-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I'm gruntled to announce txtorcon 24.8.0 with the following changes:
* Fix (test) issues with Twisted 24.7.0 (https://github.com/meejah/txtorcon/pull/400)
* Remove usage of "six" (https://github.com/meejah/txtorcon/issues/395)
from https://github.com/a-detiste
txtorcon is an implementation of the "control-spec" for Tor using the
"Twisted" networking library. This is the library to use if you want
to write event-based software (including asyncio; interop is possible)
in Python that uses the Tor network as a client or a service (or to
integrate Tor support into existing Twisted-using applications).
You can download the release from PyPI or GitHub (or of
course "pip install txtorcon"):
https://pypi.python.org/pypi/txtorcon/24.8.0https://github.com/meejah/txtorcon/releases/tag/v24.8.0
Releases are also available from the hidden service:
http://fjblvrw2jrxnhtg67qpbzi45r7ofojaoo3orzykesly2j3c2m3htapid.onion/txtor…http://fjblvrw2jrxnhtg67qpbzi45r7ofojaoo3orzykesly2j3c2m3htapid.onion/txtor…
You can verify the sha256sum of both by running the following 4 lines
in a shell wherever you have the files downloaded:
cat <<EOF | sha256sum --check
f790ab645a43a801ec68402467c15b2c816b6d16d93b36b89eed9ee9d17cc51f dist/txtorcon-24.8.0.tar.gz
d3d0871a19c2ecaaae9e2c13b302a78b169048f5a3c2051069a2ea6ae44232c7 dist/txtorcon-24.8.0-py3-none-any.whl
EOF
thanks,
meejah
-----BEGIN PGP SIGNATURE-----
iQFFBAEBCgAvFiEEnVor1WiOy4id680/wmAoAxKAaacFAmbE8TQRHG1lZWphaEBt
ZWVqYWguY2EACgkQwmAoAxKAaaeMTggAzkQ81pbZEN149nyR08zFzj2/oXWj5RzH
huB4UDYmPTkzT7YvyI1e7CbcavLU7VEpcJCtEvFHsVx4PNG9cwc/Bd0/M8w0YVKM
bNsijPX+d4SGZSL3rVwzKoMDPo6mm1fUiDgWFVZqqZ5PUagFKF7/iTvKShq4AVBe
kwDJa2eiku3UDXcNRtbNtp+xxzrUIK5TcaUImeEXHIiQxsQJNbaL492FQXxYY2sM
CFnGKH7QYkyQ8iFkVvqO7yaVI7oB1rFvD9FLrZXPHN+W2MIBG7ncfROs6LuBQQRC
SuC+audP7Rbuf4uZp5RpdxQTkV2+k8L5mfAdu+k/WiihnsVoX1owdA==
=wCIY
-----END PGP SIGNATURE-----
On behalf of the Twisted contributors I announce the release candidate of
Twisted 24.7.0.
This is a release triggered by the following security bugfixes:
- twisted.web.util.redirectTo now HTML-escapes the provided URL in the
fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810).
(#9839)
- The HTTP 1.0 and 1.1 server provided by twisted.web could process
pipelined HTTP requests out-of-order, possibly resulting in information
disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
- twisted.web.util.redirectTo now HTML-escapes the provided URL in the
fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being
tracked with CVE-2024-41810. (#12263)
The subjective notable changes are:
- Many performance improvements, pioneered by Itamar
- twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
- The HTTP 1.0/1.1 server provided by twisted.web is now more picky about
the first line of a request, improving compliance with RFC 9112. (#12233)
- The HTTP 1.0/1.1 server provided by twisted.web now contains the
characters set of HTTP header names, improving compliance with RFC 9110.
(#12235)
- twisted.web.util.ChildRedirector, which has never worked on Python 3, has
been removed. (#9591)
The release and NEWS file is available for review at
https://github.com/twisted/twisted/blob/stable/NEWS.rst
Release documentation is available at
https://docs.twisted.org/en/stable/
Wheels for the release candidate are available on PyPI
python -m pip install Twisted==24.7.0
Many thanks to everyone who worked on this release!
I would like to use this opportunity and thank https://thinkst.com/ for the
extraordinary continuous financial support since 2018.
--
Adi Roiban
On behalf of the Twisted contributors I announce the release candidate of
Twisted 24.7.0.
This is a release triggered by the following security bugfixes:
- twisted.web.util.redirectTo now HTML-escapes the provided URL in the
fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810).
(#9839)
- The HTTP 1.0 and 1.1 server provided by twisted.web could process
pipelined HTTP requests out-of-order, possibly resulting in information
disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
- twisted.web.util.redirectTo now HTML-escapes the provided URL in the
fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being
tracked with CVE-2024-41810. (#12263)
The subjective notable changes are:
- Many performance improvements, pioneered by Itamar
- twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
- The HTTP 1.0/1.1 server provided by twisted.web is now more picky about
the first line of a request, improving compliance with RFC 9112. (#12233)
- The HTTP 1.0/1.1 server provided by twisted.web now contains the
characters set of HTTP header names, improving compliance with RFC 9110.
(#12235)
- twisted.web.util.ChildRedirector, which has never worked on Python 3, has
been removed. (#9591)
The release and NEWS file is available for review at
https://github.com/twisted/twisted/pull/12272
Release candidate documentation is available at
https://twisted--12272.org.readthedocs.build/en/12272/
Wheels for the release candidate are available on PyPI
python -m pip install Twisted==24.7.0rc1
Please test it and report any issues. If nothing comes up in one week,
24.7.0 will be released based on the latest release candidate.
Many thanks to everyone who worked on this release!
--
Adi Roiban