Waitress WSGI server
No description set
- Developed at devel:languages:python
- Sources inherited from project openSUSE:Factory
-
9
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Slowroll:Base:1/python-waitress && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_multibuild | 0000000052 52 Bytes | |
fetch-intersphinx-inventories.sh | 0000000070 70 Bytes | |
python-waitress.changes | 0000020521 20 KB | |
python-waitress.spec | 0000003507 3.42 KB | |
python3.inv | 0000107005 104 KB | |
waitress-2.1.1.tar.gz | 0000178336 174 KB |
Revision 24 (latest revision is 32)
Dominique Leuenberger (dimstar_suse)
accepted
request 962909
from
Dirk Mueller (dirkmueller)
(revision 24)
- update to 2.1.1 (bsc#1197255, CVE-2022-24761): * Waitress now validates that chunked encoding extensions are valid, and don’t contain invalid characters that are not allowed. They are still skipped/not processed, but if they contain invalid data we no longer continue in and return a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling. Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress now validates that the chunk length is only valid hex digits when parsing chunked encoding, and values such as 0x01 and +01 are no longer supported. This stops potential HTTP desync/HTTP request smuggling. Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress now validates that the Content-Length sent by a remote contains only digits in accordance with RFC7230 and will return a 400 Bad Request when the Content-Length header contains invalid data, such as +10 which would previously get parsed as 10 and accepted. This stops potential HTTP desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
Comments 0