- update to 1.4.0:
- Waitress used to slam the door shut on HTTP pipelined requests without
setting the ``Connection: close`` header as appropriate in the response. This
is of course not very friendly. Waitress now explicitly sets the header when
responding with an internally generated error such as 400 Bad Request or 500
Internal Server Error to notify the remote client that it will be closing the
connection after the response is sent.
- Waitress no longer allows any spaces to exist between the header field-name
and the colon. While waitress did not strip the space and thereby was not
vulnerable to any potential header field-name confusion, it should have sent
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
- CRLR handling Security fixes
OBS-URL: https://build.opensuse.org/request/show/758618
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=17
- Waitress used to slam the door shut on HTTP pipelined requests without
setting the ``Connection: close`` header as appropriate in the response. This
is of course not very friendly. Waitress now explicitly sets the header when
responding with an internally generated error such as 400 Bad Request or 500
Internal Server Error to notify the remote client that it will be closing the
connection after the response is sent.
- Waitress no longer allows any spaces to exist between the header field-name
and the colon. While waitress did not strip the space and thereby was not
vulnerable to any potential header field-name confusion, it should have sent
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
- CRLR handling Security fixes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=38
- version update to 1.3.0
Deprecations
~~~~~~~~~~~~
- The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated
pending removal in a future release.
and https://github.com/Pylons/waitress/pull/246
Features
~~~~~~~~
- Add a new ``outbuf_high_watermark`` adjustment which is used to apply
backpressure on the ``app_iter`` to avoid letting it spin faster than data
can be written to the socket. This stabilizes responses that iterate quickly
with a lot of data.
See https://github.com/Pylons/waitress/pull/242
- Stop early and close the ``app_iter`` when attempting to write to a closed
socket due to a client disconnect. This should notify a long-lived streaming
response when a client hangs up.
See https://github.com/Pylons/waitress/pull/238
and https://github.com/Pylons/waitress/pull/240
and https://github.com/Pylons/waitress/pull/241
- Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was
set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how
much waitress will buffer internally before flushing to the kernel, whereas
previously it used to also throttle how much data was sent to the kernel.
This change enables a streaming ``app_iter`` containing small chunks to
still be flushed efficiently.
See https://github.com/Pylons/waitress/pull/246
Bugfixes
~~~~~~~~
- Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will
no longer set the version to the string value "None". See
OBS-URL: https://build.opensuse.org/request/show/701044
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=34
* Security/Protections
- Building on the changes made in pull request 117, add in checking for line
feed/carriage return HTTP Response Splitting in the status line, as well as
the key of a header. See https://github.com/Pylons/waitress/pull/124 and
https://github.com/Pylons/waitress/issues/122.
- Waitress will no longer accept headers or status lines with
newline/carriage returns in them, thereby disallowing HTTP Response
Splitting.
* Bugfixes
- FileBasedBuffer and more important ReadOnlyFileBasedBuffer no longer report
False when tested with bool(), instead always returning True, and becoming
more iterator like.
- Call prune() on the output buffer at the end of a request so that it doesn't
continue to grow without bounds.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=15
- update to 0.8.6:
- Do alternate type of checking for UNIX socket support, instead of checking
for platform == windows.
- Functional tests now use multiprocessing module instead of subprocess module,
speeding up test suite and making concurrent execution more reliable.
- Runner now appends the current working directory to ``sys.path`` to support
running WSGI applications from a directory (i.e., not installed in a
virtualenv). (forwarded request 186925 from saschpe)
OBS-URL: https://build.opensuse.org/request/show/186944
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=3
- update to 0.8.6:
- Do alternate type of checking for UNIX socket support, instead of checking
for platform == windows.
- Functional tests now use multiprocessing module instead of subprocess module,
speeding up test suite and making concurrent execution more reliable.
- Runner now appends the current working directory to ``sys.path`` to support
running WSGI applications from a directory (i.e., not installed in a
virtualenv).
OBS-URL: https://build.opensuse.org/request/show/186925
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=8
- update to 0.8.5:
- Fix runner multisegment imports in some Python 2 revisions (see
https://github.com/Pylons/waitress/pull/34).
- For compatibility, WSGIServer is now an alias of TcpWSGIServer. The
signature of BaseWSGIServer is now compatible with WSGIServer pre-0.8.4.
- Add a command-line runner called ``waitress-serve`` to allow Waitress
to run WSGI applications without any addional machinery. This is
essentially a thin wrapper around the ``waitress.serve()`` function.
- Allow parallel testing (e.g., under ``detox`` or ``nosetests --processes``)
using PID-dependent port / socket for functest servers.
- Fix integer overflow errors on large buffers. Thanks to Marcin Kuzminski
for the patch. See: https://github.com/Pylons/waitress/issues/22
- Add support for listening on Unix domain sockets. (forwarded request 180848 from dirkmueller)
OBS-URL: https://build.opensuse.org/request/show/180862
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=2
- update to 0.8.5:
- Fix runner multisegment imports in some Python 2 revisions (see
https://github.com/Pylons/waitress/pull/34).
- For compatibility, WSGIServer is now an alias of TcpWSGIServer. The
signature of BaseWSGIServer is now compatible with WSGIServer pre-0.8.4.
- Add a command-line runner called ``waitress-serve`` to allow Waitress
to run WSGI applications without any addional machinery. This is
essentially a thin wrapper around the ``waitress.serve()`` function.
- Allow parallel testing (e.g., under ``detox`` or ``nosetests --processes``)
using PID-dependent port / socket for functest servers.
- Fix integer overflow errors on large buffers. Thanks to Marcin Kuzminski
for the patch. See: https://github.com/Pylons/waitress/issues/22
- Add support for listening on Unix domain sockets.
OBS-URL: https://build.opensuse.org/request/show/180848
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=6
