3.10.2

Bug fixes

• Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8565.

• Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8597.

• Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8611.

• Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8632.

• Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

  There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

  Related issues and pull requests on GitHub:
  #8641.

• Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8652.

Removals and backward incompatible breaking changes

• Removed Request.wait_for_disconnection(), which was mistakenly added briefly in 3.10.0 -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8636.

Contributor-facing changes

• Fixed monkey patches for Path.stat() and Path.is_dir() for Python 3.13 compatibility -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8551.

Miscellaneous internal changes

• Improved WebSocket performance when messages are sent or received frequently -- by :user:bdraco.

  The WebSocket heartbeat scheduling algorithm was improved to reduce the asyncio scheduling overhead by decreasing the number of asyncio.TimerHandle creations and cancellations.

  Related issues and pull requests on GitHub:
  #8608.

• Minor improvements to various type annotations -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8634.

---

3.10.1

Bug fixes

• Fixed WebSocket server heartbeat timeout logic to terminate :py:meth:~aiohttp.ClientWebSocketResponse.receive and return :py:class:~aiohttp.ServerTimeoutError -- by :user:arcivanov.

  When a WebSocket pong message was not received, the :py:meth:~aiohttp.ClientWebSocketResponse.receive operation did not terminate. This change causes _pong_not_received to feed the reader an error message, causing pending :py:meth:~aiohttp.ClientWebSocketResponse.receive to terminate and return the error message. The error message contains the exception :py:class:~aiohttp.ServerTimeoutError.

  Related issues and pull requests on GitHub:
  #8540.

• Fixed url dispatcher index not matching when a variable is preceded by a fixed string after a slash -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8566.

Removals and backward incompatible breaking changes

• Creating :py:class:aiohttp.TCPConnector, :py:class:aiohttp.ClientSession, :py:class:~aiohttp.resolver.ThreadedResolver :py:class:aiohttp.web.Server, or :py:class:aiohttp.CookieJar instances without a running event loop now raises a :exc:RuntimeError -- by :user:asvetlov.

  Creating these objects without a running event loop was deprecated in #3372 which was released in version 3.5.0.

  This change first appeared in version 3.10.0 as #6378.

  Related issues and pull requests on GitHub:
  #8555, #8583.

---

3.10.0

Bug fixes

• Fixed server response headers for Content-Type and Content-Encoding for
  static compressed files -- by :user:steverep.

  Server will now respond with a Content-Type appropriate for the compressed
  file (e.g. "application/gzip"), and omit the Content-Encoding header.
  Users should expect that most clients will no longer decompress such responses
  by default.

  Related issues and pull requests on GitHub:
  #4462.

• Fixed duplicate cookie expiration calls in the CookieJar implementation

  Related issues and pull requests on GitHub:
  #7784.

• Adjusted FileResponse to check file existence and access when preparing the response -- by :user:steverep.

  The :py:class:~aiohttp.web.FileResponse class was modified to respond with
  403 Forbidden or 404 Not Found as appropriate. Previously, it would cause a
  server error if the path did not exist or could not be accessed. Checks for
  existence, non-regular files, and permissions were expected to be done in the
  route handler. For static routes, this now permits a compressed file to exist
  without its uncompressed variant and still be served. In addition, this
  changes the response status for files without read permission to 403, and for
  non-regular files from 404 to 403 for consistency.

  Related issues and pull requests on GitHub:
  #8182.

• Fixed AsyncResolver to match ThreadedResolver behavior
  -- by :user:bdraco.

  On system with IPv6 support, the :py:class:~aiohttp.resolver.AsyncResolver would not fallback
  to providing A records when AAAA records were not available.
  Additionally, unlike the :py:class:~aiohttp.resolver.ThreadedResolver, the :py:class:~aiohttp.resolver.AsyncResolver
  did not handle link-local addresses correctly.

  This change makes the behavior consistent with the :py:class:~aiohttp.resolver.ThreadedResolver.

  Related issues and pull requests on GitHub:
  #8270.

