Waitress 2.1.1 released with security bug fixes

[Steve Piercy]

Waitress 2.1.1 has been released.

This is a security bug fix release. This release fixes three issues that may lead to HTTP desync/HTTP request smuggling when fronted by a load balancer or proxy that did not parse the HTTP requests the same way as Waitress.

We want to thank Jamie Slome (https://github.com/JamieSlome) of 418sec (https://github.com/418sec) for bringing this issue to our attention, and Zhang Zeyu (https://www.huntr.dev/users/zeyu2001/) for discovering and reporting the bug through huntr (https://www.huntr.dev/).

See the advisory:
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36

The full change log is here:
https://docs.pylonsproject.org/projects/waitress/en/latest/#id1

Documentation:
https://docs.pylonsproject.org/projects/waitress/en/latest/

You can install it via PyPI:

pip install waitress==2.1.1

Enjoy, and please report any issues you find to the issue tracker at
https://github.com/Pylons/waitress/issues

Thanks!

- Waitress core developers