Changes¶

Version 1.3.0 (released 2020-05-13)

Adds new template theming via allowing Jinja to load templates from different theme folders via the new configuration variable APP_THEME.
Removes the ChoiceLoader used to load templates from the instance folder in favour of using Flask instead. Invenio-App sets the application’s root_path to the instance folder, which makes Flask create the same behavior previously achieved with the ChoiceLoader.

Version 1.2.6 (released 2020-05-06)

Version 1.2.5 (released 2020-02-26)

Version 1.2.4 (released 2019-11-20)

Version 1.2.3 (released 2019-10-10)

Version 1.2.2 (released 2019-08-29)

Version 1.2.1 (released 2019-08-21)

Version 1.2.0 (released 2019-07-29)

Fixes issue with instance_path and static_folder being globals. Depends on change in Invenio-Base v1.1.0
Improves rate limiting function to have limits per guest and per authenticated users.

Version 1.1.1 (released 2019-07-15)

Fixes a security issue where APP_ALLOWED_HOSTS was not always being checked, and thus could allow host header injection attacks.

NOTE: you should never route requests to your application with a wrong host header. The APP_ALLOWED_HOSTS exists as an extra protective measure, because it is easy to misconfigure your web server.

The root cause was that Werkzeug’s trusted host feature only works when request.host is being evaluated. This means that for instance when only url_for (part of the routing system) is used, then the host header check is not performed.

Version 1.1.0 (released 2018-12-14)

Version 1.0.5 (released 2018-12-05)

Version 1.0.4 (released 2018-10-11)

Version 1.0.3 (released 2018-10-08)

Version 1.0.2 (released 2018-08-24)

Version 1.0.1 (released 2018-06-29)

Version 1.0.0 (released 2018-03-23)

Invenio-App