• Fixed ws_connect not respecting receive_timeout`` on WS(S) connection. -- by :user:arcivanov`.

  Related issues and pull requests on GitHub:
  #8444.

• Removed blocking I/O in the event loop for static resources and refactored
  exception handling -- by :user:steverep.

  File system calls when handling requests for static routes were moved to a
  separate thread to potentially improve performance. Exception handling
  was tightened in order to only return 403 Forbidden or 404 Not Found responses
  for expected scenarios; 500 Internal Server Error would be returned for any
  unknown errors.

  Related issues and pull requests on GitHub:
  #8507.

Features

• Added a Request.wait_for_disconnection() method, as means of allowing request handlers to be notified of premature client disconnections.

  Related issues and pull requests on GitHub:
  #2492.

• Added 5 new exceptions: :py:exc:~aiohttp.InvalidUrlClientError, :py:exc:~aiohttp.RedirectClientError,
  :py:exc:~aiohttp.NonHttpUrlClientError, :py:exc:~aiohttp.InvalidUrlRedirectClientError,
  :py:exc:~aiohttp.NonHttpUrlRedirectClientError

  :py:exc:~aiohttp.InvalidUrlRedirectClientError, :py:exc:~aiohttp.NonHttpUrlRedirectClientError
  are raised instead of :py:exc:ValueError or :py:exc:~aiohttp.InvalidURL when the redirect URL is invalid. Classes
  :py:exc:~aiohttp.InvalidUrlClientError, :py:exc:~aiohttp.RedirectClientError,
  :py:exc:~aiohttp.NonHttpUrlClientError are base for them.

  The :py:exc:~aiohttp.InvalidURL now exposes a description property with the text explanation of the error details.

  -- by :user:setla, :user:AraHaan, and :user:bdraco

  Related issues and pull requests on GitHub:
  #2507, #3315, #6722, #8481, #8482.

• Added a feature to retry closed connections automatically for idempotent methods. -- by :user:Dreamsorcerer

  Related issues and pull requests on GitHub:
  #7297.

• Implemented filter_cookies() with domain-matching and path-matching on the keys, instead of testing every single cookie.
  This may break existing cookies that have been saved with CookieJar.save(). Cookies can be migrated with this script::

  import pickle
  with file_path.open("rb") as f:
      cookies = pickle.load(f)
  
  morsels = [(name, m) for c in cookies.values() for name, m in c.items()]
  cookies.clear()
  for name, m in morsels:
      cookies[(m["domain"], m["path"].rstrip("/"))][name] = m
  
  with file_path.open("wb") as f:
      pickle.dump(cookies, f, pickle.HIGHEST_PROTOCOL)
  

  Related issues and pull requests on GitHub:
  #7583, #8535.

• Separated connection and socket timeout errors, from ServerTimeoutError.

  Related issues and pull requests on GitHub:
  #7801.

• Implemented happy eyeballs

  Related issues and pull requests on GitHub:
  #7954.

• Added server capability to check for static files with Brotli compression via a .br extension -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8062.

Removals and backward incompatible breaking changes

• The shutdown logic in 3.9 waited on all tasks, which caused issues with some libraries.
  In 3.10 we've changed this logic to only wait on request handlers. This means that it's
  important for developers to correctly handle the lifecycle of background tasks using a
  library such as aiojobs. If an application is using handler_cancellation=True then
  it is also a good idea to ensure that any :func:asyncio.shield calls are replaced with
  :func:aiojobs.aiohttp.shield.

  Please read the updated documentation on these points:
  https://docs.aiohttp.org/en/stable/web_advanced.html#graceful-shutdown
  https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation

  -- by :user:Dreamsorcerer

  Related issues and pull requests on GitHub:
  #8495.

Improved documentation

• Added documentation for aiohttp.web.FileResponse.

  Related issues and pull requests on GitHub:
  #3958.

• Improved the docs for the ssl params.

  Related issues and pull requests on GitHub:
  #8403.

Contributor-facing changes

• Enabled HTTP parser tests originally intended for 3.9.2 release -- by :user:pajod.

