- 11 8月, 2023 5 次提交
-
-
由 Ben Darnell 提交于
Version 6.3.3
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
The github security advisory feature lets you make private PRs but it apparently doesn't support CI so this log failure wasn't caught until after the PR was merged.
-
由 Ben Darnell 提交于
Content-length and chunk size parsing now strictly matches the RFCs. We previously used the python int() function which accepted leading plus signs and internal underscores, which are not allowed by the HTTP RFCs (it also accepts minus signs, but these are less problematic in this context since they'd result in errors elsewhere) It is important to fix this because when combined with certain proxies, the lax parsing could result in a request smuggling vulnerability (if both Tornado and the proxy accepted an invalid content-length but interpreted it differently). This is known to occur with old versions of haproxy, although the current version of haproxy is unaffected.
-
- 14 5月, 2023 3 次提交
-
-
由 Ben Darnell 提交于
Version 6.3.2
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
Under some configurations the default_filename redirect could be exploited to redirect to an attacker-controlled site. This change refuses to redirect to URLs that could be misinterpreted. A test case for the specific vulnerable configuration will follow after the patch has been available.
-
- 24 4月, 2023 3 次提交
-
-
由 Ben Darnell 提交于
test: Close a websocket client that causes occasional test failures
-
由 Ben Darnell 提交于
These will fail when run from forks because the necessary credentials aren't available.
-
由 Ben Darnell 提交于
These failures occur on the build.yml workflow on the emulated arm64 platform: an ill-timed timer firing during test shutdown can result in a message being logged and the test failing for dirty logs.
-
- 22 4月, 2023 6 次提交
-
-
由 Ben Darnell 提交于
ci: Update setup-qemu-action version
-
由 Ben Darnell 提交于
Eliminates some more deprecation warnings
-
由 Ben Darnell 提交于
Bump version to 6.3.1
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
web: Restore case-insensitivity of set_cookie args
-
由 Ben Darnell 提交于
This was an unintended feature that got broken in #3224. Bring it back for now but deprecate it for future cleanup. Fixes #3252
-
- 18 4月, 2023 2 次提交
-
-
由 Ben Darnell 提交于
Set version to 6.3 final
-
由 Ben Darnell 提交于
-
- 10 4月, 2023 4 次提交
-
-
由 Ben Darnell 提交于
ci: Update build workflow
-
由 Ben Darnell 提交于
Build wheels for Python 3.12 as well. Update various dependencies. The upload/download artifact actions were using deprecated versions, and we were using a deprecated macos build image. While we're at it, update the other OS versions and cibuildwheel.
-
由 Ben Darnell 提交于
Set version number to 6.3b1
-
由 Ben Darnell 提交于
-
- 09 4月, 2023 6 次提交
-
-
由 Ben Darnell 提交于
typing: Eagerly import all submodules in __init__.pyi
-
由 Ben Darnell 提交于
This makes the auto-import functionality compatible with mypy and other typing-based tools such as autocomplete functionality. Excluding these imports from static typing feels like a premature optimization and made it much less appealing to make use of the auto-imports. This may slow down type checking of applications that use Tornado by a little, since the type checker must now process all of Tornado and not only the subset that was imported. However, the increasing use of long-lived daemons for type checkers should mitigate this cost.
-
由 Ben Darnell 提交于
websocket: Add resolver argument to websocket_connect
-
由 Ben Darnell 提交于
Old browser versions that do not support websockets have long since faded from use.
-
由 Ben Darnell 提交于
This is the public interface, but when the resolver argument was added it was only added to the supporting WebSocketClientConnection class.
-
由 Ben Darnell 提交于
docs: Add release notes for 6.3
-
- 08 4月, 2023 1 次提交
-
-
由 Ben Darnell 提交于
-
- 31 3月, 2023 4 次提交
-
-
由 Ben Darnell 提交于
Use SPDX license identifier
-
由 Marc-Etienne Vargenau 提交于
Use SPDX license identifier: Apache-2.0 This will help tools to produce valid SPDX. Signed-off-by: NMarc-Etienne Vargenau <marc-etienne.vargenau@nokia.com>
-
由 Ben Darnell 提交于
web: Support renaming the XSRF cookie
-
由 Ben Darnell 提交于
This makes it possible to use the __Host- cookie prefix for increased security
-
- 22 2月, 2023 2 次提交
-
-
由 Ben Darnell 提交于
docs: Point to stable branch for all demo links
-
由 Ben Darnell 提交于
Add a README to the demos directory with a brief description of each, and a warning about the usage of not-yet-released features. Fixes #3236
-
- 17 2月, 2023 4 次提交
-
-
由 Ben Darnell 提交于
testing: No longer silence deprecation warnings
-
由 Ben Darnell 提交于
Only do it on the specific versions that had the problematic warnings. Also deprecate get_new_ioloop.
-
由 Ben Darnell 提交于
Revert some deprecations, following asyncio changes
-
由 Ben Darnell 提交于
wsgi: Support ThreadPoolExecutor
-