python/python-waitress
SHA256
14
0
Fork 0
forked from pool/python-waitress
Code Pull Requests Activity

- update to 1.4.0:

Browse Source 
- Waitress used to slam the door shut on HTTP pipelined requests without
  setting the ``Connection: close`` header as appropriate in the response. This
  is of course not very friendly. Waitress now explicitly sets the header when
  responding with an internally generated error such as 400 Bad Request or 500
  Internal Server Error to notify the remote client that it will be closing the
  connection after the response is sent.
  - Waitress no longer allows any spaces to exist between the header field-name
  and the colon. While waitress did not strip the space and thereby was not
  vulnerable to any potential header field-name confusion, it should have sent
  back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
  - CRLR handling Security fixes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=38
This commit is contained in:
Dirk Mueller
2019-12-20 18:36:31 +00:00
committed by Git OBS Bridge
parent c25411bfa4
commit 0d71bd52b1
4 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
python-waitress.changes
View File

@@ -1,3 +1,21 @@
-------------------------------------------------------------------
Fri Dec 20 18:28:24 UTC 2019 - Dirk Mueller <dmueller@suse.com>
- update to 1.4.0:
- Waitress used to slam the door shut on HTTP pipelined requests without
setting the ``Connection: close`` header as appropriate in the response. This
is of course not very friendly. Waitress now explicitly sets the header when
responding with an internally generated error such as 400 Bad Request or 500
Internal Server Error to notify the remote client that it will be closing the
connection after the response is sent.
- Waitress no longer allows any spaces to exist between the header field-name
and the colon. While waitress did not strip the space and thereby was not
vulnerable to any potential header field-name confusion, it should have sent
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
- CRLR handling Security fixes
-------------------------------------------------------------------
Thu Aug 29 13:35:14 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com>