Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix fapws3 linkrelease-0.10 | Marcel Hellkamp | 2022-09-05 | 2 | -2/+2 |
| | |||||
* | Added 3.4 test environment to travis config | Marcel Hellkamp | 2014-04-29 | 1 | -0/+1 |
| | |||||
* | Release of 0.10.12 (Security fix)0.10.12 | Marcel Hellkamp | 2014-04-29 | 1 | -1/+1 |
| | |||||
* | fix #616: Json content-type not restrictive enough | Marcel Hellkamp | 2014-04-29 | 2 | -1/+11 |
| | | | | Possible security issue. See https://github.com/defnull/bottle/issues/616 for details. | ||||
* | Added travis configuration | Marcel Hellkamp | 2014-02-07 | 2 | -0/+35 |
| | |||||
* | Makefile: A release always pushes to public repository now. | Marcel Hellkamp | 2012-10-11 | 1 | -1/+5 |
| | |||||
* | Release of 0.10.110.10.11 | Marcel Hellkamp | 2012-06-26 | 1 | -1/+1 |
| | |||||
* | fix: Fixes unicode problems with request.query and request.forms (fix #342 ↵ | Marcel Hellkamp | 2012-06-26 | 2 | -7/+30 |
| | | | | fix #344 fix #339) | ||||
* | Release of 0.10.100.10.10 | Marcel Hellkamp | 2012-06-25 | 1 | -1/+1 |
| | |||||
* | fix: Unicode errors with Python 3.2+ POST parameters. (fix #344, fix #349) | Marcel Hellkamp | 2012-06-25 | 3 | -16/+31 |
| | |||||
* | Release of 0.10.9 (bugfix release)0.10.9 | Marcel Hellkamp | 2012-02-11 | 1 | -1/+1 |
| | |||||
* | fix: Subtile bug in stpl parser. '.%' was recognized as code line. | Marcel Hellkamp | 2012-02-11 | 1 | -1/+2 |
| | |||||
* | Release of 0.10.8 (bugfix release)0.10.8 | Marcel Hellkamp | 2012-02-10 | 1 | -1/+1 |
| | |||||
* | fix #281: DeprecationWarning in Botle.mount() and typo. | Marcel Hellkamp | 2012-02-10 | 1 | -2/+2 |
| | | | | Thanks chicha | ||||
* | Release of 0.10.70.10.7 | Marcel Hellkamp | 2011-12-28 | 1 | -1/+1 |
| | |||||
* | fix: Workaround for a hash collision DoS vulnerability in CPython dicts. | Marcel Hellkamp | 2011-12-28 | 2 | -8/+27 |
| | | | | | | | | | | | | | | | | | | | | If the language does not provide a randomized hash function or the application server does not recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys. The algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request. This workaround limits the number of GET, POST and cookie parameters to a reasonable maximum of 100 key/value pairs per request, reducing the effectiveness of such attacks. Normal web applications should not need to process more than 100 parameters per request, but this limit can be changed by setting Request.MAX_PARAMS to a different value. Some links: https://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/ http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html http://www.nruns.com/_downloads/advisory28122011.pdf | ||||
* | Fixing release target in Makefile. | Marcel Hellkamp | 2011-12-23 | 1 | -3/+3 |
| | |||||
* | Release of 0.10.60.10.6 | Marcel Hellkamp | 2011-12-22 | 1 | -1/+1 |
| | |||||
* | Fixed a bug in HTTPError.__repr__. The repr() builtin breaks for non-ascii | Marcel Hellkamp | 2011-12-22 | 2 | -1/+6 |
| | | | | unicode strings. | ||||
* | Release of 0.10.50.10.5 | Marcel Hellkamp | 2011-12-22 | 1 | -1/+1 |
| | |||||
* | fix #268: Bug in backported code (NameError: _e) | Marcel Hellkamp | 2011-12-22 | 1 | -1/+1 |
