Twisted 24.7.0 release candidate
![](https://secure.gravatar.com/avatar/eba6eb871de2549c7447a8701352cd35.jpg?s=120&d=mm&r=g)
On behalf of the Twisted contributors I announce the release candidate of Twisted 24.7.0. This is a release triggered by the following security bugfixes: - twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839) - The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248) - twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810. (#12263) The subjective notable changes are: - Many performance improvements, pioneered by Itamar - twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972) - The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the first line of a request, improving compliance with RFC 9112. (#12233) - The HTTP 1.0/1.1 server provided by twisted.web now contains the characters set of HTTP header names, improving compliance with RFC 9110. (#12235) - twisted.web.util.ChildRedirector, which has never worked on Python 3, has been removed. (#9591) The release and NEWS file is available for review at https://github.com/twisted/twisted/pull/12272 Release candidate documentation is available at https://twisted--12272.org.readthedocs.build/en/12272/ Wheels for the release candidate are available on PyPI python -m pip install Twisted==24.7.0rc1 Please test it and report any issues. If nothing comes up in one week, 24.7.0 will be released based on the latest release candidate. Many thanks to everyone who worked on this release! -- Adi Roiban
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
I found a regression I caused post last release, so this hsould probably be merged before release: https://github.com/twisted/twisted/pull/12280 On Mon, Jul 29, 2024, at 9:48 AM, Adi Roiban wrote:
-- Itamar Turner-Trauring
![](https://secure.gravatar.com/avatar/eba6eb871de2549c7447a8701352cd35.jpg?s=120&d=mm&r=g)
Hi Release candidate 2 is now available for testing python -m pip install Twisted==24.7.0rc2 Link to PyPI https://pypi.org/project/Twisted/24.7.0rc2/ This includes the regression that was fixed in https://github.com/twisted/twisted/pull/12280 Many thanks Itamar for the quick fix. Please give it a try and report your result on the PR https://github.com/twisted/twisted/pull/12272 I plan to do the final release tomorrow. Regards On Mon, 5 Aug 2024 at 17:55, Adi Roiban <adiroiban@gmail.com> wrote:
-- Adi Roiban
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
Thanks for the bugfix, Itamar, and thanks for getting another prerelease out, Adi. I've rebuilt https://blog.glyph.im/ to use rc2, and it seems to be smooth sailing so far; I have noted it on the PR https://github.com/twisted/twisted/pull/12272#issuecomment-2272342257 and I encourage everyone else to do so as well :) -g
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
I found a regression I caused post last release, so this hsould probably be merged before release: https://github.com/twisted/twisted/pull/12280 On Mon, Jul 29, 2024, at 9:48 AM, Adi Roiban wrote:
-- Itamar Turner-Trauring
![](https://secure.gravatar.com/avatar/eba6eb871de2549c7447a8701352cd35.jpg?s=120&d=mm&r=g)
Hi Release candidate 2 is now available for testing python -m pip install Twisted==24.7.0rc2 Link to PyPI https://pypi.org/project/Twisted/24.7.0rc2/ This includes the regression that was fixed in https://github.com/twisted/twisted/pull/12280 Many thanks Itamar for the quick fix. Please give it a try and report your result on the PR https://github.com/twisted/twisted/pull/12272 I plan to do the final release tomorrow. Regards On Mon, 5 Aug 2024 at 17:55, Adi Roiban <adiroiban@gmail.com> wrote:
-- Adi Roiban
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
Thanks for the bugfix, Itamar, and thanks for getting another prerelease out, Adi. I've rebuilt https://blog.glyph.im/ to use rc2, and it seems to be smooth sailing so far; I have noted it on the PR https://github.com/twisted/twisted/pull/12272#issuecomment-2272342257 and I encourage everyone else to do so as well :) -g
participants (3)
-
Adi Roiban
-
Glyph
-
Itamar Turner-Trauring