Permalink
Commits on Jun 26, 2014
Commits on Jun 4, 2014
  1. Set version number to 3.2.2

    bdarnell committed Jun 4, 2014
Commits on May 27, 2014
  1. Add the option to request an older xsrf cookie version.

    Fix an issue with v1 cookies on py32.
    bdarnell committed May 27, 2014
  2. Change the xsrf cookie format to be masked with a random salt.

    This protects against the BREACH attack.
    bdarnell committed May 26, 2014
  3. Small security improvements to xsrf tokens; add tests.

    Use os.urandom(16) instead of uuid.uuid4(), to reclaim a few bits of
    entropy.  Use _time_independent_equals for comparison.
    bdarnell committed May 26, 2014
Commits on May 14, 2014
Commits on May 6, 2014
  1. Set version number to 3.2.1

    bdarnell committed May 6, 2014
  2. v3.2.1 release notes

    bdarnell committed May 6, 2014
  3. Add a v2 secure cookie format.

    This format fixes some weaknesses in the original format that would allow
    characters to be shifted from the "value" field to the "name" or "timestamp"
    fields.  It also upgrades the signature from HMAC-SHA1 to HMAC-SHA256,
    adds an explicit version field, and adds an as-yet-unused field to
    support key rotation in the future.
    bdarnell committed May 5, 2014
  4. Add SystemError to errors from compilation

    OSX generates a SystemError from a missing compiler; trap with other
    compilation errors.
    matthew-brett committed with bdarnell Apr 8, 2014
Commits on Apr 16, 2014
  1. Merge pull request #1037 from toanant/patch-1

    Update overview.rst with typos in nginx conf.
    bdarnell committed Apr 16, 2014
  2. Update overview.rst with typos in nginx conf.

    Minor correction in the production nginx server conf with proxy_redirect as off; previously it was false.
    toanant committed Apr 16, 2014
Commits on Jan 17, 2014
  1. Reinstate the 'cd maint' in .travis.yml.

    This turned out to be breaking the speedups module.
    bdarnell committed Jan 17, 2014
  2. Add a new TORNADO_EXTENSION environment variable for testing purposes.

    This variable can be set to 0 to suppress or 1 to require the use of the
    extension (instead of the default to use it when it is available but silently
    fall back).  Require the extension to be present on travis-ci.
    bdarnell committed Jan 17, 2014
Commits on Jan 16, 2014
  1. Merge pull request #973 from cgohlke/patch-1

    Fix msvc compile error and improve 64 bit compatibility
    bdarnell committed Jan 16, 2014
Commits on Jan 15, 2014
Commits on Jan 14, 2014
  1. Set version number to 3.2.

    bdarnell committed Jan 14, 2014
  2. Finalize 3.2 release notes

    bdarnell committed Jan 14, 2014
Commits on Jan 11, 2014
  1. Pin pycurl on travis to <7.19.3, removing it from py3.x.

    SSL issues prevent pycurl 7.19.3 from being installed on travis.
    bdarnell committed Jan 11, 2014
Commits on Jan 10, 2014
Commits on Jan 8, 2014
  1. Set version number to 3.2b2

    bdarnell committed Jan 8, 2014
Commits on Jan 7, 2014
  1. Add trollius (py2 backport of asyncio) to tox config.

    This passes the twisted integration tests but currently has some issues
    with pycurl.
    bdarnell committed Jan 7, 2014