  Related issues and pull requests on GitHub:
  #8088.

Miscellaneous internal changes

• Improved URL handler resolution time by indexing resources in the UrlDispatcher.
  For applications with a large number of handlers, this should increase performance significantly.
  -- by :user:bdraco

  Related issues and pull requests on GitHub:
  #7829.

• Added nacl_middleware <https://github.com/CosmicDNA/nacl_middleware>_ to the list of middlewares in the third party section of the documentation.

  Related issues and pull requests on GitHub:
  #8346.

• Minor improvements to static typing -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8364.

• Added a 3.11-specific overloads to ClientSession -- by :user:max-muoto.

  Related issues and pull requests on GitHub:
  #8463.

• Simplified path checks for UrlDispatcher.add_static() method -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8491.

• Avoided creating a future on every websocket receive -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8498.

• Updated identity checks for all WSMsgType type compares -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8501.

• When using Python 3.12 or later, the writer is no longer scheduled on the event loop if it can finish synchronously. Avoiding event loop scheduling reduces latency and improves performance. -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8510.

• Restored :py:class:~aiohttp.resolver.AsyncResolver to be the default resolver. -- by :user:bdraco.

  :py:class:~aiohttp.resolver.AsyncResolver was disabled by default because
  of IPv6 compatibility issues. These issues have been resolved and
  :py:class:~aiohttp.resolver.AsyncResolver is again now the default resolver.

  Related issues and pull requests on GitHub:
  #8522.

---

3.10.0rc0

Bug fixes

• Adjusted FileResponse to check file existence and access when preparing the response -- by :user:steverep.

  The :py:class:~aiohttp.web.FileResponse class was modified to respond with
  403 Forbidden or 404 Not Found as appropriate. Previously, it would cause a
  server error if the path did not exist or could not be accessed. Checks for
  existence, non-regular files, and permissions were expected to be done in the
  route handler. For static routes, this now permits a compressed file to exist
  without its uncompressed variant and still be served. In addition, this
  changes the response status for files without read permission to 403, and for
  non-regular files from 404 to 403 for consistency.

  Related issues and pull requests on GitHub:
  #8182.

Removals and backward incompatible breaking changes

• The shutdown logic in 3.9 waited on all tasks, which caused issues with some libraries.
  In 3.10 we've changed this logic to only wait on request handlers. This means that it's
  important for developers to correctly handle the lifecycle of background tasks using a
  library such as aiojobs. If an application is using handler_cancellation=True then
  it is also a good idea to ensure that any :func:asyncio.shield calls are replaced with
  :func:aiojobs.aiohttp.shield.

  Please read the updated documentation on these points:
  https://docs.aiohttp.org/en/stable/web_advanced.html#graceful-shutdown
  https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation

  -- by :user:Dreamsorcerer

  Related issues and pull requests on GitHub:
  #8495.

Miscellaneous internal changes

• Improve performance of filtering cookies -- by :user:bdraco.

  This change is a followup to the improvements in #7583

  Related issues and pull requests on GitHub:
  #8535.

---

3.10.0b1

Bug fixes

• Fixed server response headers for Content-Type and Content-Encoding for
  static compressed files -- by :user:steverep.

  Server will now respond with a Content-Type appropriate for the compressed
  file (e.g. "application/gzip"), and omit the Content-Encoding header.
  Users should expect that most clients will no longer decompress such responses
  by default.

  Related issues and pull requests on GitHub:
  #4462.

• Fix duplicate cookie expiration calls in the CookieJar implementation

  Related issues and pull requests on GitHub:
  #7784.

• Fix AsyncResolver to match ThreadedResolver behavior
  -- by :user:bdraco.

  On system with IPv6 support, the :py:class:~aiohttp.resolver.AsyncResolver would not fallback
  to providing A records when AAAA records were not available.
  Additionally, unlike the :py:class:~aiohttp.resolver.ThreadedResolver, the :py:class:~aiohttp.resolver.AsyncResolver
  did not handle link-local addresses correctly.

