You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Pylons Project, Pylons Project
Hey all,
Waitress version 1.4.0 has been released, it includes several critical fixes for security issues when using Waitress behind a reverse proxy, all of them related to HTTP request smuggling/splitting which can lead to information disclosure, potential cache poisoning (if waitress is used behind a reverse proxy that is caching) or related issues.
Before upgrading in production, please validate that the behavioural changes in Waitress do not break your existing setups. Waitress has become more strict in parsing HTTP messages and this may cause issues with clients that require the less strict behaviour, you will need to update your clients.