Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update maintainer informationv0.9.0 | Bert JW Regeer | 2016-04-15 | 1 | -2/+2 |
| | |||||
* | Prep for 0.9.0 | Bert JW Regeer | 2016-04-15 | 2 | -398/+20 |
| | |||||
* | Add history to docs | Bert JW Regeer | 2016-04-15 | 1 | -0/+1 |
| | |||||
* | Copy from CHANGES to HISTORY | Bert JW Regeer | 2016-04-15 | 1 | -0/+385 |
| | |||||
* | Prep for 0.9.0b1v0.9.0b1 | Bert JW Regeer | 2016-04-09 | 2 | -1/+9 |
| | |||||
* | Merge pull request #124 from NextThought/fix.122 | Bert JW Regeer | 2016-03-26 | 4 | -4/+28 |
|\ | | | | | | | | | Check header names and status for line feed/carriage return. Fixes #122 | ||||
| * | Check header names and status for line feed/carriage return. Fixes #122 | Jason Madden | 2016-03-19 | 4 | -4/+28 |
|/ | |||||
* | Missed updating CHANGES | Bert JW Regeer | 2016-03-16 | 1 | -2/+2 |
| | |||||
* | Bump version due to semver0.9.0b0 | Bert JW Regeer | 2016-03-16 | 1 | -1/+1 |
| | | | | Good catch by Tres | ||||
* | Prep for 0.8.11b00.8.11b0 | Bert JW Regeer | 2016-03-15 | 2 | -3/+3 |
| | |||||
* | Ignore build dir | Bert JW Regeer | 2016-03-15 | 1 | -0/+1 |
| | |||||
* | Really remove Python 3.2 support | Bert JW Regeer | 2016-03-15 | 2 | -1/+2 |
| | |||||
* | Remove Python 3.2 support | Bert JW Regeer | 2016-03-15 | 3 | -24/+76 |
| | |||||
* | Merge branch 'fix/app_iter_falsy' | Bert JW Regeer | 2016-03-15 | 3 | -2/+8 |
|\ | | | | | | | Closes pr #82 | ||||
| * | Merge master into branch | Bert JW Regeer | 2016-03-15 | 3 | -0/+16 |
| |\ | |/ |/| | |||||
* | | Merge pull request #121 from Pylons/feature/header_seatbelt | Bert JW Regeer | 2016-01-03 | 3 | -0/+16 |
|\ \ | | | | | | | Disallow control characters (\n\r) in start_response's headers | ||||
| * | | CHANGES | Bert JW Regeer | 2016-01-03 | 1 | -0/+5 |
| | | | |||||
| * | | Check headers for line feed/carriage return chars | Bert JW Regeer | 2016-01-03 | 1 | -0/+4 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | HTTP Response Splitting (https://www.owasp.org/index.php/HTTP_Response_Splitting) could potentially allow an attacker that is able to inject content into a HTTP header (Location tends to be used) to send a response that will be treated differently by the receiving client. The fix used here is to raise ValueError from within start_response(), using something similar to what mod_wsgi does by validating the header values (seen here: https://github.com/GrahamDumpleton/mod_wsgi/blob/develop/src/server/wsgi_validate.c#L134-L168) It's a seatbelt, applications should not be returning headers with control characters within the header, but it's hard to argue against such a small change when it could have a large security impact for applications serving WSGI apps with waitress. | ||||
| * | | Add failing test | Bert JW Regeer | 2016-01-03 | 1 | -0/+7 |
|/ / | |||||
| * | Add changelog entry | Bert JW Regeer | 2015-12-20 | 1 | -0/+6 |
| | | |||||
| * | Fix test for __bool__ | Bert JW Regeer | 2015-12-20 | 1 | -1/+1 |
| | | |||||
| * | Remove __nonzero__ and bool from FileBasedBuffer | Bert JW Regeer | 2015-12-20 | 1 | -1/+1 |
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | FileBasedBuffer is the parent class for a variety of sub-classes, including ReadOnlyFileBasedBuffer. Since FileBasedBuffer can be used as an app_iter return (and by extension it's sub-classes can as well) it should probably behave more like an iterator, and the file returned from open(). Even if an iterator contains no more objects, calling bool() will still return True, in the case of FileBasedBuffer this is not true until this fix. ---- Without this fix, if an application calls a second WSGI application that returns an wsgi.file_wrapper (aka ReadOnlyFileBasedBuffer) they can't simply test to see if the application returned a valid iterator or not by testing it's truthiness. This is documented in bug report: https://github.com/Pylons/waitress/issues/76 While one could argue that testing the truthiness of a return from an WSGI application is the wrong thing to do, I would argue that an iterator like object should not return False when tested with bool. bool(iter([])) == True after all. | ||||