| | | | | Thanks to Bender Rodriges and John R. Isidore | ||||
* | Release of 0.10.40.10.4 | Marcel Hellkamp | 2011-12-17 | 1 | -1/+1 |
| | |||||
* | fix #267: Possible XSS vulnerability on internal server errors. | Marcel Hellkamp | 2011-12-17 | 1 | -5/+7 |
| | |||||
* | Release of 0.10.30.10.3 | Marcel Hellkamp | 2011-12-14 | 1 | -1/+1 |
| | |||||
* | Solving float_filter bug and testing it. | Iuri de Silvio | 2011-12-14 | 2 | -2/+11 |
| | |||||
* | Release of 0.10.20.10.2 | Marcel Hellkamp | 2011-12-02 | 1 | -1/+1 |
| | |||||
* | docs: Command-line interface | Marcel Hellkamp | 2011-12-01 | 2 | -1/+48 |
| | |||||
* | Print CLI help if called without parameters. | Marcel Hellkamp | 2011-12-01 | 1 | -1/+3 |
| | |||||
* | docs: New stable release. | Marcel Hellkamp | 2011-11-26 | 1 | -2/+2 |
| | |||||
* | Release of 0.10.10.10.1 | Marcel Hellkamp | 2011-11-26 | 1 | -1/+1 |
| | |||||
* | Added git-commit to "make release". | Marcel Hellkamp | 2011-11-26 | 1 | -0/+1 |
| | |||||
* | docs: changelog and contributor list. | Marcel Hellkamp | 2011-11-26 | 1 | -13/+71 |
| | |||||
* | docs: Typo | Marcel Hellkamp | 2011-11-26 | 1 | -0/+1 |
| | |||||
* | docs: Merging 0.11 doc layout changes. | Marcel Hellkamp | 2011-11-24 | 5 | -21/+42 |
| | |||||
* | fix: Workaround for bug in functools.update_wrapper() (fixes #223 #224) | Marcel Hellkamp | 2011-11-22 | 2 | -1/+15 |
| | | | | Thanks to Brian Wickman | ||||
* | First release candidate for 0.10 | Marcel Hellkamp | 2011-11-16 | 1 | -1/+1 |
| | |||||
* | fix: load_app now returns any callable, not only Bottle instances. | Marcel Hellkamp | 2011-11-16 | 1 | -1/+1 |
| | |||||
* | Micro optimizations :) | Marcel Hellkamp | 2011-11-16 | 1 | -4/+3 |
| | |||||
* | Addd G+ link to homepage. | Marcel Hellkamp | 2011-11-16 | 1 | -0/+1 |
| | |||||
* | Added --version command-line argument. | Marcel Hellkamp | 2011-11-16 | 1 | -3/+9 |
| | |||||
* | fix #240: run(reloader=True) now handles SyntaxError and ImportError ↵ | Marcel Hellkamp | 2011-11-15 | 1 | -87/+86 |
| | | | | exceptions raised by a dynamically loaded application, plugin or server adapter. | ||||
* | Code cleanup. | Marcel Hellkamp | 2011-11-15 | 1 | -10/+8 |
| | |||||
* | Fixed Makefile target: release | Marcel Hellkamp | 2011-11-15 | 2 | -2/+3 |
| | |||||
* | docs: Explained FormsDict | Marcel Hellkamp | 2011-11-15 | 1 | -6/+9 |
| | |||||
* | fix: I broke "bottle.py --help" some commits ago. | Marcel Hellkamp | 2011-11-15 | 1 | -12/+13 |
| | |||||
* | Added Python 2.5 deprecation warning. | Marcel Hellkamp | 2011-11-15 | 1 | -0/+6 |
| | |||||
* | fix: Python 3.x only bug in SimpleTemplate. Templates with an encoding other ↵ | Marcel Hellkamp | 2011-11-15 | 1 | -1/+1 |
| | | | | than the system default raised UnicodeError. | ||||
* | Cleanup. | Marcel Hellkamp | 2011-11-15 | 1 | -14/+9 |
| | |||||
* | fix #247: Correcting set_cookie docstring. | Marcel Hellkamp | 2011-11-15 | 1 | -1/+1 |
| | |||||
* | fix #251: Undefined start_response variable in Bottle.mount() | Marcel Hellkamp | 2011-11-15 | 1 | -3/+3 |
| | | | | fix: Support for huge body iterators returned by mounted apps. |