Safety vulnerability ID: 49027
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Pheonix-waitress 1.0.0 includes a fix for CVE-2015-0219.
https://www.djangoproject.com/weblog/2015/jan/13/security/
Latest version: 2.1.1.2
Pheonix fork of the Waitress WSGI server
------------------
Bugfixes
~~~~~~~~
- Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an
issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on
hosts where there is no internet connection but localhost is requested to be
bound to. See https://github.com/Pylons/waitress/issues/131 for more
information.
Deprecations
~~~~~~~~~~~~
- Python 2.6 is no longer supported.
Features
~~~~~~~~
- IPv6 support
- Waitress is now able to listen on multiple sockets, including IPv4 and IPv6.
Instead of passing in a host/port combination you now provide waitress with a
space delineated list, and it will create as many sockets as required.
.. code-block:: python
from waitress import serve
serve(wsgiapp, listen='0.0.0.0:8080 [::]:9090 *:6543')
Security
~~~~~~~~
- Waitress will now drop HTTP headers that contain an underscore in the key
when received from a client. This is to stop any possible underscore/dash
conflation that may lead to security issues. See
https://github.com/Pylons/waitress/pull/80 and
https://www.djangoproject.com/weblog/2015/jan/13/security/
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application