Skip to content
Commits on Dec 28, 2011
  1. @defnull

    Release of 0.10.7

    defnull committed Dec 28, 2011
  2. @defnull

    fix: Workaround for a hash collision DoS vulnerability in CPython dicts.

    If the language does not provide a randomized hash function or the
    application server does not recognize attacks using multi-collisions,
    an attacker can degenerate the hash table by sending lots of colliding
    keys. The algorithmic complexity of inserting n elements into the table
    then goes to O(n**2), making it possible to exhaust hours of CPU time
    using a single HTTP request.
    
    This workaround limits the number of GET, POST and cookie parameters to
    a reasonable maximum of 100 key/value pairs per request, reducing the
    effectiveness of such attacks. Normal web applications should not need
    to process more than 100 parameters per request, but this limit can be
    changed by setting Request.MAX_PARAMS to a different value.
    
    Some links:
    https://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/
    http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html
    http://www.nruns.com/_downloads/advisory28122011.pdf
    defnull committed Dec 28, 2011
Commits on Dec 23, 2011
  1. @defnull
Commits on Dec 22, 2011
  1. @defnull

    Release of 0.10.6

    defnull committed Dec 22, 2011
  2. @defnull

    Fixed a bug in HTTPError.__repr__. The repr() builtin breaks for non-…

    …ascii
    
    unicode strings.
    defnull committed Dec 22, 2011
  3. @defnull

    Release of 0.10.5

    defnull committed Dec 22, 2011
  4. @defnull

    fix #268: Bug in backported code (NameError: _e)

    Thanks to Bender Rodriges and John R. Isidore
    defnull committed Dec 22, 2011
Commits on Dec 17, 2011
  1. @defnull

    Release of 0.10.4

    defnull committed Dec 17, 2011
  2. @defnull
Commits on Dec 14, 2011
  1. @defnull

    Release of 0.10.3

    defnull committed Dec 14, 2011
  2. @iurisilvio @defnull
Commits on Dec 2, 2011
  1. @defnull

    Release of 0.10.2

    defnull committed Dec 2, 2011
Commits on Dec 1, 2011
  1. @defnull

    docs: Command-line interface

    defnull committed Dec 1, 2011
  2. @defnull
Commits on Nov 26, 2011
  1. @defnull

    docs: New stable release.

    defnull committed Nov 26, 2011
  2. @defnull

    Release of 0.10.1

    defnull committed Nov 26, 2011
  3. @defnull
  4. @defnull
  5. @defnull

    docs: Typo

    defnull committed Nov 26, 2011
Commits on Nov 24, 2011
  1. @defnull
Commits on Nov 22, 2011
  1. @defnull

    fix: Workaround for bug in functools.update_wrapper() (fixes #223 #224)

    Thanks to Brian Wickman
    defnull committed Nov 22, 2011
Commits on Nov 16, 2011
  1. @defnull

    First release candidate for 0.10

    defnull committed Nov 16, 2011
  2. @defnull
  3. @defnull

    Micro optimizations :)

    defnull committed Nov 16, 2011
  4. @defnull

    Addd G+ link to homepage.

    defnull committed Nov 16, 2011
Commits on Nov 15, 2011
  1. @defnull
  2. @defnull

    fix #240: run(reloader=True) now handles SyntaxError and ImportError …

    …exceptions raised by a dynamically loaded application, plugin or server adapter.
    defnull committed Nov 15, 2011
  3. @defnull

    Code cleanup.

    defnull committed Nov 15, 2011
  4. @defnull

    Fixed Makefile target: release

    defnull committed Nov 15, 2011
  5. @defnull

    docs: Explained FormsDict

    defnull committed Nov 15, 2011
  6. @defnull
  7. @defnull
  8. @defnull

    fix: Python 3.x only bug in SimpleTemplate. Templates with an encodin…

    …g other than the system default raised UnicodeError.
    defnull committed Nov 15, 2011
  9. @defnull

    Cleanup.

    defnull committed Nov 15, 2011
  10. @defnull
Something went wrong with that request. Please try again.