[Twisted-Python] Twisted 19.2.0rc1 Release Candidate Announcement
Hello from PyCascades! Straight from the Pacific North-West, a new Twisted release candidate! In this release, there is: - twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option. This reduces the performance overhead for making many TLS connections to the same host. - twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. - The sample code in the "Twisted Web In 60 Seconds" tutorial runs on Python 3. - DeferredLock and DeferredSemaphore can be used as asynchronous context managers on Python 3.5+. - twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context. - twisted.python.failure.Failure.getTracebackObject now returns traceback objects whose frames can be passed into traceback.print_stack for better debugging of where the exception came from. - Much more! 20+ tickets closed overall. You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.2.0rc1/ , or you can try it out from PyPI: python -m pip install Twisted==19.2.0rc1 Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.2 will release in a week. Twisted regards, Amber Brown (hawkowl)
Hi Amber,
I wanted to make sure you've seen this: https://twistedmatrix.com/trac/ticket/9592
Twisted now references a symbol not present in its minimal crypography requirement.
---Tom
On February 24, 2019 11:19:28 AM PST, Amber Brown
Hello from PyCascades! Straight from the Pacific North-West, a new Twisted release candidate!
In this release, there is:
- twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option. This reduces the performance overhead for making
many TLS connections to the same host. - twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default
in OpenSSH 7.8. - The sample code in the "Twisted Web In 60 Seconds" tutorial runs on Python 3. - DeferredLock and DeferredSemaphore can be used as asynchronous context managers on Python 3.5+. - twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context. - twisted.python.failure.Failure.getTracebackObject now returns traceback objects whose frames can be passed into traceback.print_stack
for better debugging of where the exception came from. - Much more! 20+ tickets closed overall.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.2.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.2.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.2 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Hi Tom,
Thanks for letting me know.
I propose we update this dependency and do an rc2, would anyone have an
objection to that?
- Amber
On Mon., 4 Mar. 2019, 15:12 Tom Most,
Hi Amber,
I wanted to make sure you've seen this: https://twistedmatrix.com/trac/ticket/9592
Twisted now references a symbol not present in its minimal crypography requirement.
---Tom
On February 24, 2019 11:19:28 AM PST, Amber Brown < hawkowl@atleastfornow.net> wrote:
Hello from PyCascades! Straight from the Pacific North-West, a new Twisted release candidate!
In this release, there is:
- twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option. This reduces the performance overhead for making many TLS connections to the same host. - twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. - The sample code in the "Twisted Web In 60 Seconds" tutorial runs on Python 3. - DeferredLock and DeferredSemaphore can be used as asynchronous context managers on Python 3.5+. - twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context. - twisted.python.failure.Failure.getTracebackObject now returns traceback objects whose frames can be passed into traceback.print_stack for better debugging of where the exception came from. - Much more! 20+ tickets closed overall.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.2.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.2.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.2 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
------------------------------
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Let's do it.
On Mar 4, 2019, at 3:14 PM, Amber Brown
wrote: Hi Tom,
Thanks for letting me know.
I propose we update this dependency and do an rc2, would anyone have an objection to that?
- Amber
On Mon., 4 Mar. 2019, 15:12 Tom Most,
mailto:twm@freecog.net> wrote: Hi Amber, I wanted to make sure you've seen this: https://twistedmatrix.com/trac/ticket/9592 https://twistedmatrix.com/trac/ticket/9592
Twisted now references a symbol not present in its minimal crypography requirement.
---Tom
On February 24, 2019 11:19:28 AM PST, Amber Brown
mailto:hawkowl@atleastfornow.net> wrote: Hello from PyCascades! Straight from the Pacific North-West, a new Twisted release candidate! In this release, there is:
- twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option. This reduces the performance overhead for making many TLS connections to the same host. - twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. - The sample code in the "Twisted Web In 60 Seconds" tutorial runs on Python 3. - DeferredLock and DeferredSemaphore can be used as asynchronous context managers on Python 3.5+. - twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context. - twisted.python.failure.Failure.getTracebackObject now returns traceback objects whose frames can be passed into traceback.print_stack for better debugging of where the exception came from. - Much more! 20+ tickets closed overall.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/19.2.0rc1 https://twistedmatrix.com/Releases/rc/19.2.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==19.2.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 19.2 will release in a week.
Twisted regards,
Amber Brown (hawkowl)
Twisted-Python mailing list Twisted-Python@twistedmatrix.com mailto:Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com mailto:Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Another note:
twisted.web.client.Request and twisted.web.client.HTTPClient were both vulnerable to header injection attacks. They now replace linear whitespace ('r', 'n', and 'rn') with a single space. (#9421)
Headers now assumes the value is a list of string (or bytes). It used to accept a list of arbitrary values. When using the twisted.web resource model (the IRequest.setHeader API) the value would be coerced. This change actually broke some of my tests, though not any production code. I was passing a list where a scalar string was required (this, precisely: https://github.com/twisted/treq/pull/237). The result was a response with a header like: Foo: ['value'] That's not a useful feature in this case so I am happy to have caught the bug but it does seem like there may be real-world code this breaks. For example, request.setHeader('Retry-After', 10) would produce a valid header. (Also the release note seems to be missing some backslashes in the bit I quoted.) ---Tom
participants (3)
-
Amber Brown
-
Glyph
-
Tom Most