Announcing Tornado 6.3.3

18 views

Skip to first unread message

Ben Darnell

unread,

Aug 11, 2023, 11:47:39 AM8/11/23

to Tornado Mailing List, python-torn...@googlegroups.com

I've just released Tornado 6.3.3. This release improves parsing of the Content-Length header and chunked Transfer-Encoding chunk sizes to more strictly match the RFCs and avoid a potential request smuggling vulnerability when deployed behind certain proxies.

Release notes are at https://www.tornadoweb.org/en/stable/releases/v6.3.3.html

Thanks to Ben Kallus for finding and reporting this issue.

-Ben

Reply all

Reply to author

Forward

0 new messages