Just quickly following up on this. Thanks to Fil Zembowicz an issue was found in the regular expression used to parse incoming headers, which may lead to a denial of service. This has now been fixed in Waitress 1.4.3, please upgrade as soon as possible.
https://pypi.org/project/waitress/1.4.3/ > On Jan 9, 2020, at 07:51, 'Peter Lada' via pylons-discuss > <[email protected]> wrote: > > Github dependabot has opened a PR for me to upgrade to 1.4.2 (thanks for the > release), and I merged it yesterday around 1730. > > At around 1930 one of the 6 dynos (heroku, 1X instance, single CPU, 0.5GB > RAM) has come to get pegged at 1.0 load and timed out every subsequent > request (heroku router cuts connection after 30s). > > At 1945 it happened to another dyno. > > At around 2000 I restarted the dynos and the problem got rectified, probably > temporarily. > > I've reverted to 1.4.1 and the issue has not surfaced since (12 plus hours). > > Has anyone else used 1.4.2 in production? Any issues? > > Sadly I cannot provide more info, beyond the 1,5,15-minute load avg graphs as > the logs just show timed out requests and no other info. > > --peter > Formsort.com > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/54aa81bf-b935-4afc-b71c-f52d1fb15516%40googlegroups.com > > <https://groups.google.com/d/msgid/pylons-discuss/54aa81bf-b935-4afc-b71c-f52d1fb15516%40googlegroups.com?utm_medium=email&utm_source=footer>. > <Screen Shot 2020-01-09 at 10.42.23.png> -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/6DDD38D2-468B-4289-8234-56BE6DC70426%400x58.com.
