I found a regression I caused post last release, so this hsould probably be merged before release: https://github.com/twisted/twisted/pull/12280
On Mon, Jul 29, 2024, at 9:48 AM, Adi Roiban wrote: > On behalf of the Twisted contributors I announce the release candidate of > Twisted 24.7.0. > > This is a release triggered by the following security bugfixes: > > - twisted.web.util.redirectTo now HTML-escapes the provided URL in the > fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). > (#9839) > - The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined > HTTP requests out-of-order, possibly resulting in information disclosure > (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248) > - twisted.web.util.redirectTo now HTML-escapes the provided URL in the > fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being > tracked with CVE-2024-41810. (#12263) > > The subjective notable changes are: > > - Many performance improvements, pioneered by Itamar > - twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972) > - The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the > first line of a request, improving compliance with RFC 9112. (#12233) > - The HTTP 1.0/1.1 server provided by twisted.web now contains the characters > set of HTTP header names, improving compliance with RFC 9110. (#12235) > - twisted.web.util.ChildRedirector, which has never worked on Python 3, has > been removed. (#9591) > > The release and NEWS file is available for review at > > https://github.com/twisted/twisted/pull/12272 > > Release candidate documentation is available at > > https://twisted--12272.org.readthedocs.build/en/12272/ > > Wheels for the release candidate are available on PyPI > > python -m pip install Twisted==24.7.0rc1 > > Please test it and report any issues. If nothing comes up in one week, 24.7.0 > will be released based on the latest release candidate. > > Many thanks to everyone who worked on this release! > > -- > > Adi Roiban > _______________________________________________ > Twisted mailing list -- twisted@python.org > To unsubscribe send an email to twisted-le...@python.org > https://mail.python.org/mailman3/lists/twisted.python.org/ > Message archived at > https://mail.python.org/archives/list/twisted@python.org/message/G52SQQEND25JBVWILCAZVFNQS2E454JF/ > Code of Conduct: https://twisted.org/conduct > -- Itamar Turner-Trauring
_______________________________________________ Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-le...@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/UVLISFAYLNJRZIOOF5MPURI4HXX57AI5/ Code of Conduct: https://twisted.org/conduct
