Hello all, Waitress version 1.4.1 has been released, it includes a fix for another HTTP request splitting issue, this one was identified by ZeddYu Lu and reported to me as he was testing the new changes in Waitress 1.4.0.
Please see the security advisory for more information: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 <https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4> This change makes Waitress much stricter in what it accepts as a HTTP header, and may cause issues with non-conformist reverse proxies or clients, please validate these changes in your environment before deploying. Please do not hesitate to file issues (if not security related) on the Github issue tracker: https://github.com/Pylons/waitress/issues <https://github.com/Pylons/waitress/issues> If you have a potential security issue in Waitress, or any Pylons Project, please do not hesitate to email us at: pylons-project-secur...@googlegroups.com <mailto:pylons-project-secur...@googlegroups.com> Thank you, Bert JW Regeer -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-devel/A2020790-4C1E-4419-9DAE-509E5960279D%400x58.com.
