Request 1184077: Submit python-waitress - openSUSE Build Service

Overview

Request 1184077 accepted

- update to 3.0.0:
* Fixed testing of vendored asyncore code to not rely on
particular naming for errno's.
* HTTP Request methods and versions are now validated to meet
the HTTP standards thereby dropping invalid requests on the floor.
* No longer close the connection when sending a HEAD request
response.
* Always attempt to send the Connection: close response header
when we are going to close the connection to let the remote
know in more instances.
* Document that trusted_proxy may be set to a wildcard value to
trust all proxies.
* clear_untrusted_proxy_headers is set to True by default.

https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
* Waitress did not properly validate that the HTTP headers it received
were properly formed, thereby potentially allowing a front-end server
to treat a request different from Waitress. This could lead to HTTP
* Waitress won’t accidentally throw away part of the path if it
- Initial package (0.8.3)

Created by dirkmueller 4 days ago
In state accepted

Submit python-waitress

Comments for request 1184077 0

Login required, please login in order to comment

Request History

dirkmueller created request 4 days ago

- update to 3.0.0:
* Fixed testing of vendored asyncore code to not rely on
particular naming for errno's.
* HTTP Request methods and versions are now validated to meet
the HTTP standards thereby dropping invalid requests on the floor.
* No longer close the connection when sending a HEAD request
response.
* Always attempt to send the Connection: close response header
when we are going to close the connection to let the remote
know in more instances.
* Document that trusted_proxy may be set to a wildcard value to
trust all proxies.
* clear_untrusted_proxy_headers is set to True by default.

https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
* Waitress did not properly validate that the HTTP headers it received
were properly formed, thereby potentially allowing a front-end server
to treat a request different from Waitress. This could lead to HTTP
* Waitress won’t accidentally throw away part of the path if it
- Initial package (0.8.3)

factory-auto added opensuse-review-team as a reviewer 4 days ago

Please review sources

factory-auto accepted review 4 days ago

Check script succeeded

licensedigger accepted review 4 days ago

ok

anag+factory set openSUSE:Factory:Staging:K as a staging project 4 days ago

Being evaluated by staging project "openSUSE:Factory:Staging:K"

anag+factory accepted review 4 days ago

Picked "openSUSE:Factory:Staging:K"

dimstar accepted review 3 days ago

ok

anag+factory added factory-staging as a reviewer 2 days ago

Being evaluated by group "factory-staging"

anag+factory accepted review 2 days ago

Unstaged from project "openSUSE:Factory:Staging:K"

anag+factory set openSUSE:Factory:Staging:E as a staging project 2 days ago

Being evaluated by staging project "openSUSE:Factory:Staging:E"

anag+factory accepted review 2 days ago

Picked "openSUSE:Factory:Staging:E"

anag+factory accepted review about 24 hours ago

Staging Project openSUSE:Factory:Staging:E got accepted.

anag+factory approved review about 24 hours ago

Staging Project openSUSE:Factory:Staging:E got accepted.

anag+factory accepted request about 24 hours ago

Staging Project openSUSE:Factory:Staging:E got accepted.

openSUSE Build Service is sponsored by