Skip to content

Releases: Pylons/waitress

v3.0.2

16 Nov 20:03
@digitalresistor digitalresistor
v3.0.2
b11ae72
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.0.2 Latest
Latest

3.0.2 (2024-11-16)

Security

  • When using Waitress to process trusted proxy headers, Waitress will now
    update the headers to drop any untrusted values, thereby making sure that
    WSGI apps only get trusted and validated values that Waitress itself used to
    update the environ. See #452 and #451
Assets 2
Loading

v3.0.1

16 Nov 19:59
@digitalresistor digitalresistor
v3.0.1
ae949bb
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.0.1

3.0.1 (2024-10-28)

Backward Incompatibilities

  • Python 3.8 is no longer supported.
    See #445.

Features

  • Added support for Python 3.13.
    See #445.

Security

  • Fix a bug that would lead to Waitress busy looping on select() on a half-open
    socket due to a race condition that existed when creating a new HTTPChannel.
    See #435,
    #418 and
    GHSA-3f84-rpwh-47g6

    With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and
    helping track this down.

  • No longer strip the header values before passing them to the WSGI environ.
    See #434 and
    #432

  • Fix a race condition in Waitress when channel_request_lookahead is enabled
    that could lead to HTTP request smuggling.

    See GHSA-9298-4cf8-g4wj

Assets 2
Loading

v3.0.0

04 Feb 23:35
@digitalresistor digitalresistor
v3.0.0
4e0d8c4
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.0.0

3.0.0 (2024-02-04)

  • Rename "master" git branch to "main"

  • Fix a bug that would appear on macOS whereby if we accept() a socket that is
    already gone, setting socket options would fail and take down the server. See
    #399

  • Fixed testing of vendored asyncore code to not rely on particular naming for
    errno's. See #397

  • HTTP Request methods and versions are now validated to meet the HTTP
    standards thereby dropping invalid requests on the floor. See
    #423

  • No longer close the connection when sending a HEAD request response. See
    #428

  • Always attempt to send the Connection: close response header when we are
    going to close the connection to let the remote know in more instances.
    #429

  • Python 3.7 is no longer supported. Add support for Python 3.11, 3.12 and
    PyPy 3.9, 3.10. See #412

  • Document that trusted_proxy may be set to a wildcard value to trust all
    proxies. See #431

Updated Defaults

  • clear_untrusted_proxy_headers is set to True by default. See
    #370
Assets 2
Loading

v2.1.2

30 May 21:53
@digitalresistor digitalresistor
v2.1.2
0aa4879
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.1.2 
Remove change of default for clear_untrusted_proxy_headers
Assets 2
Loading

v2.1.1

16 Mar 21:36
@digitalresistor digitalresistor
v2.1.1
9e0b8c8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.1.1 
Merge pull request from GHSA-4f7p-27jc-3c36

Fix for HTTP request smuggling due to incorrect validation
Assets 2
Loading

v2.1.0

05 Mar 23:30
@digitalresistor digitalresistor
v2.1.0
c87c899
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.1.0 
Prep 2.1.0
Assets 2
Loading

v2.1.0b0

09 Feb 03:33
@digitalresistor digitalresistor
v2.1.0b0
953f94e
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.1.0b0 Pre-release
Pre-release 
Prep 2.1.0b0
Assets 2
Loading

v2.0.0

27 Jun 08:24
@digitalresistor digitalresistor
v2.0.0
4b6b583
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0 
Prep 2.0.0
Assets 2
Loading

v2.0.0b1

29 Nov 21:35
@digitalresistor digitalresistor
v2.0.0b1
c159853
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0b1 Pre-release
Pre-release 
Prep 2.0.0b1
Assets 2
Loading

v2.0.0b0

27 Nov 06:51
@digitalresistor digitalresistor
v2.0.0b0
665240e
This commit was signed with the committer’s verified signature.
digitalresistor Delta Regeer
GPG key ID: 6521BC4A45BFCE7A
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0b0 Pre-release
Pre-release 
Prep 2.0.0b0
Assets 2
Loading