* | Merge branch 'bugfix/prune_buffer' | Bert JW Regeer | 2015-12-20 | 3 | -1/+7 |
|\ | | | | | | | Closes #111 #113 #115 | ||||
| * | Add changes for #113 | Bert JW Regeer | 2015-12-20 | 1 | -1/+3 |
| | | |||||
| * | Merge branch 'sign_contributor' from yuzhougit | Bert JW Regeer | 2015-12-20 | 1 | -0/+2 |
| |\ | | | | | | | | | | CONTRIBUTORS.txt signed by Yu Zhou | ||||
| | * | sign Yu Zhou as contributors | yuzhougit | 2015-09-24 | 1 | -0/+2 |
| | | | |||||
| * | | Merge branch 'issue111' from yuzhougit | Bert JW Regeer | 2015-12-20 | 1 | -0/+2 |
| |\ \ |/ / / | | | | | | | | | | | | | This adds a check to see if the output buffer has a function named prune() and calls it to clear the buffer so that on long running connections the buffer doesn't continue to grow without bounds. | ||||
| * | | call prune to free occupied memory by output buffer | Yu Zhou | 2015-09-18 | 1 | -0/+2 |
| |/ | |||||
* | | Merge pull request #114 from bertjwregeer/sign | Tres Seaver | 2015-09-23 | 1 | -0/+2 |
|\ \ | |/ |/| | Forgot to sign contributors | ||||
| * | Forgot to sign contributors | Bert JW Regeer | 2015-09-23 | 1 | -0/+2 |
|/ | |||||
* | bleh, wrong date | Chris McDonough | 2015-09-02 | 1 | -1/+1 |
| | |||||
* | vb | Chris McDonough | 2015-09-02 | 2 | -1/+6 |
| | |||||
* | prep for 0.8.100.8.10 | Chris McDonough | 2015-09-02 | 2 | -3/+3 |
| | |||||
* | add py35 to tox.ini | Chris McDonough | 2015-06-21 | 1 | -1/+1 |
| | |||||
* | add support for Python 3.5 (apparent regression in *arg parsing, fix ↵ | Chris McDonough | 2015-06-21 | 4 | -3/+4 |
| | | | | traceback matching), closes #105 | ||||
* | Merge pull request #102 from bwarren2/feature/informative-errors | Tres Seaver | 2015-06-16 | 4 | -0/+72 |
|\ | | | | | Add exception info | ||||
| * | Doc changes | Ben Warren | 2015-05-17 | 2 | -0/+4 |
| | | |||||
| * | Fix cross-python-version quoting problem in regex. | Ben Warren | 2015-05-17 | 1 | -1/+1 |
| | | |||||
| * | Add tests, tweak printing. | Ben Warren | 2015-05-17 | 2 | -7/+60 |
| | | |||||
| * | Adding exception info. | Ben Warren | 2015-05-17 | 1 | -0/+15 |
|/ | |||||
* | Merge pull request #99 from stevepiercy/master | Chris McDonough | 2015-04-23 | 1 | -0/+3 |
|\ | | | | | add rtd.txt so that RTD will build | ||||
| * | add rtd.txt so that RTD will build | Steve Piercy | 2015-04-23 | 1 | -0/+3 |
| | | | | | | | | Need @mcdonc to add it to the configuration on the RTD | ||||
* | | Merge pull request #98 from stevepiercy/master | Michael Merickel | 2015-04-23 | 1 | -5/+1 |
|\ \ | |/ | | | update tox to use [docs] | ||||
| * | update tox to use [docs] | Steve Piercy | 2015-04-23 | 1 | -5/+1 |
|/ | |||||
* | Merge pull request #97 from stevepiercy/master | Steve Piercy | 2015-04-21 | 1 | -0/+1 |
|\ | | | | | - add pylons-sphinx-themes to tox.ini | ||||
| * | - add pylons-sphinx-themes to tox.ini | Steve Piercy | 2015-04-21 | 1 | -0/+1 |
|/ | |||||
* | Merge pull request #96 from stevepiercy/master | Steve Piercy | 2015-04-21 | 3 | -21/+5 |
|\ | | | | | use pylons-sphinx-themes instead of git submodule to build docs | ||||
| * | - add conf.py changes | Steve Piercy | 2015-04-21 | 1 | -21/+2 |
| | | |||||
| * | - sign contributors.txt | Steve Piercy | 2015-04-21 | 2 | -0/+3 |
|/ | | | | - use pylons-sphinx-themes instead of git submodule to build docs | ||||
* | Merge branch 'hathawsh-master' | Chris McDonough | 2015-04-20 | 6 | -34/+22 |
|\ |