Waitress 1.4.1 has been released

0 views
Skip to first unread message

Bert JW Regeer

unread,
Dec 24, 2019, 9:31:40 AM12/24/19
to Pylons Project, Pylons Project
Hello all,

Waitress version 1.4.1 has been released, it includes a fix for another HTTP request splitting issue, this one was identified by ZeddYu Lu and reported to me as he was testing the new changes in Waitress 1.4.0.

Please see the security advisory for more information:


This change makes Waitress much stricter in what it accepts as a HTTP header, and may cause issues with non-conformist reverse proxies or clients, please validate these changes in your environment before deploying.

Please do not hesitate to file issues (if not security related) on the Github issue tracker: https://github.com/Pylons/waitress/issues

If you have a potential security issue in Waitress, or any Pylons Project, please do not hesitate to email us at: pylons-proj...@googlegroups.com

Thank you,
Bert JW Regeer
Reply all
Reply to author
Forward
0 new messages