Release Date: 2024-02-11

  • Chores

    • Update development dependencies

    • Use ruff for all linting

    • Update CI compatibility matrix


Release Date: 2023-08-30

  • Feature

    • Add meta_limits to allow for creating upper limits for requesting clients to breach application rate limits.

  • Bug fix

    • Ensure on breach callbacks can be configured using flask config


Release Date: 2023-08-26

  • Bug fix

    • Ensure has stable content when generated using git archive from a tag regardless of when it is run.


Release Date: 2023-08-22

  • Feature

    • Add extended configuration for application limits

      • application_limits_exempt_when

      • application_limits_deduct_when

      • application_limits_per_method

  • Bug fix

    • Ensure blueprint static routes are exempt


Release Date: 2023-05-03

  • Chores

    • Improve default limits documentation

    • Update documentation dependencies

    • Fix typing compatibility errors in headers


Release Date: 2023-02-26

  • Bug Fix

    • Ensure per route limits are preferred (over application limits) when populating rate limiting headers in the case where no rate limit has been breached in the request.


Release Date: 2023-02-15

  • Feature

    • Allow configuring request identity

  • Chores

    • Improve linting with ruff

    • Update development dependencies


Release Date: 2022-12-29

  • Feature

    • Skip logging an error if a decorated limit uses a callable to return the “current” rate limit and returns an empty string. Treat this is a signal that the rate limit should be skipped for this request.


Release Date: 2022-12-28

  • Breaking changes

    • Change order of extension constructor arguments to only require key_func as the first positional argument and all other arguments as keyword arguments.

    • Separate positional/keyword arguments in limit/shared_limit decorators

    • Remove deprecated config variable RATELIMIT_STORAGE_URL

    • Remove legacy backward compatibility path for flask < 2

  • Features

    • Allow scoping regular limit decorators / context managers


Release Date: 2022-12-28

  • Breaking changes

    • Remove deprecated config variable RATELIMIT_STORAGE_URL

    • Remove legacy backward compatibility path for flask < 2

    • Enforce key_func as a required argument

  • Chores

    • Simplify registration of decorated function & blueprint limits


Release Date: 2022-12-26

  • Breaking changes

    • Change order of extension constructor arguments to only require key_func as the first positional argument and all other arguments as keyword arguments.

    • Separate positional/keyword arguments in limit/shared_limit decorators

  • Features

    • Allow scoping regular limit decorators / context managers


Release Date: 2022-12-26

  • Feature

    • Extend customization by http method to shared_limit decorator


Release Date: 2022-12-26

  • Chores

    • Update documentation quick start

    • Refresh documentation for class based views


Release Date: 2022-12-24

  • Features

    • Allow using limit & shared_limit decorators on pure functions that are not decorated as routes. The functions when called from within a request context will get rate limited.

    • Allow using limit as a context manager to rate limit a code block explicitly within a request

  • Chores

    • Updated development dependencies

    • Fix error running tests depending on docker locally

    • Update internals to use dataclasses


Release Date: 2022-11-15

  • Chores

    • Add sponsorship banner to rtd

    • Update documentation dependencies


Release Date: 2022-11-13

  • Breaking changes

    • Any exception raised when calling an on_breach callback will be re-raised instead of being absorbed unless swallow_errors is set. In the case of swallow_errors the exception will now be logged at ERROR level instead of WARN

    • Reduce log level of rate limit exceeded log messages to INFO


Release Date: 2022-10-25

  • Bug Fix

    • Add default value for RateLimitExceeded optional parameter

    • Fix suppression of errors when using conditional deduction (Issue 363)


Release Date: 2022-09-22

  • Compatibility

    • Ensure typing_extensions dependency has a minimum version

  • Chores

    • Documentation tweaks

    • Update CI to use 3.11 rc2


Release Date: 2022-08-24

  • Chores

    • Improve quick start documentation


Release Date: 2022-08-23

  • Usability

    • Emit warning when in memory storage is used as a default when no storage uri is provided


Release Date: 2022-08-11

  • Feature

    • Expand use of on_breach callback to return a Response object that will be used as the error response on rate limits being exceeded


Release Date: 2022-08-05

  • Compatibility

    • Migrate use of flask._request_ctx_stack to flask.globals.request_ctx to support Flask 2.2+

  • Chores

    • Expand CI matrix to test against Flask 2.0,2.1 & 2.2

    • Make tests compatible with Flask 2.2.+


Release Date: 2022-07-07

  • Features

    • Ensure multiple extension instances registered on a single application exercise before/after request hooks

