1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
Unreleased
----------
Features
~~~~~~~~
- Waitress has increased it's support of the X-Forwarded-* headers and includes
Forwarded (RFC7239) support. This may be used to allow proxy servers to
influence the WSGI environment. See
https://github.com/Pylons/waitress/pull/209
This also provides a new security feature when using Waitress behind a proxy
in that it is possible to remove untrusted proxy headers thereby making sure
that downstream WSGI applications don't accidentally use those proxy headers
to make security decisions.
The documentation has more information, see the following new arguments:
- trusted_proxy_count
- trusted_proxy_headers
- clear_untrusted_proxy_headers
- log_untrusted_proxy_headers (useful for debugging)
Be aware that the defaults for these are currently backwards compatible with
older versions of Waitress, this will change in a future release of waitress.
If you expect to need this behaviour please explicitly set these variables in
your configuration, or pin this version of waitress.
- Waitress can now accept a list of sockets that are already pre-bound rather
than creating its own to allow for socket activation. Support for init
systems/other systems that create said activated sockets is not included. See
https://github.com/Pylons/waitress/pull/215
- Server header can be omitted by specifying `ident=None` or `ident=''`.
See https://github.com/Pylons/waitress/pull/187
Bugfixes
~~~~~~~~
- Waitress will no longer send Transfer-Encoding or Content-Length for 1xx,
204, or 304 responses, and will completely ignore any message body sent by
the WSGI application, making sure to follow the HTTP standard. See
https://github.com/Pylons/waitress/pull/166,
https://github.com/Pylons/waitress/issues/165,
https://github.com/Pylons/waitress/issues/152, and
https://github.com/Pylons/waitress/pull/202
Compatibility
~~~~~~~~~~~~~
- Waitress has now "vendored" asyncore into itself as ``waitress.wasyncore``.
This is to cope with the eventuality that asyncore will be removed from
the Python standard library in 3.8 or so.
Documentation
~~~~~~~~~~~~~
- Bring in documentation of paste.translogger from Pyramid. Reorganize and
clean up documentation. See
https://github.com/Pylons/waitress/pull/205
https://github.com/Pylons/waitress/pull/70
https://github.com/Pylons/waitress/pull/206
1.1.0 (2017-10-10)
------------------
Features
~~~~~~~~
- Waitress now has a __main__ and thus may be called with ``python -mwaitress``
Bugfixes
~~~~~~~~
- Waitress no longer allows lowercase HTTP verbs. This change was made to fall
in line with most HTTP servers. See https://github.com/Pylons/waitress/pull/170
- When receiving non-ascii bytes in the request URL, waitress will no longer
abruptly close the connection, instead returning a 400 Bad Request. See
https://github.com/Pylons/waitress/pull/162 and
https://github.com/Pylons/waitress/issues/64
1.0.2 (2017-02-04)
------------------
Features
~~~~~~~~
- Python 3.6 is now officially supported in Waitress
Bugfixes
~~~~~~~~
- Add a work-around for libc issue on Linux not following the documented
standards. If getnameinfo() fails because of DNS not being available it
should return the IP address instead of the reverse DNS entry, however
instead getnameinfo() raises. We catch this, and ask getnameinfo()
for the same information again, explicitly asking for IP address instead of
reverse DNS hostname. See https://github.com/Pylons/waitress/issues/149 and
https://github.com/Pylons/waitress/pull/153
1.0.1 (2016-10-22)
------------------
Bugfixes
~~~~~~~~
- IPv6 support on Windows was broken due to missing constants in the socket
module. This has been resolved by setting the constants on Windows if they
are missing. See https://github.com/Pylons/waitress/issues/138
- A ValueError was raised on Windows when passing a string for the port, on
Windows in Python 2 using service names instead of port numbers doesn't work
with `getaddrinfo`. This has been resolved by attempting to convert the port
number to an integer, if that fails a ValueError will be raised. See
https://github.com/Pylons/waitress/issues/139
1.0.0 (2016-08-31)
------------------
Bugfixes
~~~~~~~~
- Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an
issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on
hosts where there is no internet connection but localhost is requested to be
bound to. See https://github.com/Pylons/waitress/issues/131 for more
information.
Deprecations
~~~~~~~~~~~~
- Python 2.6 is no longer supported.
Features
~~~~~~~~
- IPv6 support
- Waitress is now able to listen on multiple sockets, including IPv4 and IPv6.
Instead of passing in a host/port combination you now provide waitress with a
space delineated list, and it will create as many sockets as required.
.. code-block:: python
from waitress import serve
serve(wsgiapp, listen='0.0.0.0:8080 [::]:9090 *:6543')
Security
~~~~~~~~
- Waitress will now drop HTTP headers that contain an underscore in the key
when received from a client. This is to stop any possible underscore/dash
conflation that may lead to security issues. See
https://github.com/Pylons/waitress/pull/80 and
https://www.djangoproject.com/weblog/2015/jan/13/security/
|