You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839)
19
+
- The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
20
+
21
+
14
22
Features
15
23
--------
16
24
@@ -89,14 +97,12 @@ Features
89
97
Bugfixes
90
98
~~~~~~~~
91
99
92
-
- twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839)
93
100
- twisted.web.http.IM_A_TEAPOT was added and returns `I'm a teapot`
94
101
as default message for the status code 418,
95
102
as defined in RFC 2324 section 2.3.2. (#12104)
96
103
- The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the first line of a request, improving compliance with RFC 9112. (#12233)
97
104
- The HTTP 1.0/1.1 server provided by twisted.web now constraints the character set of HTTP header names, improving compliance with RFC 9110. (#12235)
98
-
- The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
99
-
- twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810. (#12263)
0 commit comments