  • Chores

    • Improve documentation


Release Date: 2022-06-06

  • Chore

    • Add python 3.11 to CI matrix


Release Date: 2022-04-22

  • Chore

    • Automate github releases


Release Date: 2022-04-21

  • Chore

    • Automate github releases


Release Date: 2022-04-21

  • Chore

    • Automate github releases


Release Date: 2022-04-21

  • Chore

    • Second attempt to generate release notes


Release Date: 2022-04-21

  • Chore

    • Test for automating github release notes


Release Date: 2022-04-21

  • Chore

    • Automate github releases


Release Date: 2022-04-20

  • Feature

    • Add CLI for inspecting & clearing rate limits

  • Bug Fix

    • Ensure exempt decorator can be used with flags for view functions

  • Chores

    • Refactor rate limit resolution to limit manager


Release Date: 2022-04-20

  • Bug Fix

    • Ensure request.blueprint is actually registered on the current app before using it for blueprint limits or exemptions. (Issue 336)


Release Date: 2022-04-17

  • Feature

    • Extend cost parameter to default & application limits

  • Chore

    • Improve type strictness / checking

    • Improve documentation on landing page


Release Date: 2022-04-14

  • Bug Fixes

    • Add missing extras requirements for installation

    • Add py.typed for PEP 561 compliance


Release Date: 2022-04-11

  • Features

    • Expose option to register a callback for rate limit breaches of default limits via the on_breach constructor parameter

    • Replace use of flask.g with request context for keeping track of extension state (#327)

    • Rework implementation of exempt() to accomodate nested blueprints. (#326)

  • Chores

    • Add python 3.11 to CI

    • Extract management and filtering of limits to LimitManager

    • Improve correctness of resolving inherited limits & extensions when working with Blueprints (especially nested ones)


Release Date: 2022-03-05

  • Feature

    • Allow a function to be used for the cost parameter to limiter decorators.


Release Date: 2022-01-30

  • Chore

    • Update documentation theme


Release Date: 2022-01-15

  • Feature

    • Add current_limit attribute to extension to allow clients to fetch the relevant current limit that was evaluated.

    • Update extension constructor parameters to match flask config for header control

    • Add on_breach callback for limit and shared_limit decorators to be used as hooks for when a limit is breached

    • Add cost argument to limit and shared_limit to control how much is deducted when a hit occurs.

  • Chore

    • Improve documentation around configuration

  • Deprecation

    • Remove hacks for managing incorrectly ordered limit/route decorators


Release Date: 2021-12-22

  • Chore

    • Documentation theme upgrades

    • Integrate pytest-docker plugin

    • Mass linting

  • Deprecation

    • Removed deprecated RATELIMIT_GLOBAL config

    • Added deprecation doc for RATELIMIT_STORAGE_URL config


Release Date: 2021-12-15

Documentation & test tweaks


Release Date: 2021-11-28

  • Features

    • Pin Flask, limits to >= 2

    • Add type hints


Release Date: 2021-11-28

  • Deprecations

    • Remove deprecated get_ipaddr method

    • Remove use of six

    • Remove backward compatibility hacks for RateLimit exceptions


Release Date: 2021-11-27

Drop support for python < 3.7 & Flask < 2.0


Release Date: 2021-11-27

Final Release for python < 3.7

  • Features

    • Prepend key_prefix to extension variables attached to g

    • Expose g.view_limits


Release Date: 2020-08-25

  • Bug Fix

    • Always set headers for conditional limits

    • Skip init_app sequence when the rate limiter is disabled


Release Date: 2020-05-21

  • Bug Fix

    • Ensure headers provided explictely by setting _header_mapping take precedence over configuration values.


Release Date: 2020-05-20

  • Features

    • Add new deduct_when argument that accepts a function to decorated limits to conditionally perform depletion of a rate limit (Pull Request 248)

    • Add new default_limits_deduct_when argument to Limiter constructor to conditionally perform depletion of default rate limits

    • Add default_limits_exempt_when argument that accepts a function to allow skipping the default limits in the before_request phase

  • Bug Fix

    • Fix handling of storage failures during after_request phase.

  • Code Quality

    • Use github-actions instead of travis for CI

    • Use pytest instaad of nosetests

    • Add docker configuration for test dependencies

    • Increase code coverage to 100%

    • Ensure pyflake8 compliance


Release Date: 2020-02-26

  • Bug fix

    • Syntax error in version 1.2.0 when application limits are provided through configuration file (Issue 241)


Release Date: 2020-02-25

  • Add override_defaults argument to decorated limits to allow combinined defaults with decorated limits.

  • Add configuration parameter RATELIMIT_DEFAULTS_PER_METHOD to control whether defaults are applied per method.

