forked from pool/python-gunicorn
Markéta Machová
711614fd06
- Update to 22.0.0
* use `utime` to notify workers liveness
* migrate setup to pyproject.toml
* fix numerous security vulnerabilities in HTTP parser (closing some
request smuggling vectors)
* parsing additional requests is no longer attempted past unsupported
request framing
* on HTTP versions < 1.1 support for chunked transfer is refused
* requests conflicting configured or passed SCRIPT_NAME now produce
a verbose error
* Trailer fields are no longer inspected for headers indicating secure
scheme
* support Python 3.12
** Breaking changes **
* minimum version is Python 3.7
* the limitations on valid characters in the HTTP method have been bounded
to Internet Standards
* requests specifying unsupported transfer coding (order) are refused by
default (rare)
* HTTP methods are no longer casefolded by default (IANA method registry
contains none affected)
* HTTP methods containing the number sign (#) are no longer accepted by
default (rare)
* HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare)
* HTTP versions consisting of multiple digits or containing a prefix/suffix
are no longer accepted
* HTTP header field names Gunicorn cannot safely map to variables are silently
dropped, as in other software
* HTTP headers with empty field name are refused by default
* requests with both Transfer-Encoding and Content-Length are refused by default
OBS-URL: https://build.opensuse.org/request/show/1168546
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-gunicorn?expand=0&rev=59
25 KiB
25 KiB