Thank you Amber! I'd encourage all Twisted users to upgrade, since those CVEs might be somewhat serious for web applications. -g
On Mar 20, 2020, at 6:20 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net> wrote:
On behalf of Twisted Matrix Laboratories, I am honoured to announce the release of Twisted 20.3! The highlights of this release are:
- curve25519-sha256 key exchange algorithm support in Conch. - "openssh-key-v1" key format support in Conch. - Security fixes to twisted.web, including preventing request smuggling attacks and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were assigned for these issues, see the NEWS file for full details. - `twist dns --secondary` now works on Python 3. - The deprecation of twisted.news. - ...and various other fixes, with 28 tickets closed in total.
You can find the downloads at <https://pypi.python.org/pypi/Twisted> (or alternatively <http://twistedmatrix.com/trac/wiki/Downloads>). The NEWS file is also available at <https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst>.
Many thanks to everyone who had a part in this release - the supporters of the Twisted Software Foundation, the developers who contributed code as well as documentation, and all the people building great things with Twisted!
- hawkowl
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python