Changes
*******


Version 1.1.1
=============

Released 2023-01-17

* Fixed *validate* *extra_validators* parameter. #548


Version 1.1.0
=============

Released 2023-01-15

* Drop support for Python 3.6.

* "validate_on_submit" takes a "extra_validators" parameters #479

* Stop supporting Flask-Babelex #540

* Support for python 3.11 #542

* Remove unused call to *JSONEncoder* #536


Version 1.0.1
=============

Released 2022-03-31

* Update compatibility with the latest Werkzeug release. #511


Version 1.0.0
=============

Released 2021-11-07

* Deprecated items removal #484

* Support for alternatives captcha services #425 #342 #387 #384


Version 0.15.1
==============

Released 2021-05-25

* Add "python_requires" metadata to avoid installing on unsupported
  Python versions. #442


Version 0.15.0
==============

Released 2021-05-24

* Drop support for Python < 3.6. #416

* "FileSize" validator. #307#365

* Extra requirement "email" installs the "email_validator" package.
  #423

* Fixed Flask 2.0 warnings. #434

* Various documentation fixes. #315#321#335#344#386#400, #404#420#437

* Various CI fixes. #405#438


Version 0.14.3
==============

Released 2020-02-06

* Fix deprecated imports from "werkzeug" and "collections".


Version 0.14.2
==============

Released 2017-01-10

* Fix bug where "FlaskForm" assumed "meta" argument was not "None" if
  it was passed. #278


Version 0.14.1
==============

Released 2017-01-10

* Fix bug where the file validators would incorrectly identify an
  empty file as valid data. #276, #277

  * "FileField" is no longer deprecated. The data is checked during
    processing and only set if it's a valid file.

  * "has_file" *is* deprecated; it's now equivalent to
    "bool(field.data)".

  * "FileRequired" and "FileAllowed" work with both the Flask-WTF and
    WTForms "FileField" classes.

  * The "Optional" validator now works with "FileField".


Version 0.14
============

Released 2017-01-06

* Use ItsDangerous to sign CSRF tokens and check expiration instead of
  doing it ourselves. #264

  * All tokens are URL safe, removing the "url_safe" parameter from
    "generate_csrf". #206

  * All tokens store a timestamp, which is checked in "validate_csrf".
    The "time_limit" parameter of "generate_csrf" is removed.

* Remove the "app" attribute from "CsrfProtect", use "current_app".
  #264

* "CsrfProtect" protects the "DELETE" method by default. #264

* The same CSRF token is generated for the lifetime of a request. It
  is exposed as "g.csrf_token" for use during testing. #227#264

* "CsrfProtect.error_handler" is deprecated. #264

  * Handlers that return a response work in addition to those that
    raise an error. The behavior was not clear in previous docs.

  * #200#209#243#252

* Use "Form.Meta" instead of deprecated "SecureForm" for CSRF (and
  everything else). #216#271

  * "csrf_enabled" parameter is still recognized but deprecated. All
    other attributes and methods from "SecureForm" are removed. #271

* Provide "WTF_CSRF_FIELD_NAME" to configure the name of the CSRF
  token. #271

* "validate_csrf" raises "wtforms.ValidationError" with specific
  messages instead of returning "True" or "False". This breaks
  anything that was calling the method directly. #239#271

  * CSRF errors are logged as well as raised. #239

* "CsrfProtect" is renamed to "CSRFProtect". A deprecation warning is
  issued when using the old name. "CsrfError" is renamed to
  "CSRFError" without deprecation. #271

* "FileField" is deprecated because it no longer provides
  functionality over the provided validators. Use "wtforms.FileField"
  directly. #272


Version 0.13.1
==============

Released 2016-10-6

* Deprecation warning for "Form" is shown during "__init__" instead of
  immediately when subclassing. #262

* Don't use "pkg_resources" to get version, for compatibility with
  GAE. #261


Version 0.13
============

Released 2016-09-29

* "Form" is renamed to "FlaskForm" in order to avoid name collision
  with WTForms's base class.  Using "Form" will show a deprecation
  warning. #250

* "hidden_tag" no longer wraps the hidden inputs in a hidden div. This
  is valid HTML5 and any modern HTML parser will behave correctly.
  #193#217

* "flask_wtf.html5" is deprecated. Import directly from
  "wtforms.fields.html5". #251

* "is_submitted" is true for "PATCH" and "DELETE" in addition to
  "POST" and "PUT". #187

* "generate_csrf" takes a "token_key" parameter to specify the key
  stored in the session. #206

* "generate_csrf" takes a "url_safe" parameter to allow the token to
  be used in URLs. #206

* "form.data" can be accessed multiple times without raising an
  exception. #248

* File extension with multiple parts (".tar.gz") can be used in the
  "FileAllowed" validator. #201


Version 0.12
============

Released 2015-07-09

* Abstract "protect_csrf()" into a separate method.

* Update reCAPTCHA configuration.

* Fix reCAPTCHA error handle.


Version 0.11
============

Released 2015-01-21

* Use the new reCAPTCHA API. #164


Version 0.10.3
==============

Released 2014-11-16

* Add configuration: "WTF_CSRF_HEADERS". #159

* Support customize hidden tags. #150

* And many more bug fixes.


Version 0.10.2
==============

Released 2014-09-03

* Update translation for reCaptcha. #146


Version 0.10.1
==============

Released 2014-08-26

* Update "RECAPTCHA_API_SERVER_URL". #145

* Update requirement Werkzeug >= 0.9.5.

* Fix "CsrfProtect" exempt for blueprints. #143


Version 0.10.0
==============

Released 2014-07-16

* Add configuration: "WTF_CSRF_METHODS".

* Support WTForms 2.0 now.

* Fix CSRF validation without time limit ("time_limit=False").

* "csrf_exempt" supports blueprint. #111


Version 0.9.5
=============

Released 2014-03-21

* "csrf_token" for all template types. #112

* Make "FileRequired" a subclass of "InputRequired". #108


Version 0.9.4
=============

Released 2013-12-20

* Bugfix for "csrf" module when form has a prefix.

* Compatible support for WTForms 2.

* Remove file API for "FileField"


Version 0.9.3
=============

Released 2013-10-02

* Fix validation of recaptcha when app in testing mode. #89

* Bugfix for "csrf" module. #91


Version 0.9.2
=============

Released 2013-09-11

* Upgrade WTForms to 1.0.5.

* No lazy string for i18n. #77

* No "DateInput" widget in HTML5. #81

* "PUT" and "PATCH" for CSRF. #86


Version 0.9.1
=============

Released 2013-08-21

* Compatibility with Flask < 0.10. #82


Version 0.9.0
=============

Released 2013-08-15

* Add i18n support. #65

* Use default HTML5 widgets and fields provided by WTForms.

* Python 3.3+ support.

* Redesign form, replace "SessionSecureForm".

* CSRF protection solution.

* Drop WTForms imports.

* Fix recaptcha i18n support.

* Fix recaptcha validator for Python 3.

* More test cases, it's 90%+ coverage now.

* Redesign documentation.


Version 0.8.4
=============

Released 2013-03-28

* Recaptcha Validator now returns provided message. #66

* Minor doc fixes.

* Fixed issue with tests barking because of nose/multiprocessing
  issue.


Version 0.8.3
=============

Released 2013-03-13

* Update documentation to indicate pending deprecation of WTForms
  namespace facade.

* PEP8 fixes. #64

* Fix Recaptcha widget. #49


Version 0.8.2 and prior
=======================

Initial development by Dan Jacob and Ron Duplain.
