Overview

Request 1134404 accepted

- New upstream release 6.3.2 (bsc#1211741, CVE-2023-28370)
* Security improvements
* Fixed an open redirect vulnerability in StaticFileHandler
under certain configurations.
* ``tornado.web``
* `.RequestHandler.set_cookie` once again accepts capitalized
keyword arguments for backwards compatibility. This is
deprecated and in Tornado 7.0 only lowercase arguments will
be accepted.
* What's new in Tornado 6.3.0
* The new `.Application` setting ``xsrf_cookie_name``
can now be used to take advantage of the ``__Host``
cookie prefix for improved security. To use it, add
``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}}`` to your `.Application` settings. Note
that this feature currently only works when HTTPS is used.
* `.WSGIContainer` now supports running the application in
a ``ThreadPoolExecutor`` so the event loop is no longer
blocked.
* `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
deprecated in Tornado 6.2, are no longer deprecated.
* WebSockets are now much faster at receiving large messages
split into many fragments.
* General changes
* Python 3.7 is no longer supported; the minimum supported .
Python version is 3.8 Python 3.12 is now supported .
* To avoid spurious deprecation warnings, users of Python
3.10 should upgrade to at least version 3.10.9, and users
of Python 3.11 should upgrade to at least version 3.11.1.
* Tornado submodules are now imported automatically on


Pablo Suárez Hernández's avatar

I think we missed mentioning the removal of ignore-py310-deprecation-warnings.patch in the changelog


Victor Zhestkov's avatar

Thanks for catching it. I've tried to automate capturing such cases and it showed me 2 packages, but for some reson missed this one, will check why.

Request History
Victor Zhestkov's avatar

vizhestkov created request

- New upstream release 6.3.2 (bsc#1211741, CVE-2023-28370)
* Security improvements
* Fixed an open redirect vulnerability in StaticFileHandler
under certain configurations.
* ``tornado.web``
* `.RequestHandler.set_cookie` once again accepts capitalized
keyword arguments for backwards compatibility. This is
deprecated and in Tornado 7.0 only lowercase arguments will
be accepted.
* What's new in Tornado 6.3.0
* The new `.Application` setting ``xsrf_cookie_name``
can now be used to take advantage of the ``__Host``
cookie prefix for improved security. To use it, add
``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}}`` to your `.Application` settings. Note
that this feature currently only works when HTTPS is used.
* `.WSGIContainer` now supports running the application in
a ``ThreadPoolExecutor`` so the event loop is no longer
blocked.
* `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
deprecated in Tornado 6.2, are no longer deprecated.
* WebSockets are now much faster at receiving large messages
split into many fragments.
* General changes
* Python 3.7 is no longer supported; the minimum supported .
Python version is 3.8 Python 3.12 is now supported .
* To avoid spurious deprecation warnings, users of Python
3.10 should upgrade to at least version 3.10.9, and users
of Python 3.11 should upgrade to at least version 3.11.1.
* Tornado submodules are now imported automatically on


Pablo Suárez Hernández's avatar

PSuarezHernandez accepted request

openSUSE Build Service is sponsored by