Hi
Release candidate 2 is now available for testing
python -m pip install Twisted==24.7.0rc2
Link to PyPI https://pypi.org/project/Twisted/24.7.0rc2/
This includes the regression that was fixed in
https://github.com/twisted/twisted/pull/12280
Many thanks Itamar for the quick fix.
Please give it a try and report your result on the PR
https://github.com/twisted/twisted/pull/12272
I plan to do the final release tomorrow.
Regards
On Mon, 5 Aug 2024 at 17:55, Adi Roiban <adiroi...@gmail.com> wrote:
> Hi Itamar
>
> Thanks for the report.
>
> I will wait for this PR to be merged and then will issue RC2.
>
> Regards
>
>
>
> On Mon, 5 Aug 2024 at 17:46, Itamar Turner-Trauring <ita...@itamarst.org>
> wrote:
>
>> I found a regression I caused post last release, so this hsould probably
>> be merged before release: https://github.com/twisted/twisted/pull/12280
>>
>> On Mon, Jul 29, 2024, at 9:48 AM, Adi Roiban wrote:
>>
>> On behalf of the Twisted contributors I announce the release candidate of
>> Twisted 24.7.0.
>>
>> This is a release triggered by the following security bugfixes:
>>
>> - twisted.web.util.redirectTo now HTML-escapes the provided URL in the
>> fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810).
>> (#9839)
>> - The HTTP 1.0 and 1.1 server provided by twisted.web could process
>> pipelined HTTP requests out-of-order, possibly resulting in information
>> disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
>> - twisted.web.util.redirectTo now HTML-escapes the provided URL in the
>> fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being
>> tracked with CVE-2024-41810. (#12263)
>>
>> The subjective notable changes are:
>>
>> - Many performance improvements, pioneered by Itamar
>> - twisted.internet.defer.inlineCallbacks can now yield a coroutine.
>> (#9972)
>> - The HTTP 1.0/1.1 server provided by twisted.web is now more picky about
>> the first line of a request, improving compliance with RFC 9112. (#12233)
>> - The HTTP 1.0/1.1 server provided by twisted.web now contains the
>> characters set of HTTP header names, improving compliance with RFC 9110.
>> (#12235)
>> - twisted.web.util.ChildRedirector, which has never worked on Python 3,
>> has been removed. (#9591)
>>
>> The release and NEWS file is available for review at
>>
>> https://github.com/twisted/twisted/pull/12272
>>
>> Release candidate documentation is available at
>>
>> https://twisted--12272.org.readthedocs.build/en/12272/
>>
>> Wheels for the release candidate are available on PyPI
>>
>> python -m pip install Twisted==24.7.0rc1
>>
>> Please test it and report any issues. If nothing comes up in one week,
>> 24.7.0 will be released based on the latest release candidate.
>>
>> Many thanks to everyone who worked on this release!
>>
>> --
>>
>> Adi Roiban
>> _______________________________________________
>> Twisted mailing list -- twisted@python.org
>> To unsubscribe send an email to twisted-le...@python.org
>> https://mail.python.org/mailman3/lists/twisted.python.org/
>> Message archived at
>> https://mail.python.org/archives/list/twisted@python.org/message/G52SQQEND25JBVWILCAZVFNQS2E454JF/
>> Code of Conduct: https://twisted.org/conduct
>>
>>
>> --
>> Itamar Turner-Trauring
>>
>>
>> _______________________________________________
>> Twisted mailing list -- twisted@python.org
>> To unsubscribe send an email to twisted-le...@python.org
>> https://mail.python.org/mailman3/lists/twisted.python.org/
>> Message archived at
>> https://mail.python.org/archives/list/twisted@python.org/message/UVLISFAYLNJRZIOOF5MPURI4HXX57AI5/
>> Code of Conduct: https://twisted.org/conduct
>>
>
>
> --
> Adi Roiban
>
--
Adi Roiban
_______________________________________________
Twisted mailing list -- twisted@python.org
To unsubscribe send an email to twisted-le...@python.org
https://mail.python.org/mailman3/lists/twisted.python.org/
Message archived at
https://mail.python.org/archives/list/twisted@python.org/message/GCTWGX7A4H4B4N3RT3FORXDQ6CUMVS3M/
Code of Conduct: https://twisted.org/conduct
