Deploying to gh-pages from @ b343d5a 🚀

Author: provinzkraut

2/.buildinfo

@@ -1,4 +1,4 @@
 # Sphinx build info version 1
 # This file records the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: 336403e44b76cfc6a4ea8746cff4f1f2
+config: 4cb64fc0ba4aa3536b15dd22e19b70f7
 tags: 645f666f9bcd5a90fca523b33c5a78b7

2/_sources/release-notes/changelog.rst.txt

@@ -3,6 +3,102 @@
 Litestar 2 Changelog
 ====================
 
+.. changelog:: 2.20.0
+    :date: 2026-02-08
+
+    .. change:: Fix ``AllowedHosts`` validation bypass via improperly escaped host names in ``AllowedHostsConfig``
+        :type: bugfix
+
+        Fix a bug in :class:`~litestar.config.allowed_hosts.AllowedHostsConfig`, that
+        could allow to bypass the allowed hosts validation, caused by an improperly
+        escaped regex value in the ``allowed_hosts`` property.
+
+        ``allowed_hosts=["*.example.com"]`` would not only allow ``foo.example.com``,
+        but also ``example.x.com``.
+
+    .. change:: Fix CORS vulnerability in ``CORSConfig`` via improperly escaped ``allow_origins``
+        :type: bugfix
+
+        Fix a bug in :class:`~litestar.config.cors.CORSConfig`, that could allow to
+        bypass CORS validation, caused by an improperly escaped regex value in the
+        ``allow_origins`` property; A value like ``example.com`` would not only allow
+        the host ``example.com``, but also ``exampleXcom``.
+
+    .. change:: Fix key collision due to improper key normalization in ``FileStore``
+        :type: bugfix
+
+        Fix a bug in :class:`~litestar.stores.file.FileStore`, that could lead to a key
+        collision due to improper normalization.
+
+        ``FileStore`` use a key normalization method to ensure every key passed was able
+        to be used as a valid file name on any platform. However, due to the nature of
+        unicode normalization, the approach taken resulted in the possibility of
+        uninentional key collisions, e.g. ``K`` (The Kelvin sign) would normalize to a
+        regular ASCII ``K``, so a key like ``K1234`` (with the Kelvin sign) and
+        ``K1234`` (with a regular ``K``) would result in the same key.
+
+        This has been fixed by performing normalization on the keys via a hashing
+        function.
+
+    .. change:: Added ``exclude_spans`` option for ``OpenTelemetryMiddleware``
+        :type: feature
+        :pr: 4534
+        :issue: 4533
+
+        Add a config option to ``exclude_spans`` for ``OpenTelemetryMiddleware``
+
+    .. change:: DTO: add ``__schema_name__`` to dto base
+        :type: feature
+        :pr: 4131
+        :issue: 3427
+
+        Add a new ``__schema_name__`` attribute to the DTO base, to allow to customising
+        the name the DTO model will be given in the OpenAPI schema
+
+    .. change:: Fix header name when raising ``MethodNotAllowedException``
+        :type: bugfix
+        :pr: 4539
+        :issue: 4277
+
+        Fix a typo that snuck in when fixing https://github.com/litestar-org/litestar/issues/4277,
+        where instead of an ``Allow`` header, an ``Allowed`` header would be sent
+
+    .. change:: JWT: Store raw token in cookies without ``Bearer`` prefix
+        :type: bugfix
+        :pr: 4552
+
+        Fix a bug wherer the JWT Cookie backend would store the token with a ``Bearer``
+        prefix in the cookie, because it was using the same functions to generate the
+        payload as the header-based JWT backend
+
+    .. change:: JWT: Relax typing to allow ``Sequence`` for ``Token.aud``
+        :type: bugfix
+        :pr: 4241
+
+        Fix typing to allow :class:`typing.Sequence` in
+        :attr:`~litestar.security.jwt.Token.aud`.
+
+
+    .. change:: DI: Properly handle (async) generators returned by ``__call__``
+        :type: bugfix
+        :pr: 4459
+        :issue: 4457
+
+        Fix a bug that would treat a generator returned from a provider by invoking its
+        ``__call__`` method, as a regular return value, and would ignore the cleanup
+        step.
+
+    .. change:: Testing: Improve stdout handling of subprocess test client
+        :type: bugfix
+        :pr: 4574
+
+        Adds handling to the subprocess (sync and async) test clients to:
+
+        - Discard output to :obj:`subprocess.DEVNULL` by default, rather than to an
+          unconsumed :obj:`subprocess.PIPE` (which could result in an overflow)
+        - Enable subprocess output capture in the main stdout/stderr via the
+          ``capture_output`` flag (defaults to ``True`` to keep existing behaviour)
+
 .. changelog:: 2.19.0
     :date: 2025-12-14
 

