cec99ac36b
Twisted 22.10.0 (2022-10-30) ============================ This release contains a security fix for CVE-2022-39348. This is a low-severity security bug. Twisted 22.10.0rc1 release candidate was released on 2022-10-26 and there are no changes between the release candidate and the final release. Features -------- - The ``systemd:`` endpoint parser now supports "named" file descriptors. This is a more reliable mechanism for choosing among several inherited descriptors. Improved Documentation ---------------------- - The ``systemd`` endpoint parser's ``index`` parameter is now documented as leading to non-deterministic results in which descriptor is selected. The new ``name`` parameter is now documented as preferred. - The implementers of Zope interfaces are once more displayed in the documentations. Deprecations and Removals ------------------------- - twisted.protocols.dict, which was deprecated in 17.9, has been removed. Conch ----- Bugfixes ~~~~~~~~ - twisted.conch.manhole.ManholeInterpreter now captures tracebacks even if sys.excepthook has been modified. Web --- Features ~~~~~~~~ - The twisted.web.pages.errorPage, notFound, and forbidden each return an IResource that displays an HTML error pages safely rendered using twisted.web.template. Bugfixes ~~~~~~~~ - twisted.web.error.Error.__str__ no longer raises an exception when the error's message attribute is None. Additionally, it validates that code is a plausible 3-digit HTTP status code. - The typing of the twisted.web.http_headers.Headers methods addRawHeader() and setRawHeaders() now allow mixing str and bytes, matching the runtime behavior. - twisted.web.vhost.NameVirtualHost no longer echoes HTML received in the Host header without escaping it (CVE-2022-39348, GHSA-vg46-2rrj-3647). Deprecations and Removals ~~~~~~~~~~~~~~~~~~~~~~~~~ - twisted.web.resource.Resource.putChild now raises TypeError when the path argument is not bytes, rather than issuing a deprecation warning. - The twisted.web.resource.ErrorPage, NoResource, and ForbiddenResource classes have been deprecated in favor of new implementations twisted.web.pages module because they permit HTML injection. Mail ---- Bugfixes ~~~~~~~~ - emailserver.tac now runs under python3.x |
||
---|---|---|
.. | ||
ALTERNATIVES | ||
DESCR | ||
distinfo | ||
Makefile | ||
Makefile.common | ||
PLIST |