Announcing txAWS 0.2.3.1

Jean-Paul Calderone exarkun at twistedmatrix.com
Mon Jan 9 12:58:24 EST 2017


I've just release txAWS 0.2.3.1.  txAWS is a library for interacting with
Amazon Web Services (AWS) using Twisted.

AWSServiceEndpoint's ssl_hostname_verification's parameter now defaults to
True instead of False.  This affects all txAWS APIs which issue requests to
AWS endpoints.  For any application which uses the default
AWSServiceEndpoints, the server's TLS certificate will now be verified.

This resolves a security issue in which txAWS applications were vulnerable
to man-in-the-middle attacks which could either steal sensitive information
or, possibly, alter the AWS operation requested.

The new release is available on PyPI in source and wheel forms.  You can
also find txAWS at its new home on github, <https://github.com/twisted/txaws
>.

Special thanks to Least Authority Enterprises
(<https://leastauthority.com/>) for
sponsoring the work to find and fix this issue and to publish this new
release.

Jean-Paul


More information about the Python-list mailing list