Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-tornado6 for openSUSE:Factory
checked in at 2025-05-23 14:27:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-tornado6 (Old)
and /work/SRC/openSUSE:Factory/.python-tornado6.new.2732 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-tornado6"
Fri May 23 14:27:19 2025 rev:20 rq:1277990 version:6.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-tornado6/python-tornado6.changes
2024-11-26 20:55:26.997311741 +0100
+++
/work/SRC/openSUSE:Factory/.python-tornado6.new.2732/python-tornado6.changes
2025-05-23 14:27:30.792860059 +0200
@@ -1,0 +2,26 @@
+Fri May 16 09:23:08 UTC 2025 - Daniel Garcia <[email protected]>
+
+- Update to 6.5.0 (CVE-2025-47287, bsc#1243268):
+ * Security Improvements:
+ - Previously, malformed multipart-form-data requests could log
+ multiple warnings and constitute a denial-of-service attack. Now
+ an exception is raised at the first error, so there is only one
+ log message per request. This fixes CVE-2025-47287.
+ * General Changes:
+ - Python 3.14 is now supported. Older versions of Tornado will
+ work on Python 3.14 but may log deprecation warnings.
+ - The free-threading mode of Python 3.13 is now supported on an
+ experimental basis. Prebuilt wheels are not yet available for
+ this configuration, but it can be built from source.
+ - The minimum supported Python version is 3.9.
+ * Deprecation Notices:
+ - Support for obs-fold continuation lines in HTTP headers is
+ deprecated and will be removed in Tornado 7.0, as is the use of
+ carriage returns without line feeds as header separators.
+ - The callback argument to websocket_connect is deprecated and
+ will be removed in Tornado 7.0. Note that on_message_callback is
+ not deprecated.
+ - The log_message and args attributes of tornado.web.HTTPError are
+ deprecated. Use the new get_message method instead.
+
+-------------------------------------------------------------------
Old:
----
tornado-6.4.2.tar.gz
New:
----
tornado-6.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-tornado6.spec ++++++
--- /var/tmp/diff_new_pack.yo3NHb/_old 2025-05-23 14:27:31.264880003 +0200
+++ /var/tmp/diff_new_pack.yo3NHb/_new 2025-05-23 14:27:31.264880003 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-tornado6
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-tornado6
-Version: 6.4.2
+Version: 6.5
Release: 0
Summary: Open source version of scalable, non-blocking web server that
power FriendFeed
License: Apache-2.0
++++++ tornado-6.4.2.tar.gz -> tornado-6.5.tar.gz ++++++
++++ 8126 lines of diff (skipped)
