[Twisted-Python] Twisted 20.3.0rc1 Release Candidate Announcement
It's time for another Twisted release! Twisted 20.3.0rc1 brings the following: - curve25519-sha256 key exchange algorithm support in Conch. - "openssh-key-v1" key format support in Conch. - Security fixes to twisted.web, including preventing request smuggling attacks and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were assigned for these issues, see the NEWS file for full details. - `twist dns --secondary` now works on Python 3. - The deprecation of twisted.news. - ...and various other fixes, with 28 tickets closed in total. You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/20.3.0rc1/ , or you can try it out from PyPI: python -m pip install Twisted==20.3.0rc1 Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 20.3 will release very soon. Twisted regards, Amber Brown (hawkowl)
Thanks for doing another release, Amber! Glad to see more important HTTP security issues get squashed; looking forward to seeing this on store shelves soon! -g
On Mar 9, 2020, at 2:39 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net> wrote:
It's time for another Twisted release!
Twisted 20.3.0rc1 brings the following:
- curve25519-sha256 key exchange algorithm support in Conch. - "openssh-key-v1" key format support in Conch. - Security fixes to twisted.web, including preventing request smuggling attacks and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were assigned for these issues, see the NEWS file for full details. - `twist dns --secondary` now works on Python 3. - The deprecation of twisted.news. - ...and various other fixes, with 28 tickets closed in total.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/20.3.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==20.3.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 20.3 will release very soon.
Twisted regards,
Amber Brown (hawkowl)
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Hi Amber and team! Firstly, I can confirm that I've been using 20.3.0rc1 on a production server, and all seems fine. So... I'm keen to see a final release, particularly in light of the request smuggling attacks. Any idea what sort of timeframe looks likely? R On 14/03/2020 07:03, Glyph wrote:
Thanks for doing another release, Amber! Glad to see more important HTTP security issues get squashed; looking forward to seeing this on store shelves soon!
-g
On Mar 9, 2020, at 2:39 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net> wrote:
It's time for another Twisted release!
Twisted 20.3.0rc1 brings the following:
- curve25519-sha256 key exchange algorithm support in Conch. - "openssh-key-v1" key format support in Conch. - Security fixes to twisted.web, including preventing request smuggling attacks and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were assigned for these issues, see the NEWS file for full details. - `twist dns --secondary` now works on Python 3. - The deprecation of twisted.news. - ...and various other fixes, with 28 tickets closed in total.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/20.3.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==20.3.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 20.3 will release very soon.
Twisted regards,
Amber Brown (hawkowl)
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Hi Richard! Thanks for your testing! One thing I always like to remind people is that if you want a particular ticket to get addressed quickly (in this case, the release) one thing you can do is to go to https://twisted.reviews/ <https://twisted.reviews/> and review a couple of project-member-submitted contributions; this drains the review queue and makes it more likely that project members with review privileges will review the thing you want reviewed, whenever they have spare cycles. -glyph
On Mar 18, 2020, at 4:42 AM, Richard van der Hoff <richard@matrix.org> wrote:
Hi Amber and team!
Firstly, I can confirm that I've been using 20.3.0rc1 on a production server, and all seems fine.
So... I'm keen to see a final release, particularly in light of the request smuggling attacks. Any idea what sort of timeframe looks likely?
R
On 14/03/2020 07:03, Glyph wrote:
Thanks for doing another release, Amber! Glad to see more important HTTP security issues get squashed; looking forward to seeing this on store shelves soon! -g
On Mar 9, 2020, at 2:39 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net> wrote:
It's time for another Twisted release!
Twisted 20.3.0rc1 brings the following:
- curve25519-sha256 key exchange algorithm support in Conch. - "openssh-key-v1" key format support in Conch. - Security fixes to twisted.web, including preventing request smuggling attacks and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were assigned for these issues, see the NEWS file for full details. - `twist dns --secondary` now works on Python 3. - The deprecation of twisted.news. - ...and various other fixes, with 28 tickets closed in total.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/20.3.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==20.3.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 20.3 will release very soon.
Twisted regards,
Amber Brown (hawkowl)
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Noted. And thanks to Amber for cutting the release! On 20/03/2020 06:48, Glyph wrote:
Hi Richard!
Thanks for your testing!
One thing I always like to remind people is that if you want a particular ticket to get addressed quickly (in this case, the release) one thing you can do is to go to https://twisted.reviews/ and review a couple of project-member-submitted contributions; this drains the review queue and makes it more likely that project members with review privileges will review the thing you want reviewed, whenever they have spare cycles.
-glyph
On Mar 18, 2020, at 4:42 AM, Richard van der Hoff <richard@matrix.org <mailto:richard@matrix.org>> wrote:
Hi Amber and team!
Firstly, I can confirm that I've been using 20.3.0rc1 on a production server, and all seems fine.
So... I'm keen to see a final release, particularly in light of the request smuggling attacks. Any idea what sort of timeframe looks likely?
R
On 14/03/2020 07:03, Glyph wrote:
Thanks for doing another release, Amber! Glad to see more important HTTP security issues get squashed; looking forward to seeing this on store shelves soon! -g
On Mar 9, 2020, at 2:39 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net <mailto:hawkowl@atleastfornow.net>> wrote:
It's time for another Twisted release!
Twisted 20.3.0rc1 brings the following:
- curve25519-sha256 key exchange algorithm support in Conch. - "openssh-key-v1" key format support in Conch. - Security fixes to twisted.web, including preventing request smuggling attacks and rejecting malformed headers. CVE-2020-10108 and CVE-2020-10109 were assigned for these issues, see the NEWS file for full details. - `twist dns --secondary` now works on Python 3. - The deprecation of twisted.news. - ...and various other fixes, with 28 tickets closed in total.
You can get the tarball and the NEWS file at https://twistedmatrix.com/Releases/rc/20.3.0rc1/ , or you can try it out from PyPI:
python -m pip install Twisted==20.3.0rc1
Please test it, and let me know how your applications fare, good or bad! If nothing comes up, 20.3 will release very soon.
Twisted regards,
Amber Brown (hawkowl)
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Twisted-Python mailing list Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
participants (3)
-
Amber Brown (hawkowl) -
Glyph -
Richard van der Hoff