You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently rely on Connexion v2 (version ~2.13.0) along with Flask (>=2.2.5,<2.3) and Werkzeug (~2.0) in production. Due to a security advisory (CVE-2024-34069), we need to upgrade to Werkzeug 3.0. However, we’ve run into compatibility issues because Connexion v2 does not officially support Werkzeug 3.0, prompting us to explore migrating to Connexion v3.
According to the Connexion v3 documentation, it is recommended to use an ASGI server instead of a WSGI server. We also noticed the mention of wrapping Connexion with the ASGIMiddleware from a2wsgi as a temporary workaround. However, given our production environment constraints, this approach isn’t feasible for us at the moment, and we haven’t found a suitable way to wrap our existing application.
With that in mind, we’d like to confirm whether Connexion v3 can still be used reliably with Werkzeug 3.0 in a WSGI-based production setup. Are there official recommendations, known limitations, or additional configurations required for this scenario?
Additionally, we’ve seen the open issue #1969 and the corresponding PR #1992 aimed at updating Connexion v2 dependencies to support newer Werkzeug versions. Could you share any updates on whether these changes will be merged and released for v2, or if there’s a planned timeline?
As a temporary workaround, we have imported Connexion v2 code into our codebase and made several modifications to enable compatibility with Werkzeug 3.0. This solution works for us in production, but we would prefer an upstream solution aligned with your official releases.
Thank you for your time and assistance. We appreciate any guidance you can provide on using Connexion alongside Werkzeug 3.0 in a WSGI environment.
Appendix
Below are the error messages we saw when using connexion v3 with werkzeug:
Errors in Unit tests: connexion.exceptions.BadRequestProblem: 400: malformed, starlette.exceptions.HTTPException: 404, Exception: Unexpected fatal exception. Please look at API logs for details on the encountered failure. and etc.
For example:
self = <connexion.apps.flask.FlaskApp object at 0x114a55340>
exc = <NotFound '404: Not Found'>
def _http_exception(self, exc: werkzeug.exceptions.HTTPException):
"""Reraise werkzeug HTTPExceptions as starlette HTTPExceptions"""
> raise starlette.exceptions.HTTPException(exc.code, detail=exc.description)
E starlette.exceptions.HTTPException: 404: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.
Errors in API(Postman) test:
GET http://127.0.0.1:8080/v3/clusters
Error: socket hang up
Request Headers
Accept: application/json
Authorization: {{apiKey}}
User-Agent: PostmanRuntime/7.43.0
Postman-Token: 5e8b19df-a6d5-4463-9983-36d3d13b8c53
Host: 127.0.0.1:8080
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
The text was updated successfully, but these errors were encountered:
Hi team,
We currently rely on Connexion v2 (version ~2.13.0) along with Flask (>=2.2.5,<2.3) and Werkzeug (~2.0) in production. Due to a security advisory (CVE-2024-34069), we need to upgrade to Werkzeug 3.0. However, we’ve run into compatibility issues because Connexion v2 does not officially support Werkzeug 3.0, prompting us to explore migrating to Connexion v3.
According to the Connexion v3 documentation, it is recommended to use an ASGI server instead of a WSGI server. We also noticed the mention of wrapping Connexion with the
ASGIMiddlewarefroma2wsgias a temporary workaround. However, given our production environment constraints, this approach isn’t feasible for us at the moment, and we haven’t found a suitable way to wrap our existing application.With that in mind, we’d like to confirm whether Connexion v3 can still be used reliably with Werkzeug 3.0 in a WSGI-based production setup. Are there official recommendations, known limitations, or additional configurations required for this scenario?
Additionally, we’ve seen the open issue #1969 and the corresponding PR #1992 aimed at updating Connexion v2 dependencies to support newer Werkzeug versions. Could you share any updates on whether these changes will be merged and released for v2, or if there’s a planned timeline?
As a temporary workaround, we have imported Connexion v2 code into our codebase and made several modifications to enable compatibility with Werkzeug 3.0. This solution works for us in production, but we would prefer an upstream solution aligned with your official releases.
Thank you for your time and assistance. We appreciate any guidance you can provide on using Connexion alongside Werkzeug 3.0 in a WSGI environment.
Appendix
Below are the error messages we saw when using connexion v3 with werkzeug:
connexion.exceptions.BadRequestProblem: 400: malformed,starlette.exceptions.HTTPException: 404,Exception: Unexpected fatal exception. Please look at API logs for details on the encountered failure.and etc.For example:
The text was updated successfully, but these errors were encountered: