10 Aug
2016
10 Aug
'16
12:47 p.m.
Hi everyone, I've just uploaded the first prerelease of Twisted 16.3.1, a security & critical bug fix release of the 16.3 series. It contains: - A bugfix for a HTTP/2 edge case, - Fix for CVE-2008-7317 (generating potentially guessable HTTP session identifiers) - Fix for CVE-2008-7318 (sending secure session cookies over insecured connections) - Fix for CVE-2016-1000111 (http://httpoxy.org/) You can find the tarball and the full news file for testing at https://twistedmatrix.com/Releases/pre/16.3.1pre1/ . If no issues are found, I will issue a full release by Friday. - Amber