Twisted is an event-based framework for internet applications, supporting
Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process
pipelined HTTP requests out-of-order, possibly resulting in information
disclosure. This vulnerability is fixed in 24.7.0rc1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
Upstream-patches:
046a164f894a930de12f
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 20.3.0. The year in file LICENSE has been
updated but the project remains available under MIT license.
The patch for test_runner.py is no longer needed because the same
fix has been already applied in the upstream. The new release
bring the following improvements:
- Bugfixes
- Improved documentation
- twisted.news is deprecated
- twisted.conch.ssh now supports the curve25519-sha256 key
exchange algorithm
- twisted.conch.ssh.keys can now write private keys in the new
"openssh-key-v1" format, introduced in OpenSSH 6.5 and made the
default in OpenSSH 7.8. ckeygen has a corresponding new
--private-key-subtype=v1 option.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