2/_sources/usage/cli.rst.txt

@@ -121,15 +121,15 @@ entries should point to a :class:`click.Command` or :class:`click.Group`:
         .. code-block:: toml
             :caption: Using `poetry <https://python-poetry.org/>`_
 
-            [tool.poetry.plugins."litestar.commands"]
+            [project.entry-points."litestar.commands"]
             my_command = "my_litestar_plugin.cli:main"
 
     .. tab-item:: uv
 
         .. code-block:: toml
             :caption: Using `uv <https://docs.astral.sh/uv/>`_
 
-            [project.scripts]
+            [project.entry-points."litestar.commands"]
             my_command = "my_litestar_plugin.cli:main"
 
 Using a plugin

2/_sources/usage/openapi/ui_plugins.rst.txt

@@ -293,17 +293,6 @@ With that, you can preset your clientId or enable PKCE support.
 .. literalinclude:: /examples/openapi/plugins/swagger_ui_oauth.py
     :language: python
 
-Customizing the OpenAPI UI
---------------------------
-
-Style and behavior of the OpenAPI UI can be customized by overriding the default ``css_url`` and ``js_url`` attributes
-on the render plugin class, for example:
-
-.. literalinclude:: /examples/openapi/plugins/scalar_customized.py
-    :language: python
-
-To learn more about customizing the ``Scalar`` UI, see the `Scalar documentation <https://docs.scalar.com/>`_.
-
 CDN and offline file support
 ----------------------------
 

2/_sources/usage/testing.rst.txt

@@ -330,6 +330,16 @@ with the regular test client setup:
 .. literalinclude:: /examples/testing/test_subprocess_sse.py
     :language: python
 
+By default, the subprocess client will capture all output from the litestar instance. To discard output in the main (testing) process, set the ``capture_output`` argument to ``False`` when creating the client:
+
+.. code-block:: python
+
+    @pytest.fixture(name="async_client")
+    async def fx_async_client() -> AsyncIterator[httpx.AsyncClient]:
+        async with subprocess_async_client(workdir=ROOT, app="subprocess_sse_app:app", capture_output=False) as client:
+            yield client
+
+
 RequestFactory
 --------------
 

2/_static/basic.css

@@ -741,6 +741,14 @@ abbr, acronym {
     cursor: help;
 }
 
+.translated {
+    background-color: rgba(207, 255, 207, 0.2)
+}
+
+.untranslated {
+    background-color: rgba(255, 207, 207, 0.2)
+}
+
 /* -- code displays --------------------------------------------------------- */
 
 pre {

2/_static/searchtools.js

@@ -513,11 +513,9 @@ const Search = {
     // perform the search on the required terms
     searchTerms.forEach((word) => {
       const files = [];
-      // find documents, if any, containing the query word in their text/title term indices
-      // use Object.hasOwnProperty to avoid mismatching against prototype properties
       const arr = [
-        { files: terms.hasOwnProperty(word) ? terms[word] : undefined, score: Scorer.term },
-        { files: titleTerms.hasOwnProperty(word) ? titleTerms[word] : undefined, score: Scorer.title },
+        { files: terms[word], score: Scorer.term },
+        { files: titleTerms[word], score: Scorer.title },
       ];
       // add support for partial matches
       if (word.length > 2) {
@@ -549,9 +547,8 @@ const Search = {
 
         // set score for the word in each file
         recordFiles.forEach((file) => {
-          if (!scoreMap.has(file)) scoreMap.set(file, new Map());
-          const fileScores = scoreMap.get(file);
-          fileScores.set(word, record.score);
+          if (!scoreMap.has(file)) scoreMap.set(file, {});
+          scoreMap.get(file)[word] = record.score;
         });
       });
 
