[Twisted-Python] Twisted 19.10.0rc1 Release Candidate Announcement
Hello everyone, it's time for more Twisted!
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. - HTTP/2 fixes regarding timeouts. - trial's assertResultOf, failureResultOf, and successResultOf, now accept Deferred-awaiting coroutines. - Various other bug fixes for POP3, conch.ssh.keys, and twisted.web.client.FileBodyProducer.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.10.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
On Oct 14, 2019, at 1:05 AM, Amber Brown (hawkowl) hawkowl@atleastfornow.net wrote:
Hello everyone, it's time for more Twisted!
It's always time for more Twisted
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514
(Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora.
- HTTP/2 fixes regarding timeouts.
My understanding is that these are pretty much all resource-exhaustion attacks?
- trial's assertResultOf, failureResultOf, and successResultOf, now
accept Deferred-awaiting coroutines.
Awesome, I've been waiting for that one myself.
- Various other bug fixes for POP3, conch.ssh.keys, and
twisted.web.client.FileBodyProducer.
Wow, quite an assortment of important fixes here!
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.10.0rc1Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
Thanks for keeping the release train moving, Amber!
Do we have any progress on a volunteer who will shadow this one / the next one?
Twisted prevails,
-g
On 14/10/19 10:07 pm, Glyph wrote:
On Oct 14, 2019, at 1:05 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net mailto:hawkowl@atleastfornow.net> wrote:
Hello everyone, it's time for more Twisted!
//I/t's *always* time for more Twisted/
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514
(Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora.
- HTTP/2 fixes regarding timeouts.
My understanding is that these are pretty much all resource-exhaustion attacks?
I believe so.
Thanks for keeping the release train moving, Amber!
Do we have any progress on a volunteer who will shadow this one / the next one?
This release is something I've snuck in work time. ;)
I have thought on it a bit, and I'm planning on eliminating some (IMO needless) steps to make such an onboarding more viable, before I start that. I have also not had free time to organise getting someone to shadow it, which is irony :P
But, now I'm not on the Keynote Trail, I'm hoping there's time for this.
Twisted prevails,
-g
yay twisted,
- hawkie
Is it possible that the tag for the release on github does not have the "twisted-" as a prefix on the version?
At the moment the tarballs use a folder name of twisted-twisted-19.x.y rather then the expected twisted-19.x.y folder name.
Barry
On Monday, 14 October 2019 09:05:35 BST Amber Brown (hawkowl) wrote:
Hello everyone, it's time for more Twisted!
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514
(Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora.
- HTTP/2 fixes regarding timeouts.
- trial's assertResultOf, failureResultOf, and successResultOf, now
accept Deferred-awaiting coroutines.
- Various other bug fixes for POP3, conch.ssh.keys, and
twisted.web.client.FileBodyProducer.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.10.0rc1Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
On PyPI, 19.7 and 19.10 both describe themselves as 19.2 in the project description.
On Tue, Oct 15, 2019 at 10:26 AM Scott, Barry barry.scott@forcepoint.com wrote:
Is it possible that the tag for the release on github does not have the "twisted-" as a prefix on the version?
At the moment the tarballs use a folder name of twisted-twisted-19.x.y rather then the expected twisted-19.x.y folder name.
Barry
On Monday, 14 October 2019 09:05:35 BST Amber Brown (hawkowl) wrote:
Hello everyone, it's time for more Twisted!
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514
(Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora.
- HTTP/2 fixes regarding timeouts.
- trial's assertResultOf, failureResultOf, and successResultOf, now
accept Deferred-awaiting coroutines.
- Various other bug fixes for POP3, conch.ssh.keys, and
twisted.web.client.FileBodyProducer.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.10.0rc1Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
On 15/10/19 3:35 pm, Jean-Paul Calderone wrote:
On PyPI, 19.7 and 19.10 both describe themselves as 19.2 in the project description.
The one thing that Incremental doesn't change for me! Maybe we don't need to put the version in the readme, nowadays, anyway, so I might just remove it.
- Amber
On Tue, Oct 15, 2019 at 10:26 AM Scott, Barry <barry.scott@forcepoint.com mailto:barry.scott@forcepoint.com> wrote:
Is it possible that the tag for the release on github does not have the "twisted-" as a prefix on the version? At the moment the tarballs use a folder name of twisted-twisted-19.x.y rather then the expected twisted-19.x.y folder name. Barry On Monday, 14 October 2019 09:05:35 BST Amber Brown (hawkowl) wrote: > Hello everyone, it's time for more Twisted! > > It contains: > > - Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514 > (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan > Looney and Piotr Sikora. > - HTTP/2 fixes regarding timeouts. > - trial's assertResultOf, failureResultOf, and successResultOf, now > accept Deferred-awaiting coroutines. > - Various other bug fixes for POP3, conch.ssh.keys, and > twisted.web.client.FileBodyProducer. > > You can get the tarball and the NEWS file at > https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it > out from PyPI: > > python -m pip install Twisted==19.10.0rc1 > > Please test it, and let me know how your applications fare, good or bad! > If nothing comes up, 19.10 will release in a week. > > Twisted regards, > > Amber Brown (hawkowl) > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
On 15/10/19 3:26 pm, Scott, Barry wrote:
Is it possible that the tag for the release on github does not have the "twisted-" as a prefix on the version?
At the moment the tarballs use a folder name of twisted-twisted-19.x.y rather then the expected twisted-19.x.y folder name.
Sure. I think the only reason it's like that is because that's how it was done in SVN? I don't think there's a technical reason that it's like that (and I don't think anything hard-assumes the format of our git tags specifically).
- Amber
Barry
On Monday, 14 October 2019 09:05:35 BST Amber Brown (hawkowl) wrote:
Hello everyone, it's time for more Twisted!
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514
(Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora.
- HTTP/2 fixes regarding timeouts.
- trial's assertResultOf, failureResultOf, and successResultOf, now
accept Deferred-awaiting coroutines.
- Various other bug fixes for POP3, conch.ssh.keys, and
twisted.web.client.FileBodyProducer.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.10.0rc1Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
participants (4)
-
Amber Brown (hawkowl) -
Glyph -
Jean-Paul Calderone -
Scott, Barry