I just want to make sure _both_ mailing lists are working after our migration. Sorry for the extra mail. Hopefully everything is going nicely in twisted-web land, how are you all doing?
-glyph
Hi,
I'm using Twisted Web server behind Nginx reverse-proxy and I'm getting
backend's internal host:port from Request.getHost().
Seems like Request.host is explicitly set to socket's address (i.e.
internal address) here:
https://github.com/twisted/twisted/blob/trunk/src/twisted/web/http.py#L838
But comment at
https://github.com/twisted/twisted/blob/trunk/src/twisted/web/http.py#L1297
and what this method does points that Request.host meant to reflect Host
header of the request, i.e. user-visible hostname and port.
This creates problems for me when using Klein because it correctly uses
Request.getHost() to create host part of URLs for redirects.
It seems like inconsistency in Twisted code. I'd expect Request.host should
be only set from the Host request header to reflect user-visible hostname,
not the internal backend server's address. Or may be I'm missing something?
Thanks for reply
--
ilya
I've just release txAWS 0.2.3.1. txAWS is a library for interacting with
Amazon Web Services (AWS) using Twisted.
AWSServiceEndpoint's ssl_hostname_verification's parameter now defaults to
True instead of False. This affects all txAWS APIs which issue requests to
AWS endpoints. For any application which uses the default
AWSServiceEndpoints, the server's TLS certificate will now be verified.
This resolves a security issue in which txAWS applications were vulnerable
to man-in-the-middle attacks which could either steal sensitive information
or, possibly, alter the AWS operation requested.
The new release is available on PyPI in source and wheel forms. You can
also find txAWS at its new home on github, <https://github.com/twisted/txaws
>.
Special thanks to Least Authority Enterprises
(<https://leastauthority.com/>) for
sponsoring the work to find and fix this issue and to publish this new
release.
Jean-Paul
On behalf of Twisted Matrix Laboratories, I am honoured to announce the release of Twisted 16.5!
The highlights of this release are:
- Deferred.addTimeout, for timing out your Deferreds! (contributed by cyli, reviews by adiroiban, theisencouple, manishtomar, markrwilliams)
- yield from support for Deferreds, in functions wrapped with twisted.internet.defer.ensureDeferred. This will work in Python 3.4, unlike async/await which is 3.5+ (contributed by hawkowl, reviews by markrwilliams, lukasa).
- The new asyncio interop reactor, which allows Twisted to run on top of the asyncio event loop. This doesn't include any Deferred-Future interop, but stay tuned! (contributed by itamar and hawkowl, reviews by rodrigc, markrwilliams)
- twisted.internet.cfreactor is now supported on Python 2.7 and Python 3.5+! This is useful for writing pyobjc or Toga applications. (contributed by hawkowl, reviews by glyph, markrwilliams)
- twisted.python.constants has been split out into constantly on PyPI, and likewise with twisted.python.versions going into the PyPI package incremental. Twisted now uses these external packages, which will be shared with other projects (like Klein). (contributed by hawkowl, reviews by glyph, markrwilliams)
- Many new Python 3 modules, including twisted.pair, twisted.python.zippath, twisted.spread.pb, and more parts of Conch! (contributed by rodrigc, hawkowl, glyph, berdario, & others, reviews by acabhishek942, rodrigc, & others)
- Many bug fixes and cleanups!
- 260+ closed tickets overall.
For more information, check the NEWS file (link provided below).
You can find the downloads at <https://pypi.python.org/pypi/Twisted <https://pypi.python.org/pypi/Twisted>> (or alternatively <http://twistedmatrix.com/trac/wiki/Downloads <http://twistedmatrix.com/trac/wiki/Downloads>>). The NEWS file is also available at <https://github.com/twisted/twisted/blob/twisted-16.5.0/NEWS <https://github.com/twisted/twisted/blob/twisted-16.5.0/NEWS>>.
Many thanks to everyone who had a part in this release - the supporters of the Twisted Software Foundation, the developers who contributed code as well as documentation, and all the people building great things with Twisted!
Twisted Regards,
Amber Brown (HawkOwl)
PS: I wrote a blog post about Twisted's progress in 2016! https://atleastfornow.net/blog/marching-ever-forward/
Hi all,
I've just released Nevow 0.14.2[1]. The list of changes from 0.14.0[2] is
as follows:
Features
Nevow will now correctly map the MIME type of SVG files even if the
platform registry does not have such a mapping. (#88)
Athena no longer logs widget instantiation on initial page load. (#92)
Bugfixes
Nevow's test suite is now compatible with Twisted 16.3. (#82)
Athena will no longer cause spurious errors resulting from page
disconnection. (#84)
Athena will now ignore responses to already-responded remote calls during
page shutdown. (#86)
Improved Documentation
Nevow's NEWS file is now generated from news fragments by towncrier. (#81)
[1] Available from PyPI, as always: https://pypi.python.org/pypi/Nevow/
[2] What happened to 0.14.2? A release engineering mishap during uploading
0.14.1 required rolling a new release; there are no further changes in
0.14.2 from 0.14.1 besides the version number and NEWS.
On behalf of Twisted Matrix Laboratories, I am honoured to announce the release of Twisted 16.4.0.
The highlights of this release are:
- twist, a new command line tool for running Twisted plugins, similar to twistd but with a simpler, cleaner interface.
- A new interface for Protocols, IHandshakeListener, which tells Twisted to tell the Protocol when the TLS handshake has been completed.
- async/await support for Deferreds, allowing you to write Python 3.5+ coroutines using Twisted
- Trial can be invoked with "python -m twisted.trial".
- All Twisted executables (trial, twistd, etc) are now Setuptools console scripts, meaning they will work much better on Windows.
- 35+ more modules ported to Python 3, and many many cleanups on the way to Python 3 on Windows support.
- All the security fixes of Twisted 16.3.1 + 16.3.2 (httpoxy, HTTP session identifier strengthening, HTTP+TLS consuming sockets)
- 240+ closed tickets overall.
For more information, check the NEWS file (link provided below).
You can find the downloads at <https://pypi.python.org/pypi/Twisted <https://pypi.python.org/pypi/Twisted>> (or alternatively <http://twistedmatrix.com/trac/wiki/Downloads <http://twistedmatrix.com/trac/wiki/Downloads>>). The NEWS file is also available at <https://github.com/twisted/twisted/blob/twisted-16.4.0/NEWS <https://github.com/twisted/twisted/blob/twisted-16.4.0/NEWS>>.
Many thanks to everyone who had a part in this release - the supporters of the Twisted Software Foundation, the developers who contributed code as well as documentation, and all the people building great things with Twisted!
Twisted Regards,
Amber Brown (HawkOwl)
PS: Twisted 16.4.1 will be coming soon after this with a patch mitigating SWEET32, by updating the acceptable cipher list.
Hi everyone,
Just a note to say that the HTTP/1 + TLS leaking CLOSE_WAIT sockets issue, fixed in 16.3.2 and 16.4.0, has been assigned a CVE, CVE-2016-7100. It'll start showing up on the various CVE databases soon.
- Amber