  This change makes the behavior consistent with the :py:class:~aiohttp.resolver.ThreadedResolver.

  Related issues and pull requests on GitHub:
  #8270.

• Fix ws_connect not respecting receive_timeout`` on WS(S) connection. -- by :user:arcivanov`.

  Related issues and pull requests on GitHub:
  #8444.

• Removed blocking I/O in the event loop for static resources and refactored
  exception handling -- by :user:steverep.

  File system calls when handling requests for static routes were moved to a
  separate thread to potentially improve performance. Exception handling
  was tightened in order to only return 403 Forbidden or 404 Not Found responses
  for expected scenarios; 500 Internal Server Error would be returned for any
  unknown errors.

  Related issues and pull requests on GitHub:
  #8507.

Features

• Add a Request.wait_for_disconnection() method, as means of allowing request handlers to be notified of premature client disconnections.

  Related issues and pull requests on GitHub:
  #2492.

• Added 5 new exceptions: :py:exc:~aiohttp.InvalidUrlClientError, :py:exc:~aiohttp.RedirectClientError,
  :py:exc:~aiohttp.NonHttpUrlClientError, :py:exc:~aiohttp.InvalidUrlRedirectClientError,
  :py:exc:~aiohttp.NonHttpUrlRedirectClientError

  :py:exc:~aiohttp.InvalidUrlRedirectClientError, :py:exc:~aiohttp.NonHttpUrlRedirectClientError
  are raised instead of :py:exc:ValueError or :py:exc:~aiohttp.InvalidURL when the redirect URL is invalid. Classes
  :py:exc:~aiohttp.InvalidUrlClientError, :py:exc:~aiohttp.RedirectClientError,
  :py:exc:~aiohttp.NonHttpUrlClientError are base for them.

  The :py:exc:~aiohttp.InvalidURL now exposes a description property with the text explanation of the error details.

  -- by :user:setla, :user:AraHaan, and :user:bdraco

  Related issues and pull requests on GitHub:
  #2507, #3315, #6722, #8481, #8482.

• Added a feature to retry closed connections automatically for idempotent methods. -- by :user:Dreamsorcerer

  Related issues and pull requests on GitHub:
  #7297.

• Implement filter_cookies() with domain-matching and path-matching on the keys, instead of testing every single cookie.
  This may break existing cookies that have been saved with CookieJar.save(). Cookies can be migrated with this script::

  import pickle
  with file_path.open("rb") as f:
      cookies = pickle.load(f)
  
  morsels = [(name, m) for c in cookies.values() for name, m in c.items()]
  cookies.clear()
  for name, m in morsels:
      cookies[(m["domain"], m["path"].rstrip("/"))][name] = m
  
  with file_path.open("wb") as f:
      pickle.dump(cookies, f, pickle.HIGHEST_PROTOCOL)
  

  Related issues and pull requests on GitHub:
  #7583.

• Separated connection and socket timeout errors, from ServerTimeoutError.

  Related issues and pull requests on GitHub:
  #7801.

• Implement happy eyeballs

  Related issues and pull requests on GitHub:
  #7954.

• Added server capability to check for static files with Brotli compression via a .br extension -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8062.

Improved documentation

• Add documentation for aiohttp.web.FileResponse.

  Related issues and pull requests on GitHub:
  #3958.

• Improve the docs for the ssl params.

  Related issues and pull requests on GitHub:
  #8403.

Contributor-facing changes

• Enabled HTTP parser tests originally intended for 3.9.2 release -- by :user:pajod.

  Related issues and pull requests on GitHub:
  #8088.

Miscellaneous internal changes

• Improved URL handler resolution time by indexing resources in the UrlDispatcher.
  For applications with a large number of handlers, this should increase performance significantly.
  -- by :user:bdraco

  Related issues and pull requests on GitHub:
  #7829.

• Add nacl_middleware <https://github.com/CosmicDNA/nacl_middleware>_ to the list of middlewares in the third party section of the documentation.

  Related issues and pull requests on GitHub:
  #8346.

• Minor improvements to static typing -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8364.

