Hello all,
Waitress version 1.4.1 has been released, it includes a fix for another HTTP request splitting issue, this one was identified by ZeddYu Lu and reported to me as he was testing the new changes in Waitress 1.4.0.
Please see the security advisory for more information:
This change makes Waitress much stricter in what it accepts as a HTTP header, and may cause issues with non-conformist reverse proxies or clients, please validate these changes in your environment before deploying.
Thank you,
Bert JW Regeer