web2py 2.25.1

[Massimo Di Pierro]

Hello everybody,

A new version of web2py, 2.25.1, is out. 

It contains some bug fixes, #2468 #2468 #2236, http headers sanitization, and fixes this vulenarbility https://jvn.jp/en/jp/JVN80476432/ (to be published soon).

The vulnerabily does not affect most users. It is only in the optional MessageBoxHandler for logging when using Tkinter. I do know think anybody is was using it.

I am reviewing some old PRs and I may have another version out today including those fixes as well. Sorry I have been slow but as you know, I am spending more time on py4web than web2py these days. 

Massimo

[CarlosDB]

A fantastic job.

Thank you very much.

Carlos.

[xgp.l...@gmail.com]

Hi Massimo,

Getting this redirecting from nginx to uwsgi_pass http port.

Traceback (most recent call last):
  File "/home/www-data/web2py/gluon/main.py", line 562, in wsgibase
    return http_response.to(responder, env=env)
  File "/home/www-data/web2py/gluon/http.py", line 129, in to
    responder(status, rheaders)
TypeError: http header value must be a string

Regards,

[xgp.l...@gmail.com]

Hi,

Modified the code to this:

  for k, v in iteritems(headers):
            if isinstance(v, list):
                rheaders += [(k, str(item)) for item in v]
            else:
                rheaders.append((k, str(v)))

This was the code from version 2.24.1

Dont know if this is correct.

Cheers,

[CarlosDB]

Hello.

I believe this error is related to a thread I opened a few days ago:

" File Download Broken after Pull Request #2471 "

https://groups.google.com/g/web2py/c/ruhme28jvNo

Carlos.