python-aiohttp

pool/python-aiohttp

SHA256

Fork 2

Commit Graph

Author	SHA256	Message	Date
Steve Kowalik	b16665bdf7	- Update to 3.13.3: * Security + Brotli and brotlicffi minimum version is now 1.2. Decompression now has a default maximum output size of 32MiB per decompress call (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg) + Check for ASCII in header values (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2) + Forbid non-ASCII decimals in the Range header (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8) + Reject static URLs that traverse outside static root (bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76) + Raise exceptions when processing a POST body (bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23) + Enforce client_max_size over entire multipart form (bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf) + Pause reading of chunks when it reaches a high water mark (bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq) + Log only once per Cookie header (bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g) * Bug fixes + Fixed proxy authorization headers not being passed when reusing a connection, which caused 407 (Proxy authentication required) errors + Fixed multipart reading failing when encountering an empty body part + Fixed a case where the parser wasn't raising an exception for a websocket continuation frame when there was no initial frame in context * Miscellaneous internal changes + Optimized web server performance when access logging is disabled by reducing time syscalls + Added regression test for cached logging status - Refreshed patches fix-vendoring.patch - Add patch remove-freethreading-cython-option.patch: * Drop newer Cython command line option.	2026-01-28 16:02:27 +11:00
Dirk Mueller	3d4867e6ad	- Update to 3.11.16 * Replaced deprecated asyncio.iscoroutinefunction with its counterpart from inspect * Fixed :class:multidict.CIMultiDict being mutated when passed to :class:aiohttp.web.Response -- by :user:bdraco. - from version 3.11.15 * Reverted explicitly closing sockets if an exception is raised during create_connection This change originally appeared in aiohttp 3.11.13 * Improved performance of WebSocket buffer handling * Improved performance of serializing headers - from version 3.11.14 * Fixed an issue where dns queries were delayed indefinitely when an exception occurred in a trace.send_dns_cache_miss * Fixed DNS resolution on platforms that don't support socket.AI_ADDRCONFIG * The connector now raises :exc:aiohttp.ClientConnectionError instead of :exc:OSError when failing to explicitly close the socket after :py:meth:asyncio.loop.create_connection fails * Break cyclic references at connection close when there was a traceback * Break cyclic references when there is an exception handling a request * Improved logging on non-overlapping WebSocket client protocols to include the remote address * Improved performance of parsing content types by adding a cache in the same manner currently done with mime types - from version 3.11.13 * Removed a break statement inside the finally block in :py:class:~aiohttp.web.RequestHandler OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aiohttp?expand=0&rev=144	2025-04-15 10:20:22 +00:00

Author

SHA256

Message

Date

Steve Kowalik

b16665bdf7

- Update to 3.13.3:

* Security
    + Brotli and brotlicffi minimum version is now 1.2. Decompression now has
      a default maximum output size of 32MiB per decompress call
      (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
    + Check for ASCII in header values
      (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
    + Forbid non-ASCII decimals in the Range header
      (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
    + Reject static URLs that traverse outside static root
      (bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76)
    + Raise exceptions when processing a POST body
      (bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23)
    + Enforce client_max_size over entire multipart form
      (bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf)
    + Pause reading of chunks when it reaches a high water mark
      (bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq)
    + Log only once per Cookie header
      (bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g)
  * Bug fixes
    + Fixed proxy authorization headers not being passed when reusing a
      connection, which caused 407 (Proxy authentication required) errors
    + Fixed multipart reading failing when encountering an empty body part
    + Fixed a case where the parser wasn't raising an exception for a
      websocket continuation frame when there was no initial frame in context
  * Miscellaneous internal changes
    + Optimized web server performance when access logging is disabled by
      reducing time syscalls
    + Added regression test for cached logging status
- Refreshed patches fix-vendoring.patch
- Add patch remove-freethreading-cython-option.patch:
  * Drop newer Cython command line option.

2026-01-28 16:02:27 +11:00

Dirk Mueller

3d4867e6ad

- Update to 3.11.16

* Replaced deprecated asyncio.iscoroutinefunction with its
    counterpart from inspect
  * Fixed :class:multidict.CIMultiDict being mutated when passed
    to :class:aiohttp.web.Response -- by :user:bdraco.
- from version 3.11.15
  * Reverted explicitly closing sockets if an exception is raised
    during create_connection
    This change originally appeared in aiohttp 3.11.13
  * Improved performance of WebSocket buffer handling
  * Improved performance of serializing headers
- from version 3.11.14
  * Fixed an issue where dns queries were delayed indefinitely
    when an exception occurred in a trace.send_dns_cache_miss
  * Fixed DNS resolution on platforms that don't support
    socket.AI_ADDRCONFIG
  * The connector now raises :exc:aiohttp.ClientConnectionError
    instead of :exc:OSError when failing to explicitly close the
    socket after :py:meth:asyncio.loop.create_connection fails
  * Break cyclic references at connection close when there was
    a traceback
  * Break cyclic references when there is an exception handling
    a request
  * Improved logging on non-overlapping WebSocket client protocols
    to include the remote address
  * Improved performance of parsing content types by adding a cache
    in the same manner currently done with mime types
- from version 3.11.13
  * Removed a break statement inside the finally block in
    :py:class:~aiohttp.web.RequestHandler

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aiohttp?expand=0&rev=144

2025-04-15 10:20:22 +00:00

2 Commits