summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update maintainer informationv0.9.0Bert JW Regeer2016-04-151-2/+2
|
* Prep for 0.9.0Bert JW Regeer2016-04-152-398/+20
|
* Add history to docsBert JW Regeer2016-04-151-0/+1
|
* Copy from CHANGES to HISTORYBert JW Regeer2016-04-151-0/+385
|
* Prep for 0.9.0b1v0.9.0b1Bert JW Regeer2016-04-092-1/+9
|
* Merge pull request #124 from NextThought/fix.122Bert JW Regeer2016-03-264-4/+28
|\ | | | | | | | | Check header names and status for line feed/carriage return. Fixes #122
| * Check header names and status for line feed/carriage return. Fixes #122Jason Madden2016-03-194-4/+28
|/
* Missed updating CHANGESBert JW Regeer2016-03-161-2/+2
|
* Bump version due to semver0.9.0b0Bert JW Regeer2016-03-161-1/+1
| | | | Good catch by Tres
* Prep for 0.8.11b00.8.11b0Bert JW Regeer2016-03-152-3/+3
|
* Ignore build dirBert JW Regeer2016-03-151-0/+1
|
* Really remove Python 3.2 supportBert JW Regeer2016-03-152-1/+2
|
* Remove Python 3.2 supportBert JW Regeer2016-03-153-24/+76
|
* Merge branch 'fix/app_iter_falsy'Bert JW Regeer2016-03-153-2/+8
|\ | | | | | | Closes pr #82
| * Merge master into branchBert JW Regeer2016-03-153-0/+16
| |\ | |/ |/|
* | Merge pull request #121 from Pylons/feature/header_seatbeltBert JW Regeer2016-01-033-0/+16
|\ \ | | | | | | Disallow control characters (\n\r) in start_response's headers
| * | CHANGESBert JW Regeer2016-01-031-0/+5
| | |
| * | Check headers for line feed/carriage return charsBert JW Regeer2016-01-031-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | HTTP Response Splitting (https://www.owasp.org/index.php/HTTP_Response_Splitting) could potentially allow an attacker that is able to inject content into a HTTP header (Location tends to be used) to send a response that will be treated differently by the receiving client. The fix used here is to raise ValueError from within start_response(), using something similar to what mod_wsgi does by validating the header values (seen here: https://github.com/GrahamDumpleton/mod_wsgi/blob/develop/src/server/wsgi_validate.c#L134-L168) It's a seatbelt, applications should not be returning headers with control characters within the header, but it's hard to argue against such a small change when it could have a large security impact for applications serving WSGI apps with waitress.
| * | Add failing testBert JW Regeer2016-01-031-0/+7
|/ /
| * Add changelog entryBert JW Regeer2015-12-201-0/+6
| |
| * Fix test for __bool__Bert JW Regeer2015-12-201-1/+1
| |
| * Remove __nonzero__ and bool from FileBasedBufferBert JW Regeer2015-12-201-1/+1
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | FileBasedBuffer is the parent class for a variety of sub-classes, including ReadOnlyFileBasedBuffer. Since FileBasedBuffer can be used as an app_iter return (and by extension it's sub-classes can as well) it should probably behave more like an iterator, and the file returned from open(). Even if an iterator contains no more objects, calling bool() will still return True, in the case of FileBasedBuffer this is not true until this fix. ---- Without this fix, if an application calls a second WSGI application that returns an wsgi.file_wrapper (aka ReadOnlyFileBasedBuffer) they can't simply test to see if the application returned a valid iterator or not by testing it's truthiness. This is documented in bug report: https://github.com/Pylons/waitress/issues/76 While one could argue that testing the truthiness of a return from an WSGI application is the wrong thing to do, I would argue that an iterator like object should not return False when tested with bool. bool(iter([])) == True after all.
* Merge branch 'bugfix/prune_buffer'Bert JW Regeer2015-12-203-1/+7
|\ | | | | | | Closes #111 #113 #115
| * Add changes for #113Bert JW Regeer2015-12-201-1/+3
| |
| * Merge branch 'sign_contributor' from yuzhougitBert JW Regeer2015-12-201-0/+2
| |\ | | | | | | | | | CONTRIBUTORS.txt signed by Yu Zhou
| | * sign Yu Zhou as contributorsyuzhougit2015-09-241-0/+2
| | |
| * | Merge branch 'issue111' from yuzhougitBert JW Regeer2015-12-201-0/+2
| |\ \ |/ / / | | | | | | | | | | | | This adds a check to see if the output buffer has a function named prune() and calls it to clear the buffer so that on long running connections the buffer doesn't continue to grow without bounds.
| * | call prune to free occupied memory by output bufferYu Zhou2015-09-181-0/+2
| |/
* | Merge pull request #114 from bertjwregeer/signTres Seaver2015-09-231-0/+2
|\ \ | |/ |/| Forgot to sign contributors
| * Forgot to sign contributorsBert JW Regeer2015-09-231-0/+2
|/
* bleh, wrong dateChris McDonough2015-09-021-1/+1
|
* vbChris McDonough2015-09-022-1/+6
|
* prep for 0.8.100.8.10Chris McDonough2015-09-022-3/+3
|
* add py35 to tox.iniChris McDonough2015-06-211-1/+1
|
* add support for Python 3.5 (apparent regression in *arg parsing, fix ↵Chris McDonough2015-06-214-3/+4
| | | | traceback matching), closes #105
* Merge pull request #102 from bwarren2/feature/informative-errorsTres Seaver2015-06-164-0/+72
|\ | | | | Add exception info
| * Doc changesBen Warren2015-05-172-0/+4
| |
| * Fix cross-python-version quoting problem in regex.Ben Warren2015-05-171-1/+1
| |
| * Add tests, tweak printing.Ben Warren2015-05-172-7/+60
| |
| * Adding exception info.Ben Warren2015-05-171-0/+15
|/
* Merge pull request #99 from stevepiercy/masterChris McDonough2015-04-231-0/+3
|\ | | | | add rtd.txt so that RTD will build
| * add rtd.txt so that RTD will buildSteve Piercy2015-04-231-0/+3
| | | | | | | | Need @mcdonc to add it to the configuration on the RTD
* | Merge pull request #98 from stevepiercy/masterMichael Merickel2015-04-231-5/+1
|\ \ | |/ | | update tox to use [docs]
| * update tox to use [docs]Steve Piercy2015-04-231-5/+1
|/
* Merge pull request #97 from stevepiercy/masterSteve Piercy2015-04-211-0/+1
|\ | | | | - add pylons-sphinx-themes to tox.ini
| * - add pylons-sphinx-themes to tox.iniSteve Piercy2015-04-211-0/+1
|/
* Merge pull request #96 from stevepiercy/masterSteve Piercy2015-04-213-21/+5
|\ | | | | use pylons-sphinx-themes instead of git submodule to build docs
| * - add conf.py changesSteve Piercy2015-04-211-21/+2
| |
| * - sign contributors.txtSteve Piercy2015-04-212-0/+3
|/ | | | - use pylons-sphinx-themes instead of git submodule to build docs
* Merge branch 'hathawsh-master'Chris McDonough2015-04-206-34/+22
|\
View Lorry Controller Status