On 14/10/19 10:07 pm, Glyph wrote:

...

On Oct 14, 2019, at 1:05 AM, Amber Brown (hawkowl) mailto:hawkowl@atleastfornow.net> wrote:

Hello everyone, it's time for more Twisted!

//I/t's *always* time for more Twisted/

...

It contains:

- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).  Thanks to Jonathan Looney and Piotr Sikora. - HTTP/2 fixes regarding timeouts.

My understanding is that these are pretty much all resource-exhaustion attacks?

I believe so.

Thanks for keeping the release train moving, Amber!

Do we have any progress on a volunteer who will shadow this one / the next one?

This release is something I've snuck in work time. ;) I have thought on it a bit, and I'm planning on eliminating some (IMO needless) steps to make such an onboarding more viable, before I start that. I have also not had free time to organise getting someone to shadow it, which is irony :P But, now I'm not on the Keynote Trail, I'm hoping there's time for this.

Twisted prevails,

-g

yay twisted, - hawkie

On PyPI, 19.7 and 19.10 both describe themselves as 19.2 in the project description. On Tue, Oct 15, 2019 at 10:26 AM Scott, Barry wrote:

Is it possible that the tag for the release on github does not have the "twisted-" as a prefix on the version?

At the moment the tarballs use a folder name of twisted-twisted-19.x.y rather then the expected twisted-19.x.y folder name.

Barry

On Monday, 14 October 2019 09:05:35 BST Amber Brown (hawkowl) wrote:

...

Hello everyone, it's time for more Twisted!

It contains:

- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. - HTTP/2 fixes regarding timeouts. - trial's assertResultOf, failureResultOf, and successResultOf, now accept Deferred-awaiting coroutines. - Various other bug fixes for POP3, conch.ssh.keys, and twisted.web.client.FileBodyProducer.

You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:

python -m pip install Twisted==19.10.0rc1

Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.

Twisted regards,

Amber Brown (hawkowl)

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

On 15/10/19 3:26 pm, Scott, Barry wrote:

Is it possible that the tag for the release on github does not have the "twisted-" as a prefix on the version?

At the moment the tarballs use a folder name of twisted-twisted-19.x.y rather then the expected twisted-19.x.y folder name.

Sure. I think the only reason it's like that is because that's how it was done in SVN? I don't think there's a technical reason that it's like that (and I don't think anything hard-assumes the format of our git tags specifically). - Amber

Barry

On Monday, 14 October 2019 09:05:35 BST Amber Brown (hawkowl) wrote:

...

Hello everyone, it's time for more Twisted!

It contains:

- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. - HTTP/2 fixes regarding timeouts. - trial's assertResultOf, failureResultOf, and successResultOf, now accept Deferred-awaiting coroutines. - Various other bug fixes for POP3, conch.ssh.keys, and twisted.web.client.FileBodyProducer.

You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.10.0rc1/ , or you can try it out from PyPI:

python -m pip install Twisted==19.10.0rc1

Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.10 will release in a week.

Twisted regards,

Amber Brown (hawkowl)

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python