  • Add support for in memory fallback without override (Pull Request 236)

  • Bug fix

    • Ensure defaults are enforced when decorated limits are skipped (Issue 238)


Release Date: 2019-10-02


Release Date: 2017-12-08

  • Bug fix

    • Duplicate rate limits applied via application limits (Issue 108)


Release Date: 2017-11-06

  • Improved documentation for handling ip addresses for applications behind proxiues (Issue 41)

  • Execute rate limits for decorated routes in decorator instead of before_request (Issue 67)

  • Bug Fix

    • Python 3.5 Errors (Issue 82)

    • RATELIMIT_KEY_PREFIX configuration constant not used (Issue 88)

    • Can’t use dynamic limit in default_limits (Issue 94)

    • Retry-After header always zero when using key prefix (Issue 99)


Release Date: 2017-08-18

  • Upgrade versioneer


Release Date: 2017-07-26

  • Add support for key prefixes


Release Date: 2017-05-01

  • Implemented application wide shared limits


Release Date: 2016-03-14

  • Allow reset of limiter storage if available


Release Date: 2016-03-04

  • Deprecation warning for default key_func get_ipaddr

  • Support for Retry-After header


Release Date: 2015-11-21

  • Re-expose enabled property on Limiter instance.


Release Date: 2015-11-13

  • In-memory fallback option for unresponsive storage

  • Rate limit exemption option per limit


Release Date: 2015-10-05

  • Bug fix for reported issues of missing (limits) dependency upon installation.


Release Date: 2015-10-03

  • Documentation tweaks.


Release Date: 2015-09-17

  • Remove outdated files from egg


Release Date: 2015-08-06

  • Fixed compatibility with latest version of Flask-Restful


Release Date: 2015-06-07

  • No functional change


Release Date: 2015-04-02

  • Bug fix for case sensitive methods whitelist for limits decorator


Release Date: 2015-03-20

  • Hotfix for dynamic limits with blueprints

  • Undocumented feature to pass storage options to underlying storage backend.


Release Date: 2015-03-02

  • methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.


Release Date: 2015-02-16


Release Date: 2015-02-03

  • Use Werkzeug TooManyRequests as the exception raised when available.


Release Date: 2015-01-30

  • Bug Fix

    • Fix for version comparison when monkey patching Werkzeug

      (Issue 24)


Release Date: 2015-01-09

  • Refactor core storage & ratelimiting strategy out into the limits package.

  • Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.


Release Date: 2015-01-09

  • Refactoring of RedisStorage for extensibility (Issue 18)

  • Bug fix: Correct default setting for enabling rate limit headers. (Issue 22)


Release Date: 2014-10-21

  • Bug fix

    • Fix for responses slower than rate limiting window. (Issue 17.)


Release Date: 2014-10-01

  • Bug fix: in memory storage thread safety


Release Date: 2014-08-31

  • Support for manually triggering rate limit check


Release Date: 2014-08-26

  • Header name overrides


Release Date: 2014-07-13


Release Date: 2014-07-11

  • per http method rate limit separation (Recipe)

  • documentation improvements


Release Date: 2014-06-24


Release Date: 2014-06-13


Release Date: 2014-06-13

  • Bug fix

    • Werkzeug < 0.9 Compatibility (Issue 6.)


Release Date: 2014-06-12

  • Hotfix : use HTTPException instead of abort to play well with other extensions.


Release Date: 2014-06-12

  • Allow configuration overrides via extension constructor


Release Date: 2014-06-04

  • Improved implementation of moving-window X-RateLimit-Reset value.


Release Date: 2014-05-28


Release Date: 2014-05-26

  • Bug fix

    • Memory leak when using (Issue 4.)

  • Improved test coverage


Release Date: 2014-02-20

  • Strict version requirement on six

  • documentation tweaks


Release Date: 2014-02-19

  • improved logging support for multiple handlers

  • allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.

  • add a global kill switch in flask config for all rate limits.

  • Bug fixes

    • default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.


Release Date: 2014-02-18

  • add new decorator to exempt routes from limiting.

  • Bug fixes

    • wasn’t included in manifest.

    • configuration string for strategy was out of sync with docs.


Release Date: 2014-02-15

  • python 2.6 support via counter backport

  • source docs.


Release Date: 2014-02-15

  • Implemented configurable strategies for rate limiting.

  • Bug fixes

    • better locking for in-memory storage

    • multi threading support for memcached storage


Release Date: 2014-02-14

  • Bug fixes

    • fix initializing the extension without an app

    • don’t rate limit static files


Release Date: 2014-02-13

  • first release.