On Oct 14, 2019, at 1:05 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net> wrote:
Hello everyone, it's time for more Twisted!
It's always time for more Twisted
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. - HTTP/2 fixes regarding timeouts.
My understanding is that these are pretty much all resource-exhaustion attacks?
- trial's assertResultOf, failureResultOf, and successResultOf, now accept Deferred-awaiting coroutines.
Awesome, I've been waiting for that one myself.
- Various other bug fixes for POP3, conch.ssh.keys, and twisted.web.client.FileBodyProducer.
Wow, quite an assortment of important fixes here!
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.10.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
Thanks for keeping the release train moving, Amber! Do we have any progress on a volunteer who will shadow this one / the next one? Twisted prevails, -g