2.25.1: CVE-2025-27154

Security

• CVE-2025-27154 – Cache file permissions tightened: now 600 (user read/write only) instead of 644, preventing unauthorized local access to auth tokens (by @alichtman)
  • Upgrade if you run spotipy in a multi-user environment, manage multiple users' auth tokens, or need better protection against local unauthorized access; not required if you're the only user and your home directory is private.

Added

• Added examples for audiobooks, shows and episodes methods to examples directory

Fixed

• Fixed scripts in examples directory that didn't run correctly
• Updated documentation for Client.current_user_top_artists to indicate maximum number of artists limit

Changed

• Updated get_cached_token and save_token_to_cache methods to utilize Python's Context Management Protocol
• Added except clause to get_cached_token method to handle json decode errors
• Added warnings and updated docs due to Spotify's deprecation of HTTP and "localhost" redirect URIs
• Use newer string formatters (https://pyformat.info)
• Marked recommendation_genre_seeds as deprecated