kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
pkgsrc/net/py-twisted
History
adam cec99ac36b py-twisted: updated to 22.10.0 
Twisted 22.10.0 (2022-10-30)
============================

This release contains a security fix for CVE-2022-39348.
This is a low-severity security bug.

Twisted 22.10.0rc1 release candidate was released on 2022-10-26 and there are
no changes between the release candidate and the final release.


Features
--------
- The ``systemd:`` endpoint parser now supports "named" file descriptors.  This is a more reliable mechanism for choosing among several inherited descriptors.


Improved Documentation
----------------------
- The ``systemd`` endpoint parser's ``index`` parameter is now documented as leading to non-deterministic results in which descriptor is selected.  The new ``name`` parameter is now documented as preferred.
- The implementers of Zope interfaces are once more displayed in the documentations.

Deprecations and Removals
-------------------------
- twisted.protocols.dict, which was deprecated in 17.9, has been removed.


Conch
-----

Bugfixes
~~~~~~~~
- twisted.conch.manhole.ManholeInterpreter now captures tracebacks even if sys.excepthook has been modified.


Web
---

Features
~~~~~~~~
- The twisted.web.pages.errorPage, notFound, and forbidden each return an IResource that displays an HTML error pages safely rendered using twisted.web.template.

Bugfixes
~~~~~~~~
- twisted.web.error.Error.__str__ no longer raises an exception when the error's message attribute is None. Additionally, it validates that code is a plausible 3-digit HTTP status code.
- The typing of the twisted.web.http_headers.Headers methods addRawHeader() and setRawHeaders() now allow mixing str and bytes, matching the runtime behavior.
- twisted.web.vhost.NameVirtualHost no longer echoes HTML received in the Host header without escaping it (CVE-2022-39348, GHSA-vg46-2rrj-3647).

Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~
- twisted.web.resource.Resource.putChild now raises TypeError when the path argument is not bytes, rather than issuing a deprecation warning.
- The twisted.web.resource.ErrorPage, NoResource, and ForbiddenResource classes have been deprecated in favor of new implementations twisted.web.pages module because they permit HTML injection.


Mail
----

Bugfixes
~~~~~~~~
- emailserver.tac now runs under python3.x
2022-11-27 10:44:20 +00:00
..
ALTERNATIVES
DESCR
distinfo py-twisted: updated to 22.10.0 2022-11-27 10:44:20 +00:00
Makefile fighting a losing battle against the py-cryptography rustification, part 5 2022-10-19 14:25:18 +00:00
Makefile.common py-twisted: updated to 22.10.0 2022-11-27 10:44:20 +00:00
PLIST py-twisted: updated to 22.10.0 2022-11-27 10:44:20 +00:00