I am going to need more information on what is going on, but this issue was resolved as the regex should no longer be backtracking.
> On Nov 7, 2020, at 10:42, Cooper Baird <cooperba...@gmail.com> wrote: > > Did you find this was resolved with 1.4.3? I recently switched to using > Waitress (1.4.4) from Gunicorn for my API and have seen this behavior only > twice in the past 3 weeks where every request gets the Heroku H12 30 second > timeout. Both times I restarted the dyno and the issue was fixed. This is the > command I use to spin up the API: waitress-serve --port=$PORT > --connection-limit=2000 --threads=8 --cleanup-interval=15 > --channel-timeout=60 --asyncore-use-poll run:app. > > On Wednesday, February 5, 2020 at 2:05:13 PM UTC-5 pe...@formsort.com > <http://formsort.com/> wrote: > Yeah, he sits right next to me :) > > > On Monday, February 3, 2020 at 12:56:17 AM UTC-5, Bert JW Regeer wrote: > Just quickly following up on this. > > Thanks to Fil Zembowicz an issue was found in the regular expression used to > parse incoming headers, which may lead to a denial of service. This has now > been fixed in Waitress 1.4.3, please upgrade as soon as possible. > > https://pypi.org/project/waitress/1.4.3/ > <https://pypi.org/project/waitress/1.4.3/> > > >> On Jan 9, 2020, at 07:51, 'Peter Lada' via pylons-discuss >> <pylons-...@googlegroups.com <>> wrote: >> > >> Github dependabot has opened a PR for me to upgrade to 1.4.2 (thanks for the >> release), and I merged it yesterday around 1730. >> >> At around 1930 one of the 6 dynos (heroku, 1X instance, single CPU, 0.5GB >> RAM) has come to get pegged at 1.0 load and timed out every subsequent >> request (heroku router cuts connection after 30s). >> >> At 1945 it happened to another dyno. >> >> At around 2000 I restarted the dynos and the problem got rectified, probably >> temporarily. >> >> I've reverted to 1.4.1 and the issue has not surfaced since (12 plus hours). >> >> Has anyone else used 1.4.2 in production? Any issues? >> >> Sadly I cannot provide more info, beyond the 1,5,15-minute load avg graphs >> as the logs just show timed out requests and no other info. >> >> --peter >> Formsort.com >> >> -- >> You received this message because you are subscribed to the Google Groups >> "pylons-discuss" group. > >> To unsubscribe from this group and stop receiving emails from it, send an >> email to pylons-...@googlegroups.com <>. > >> >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/pylons-discuss/54aa81bf-b935-4afc-b71c-f52d1fb15516%40googlegroups.com >> >> <https://groups.google.com/d/msgid/pylons-discuss/54aa81bf-b935-4afc-b71c-f52d1fb15516%40googlegroups.com?utm_medium=email&utm_source=footer>. >> <Screen Shot 2020-01-09 at 10.42.23.png> > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-discuss+unsubscr...@googlegroups.com > <mailto:pylons-discuss+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/7658401c-04a4-4ad9-a8f7-4d5d55285fe1n%40googlegroups.com > > <https://groups.google.com/d/msgid/pylons-discuss/7658401c-04a4-4ad9-a8f7-4d5d55285fe1n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/DCB87727-4AE3-4E48-9AB5-F22BAB1C8562%400x58.com.
