[Twisted-Python] Twisted 20.3.0rc1 Release Candidate Announcement
![](https://secure.gravatar.com/avatar/3d37232726396a1d3c7412dd915095ea.jpg?s=120&d=mm&r=g)
It's time for another Twisted release! Twisted 20.3.0rc1 brings the following: - curve25519-sha256 key exchange algorithm support in Conch. - "openssh-key-v1" key format support in Conch. - Security fixes to twisted.web, including preventing request smuggling attacks and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were assigned for these issues, see the NEWS file for full details. - `twist dns --secondary` now works on Python 3. - The deprecation of twisted.news. - ...and various other fixes, with 28 tickets closed in total. You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/20.3.0rc1/ , or you can try it out from PyPI: python -m pip install Twisted==20.3.0rc1 Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 20.3 will release very soon. Twisted regards, Amber Brown (hawkowl)
![](https://secure.gravatar.com/avatar/e5a514e14e44913930aa1ac15f508746.jpg?s=120&d=mm&r=g)
Hi Amber and team! Firstly, I can confirm that I've been using 20.3.0rc1 on a production server, and all seems fine. So... I'm keen to see a final release, particularly in light of the request smuggling attacks. Any idea what sort of timeframe looks likely? R On 14/03/2020 07:03, Glyph wrote:
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
Hi Richard! Thanks for your testing! One thing I always like to remind people is that if you want a particular ticket to get addressed quickly (in this case, the release) one thing you can do is to go to https://twisted.reviews/ <https://twisted.reviews/> and review a couple of project-member-submitted contributions; this drains the review queue and makes it more likely that project members with review privileges will review the thing you want reviewed, whenever they have spare cycles. -glyph
![](https://secure.gravatar.com/avatar/e5a514e14e44913930aa1ac15f508746.jpg?s=120&d=mm&r=g)
Hi Amber and team! Firstly, I can confirm that I've been using 20.3.0rc1 on a production server, and all seems fine. So... I'm keen to see a final release, particularly in light of the request smuggling attacks. Any idea what sort of timeframe looks likely? R On 14/03/2020 07:03, Glyph wrote:
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
Hi Richard! Thanks for your testing! One thing I always like to remind people is that if you want a particular ticket to get addressed quickly (in this case, the release) one thing you can do is to go to https://twisted.reviews/ <https://twisted.reviews/> and review a couple of project-member-submitted contributions; this drains the review queue and makes it more likely that project members with review privileges will review the thing you want reviewed, whenever they have spare cycles. -glyph
participants (3)
-
Amber Brown (hawkowl)
-
Glyph
-
Richard van der Hoff