This release patches 1 CVE for security teams tracking exposure across their dependency inventory.
Published 6d
Build & Package
1 patched CVE
This release patches 1 known CVE
CVE-2023-4863
EPSS 93%
1
CVEs patched
Topics
data-analysis
data-science
data-visualization
machine-learning
developer-tools
python
+1 more
streamlit
Affected surfaces
auth
rbac
Summary
AI summaryUpdates Bug Fixes 🐛, Other Changes, and New Features 🎉 across a mixed release.
Full changelog
What's Changed
Breaking Changes 🛠
- [chore] Remove deprecated
add_rowsfeature by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15034 - [chore] Remove langchain callback handler integration by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15051
New Features 🎉
- [feature] Add custom script error handling via
st.Appby @lukasmasuch in https://github.com/streamlit/streamlit/pull/14972 - [feature] Add
st.paginationwidget by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14975 - [feat] Add
typeparameter to st.expander and st.status for compact style by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14054 - [feature][ParallelFragments] Add parallel=True dispatch to @st.fragment by @sfc-gh-lwilby-1 in https://github.com/streamlit/streamlit/pull/15214
- [feature] Add API restrictions for parallel fragments by @sfc-gh-lwilby-1 in https://github.com/streamlit/streamlit/pull/15251
- [feature] Add
streamlit skillsCLI command by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15116
Bug Fixes 🐛
- [fix] Selectbox first item hidden when 7 options selected by @kmcgrady in https://github.com/streamlit/streamlit/pull/14997
- [fix] Defer sys.modules eviction to script-run boundary (#14593) by @sfc-gh-lwilby in https://github.com/streamlit/streamlit/pull/14826
- [fix] OAuth MismatchingStateError regression in 1.57.0 by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15048
- [fix] Programmatically closed popovers/expanders reopening on interaction with another by @kmcgrady in https://github.com/streamlit/streamlit/pull/14945
- [fix] Support symlinks in Starlette static file serving by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15112
- [feature] Sync URL when session_state updates query-param-bound widgets by @sfc-gh-lwilby in https://github.com/streamlit/streamlit/pull/14744
- fix: add usedforsecurity=False to blake2b for FIPS compatibility by @andriykislitsyn in https://github.com/streamlit/streamlit/pull/15149
- fix(fragment): prevent stale auto-reruns from crashing apps by @sfc-gh-bnisco in https://github.com/streamlit/streamlit/pull/15130
- [fix] Block javascript: and vbscript: URLs in markdown links by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15161
- Set Max-Age on st.login() cookies to restore 30-day persistence by @GiovanniPaoloGibilisco in https://github.com/streamlit/streamlit/pull/15194
- [fix] Fix Vega-Lite chart tooltips in dialogs by @marawanokasha in https://github.com/streamlit/streamlit/pull/15191
- [fix] Help icon for unsafe_allow_html=True in st.markdown by @sfc-gh-bnisco in https://github.com/streamlit/streamlit/pull/15232
- [fix] Discover script-level .streamlit/config.toml when st.App runs under uvicorn by @sfc-gh-bnisco in https://github.com/streamlit/streamlit/pull/15218
- [fix] Warn when st.button shortcut is browser-reserved by @sfc-gh-bnisco in https://github.com/streamlit/streamlit/pull/15217
- fix(auth): migrate provider tokens to joserfc by @sfc-gh-bnisco in https://github.com/streamlit/streamlit/pull/15178
- Fix browser Back/Forward navigation for pages with Unicode URL paths by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15281
- [fix] Restore Starlette OAuth PKCE behavior by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15282
- [fix] Disable Select all in multiselect for >=1000 options by @lukasmasuch in https://github.com/streamlit/streamlit/pull/15301
- Fix accidental overscrolling in table, dataframe, and data_editor by @kantuni in https://github.com/streamlit/streamlit/pull/15309
Other Changes
- [chore] Update emojis/material icons by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/14948
- [chore] Release v1.57.0 by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/14962
- [fix] Reduce external IP fetch timeout to avoid startup freeze by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14984
- Adjust widget/icon sizing - Part 1 by @mayagbarnes in https://github.com/streamlit/streamlit/pull/15056
- [chore] Update emojis/material icons by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/15134
- Adjust widget/icon sizing - Part 2 by @mayagbarnes in https://github.com/streamlit/streamlit/pull/15098
- [chore] Update emojis/material icons by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/15236
New Contributors
- @simjega made their first contribution in https://github.com/streamlit/streamlit/pull/14927
- @andriykislitsyn made their first contribution in https://github.com/streamlit/streamlit/pull/15149
- @GiovanniPaoloGibilisco made their first contribution in https://github.com/streamlit/streamlit/pull/15194
- @marawanokasha made their first contribution in https://github.com/streamlit/streamlit/pull/15191
Full Changelog: https://github.com/streamlit/streamlit/compare/1.57.0...1.58.0
Breaking Changes
- Removed deprecated `add_rows` feature
- Removed langchain callback handler integration
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]