@@ -590,7 +587,7 @@ const Search = {
         break;
 
       // select one (max) score for the file.
-      const score = Math.max(...wordList.map((w) => scoreMap.get(file).get(w)));
+      const score = Math.max(...wordList.map((w) => scoreMap.get(file)[w]));
       // add result to the result list
       results.push([
         docNames[file],

2/_static/versioning.js

@@ -1,7 +1,7 @@
+const urlRoot = DOCUMENTATION_OPTIONS.URL_ROOT ?? "";
+
 const loadVersions = async () => {
-  const res = await fetch(
-    DOCUMENTATION_OPTIONS.URL_ROOT + "_static/versions.json",
-  );
+  const res = await fetch(urlRoot + "_static/versions.json");
   if (res.status !== 200) {
     return null;
   }
@@ -32,7 +32,7 @@ const addVersionWarning = (currentVersion, latestVersion) => {
 
   const latestLink = document.createElement("a");
   latestLink.textContent = "Click here to go to the latest version";
-  latestLink.href = DOCUMENTATION_OPTIONS.URL_ROOT + "../latest";
+  latestLink.href = urlRoot + "../latest";
   container.appendChild(latestLink);
 
   header.before(container);
@@ -75,7 +75,7 @@ const addVersionSelect = (currentVersion, versionSpec) => {
 
     const navLink = document.createElement("a");
     navLink.classList.add("nav-link", "nav-internal");
-    navLink.href = DOCUMENTATION_OPTIONS.URL_ROOT + `../${version}`;
+    navLink.href = urlRoot + `../${version}`;
     navLink.textContent = formatVersionName(
       version,
       version === versionSpec.latest,

2/admonitions/sync-to-thread-info.html

@@ -48,7 +48,7 @@
     <script src="../_static/litestar-theme.js?v=ab2dcc9e"></script>
     <script src="../_static/design-tabs.js?v=f930bc37"></script>
     <script>DOCUMENTATION_OPTIONS.pagename = 'admonitions/sync-to-thread-info';</script>
-    <script src="../_static/versioning.js?v=68b42869"></script>
+    <script src="../_static/versioning.js?v=770a9916"></script>
     <link rel="icon" href="../_static/favicon.png"/>
     <link rel="index" title="Index" href="../genindex.html" />
     <link rel="search" title="Search" href="../search.html" />
@@ -1243,7 +1243,6 @@
 
 
 
-
 </ul>
 </li>
 <li class="toctree-l2 has-children"><a class="reference internal" href="../usage/plugins/index.html">Plugins</a><input class="toctree-checkbox" id="toctree-checkbox-9" name="toctree-checkbox-9" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-9"><i class="fa-solid fa-chevron-down"></i></label><ul>
@@ -1618,7 +1617,7 @@
         <div class="footer-item">
 
   <p class="sphinx-version">
-    Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.2.3.
+    Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.1.3.
     <br/>
   </p>
 </div>

2/benchmarks.html

@@ -48,7 +48,7 @@
     <script src="_static/litestar-theme.js?v=ab2dcc9e"></script>
     <script src="_static/design-tabs.js?v=f930bc37"></script>
     <script>DOCUMENTATION_OPTIONS.pagename = 'benchmarks';</script>
-    <script src="_static/versioning.js?v=68b42869"></script>
+    <script src="_static/versioning.js?v=770a9916"></script>
     <link rel="icon" href="_static/favicon.png"/>
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
@@ -1245,7 +1245,6 @@
 
 
 
-
 </ul>
 </li>
 <li class="toctree-l2 has-children"><a class="reference internal" href="usage/plugins/index.html">Plugins</a><input class="toctree-checkbox" id="toctree-checkbox-9" name="toctree-checkbox-9" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-9"><i class="fa-solid fa-chevron-down"></i></label><ul>
@@ -1757,7 +1756,7 @@ <h2>Interpreting the results<a class="headerlink" href="#interpreting-the-result
         <div class="footer-item">
 
   <p class="sphinx-version">
-    Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.2.3.
+    Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.1.3.
     <br/>
   </p>
 </div>