From 4ded4b7ac517bd301cee69f5c189b1cb48c069b6 Mon Sep 17 00:00:00 2001
From: Marcelo Trylesinski <marcelotryle@gmail.com>
Date: Tue, 15 Oct 2024 08:49:52 +0200
Subject: [PATCH] Version 0.40.0 (#2728)

---
 docs/release-notes.md | 14 +++++++++++++-
 starlette/__init__.py |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/docs/release-notes.md b/docs/release-notes.md
index 39113f4de..2cc2400f2 100644
--- a/docs/release-notes.md
+++ b/docs/release-notes.md
@@ -3,6 +3,18 @@ hide: navigation
 toc_depth: 2
 ---
 
+## 0.40.0 (October 15, 2024)
+
+This release fixes a Denial of service (DoS) via `multipart/form-data` requests.
+
+You can view the full security advisory:
+[GHSA-f96h-pmfr-66vw](https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw)
+
+#### Fixed
+
+- Add `max_part_size` to `MultiPartParser` to limit the size of parts in `multipart/form-data`
+  requests [fd038f3](https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733).
+
 ## 0.39.2 (September 29, 2024)
 
 #### Fixed
@@ -118,7 +130,7 @@ toc_depth: 2
 
 #### Fixed
 
-* Upgrade `python-multipart` to `0.0.7` [13e5c26](13e5c26a27f4903924624736abd6131b2da80cc5).
+* Upgrade `python-multipart` to `0.0.7` [13e5c26](http://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5).
 * Avoid duplicate charset on `Content-Type` [#2443](https://github.com/encode/starlette/2443).
 
 ## 0.36.1 (January 23, 2024)
diff --git a/starlette/__init__.py b/starlette/__init__.py
index 0033e2230..da7ed90a9 100644
--- a/starlette/__init__.py
+++ b/starlette/__init__.py
@@ -1 +1 @@
-__version__ = "0.39.2"
+__version__ = "0.40.0"