permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
sdist generation now explicitly excludes sphinx build folder (:pr:3257)
decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
raise correct Exception when encounting invalid chunked requests (:pr:3258)
the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)
** NOTE **
The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0
** Breaking changes **
refuse requests where the uri field is empty (:pr:3255)
refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
coverage: 91.635%. remained the same
when pulling 8951904201ed08a1c902c8e6a89c3b358c453117 on dependabot/pip/gunicorn-23.0.0
into e78c3be3ba07aff37fa18abf9e390e920325555b on main.
Bumps gunicorn from 22.0.0 to 23.0.0.
Release notes
Sourced from gunicorn's releases.
Commits
411986d
fix doc334392e
Merge pull request #2559 from laggardkernel/bugfix/reexec-enve75c353
Merge pull request #3189 from pajod/patch-py369357b28
keep document user in access_log_format setting79fdef0
bump to 23.0.03acd9fb
Merge pull request #2620 from talkerbox/improve-access-log-format-docs3f56d76
Merge pull request #3192 from pajod/patch-allowed-script-name256d474
docs: revert duped directiveffa48b5
test: default change was intentional52538ca
docs: recommend SCRIPT_NAME=/subfolderDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show