diff options
author | Bert JW Regeer <bertjw@regeer.org> | 2019-12-23 14:59:43 +0100 |
---|---|---|
committer | Bert JW Regeer <bertjw@regeer.org> | 2019-12-23 15:09:25 +0100 |
commit | de3324dd2126ce7ae1e55411f2684c333d96d62b (patch) | |
tree | a38e10f77c843a4375453ffa63240787db2f4ddd | |
parent | 3bcd690f3a068e63faae898f255df047e1ae884c (diff) | |
download | waitress-de3324dd2126ce7ae1e55411f2684c333d96d62b.tar.gz |
Add documentation for security issue
-rw-r--r-- | CHANGES.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index acc8510..ccc1231 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,17 @@ +1.4.1 (2019-12-??) +------------------ + +Security Fixes +~~~~~~~~~~~~~~ + +- Waitress did not properly validate that the HTTP headers it received were + properly formed, thereby potentially allowing a front-end server to treat a + request different from Waitress. This could lead to HTTP request + smuggling/splitting. + + Please see the security advisory for more information: + https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 + 1.4.0 (2019-12-20) ------------------ |