Hi Amber and team!
Firstly, I can confirm that I've been using 20.3.0rc1 on a production
server, and all seems fine.
So... I'm keen to see a final release, particularly in light of the
request smuggling attacks. Any idea what sort of timeframe looks likely?
R
On 14/03/2020 07:03, Glyph wrote:
Thanks for doing another release, Amber! Glad to see more important HTTP
security issues get squashed; looking forward to seeing this on store shelves
soon!
-g
On Mar 9, 2020, at 2:39 AM, Amber Brown (hawkowl) <hawk...@atleastfornow.net>
wrote:
It's time for another Twisted release!
Twisted 20.3.0rc1 brings the following:
- curve25519-sha256 key exchange algorithm support in Conch.
- "openssh-key-v1" key format support in Conch.
- Security fixes to twisted.web, including preventing request smuggling attacks
and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were
assigned for these issues, see the NEWS file for full details.
- `twist dns --secondary` now works on Python 3.
- The deprecation of twisted.news.
- ...and various other fixes, with 28 tickets closed in total.
You can get the tarball and the NEWS file at
https://twistedmatrix.com/Releases/rc/20.3.0rc1/ , or you can try it out from
PyPI:
python -m pip install Twisted==20.3.0rc1
Please test it, and let me know how your applications fare, good or bad! If
nothing comes up, 20.3 will release very soon.
Twisted regards,
Amber Brown (hawkowl)
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
