SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python312-gunicorn-22.0.0-2.11.noarch.rpm :

* Wed Apr 17 2024 Markéta Machová - Update to 22.0.0
* use `utime` to notify workers liveness
* migrate setup to pyproject.toml
* fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
* parsing additional requests is no longer attempted past unsupported request framing
* on HTTP versions < 1.1 support for chunked transfer is refused
* requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
* Trailer fields are no longer inspected for headers indicating secure scheme
* support Python 3.12
*
* Breaking changes
*
*
* minimum version is Python 3.7
* the limitations on valid characters in the HTTP method have been bounded to Internet Standards
* requests specifying unsupported transfer coding (order) are refused by default (rare)
* HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
* HTTP methods containing the number sign (#) are no longer accepted by default (rare)
* HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare)
* HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
* HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
* HTTP headers with empty field name are refused by default
* requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
* empty transfer codings are no longer permitted
*
* SECURITY
*
*
* fix CVE-2024-1135 (bsc#1222950)
* Mon Jan 08 2024 Matej Cepl - Clean up the SPEC file
* Mon Jan 08 2024 Andreas Schneider - Update to version 21.2.0
* See https://github.com/benoitc/gunicorn/blob/21.2.0/docs/source/news.rst or the packaged news.rst- Removed support-eventlet-30-3.patch
* Sun Apr 23 2023 Matej Cepl - Switch documentation to be within the main package.
* Fri Apr 21 2023 Dirk Müller - add sle15_python_module_pythons (jsc#PED-68)
* Thu Apr 13 2023 Matej Cepl - Make calling of %{sle15modernpython} optional.
* Thu Nov 18 2021 Steve Kowalik - Add patch support-eventlet-30-3.patch:
* Upstream patch to support eventlet >= 0.30.3
* Mon Jul 05 2021 Antonio Larrosa - Add a _multibuild file to separate the tests in another build in order to break a cycle between: python-Django, python-aiohttp, python-eventlet, python-geoip2, python-gunicorn, python-paramiko, python-pyzmq and python-semantic_version.
* Tue Jun 29 2021 Ondřej Súkup - update to 20.1.0- gevent and evenlet are BuildRequires for check- add suggests
* document WEB_CONCURRENCY is set by, at least, Heroku
* capture peername from accept: Avoid calls to getpeername by capturing the peer name returned by accept
* log a warning when a worker was terminated due to a signal
* fix tornado usage with latest versions of Django
* add support for python -m gunicorn
* fix systemd socket activation example
* allows to set wsgi application in configg file using wsgi_app
* document --timeout = 0
* always close a connection when the number of requests exceeds the max requests
* Disable keepalive during graceful shutdown
* kill tasks in the gthread workers during upgrade
* fix latency in gevent worker when accepting new requests
* fix file watcher: handle errors when new worker reboot and ensure the list of files is kept
* document the default name and path of the configuration file
* document how variable impact configuration
* document the $PORT environment variable
* added milliseconds option to request_time in access_log
* added PIP requirements to be used for example
* remove version from the Server header
* fix sendfile: use socket.sendfile instead of os.sendfile
* reloader: use absolute path to prevent empty to prevent0 InotifyError when a file is added to the working directory
* Add --print-config option to print the resolved settings at startup.
* remove the --log-dict-config CLI flag because it never had a working format
* Fri Dec 04 2020 Benjamin Greiner - Neither pytest-cov nor standalone mock are true BuildRequirements
 
ICM