On behalf of the Twisted contributors I announce the release candidate of Twisted 24.7.0.

This is a release triggered by the following security bugfixes:

twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839)
- The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810. (#12263)

The subjective notable changes are:

- Many performance improvements, pioneered by Itamar
twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
- The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the first line of a request, improving compliance with RFC 9112. (#12233)
- The HTTP 1.0/1.1 server provided by twisted.web now contains the characters set of HTTP header names, improving compliance with RFC 9110. (#12235)
twisted.web.util.ChildRedirector, which has never worked on Python 3, has been removed. (#9591)

The release and NEWS file is available for review at

    https://github.com/twisted/twisted/blob/stable/NEWS.rst

Release documentation is available at

    https://docs.twisted.org/en/stable/

Wheels for the release candidate are available on PyPI

    python -m pip install Twisted==24.7.0

Many thanks to everyone who worked on this release!

I would like to use this opportunity and thank https://thinkst.com/ for the extraordinary continuous financial support since 2018.

--
Adi Roiban