python/python-waitress
SHA256
14
0
Fork 0
forked from pool/python-waitress
Code Pull Requests Activity

- update to 3.0.0:

Browse Source 
* Fixed testing of vendored asyncore code to not rely on
    particular naming for errno's.
  * HTTP Request methods and versions are now validated to meet
    the HTTP standards thereby dropping invalid requests on the floor.
  * No longer close the connection when sending a HEAD request
    response.
  * Always attempt to send the Connection: close response header
    when we are going to close the connection to let the remote
    know in more instances.
  * Document that trusted_proxy may be set to a wildcard value to
    trust all proxies.
  * clear_untrusted_proxy_headers is set to True by default.
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress did not properly validate that the HTTP headers it received
    were properly formed, thereby potentially allowing a front-end server
    to treat a request different from Waitress. This could lead to HTTP
  * Waitress won’t accidentally throw away part of the path if it
- Initial package (0.8.3)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=67
This commit is contained in:
Dirk Mueller
2024-06-30 08:09:07 +00:00
committed by Git OBS Bridge
parent 4c23082225
commit f63d8bdc1a
4 changed files with 37 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
python-waitress.changes
View File

@@ -1,3 +1,20 @@
-------------------------------------------------------------------
Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 3.0.0:
* Fixed testing of vendored asyncore code to not rely on
particular naming for errno's.
* HTTP Request methods and versions are now validated to meet
the HTTP standards thereby dropping invalid requests on the floor.
* No longer close the connection when sending a HEAD request
response.
* Always attempt to send the Connection: close response header
when we are going to close the connection to let the remote
know in more instances.
* Document that trusted_proxy may be set to a wildcard value to
trust all proxies.
* clear_untrusted_proxy_headers is set to True by default.
-------------------------------------------------------------------
Mon Dec 4 15:20:28 UTC 2023 - Ana Guerrero <ana.guerrero@suse.com>
@@ -76,7 +93,7 @@ Thu Mar 17 17:42:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
previously get parsed as 10 and accepted. This stops potential HTTP
desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue.
See
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
-------------------------------------------------------------------
Fri Aug 27 12:27:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
@@ -157,9 +174,9 @@ Mon May 18 07:25:32 UTC 2020 - Petr Gajdos <pgajdos@suse.com>
Thu Feb 6 17:29:20 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
- update to 1.4.3
* Waitress did not properly validate that the HTTP headers it received
were properly formed, thereby potentially allowing a front-end server
to treat a request different from Waitress. This could lead to HTTP
* Waitress did not properly validate that the HTTP headers it received
were properly formed, thereby potentially allowing a front-end server
to treat a request different from Waitress. This could lead to HTTP
request smuggling/splitting.
- drop patch local-intersphinx-inventories.patch
* it was commented out, anyway
@@ -186,7 +203,7 @@ Fri Dec 20 18:28:24 UTC 2019 - Dirk Mueller <dmueller@suse.com>
Thu Aug 29 13:35:14 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com>
- update to 1.3.1
* Waitress wont accidentally throw away part of the path if it
* Waitress wont accidentally throw away part of the path if it
starts with a double slash
-------------------------------------------------------------------
@@ -412,10 +429,10 @@ Tue Aug 13 10:15:30 UTC 2013 - dmueller@suse.com
- update to 0.8.6:
- Do alternate type of checking for UNIX socket support, instead of checking
for platform == windows.
- Functional tests now use multiprocessing module instead of subprocess module,
speeding up test suite and making concurrent execution more reliable.
- Runner now appends the current working directory to ``sys.path`` to support
running WSGI applications from a directory (i.e., not installed in a
virtualenv).
@@ -451,5 +468,5 @@ Mon Apr 29 14:14:25 UTC 2013 - speilicke@suse.com
-------------------------------------------------------------------
Mon Apr 29 13:06:10 UTC 2013 - dmueller@suse.com
- Initial package (0.8.3)
- Initial package (0.8.3)