increase in the minimum required setuptools version for the build.
2.1.x
2024-10-16This release is labeled 2.1.x, but no release notes were provided by the publisher. As a result, there is not enough information to identify specific new features, bug fixes, breaking changes, security updates, or migration requirements.
3.0.1
2024-10-08MarkupSafe 3.0.1 is a fix release that targets build compatibility with newer compilers and improves behavior when given proxy objects. The release notes state these changes do not introduce breaking behavior.
3.0.0
2024-10-07MarkupSafe 3.0.0 is a feature release that targets newer Python versions (including Python 3.13 and free-threaded builds) and removes support for Python 3.7 and 3.8. The release notes emphasize API signature updates, escaping behavior tweaks on certain Markup string methods, and performance improvements for escaping plain strings.
BreakingFeatures2.1.5
2024-02-02Release 2.1.5 is described as a patch fix for a regression in MarkupSafe's `striptags` behavior where spaces were not collapsed correctly. The code diff confirms the `striptags` implementation changed to collapse spaces, and additional repository configuration and dependency/tooling updates were also made.
2.1.4
2024-01-19Release 2.1.4 is a fix release that claims to only improve performance of Markup.striptags for large input, with no behavioral changes or breaking changes. The diff shows an implementation change to striptags plus various CI/dev-tooling version updates.
2.1.3
2023-06-02MarkupSafe 2.1.3 is presented as a small fix release on the 2.1.x branch, with no detailed user-facing changelog in the provided release notes text. The actual diff shows a mix of typing improvements, added Markup methods (format_map and several string-like helpers), and a subtle behavior change around how striptags returns types for subclasses.
Features2.1.2
2023-01-17Release 2.1.2 focuses on distribution improvements, notably providing wheels for Python 3.11 and generating SLSA provenance artifacts in the GitHub release process. The code diff also includes a behavioral fix in the tag-stripping logic for newline-containing HTML comments and tags.
2.1.1
2022-03-15Release 2.1.1 updates MarkupSafe mainly around the internal implementation of Markup.striptags to avoid ambiguous regex matches. The diff also includes minor repo maintenance changes (pre-commit autoupdate branch) and a corresponding test adjustment.
2.1.0
2022-02-18Release 2.1.0 updates MarkupSafe behavior and supported Python versions. It removes the deprecated soft_unicode alias in favor of soft_str, and it introduces stricter behavior around percent-style interpolation. The code diff also shows changes to formatting argument handling and some speedups gating logic.
Breaking