On Oct 14, 2019, at 1:05 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net> wrote:

Hello everyone, it's time for more Twisted!

It's always time for more Twisted

It contains:

- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514
(Reset Flood), and CVE-2019-9515 (Settings Flood).  Thanks to Jonathan
Looney and Piotr Sikora.
- HTTP/2 fixes regarding timeouts.

My understanding is that these are pretty much all resource-exhaustion attacks?

- trial's assertResultOf, failureResultOf, and successResultOf, now
accept Deferred-awaiting coroutines.

Awesome, I've been waiting for that one myself.

- Various other bug fixes for POP3, conch.ssh.keys, and
twisted.web.client.FileBodyProducer.

Wow, quite an assortment of important fixes here!

You can get the tarball and the NEWS file at
https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it
out from PyPI:

    python -m pip install Twisted==19.10.0rc1

Please test it, and let me know how your applications fare, good or bad!
If nothing comes up, 19.10 will release in a week.

Twisted regards,

Amber Brown (hawkowl)

Thanks for keeping the release train moving, Amber!

Do we have any progress on a volunteer who will shadow this one / the next one?

Twisted prevails,

-g