Update dependency gunicorn to v23
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
gunicorn (changelog) | prod | major |
^22.0.0 -> ^23.0.0
|
gunicorn (changelog) | major |
==22.0.0 -> ==23.0.0
|
Release Notes
benoitc/gunicorn (gunicorn)
v23.0.0
Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety
You're invited to upgrade asap your own installation.
23.0.0 - 2024-08-10
- minor docs fixes (
🇵🇷 3217
,🇵🇷 3089
,🇵🇷 3167
) - worker_class parameter accepts a class (
🇵🇷 3079
) - fix deadlock if request terminated during chunked parsing (
🇵🇷 2688
) - permit receiving Transfer-Encodings: compress, deflate, gzip (
🇵🇷 3261
) - permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (
🇵🇷 3261
) - sdist generation now explicitly excludes sphinx build folder (
🇵🇷 3257
) - decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising
TypeError
(🇵🇷 2336
) - raise correct Exception when encounting invalid chunked requests (
🇵🇷 3258
) - the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (
🇵🇷 3192
) - include IPv6 loopback address
[::1]
in default for :ref:forwarded-allow-ips
and :ref:proxy-allow-ips
(🇵🇷 3192
)
** NOTE **
- The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
- Review your :ref:
forwarded-allow-ips
setting if you are still not seeing the SCRIPT_NAME transmitted - Review your :ref:
forwarder-headers
setting if you are missing headers after upgrading from a version prior to 22.0.0
** Breaking changes **
- refuse requests where the uri field is empty (
🇵🇷 3255
) - refuse requests with invalid CR/LR/NUL in heade field values (
🇵🇷 3253
) - remove temporary
--tolerate-dangerous-framing
switch from 22.0 (🇵🇷 3260
) - If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.
Fix CVE-2024-1135
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.