Waitress version 1.4.3 released -- upgrade as soon as possible
6 views
Skip to first unread message
Bert JW Regeer
Feb 3, 2020, 1:00:03 AM2/3/20
to Pylons Project, Pylons Project
Hey all,
I just released a new version of Waitress to fix a bug in the regular expression that was used to parse the HTTP headers. The bug would allow for catastrophic backtracking which would cause the waitress process to spend 100% CPU time in attempting to match the regular expression.
Thanks to Fil Zembowicz for reporting this issue!
pip install waitress==1.4.3
For more information:
https://pypi.org/project/waitress/1.4.3/
https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
Have questions or comments about this advisory, feel free to reply to this email, or:
• open an issue at https://github.com/Pylons/waitress/issues (if not sensitive or security related)
• email the Pylons Security mailing list: pylons-proj...@googlegroups.com (if security related)
Thank you,
Bert JW Regeer
I just released a new version of Waitress to fix a bug in the regular expression that was used to parse the HTTP headers. The bug would allow for catastrophic backtracking which would cause the waitress process to spend 100% CPU time in attempting to match the regular expression.
Thanks to Fil Zembowicz for reporting this issue!
pip install waitress==1.4.3
For more information:
https://pypi.org/project/waitress/1.4.3/
https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
Have questions or comments about this advisory, feel free to reply to this email, or:
• open an issue at https://github.com/Pylons/waitress/issues (if not sensitive or security related)
• email the Pylons Security mailing list: pylons-proj...@googlegroups.com (if security related)
Thank you,
Bert JW Regeer
Bert JW Regeer
Feb 3, 2020, 11:44:04 PM2/3/20
to Pylons Project, Pylons Project
Hey all,
As a heads up, and to allow for tracking security issues, this issue has now been assigned CVE ID: CVE-2020-5236
Thanks,
Bert JW Regeer
> --
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/008E12B6-7A1C-405B-99ED-5DF7F4F6C00F%400x58.com.
As a heads up, and to allow for tracking security issues, this issue has now been assigned CVE ID: CVE-2020-5236
Thanks,
Bert JW Regeer
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/008E12B6-7A1C-405B-99ED-5DF7F4F6C00F%400x58.com.
Reply all
Reply to author
Forward
0 new messages