• Added a 3.11-specific overloads to ClientSession -- by :user:max-muoto.

  Related issues and pull requests on GitHub:
  #8463.

• Simplified path checks for UrlDispatcher.add_static() method -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8491.

• Avoid creating a future on every websocket receive -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8498.

• Use identity checks for all WSMsgType type compares -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8501.

• When using Python 3.12 or later, the writer is no longer scheduled on the event loop if it can finish synchronously. Avoiding event loop scheduling reduces latency and improves performance. -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8510.

• Restore :py:class:~aiohttp.resolver.AsyncResolver to be the default resolver. -- by :user:bdraco.

  :py:class:~aiohttp.resolver.AsyncResolver was disabled by default because
  of IPv6 compatibility issues. These issues have been resolved and
  :py:class:~aiohttp.resolver.AsyncResolver is again now the default resolver.

  Related issues and pull requests on GitHub:
  #8522.

3.9.5

Bug fixes

• Fixed "Unclosed client session" when initialization of
  :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub:
  #8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data
  part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub:
  #8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken
  form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8335.

---

3.9.4

Bug fixes

• The asynchronous internals now set the underlying causes
  when assigning exceptions to the future objects
  -- by :user:webknjaz.

  Related issues and pull requests on GitHub:
  #8089.

• Treated values of Accept-Encoding header as case-insensitive when checking
  for gzip files -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8104.

• Improved the DNS resolution performance on cache hit -- by :user:bdraco.

  This is achieved by avoiding an :mod:asyncio task creation in this case.

  Related issues and pull requests on GitHub:
  #8163.

• Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append,
  :meth:aiohttp.MultipartWriter.append_json and
  :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

  Related issues and pull requests on GitHub:
  #7741.

• Ensure websocket transport is closed when client does not close it
  -- by :user:bdraco.

  The transport could remain open if the client did not close it. This
  change ensures the transport is closed when the client does not close
  it.

  Related issues and pull requests on GitHub:
  #8200.

• Leave websocket transport open if receive times out or is cancelled
  -- by :user:bdraco.

  This restores the behavior prior to the change in #7978.

  Related issues and pull requests on GitHub:
  #8251.

• Fixed content not being read when an upgrade request was not supported with the pure Python implementation.
  -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8252.

• Fixed a race condition with incoming connections during server shutdown -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8271.

• Fixed multipart/form-data compliance with :rfc:7578 -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8280.

• Fixed blocking I/O in the event loop while processing files in a POST request
  -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8283.

• Escaped filenames in static view -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8317.

• Fixed the pure python parser to mark a connection as closing when a
  response has no length -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8320.

Features

• Upgraded llhttp to 9.2.1, and started rejecting obsolete line folding
  in Python parser to match -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8146, #8292.

Deprecations (removal in next major release)

• Deprecated content_transfer_encoding parameter in :py:meth:FormData.add_field() <aiohttp.FormData.add_field> -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8280.

Improved documentation

• Added a note about canceling tasks to avoid delaying server shutdown -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8267.

Contributor-facing changes

• The pull request template is now asking the contributors to
  answer a question about the long-term maintenance challenges
  they envision as a result of merging their patches
  -- by :user:webknjaz.

  Related issues and pull requests on GitHub:
  #8099.

• Updated CI and documentation to use NPM clean install and upgrade
  node to version 18 -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8116.

• A pytest fixture hello_txt was introduced to aid
  static file serving tests in
  :file:test_web_sendfile_functional.py. It dynamically
  provisions hello.txt file variants shared across the
  tests in the module.

  -- by :user:steverep

  Related issues and pull requests on GitHub:
  #8136.

Packaging updates and notes for downstreams

• Added an internal pytest marker for tests which should be skipped
  by packagers (use -m 'not internal' to disable them) -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8299.

---

3.9.4rc0

Bug fixes

• The asynchronous internals now set the underlying causes
  when assigning exceptions to the future objects
  -- by :user:webknjaz.

  Related issues and pull requests on GitHub:
  #8089.

• Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8104.

Features

• Upgraded llhttp to 9.2 -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8146.

Contributor-facing changes

• The pull request template is now asking the contributors to
  answer a question about the long-term maintenance challenges
  they envision as a result of merging their patches
  -- by :user:webknjaz.

  Related issues and pull requests on GitHub:
  #8099.

• Updated CI and documentation to use NPM clean install and upgrade node to version 18 -- by :user:steverep.

  Related issues and pull requests on GitHub:
  #8116.

• A pytest fixture hello_txt was introduced to aid
  static file serving tests in
  :file:test_web_sendfile_functional.py. It dynamically
  provisions hello.txt file variants shared across the
  tests in the module.

  -- by :user:steverep

  Related issues and pull requests on GitHub:
  #8136.

• Two definitions for "test_invalid_route_name" existed, only one was being run. Refactored them into a single parameterized test. Enabled lint rule to prevent regression. -- by :user:alexmac.

  Related issues and pull requests on GitHub:
  #8139.

---

3.9.3

Bug fixes

• Fixed backwards compatibility breakage (in 3.9.2) of ssl parameter when set outside
  of ClientSession (e.g. directly in TCPConnector) -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #8097, #8098.

Miscellaneous internal changes

• Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.

  Related issues and pull requests on GitHub:
  #3957.

---

3.9.2

Bug fixes

• Fixed server-side websocket connection leak.

  Related issues and pull requests on GitHub:
  #7978.

• Fixed web.FileResponse doing blocking I/O in the event loop.

  Related issues and pull requests on GitHub:
  #8012.

• Fixed double compress when compression enabled and compressed file exists in server file responses.

  Related issues and pull requests on GitHub:
  #8014.

• Added runtime type check for ClientSession timeout parameter.

  Related issues and pull requests on GitHub:
  #8021.

• Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

  Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected.
  Invalid header field names containing question mark or slash are now rejected.
  Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

  Related issues and pull requests on GitHub:
  #8074.

• Improved validation of paths for static resources requests to the server -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  #8079.

Features

• Added support for passing :py:data:True to ssl parameter in ClientSession while
  deprecating :py:data:None -- by :user:xiangyan99.

  Related issues and pull requests on GitHub:
  #7698.

Breaking changes

• Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

  Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected.
  Invalid header field names containing question mark or slash are now rejected.
  Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

  Related issues and pull requests on GitHub:
  #8074.

Improved documentation

• Fixed examples of fallback_charset_resolver function in the :doc:client_advanced document. -- by :user:henry0312.

  Related issues and pull requests on GitHub:
  #7995.

• The Sphinx setup was updated to avoid showing the empty
  changelog draft section in the tagged release documentation
  builds on Read The Docs -- by :user:webknjaz.

  Related issues and pull requests on GitHub:
  #8067.

Packaging updates and notes for downstreams

• The changelog categorization was made clearer. The
  contributors can now mark their fragment files more
  accurately -- by :user:webknjaz.

  The new category tags are:

  * ``bugfix``
  
  * ``feature``
  
  * ``deprecation``
  
  * ``breaking`` (previously, ``removal``)
  
  * ``doc``
  
  * ``packaging``
  
  * ``contrib``
  
  * ``misc``
  

  Related issues and pull requests on GitHub:
  #8066.

Contributor-facing changes

• Updated :ref:contributing/Tests coverage <aiohttp-contributing> section to show how we use codecov -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub:
  #7916.

• The changelog categorization was made clearer. The
  contributors can now mark their fragment files more
  accurately -- by :user:webknjaz.

  The new category tags are:

  * ``bugfix``
  
  * ``feature``
  
  * ``deprecation``
  
  * ``breaking`` (previously, ``removal``)
  
  * ``doc``
  
  * ``packaging``
  
  * ``contrib``
  
  * ``misc``
  

  Related issues and pull requests on GitHub:
  #8066.

Miscellaneous internal changes

• Replaced all tmpdir fixtures with tmp_path in test suite.

  Related issues and pull requests on GitHub:
  #3551.

---