summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb
Commit message (Collapse)AuthorAgeFilesLines
* python3-tornado: Upgrade 6.4.1 -> 6.4.2Leon Anavi2024-11-251-41/+0
| | | | | | | | | | | | | Upgrade to release 6.4.2 which brings security improvements: Parsing of the cookie header is now much more efficient. The older algorithm sometimes had quadratic performance which allowed for a denial-of-service attack in which the server would spend excessive CPU time parsing cookies and block the event loop. This change fixes CVE-2024-7592. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-tornado: Switch to python_setuptools_build_metaKhem Raj2024-06-211-1/+1
| | | | | | | | Support has been there for few years now [1] [1] https://github.com/tornadoweb/tornado/commit/e71fb6e616e08838df55dddb494c96a80454f812 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-tornado: Upgrade 6.4 -> 6.4.1Leon Anavi2024-06-201-0/+41
Upgrade to version 6.4.1: - Parsing of the Transfer-Encoding header is now stricter. - Handling of whitespace in headers now matches the RFC more closely. Only space and tab characters are treated as whitespace and stripped from the beginning and end of header values. - tornado.curl_httpclient now prohibits carriage return and linefeed headers in HTTP headers. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-04 00:55:09 +0000