Announcing Tornado 3.2.2

[Ben Darnell]

I am pleased to announce the release of Tornado 3.2.2, available from

https://pypi.python.org/packages/source/t/tornado/tornado-3.2.2.tar.gz

This release fixes a potential security issue; see the release notes for details:

http://www.tornadoweb.org/en/stable/releases/v3.2.2.html

-Ben

What's new in Tornado 3.2.2

===========================

June 3, 2014

------------

Security fixes

~~~~~~~~~~~~~~

* The XSRF token is now encoded with a random mask on each request.

  This makes it safe to include in compressed pages without being

  vulnerable to the `BREACH attack <http://breachattack.com>`_.

  This applies to most applications that use both the ``xsrf_cookies``

  and ``gzip`` options (or have gzip applied by a proxy).

Backwards-compatibility notes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* If Tornado 3.2.2 is run at the same time as older versions on the same

  domain, there is some potential for issues with the differing cookie

  versions.  The `.Application` setting ``xsrf_cookie_version=1`` can

  be used for a transitional period to generate the older cookie format

  on newer servers.

Other changes

~~~~~~~~~~~~~

* ``tornado.platform.asyncio`` is now compatible with ``trollius`` version 0.3.