Skip to content

Commit

Permalink
Prep v1.4.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@digitalresistor
digitalresistor committed Feb 3, 2020
1 parent 6e46f9e commit cbc89bf
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
16 changes: 16 additions & 0 deletions CHANGES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
1.4.3 (2020-02-02)
------------------

Security Fixes
~~~~~~~~~~~~~~

- In Waitress version 1.4.2 a new regular expression was added to validate the
headers that Waitress receives to make sure that it matches RFC7230.
Unfortunately the regular expression was written in a way that with invalid
input it leads to catastrophic backtracking which allows for a Denial of
Service and CPU usage going to a 100%.

This was reported by Fil Zembowicz to the Pylons Project. Please see
https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
for more information.

1.4.2 (2020-01-02)
------------------

Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@

setup(
name="waitress",
version="1.4.2",
version="1.4.3",
author="Zope Foundation and Contributors",
author_email="[email protected]",
maintainer="Pylons Project",
Expand Down

0 comments on commit cbc89bf

Please sign in to comment.