Fetching contributors…
Cannot retrieve contributors at this time
21 lines (15 sloc) 573 Bytes

What's new in Tornado 2.2.1

Apr 23, 2012

Security fixes

  • tornado.web.RequestHandler.set_header now properly sanitizes input values to protect against header injection, response splitting, etc. (it has always attempted to do this, but the check was incorrect). Note that redirects, the most likely source of such bugs, are protected by a separate check in .RequestHandler.redirect.

Bug fixes

  • Colored logging configuration in tornado.options is compatible with Python 3.2.3 (and 3.3).