RepoJournal
FastAPI & Pydantic

FastAPI & Pydantic

FastAPI and the Pydantic + SQLModel async-Python stack

Pick a date

  1. Sat 16 may
  2. Sun 17 may
  3. Mon 18 may
  4. Tue 19 may
  5. Wed 20 may
  6. Thu 21 may
  7. Sat 23 may
  8. Sun 24 may
  9. Mon 25 may
  10. Tue 26 may
  11. Wed 27 may
  12. Thu 28 may
  13. Fri 29 may
  14. Sat 30 may
  15. Sun 31 may
  16. Mon 1 jun
  17. Mon 8 jun
  18. Tue 9 jun
  19. Today 10 jun

The Wire · Showcase

FASTAPI TIGHTENS HEADER VALIDATION AND SSE SAFETY IN RAPID RELEASES

By RepoJournal · Filed · About FastAPI & Pydantic

FastAPI shipped two consecutive patches that enforce stricter HTTP header handling and validate Server Sent Event data to prevent malformed responses.

FastAPI 0.136.3 enforces a breaking change on header validation [3]: the framework now rejects underscores in header names by default when `convert_underscores=True`, accepting only hyphenated headers per HTTP spec [1]. This catches a subtle bug where applications could silently accept malformed headers. The preceding 0.136.2 release added validation to Server Sent Event fields [4], preventing applications from shipping broken SSE data that clients can't parse [2]. Both changes close gaps where FastAPI was too permissive, accepting invalid data that HTTP specs explicitly forbid. Documentation also landed for the `--entrypoint` CLI option in 0.136.2 [4]. A test cleanup in the pipeline removes duplicate engine disposal that was causing noise in the test suite [5].

Action items

References

  1. [1] ♻️ Do not accept underscore headers when using `convert_underscores=True` (the default) ↗ fastapi/fastapi
  2. [2] ♻️ Validate Server Sent Event fields to avoid applications from sending broken data ↗ fastapi/fastapi
  3. [3] 0.136.3 ↗ fastapi/fastapi
  4. [4] 0.136.2 ↗ fastapi/fastapi
  5. [5] ✅ Update tests, don't double dispose the engine ↗ fastapi/fastapi

FAQ

What changed in FastAPI & Pydantic on May 24, 2026?
FastAPI shipped two consecutive patches that enforce stricter HTTP header handling and validate Server Sent Event data to prevent malformed responses.
What should FastAPI & Pydantic teams do about it?
Review header names in your API definitions before upgrading to 0.136.3 - replace underscores with hyphens • Validate your SSE implementations if you're using Server Sent Events - ensure field data is properly formatted • Upgrade to 0.136.3 as part of your next release cycle
Which FastAPI & Pydantic repositories shipped on May 24, 2026?
fastapi/fastapi

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.