[pylons-discuss] Waitress 2.1.1 released with security bug fixes

2022-03-16 Thread Steve Piercy 

Waitress 2.1.1 has been released.

This is a security bug fix release. This release fixes three issues that may 
lead to HTTP desync/HTTP request smuggling when fronted by a load balancer or 
proxy that did not parse the HTTP requests the same way as Waitress.

We want to thank Jamie Slome (https://github.com/JamieSlome) of 418sec 
(https://github.com/418sec) for bringing this issue to our attention, and Zhang 
Zeyu (https://www.huntr.dev/users/zeyu2001/) for discovering and reporting the 
bug through huntr (https://www.huntr.dev/).

See the advisory:
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36

The full change log is here:
https://docs.pylonsproject.org/projects/waitress/en/latest/#id1

Documentation:
https://docs.pylonsproject.org/projects/waitress/en/latest/

You can install it via PyPI:

  pip install waitress==2.1.1

Enjoy, and please report any issues you find to the issue tracker at
https://github.com/Pylons/waitress/issues

Thanks!

- Waitress core developers

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/6f650a18-317c-e1e8-769d-30ca105e4d74%40gmail.com.

Re: [pylons-discuss] Re: pyramid_tm 2.5 has been released

2022-03-16 Thread Steve Piercy 

Apologies. The correct link is here:

https://docs.pylonsproject.org/projects/pyramid_tm/en/latest/changes.html

--steve


On 3/16/22 10:10 AM, 'Jonathan Vanasco' via pylons-discuss wrote:

I assume this message is automated by a release script, and that is out of date.

The changes and latest aren't rendered onto those docs, and the anchors don't 
exist.

The changes do appear here:

https://github.com/Pylons/pyramid_tm/blob/master/CHANGES.rst


On Sunday, March 13, 2022 at 4:01:18 AM UTC-4 Steve Piercy wrote:

pyramid_tm 2.5 has been released.

The full changelog is here:
https://docs.pylonsproject.org/projects/pyramid_tm/en/latest/#changes 


What's New In pyramid_tm 2.5:
https://docs.pylonsproject.org/projects/pyramid_tm/en/latest/#id3 


Documentation:
https://docs.pylonsproject.org/projects/pyramid_tm/en/latest/ 


You can install it via PyPI:

pip install pyramid-tm==2.5

Enjoy, and please report any issues you find to the issue tracker at
https://github.com/Pylons/pyramid_tm/issues 


Thanks!

- pyramid_tm core developers

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 
pylons-discuss+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/4f8a1bf1-62cc-4105-8b5f-68ae4147be14n%40googlegroups.com
 
.


--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/95ce10b5-0fa1-d3a0-ca5e-f344b6aa5536%40gmail.com.

[pylons-discuss] Re: pyramid_tm 2.5 has been released

2022-03-16 Thread 'Jonathan Vanasco' via pylons-discuss 
I assume this message is automated by a release script, and that is out of 
date.

The changes and latest aren't rendered onto those docs, and the anchors 
don't exist.

The changes do appear here:

https://github.com/Pylons/pyramid_tm/blob/master/CHANGES.rst


On Sunday, March 13, 2022 at 4:01:18 AM UTC-4 Steve Piercy wrote:

> pyramid_tm 2.5 has been released.
>
> The full changelog is here:
> https://docs.pylonsproject.org/projects/pyramid_tm/en/latest/#changes
>
> What's New In pyramid_tm 2.5:
> https://docs.pylonsproject.org/projects/pyramid_tm/en/latest/#id3
>
> Documentation:
> https://docs.pylonsproject.org/projects/pyramid_tm/en/latest/
>
> You can install it via PyPI:
>
> pip install pyramid-tm==2.5
>
> Enjoy, and please report any issues you find to the issue tracker at
> https://github.com/Pylons/pyramid_tm/issues
>
> Thanks!
>
> - pyramid_tm core developers
>

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/4f8a1bf1-62cc-4105-8b5f-68ae4147be14n%40googlegroups.com.