On Apr 29, 2010, at 10:37 AM, Timothy Farrell wrote: > To those reading. I've submitted a fix to Massimo that Jonathan's engineers > have tested (we should all have engineers =) ). > > There's one question that remains. Is this serious enough for an immediate > web2py bugfix release? I don't think so.
Probably not. The risk is that in some circumstances there's a DoS vulnerability (I think?); otherwise the offending case isn't actually useful and won't be missed. > > -tim > > On 4/29/2010 9:07 AM, Jonathan Lundell wrote: >> On Apr 29, 2010, at 5:58 AM, Timothy Farrell wrote: >> >> >>> It sounds to me like these two issues are really one. Basically, Rocket is >>> not sending an HTTP response when in HTTPS mode. It closes the socket but >>> (for some reason) Python doesn't close it immediately. This causes a >>> client to hang for a while. >>> >>> Thanks for the clarification. Jon, if it's ok with you can I send you test >>> versions? >>> >> Yes, I agree that they seem to be the same, and yes, please send me test >> versions. >> >> Thanks. >
