Request 664544: Submit python-mohawk - openSUSE Build Service

Overview

Request 664544 accepted

- Update to version 1.0.0:
* Security related: Bewit MACs were not compared in constant time
and were thus possibly circumventable by an attacker.
* Breaking change: Escape characters in header values (such as a
back slash) are no longer allowed, potentially breaking clients
that depended on this behavior.
* A sender is allowed to omit the content hash as long as their
request has no content. The `mohawk.Receiver` will skip the
content hash check in this situation, regardless of the value
of accept_untrusted_content.
* Introduced max limit of 4096 characters in the Authorization
header.
* Changed default values of content and content_type arguments to
`mohawk.base.EmptyValue` in order to differentiate between
misconfiguration and cases where these arguments are explicitly
given as None (as with some web frameworks).
* Failing to pass content and content_type arguments to
`mohawk.Receiver` or `mohawk.Sender.accept_response` without
specifying accept_untrusted_content=True will now raise
`mohawk.exc.MissingContent` instead of `ValueError`.

Created by 1Antoine1 over 5 years ago
In state accepted

Submit python-mohawk

Comments for request 664544 0

Login required, please login in order to comment

Request History

1Antoine1 created request over 5 years ago

- Update to version 1.0.0:
* Security related: Bewit MACs were not compared in constant time
and were thus possibly circumventable by an attacker.
* Breaking change: Escape characters in header values (such as a
back slash) are no longer allowed, potentially breaking clients
that depended on this behavior.
* A sender is allowed to omit the content hash as long as their
request has no content. The `mohawk.Receiver` will skip the
content hash check in this situation, regardless of the value
of accept_untrusted_content.
* Introduced max limit of 4096 characters in the Authorization
header.
* Changed default values of content and content_type arguments to
`mohawk.base.EmptyValue` in order to differentiate between
misconfiguration and cases where these arguments are explicitly
given as None (as with some web frameworks).
* Failing to pass content and content_type arguments to
`mohawk.Receiver` or `mohawk.Sender.accept_response` without
specifying accept_untrusted_content=True will now raise
`mohawk.exc.MissingContent` instead of `ValueError`.

factory-auto added opensuse-review-team as a reviewer over 5 years ago

Please review sources

factory-auto added repo-checker as a reviewer over 5 years ago

Please review build success

factory-auto accepted review over 5 years ago

Check script succeeded

licensedigger accepted review over 5 years ago

ok

staging-bot added openSUSE:Factory:Staging:adi:50 as a reviewer over 5 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:adi:50"

staging-bot accepted review over 5 years ago

Picked openSUSE:Factory:Staging:adi:50

repo-checker accepted review over 5 years ago

cycle and install check passed

dimstar accepted review over 5 years ago

staging-bot accepted review over 5 years ago

ready to accept

staging-bot approved review over 5 years ago

ready to accept

dimstar_suse accepted request over 5 years ago

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by