v2026.05.2

- Merge pull request #149 from mnot/claude/charset-detection

- Added: chardet-based check for Content-Type charset mismatches
- Merge pull request #148 from mnot/claude/fervent-hugle-6064b4
- Fixed: correct Accept-Query reference
- Added: support for Accept-Patch, Accept-Post, and Accept-Query
- Merge pull request #147 from mnot/claude/sanitize-detail-backticks
- Added: return MarkdownSafe from markdown_list and CSP _make_list
- Fixed: strip backticks from interpolated detail vars by default
- Fixed: DeprecationDateTest failure with newer http-sf
- Fixed: escape attacker-controlled vars in new positive notes
- Added: notes for Link resource hints
- Added: positive note for Network Error Logging configuration
- Added: positive notes for security-related response headers

v2026.05.1

- Fixed: GzipProcessor and BrotliProcessor had no decompression size …

v2026.04.3

- Changed: remove duplicative message arguments

- Changed: no longer need to explicitly set request/response valid properties
- Changed: declare field and test types (request, response, any)
- Changed: explicit public API
- Added: isort to make tidy

v2026.04.1

- Fixed: translation format errors

- Fixed: use string literals for methods
- Added: x-content-security-policy and x-webkit-csp are deprecated

v2026.02.3

- Fixed: Potential memory leaks

- Fixed: Reduce content-encoding memory usage
- Fixed: check for string variables more carefully in tests

v2026.02.2

- Fixed: Linter pickleability

v2026.02.1

- Fixed: missing method variables on 405s

- Added: coverage check

v2026.01.17

- Fixed: memory leak in content_encoding

v2026.01.16

- Added: more deprecated fields