Changelog

6.1

In development

6.0

Warning

Version 6.0 introduces the Headers class for managing HTTP headers and changes several public APIs:

  • process_request() now receives a Headers instead of a HTTPMessage in the request_headers argument.
  • The request_headers and response_headers attributes of WebSocketCommonProtocol are Headers instead of HTTPMessage.
  • The raw_request_headers and raw_response_headers attributes of WebSocketCommonProtocol are removed. Use raw_items() instead.
  • Functions defined in the handshake module now receive Headers in argument instead of get_header or set_header fucntions. This affects libraries that rely on low-level APIs.
  • Functions defined in the http module now return HTTP headers as Headers instead of lists of (name, value) pairs.

Note that Headers and HTTPMessage provide similar APIs.

Also:

  • Added compatibility with Python 3.7.

5.0

Note

Version 5.0 fixes a security issue introduced in version 4.0.

websockets 4.0 was vulnerable to denial of service by memory exhaustion because it didn’t enforce max_size when decompressing compressed messages (CVE-2018-1000518).

Warning

Version 5.0 adds a user_info field to the return value of parse_uri() and WebSocketURI .

If you’re unpacking WebSocketURI into four variables, adjust your code to account for that fifth field.

Also:

  • connect() performs HTTP Basic Auth when the URI contains credentials.
  • Iterating on incoming messages no longer raises an exception when the connection terminates with code 1001 (going away).
  • A plain HTTP request now receives a 426 Upgrade Required response and doesn’t log a stack trace.
  • unix_serve() can be used as an asynchronous context manager on Python ≥ 3.5.1.
  • Added closed() property.
  • If a ping() doesn’t receive a pong, it’s cancelled when the connection is closed.
  • Reported the cause of ConnectionClosed exceptions.
  • Added new examples in the documentation.
  • Updated documentation with new features from Python 3.6.
  • Improved several other sections of the documentation.
  • Fixed missing close code, which caused TypeError on connection close.
  • Fixed a race condition in the closing handshake that raised InvalidState.
  • Stopped logging stack traces when the TCP connection dies prematurely.
  • Prevented writing to a closing TCP connection during unclean shutdowns.
  • Made connection termination more robust to network congestion.
  • Prevented processing of incoming frames after failing the connection.

4.0

Warning

Version 4.0 enables compression with the permessage-deflate extension.

In August 2017, Firefox and Chrome support it, but not Safari and IE.

Compression should improve performance but it increases RAM and CPU use.

If you want to disable compression, add compression=None when calling serve() or connect().

Warning

Version 4.0 removes the state_name attribute of protocols.

Use protocol.state.name instead of protocol.state_name.

Also:

  • WebSocketCommonProtocol instances can be used as asynchronous iterators on Python ≥ 3.6. They yield incoming messages.
  • Added unix_serve() for listening on Unix sockets.
  • Added the sockets attribute.
  • Reorganized and extended documentation.
  • Aborted connections if they don’t close within the configured timeout.
  • Rewrote connection termination to increase robustness in edge cases.
  • Stopped leaking pending tasks when cancel() is called on a connection while it’s being closed.
  • Reduced verbosity of “Failing the WebSocket connection” logs.
  • Allowed extra_headers to override Server and User-Agent headers.

3.4

  • Renamed serve() and connect()’s klass argument to create_protocol to reflect that it can also be a callable. For backwards compatibility, klass is still supported.
  • serve() can be used as an asynchronous context manager on Python ≥ 3.5.1.
  • Added support for customizing handling of incoming connections with process_request().
  • Made read and write buffer sizes configurable.
  • Rewrote HTTP handling for simplicity and performance.
  • Added an optional C extension to speed up low level operations.
  • An invalid response status code during connect() now raises InvalidStatusCode with a code attribute.
  • Providing a sock argument to connect() no longer crashes.

3.3

  • Ensured compatibility with Python 3.6.
  • Reduced noise in logs caused by connection resets.
  • Avoided crashing on concurrent writes on slow connections.

3.2

  • Added timeout, max_size, and max_queue arguments to connect() and serve().
  • Made server shutdown more robust.

3.1

  • Avoided a warning when closing a connection before the opening handshake.
  • Added flow control for incoming data.

3.0

Warning

Version 3.0 introduces a backwards-incompatible change in the recv() API.

If you’re upgrading from 2.x or earlier, please read this carefully.

recv() used to return None when the connection was closed. This required checking the return value of every call:

message = await websocket.recv()
if message is None:
    return

Now it raises a ConnectionClosed exception instead. This is more Pythonic. The previous code can be simplified to:

message = await websocket.recv()

When implementing a server, which is the more popular use case, there’s no strong reason to handle such exceptions. Let them bubble up, terminate the handler coroutine, and the server will simply ignore them.

In order to avoid stranding projects built upon an earlier version, the previous behavior can be restored by passing legacy_recv=True to serve(), connect(), WebSocketServerProtocol, or WebSocketClientProtocol. legacy_recv isn’t documented in their signatures but isn’t scheduled for deprecation either.

Also:

  • connect() can be used as an asynchronous context manager on Python ≥ 3.5.1.
  • Updated documentation with await and async syntax from Python 3.5.
  • ping() and pong() support data passed as str in addition to bytes.
  • Worked around an asyncio bug affecting connection termination under load.
  • Made state_name atttribute on protocols a public API.
  • Improved documentation.

2.7

  • Added compatibility with Python 3.5.
  • Refreshed documentation.

2.6

  • Added local_address and remote_address attributes on protocols.
  • Closed open connections with code 1001 when a server shuts down.
  • Avoided TCP fragmentation of small frames.

2.5

  • Improved documentation.
  • Provided access to handshake request and response HTTP headers.
  • Allowed customizing handshake request and response HTTP headers.
  • Supported running on a non-default event loop.
  • Returned a 403 status code instead of 400 when the request Origin isn’t allowed.
  • Cancelling recv() no longer drops the next message.
  • Clarified that the closing handshake can be initiated by the client.
  • Set the close code and reason more consistently.
  • Strengthened connection termination by simplifying the implementation.
  • Improved tests, added tox configuration, and enforced 100% branch coverage.

2.4

  • Added support for subprotocols.
  • Supported non-default event loop.
  • Added loop argument to connect() and serve().

2.3

  • Improved compliance of close codes.

2.2

  • Added support for limiting message size.

2.1

  • Added host, port and secure attributes on protocols.
  • Added support for providing and checking Origin.

2.0

Warning

Version 2.0 introduces a backwards-incompatible change in the send(), ping(), and pong() APIs.

If you’re upgrading from 1.x or earlier, please read this carefully.

These APIs used to be functions. Now they’re coroutines.

Instead of:

websocket.send(message)

you must now write:

await websocket.send(message)

Also:

  • Added flow control for outgoing data.

1.0

  • Initial public release.