Changelog
### 23.0.0
```
===================
- minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`)
- worker_class parameter accepts a class (:pr:`3079`)
- fix deadlock if request terminated during chunked parsing (:pr:`2688`)
- permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`)
- permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`)
- sdist generation now explicitly excludes sphinx build folder (:pr:`3257`)
- decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`)
- raise correct Exception when encounting invalid chunked requests (:pr:`3258`)
- the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`)
- include IPv6 loopback address ``[::1]`` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`)
** NOTE **
- The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
- Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted
- Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0
** Breaking changes **
- refuse requests where the uri field is empty (:pr:`3255`)
- refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`)
- remove temporary ``--tolerate-dangerous-framing`` switch from 22.0 (:pr:`3260`)
- If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.
```
### 22.0.0
```
===================
- use `utime` to notify workers liveness
- migrate setup to pyproject.toml
- fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
- parsing additional requests is no longer attempted past unsupported request framing
- on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
- requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
- Trailer fields are no longer inspected for headers indicating secure scheme
- support Python 3.12
** Breaking changes **
- minimum version is Python 3.7
- the limitations on valid characters in the HTTP method have been bounded to Internet Standards
- requests specifying unsupported transfer coding (order) are refused by default (rare)
- HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
- HTTP methods containing the number sign () are no longer accepted by default (rare)
- HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
- HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
- HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
- HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
- requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
- empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
- fix CVE-2024-1135
```
### 21.2.0
```
===================
- fix thread worker: revert change considering connection as idle .
*** NOTE ***
This is fixing the bad file description error.
```
### 21.1.0
```
===================
- fix thread worker: fix socket removal from the queue
```
### 21.0.1
```
===================
- fix documentation build
```
### 21.0.0
```
===================
- support python 3.11
- fix gevent and eventlet workers
- fix threads support (gththread): improve performance and unblock requests
- SSL: now use SSLContext object
- HTTP parser: miscellaneous fixes
- remove unnecessary setuid calls
- fix testing
- improve logging
- miscellaneous fixes to core engine
*** RELEASE NOTE ***
We made this release major to start our new release cycle. More info will be provided on our discussion forum.
================
Changelog - 2024
================
```
### 20.1.0
```
===================
- document WEB_CONCURRENCY is set by, at least, Heroku
- capture peername from accept: Avoid calls to getpeername by capturing the peer name returned by
accept
- log a warning when a worker was terminated due to a signal
- fix tornado usage with latest versions of Django
- add support for python -m gunicorn
- fix systemd socket activation example
- allows to set wsgi application in config file using `wsgi_app`
- document `--timeout = 0`
- always close a connection when the number of requests exceeds the max requests
- Disable keepalive during graceful shutdown
- kill tasks in the gthread workers during upgrade
- fix latency in gevent worker when accepting new requests
- fix file watcher: handle errors when new worker reboot and ensure the list of files is kept
- document the default name and path of the configuration file
- document how variable impact configuration
- document the `$PORT` environment variable
- added milliseconds option to request_time in access_log
- added PIP requirements to be used for example
- remove version from the Server header
- fix sendfile: use `socket.sendfile` instead of `os.sendfile`
- reloader: use absolute path to prevent empty to prevent0 `InotifyError` when a file
is added to the working directory
- Add --print-config option to print the resolved settings at startup.
- remove the `--log-dict-config` CLI flag because it never had a working format
(the `logconfig_dict` setting in configuration files continues to work)
** Breaking changes **
- minimum version is Python 3.5
- remove version from the Server header
** Documentation **
** Others **
- miscellaneous changes in the code base to be a better citizen with Python 3
- remove dead code
- fix documentation generation
================
Changelog - 2023
================
```
### 20.0.4
```
===================
- fix binding a socket using the file descriptor
- remove support for the `bdist_rpm` build
```
### 20.0.3
```
===================
- fixed load of a config file without a Python extension
- fixed `socketfromfd.fromfd` when defaults are not set
.. note:: we now warn when we load a config file without Python Extension
```
### 20.0.2
```
===================
- fix changelog
```
### 20.0.1
```
===================
- fixed the way the config module is loaded. `__file__` is now available
- fixed `wsgi.input_terminated`. It is always true.
- use the highest protocol version of openssl by default
- only support Python >= 3.5
- added `__repr__` method to `Config` instance
- fixed support of AIX platform and musl libc in `socketfromfd.fromfd` function
- fixed support of applications loaded from a factory function
- fixed chunked encoding support to prevent any `request smuggling <https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn>`_
- Capture os.sendfile before patching in gevent and eventlet workers.
fix `RecursionError`.
- removed locking in reloader when adding new files
- load the WSGI application before the loader to pick up all files
.. note:: this release add official support for applications loaded from a factory function
as documented in Flask and other places.
```
### 20.0
```
=================
- Fixed `fdopen` `RuntimeWarning` in Python 3.8
- Added check and exception for str type on value in Response process_headers method.
- Ensure WSGI header value is string before conducting regex search on it.
- Added pypy3 to list of tested environments
- Grouped `StopIteration` and `KeyboardInterrupt` exceptions with same body together in Arbiter.run()
- Added `setproctitle` module to `extras_require` in setup.py
- Avoid unnecessary chown of temporary files
- Logging: Handle auth type case insensitively
- Removed `util.import_module`
- Removed fallback for `types.SimpleNamespace` in tests utils
- Use `SourceFileLoader` instead instead of `execfile_`
- Use `importlib` instead of `__import__` and eval`
- Fixed eventlet patching
- Added optional `datadog <https://www.datadoghq.com>`_ tags for statsd metrics
- Header values now are encoded using latin-1, not ascii.
- Rewritten `parse_address` util added test
- Removed redundant super() arguments
- Simplify `futures` import in gthread module
- Fixed worker_connections` setting to also affects the Gthread worker type
- Fixed setting max_requests
- Bump minimum Eventlet and Gevent versions to 0.24 and 1.4
- Use Python default SSL cipher list by default
- handle `wsgi.input_terminated` extension
- Simplify Paste Deployment documentation
- Fix root logging: root and logger are same level.
- Fixed typo in ssl_version documentation
- Documented systemd deployment unit examples
- Added systemd sd_notify support
- Fixed typo in gthread.py
- Added `tornado <https://www.tornadoweb.org/>`_ 5 and 6 support
- Declare our setuptools dependency
- Added support to `--bind` to open file descriptors
- Document how to serve WSGI app modules from Gunicorn
- Provide guidance on X-Forwarded-For access log in documentation
- Add support for named constants in the `--ssl-version` flag
- Clarify log format usage of header & environment in documentation
- Fixed systemd documentation to properly setup gunicorn unix socket
- Prevent removal unix socket for reuse_port
- Fix `ResourceWarning` when reading a Python config module
- Remove unnecessary call to dict keys method
- Support str and bytes for UNIX socket addresses
- fixed `InotifyReloadeder`: handle `module.__file__` is None
- `/dev/shm` as a convenient alternative to making your own tmpfs mount in fchmod FAQ
- fix examples to work on python3
- Fix typo in `--max-requests` documentation
- Clear tornado ioloop before os.fork
- Miscellaneous fixes and improvement for linting using Pylint
Breaking Change
+++++++++++++++
- Removed gaiohttp worker
- Drop support for Python 2.x
- Drop support for EOL Python 3.2 and 3.3
- Drop support for Paste Deploy server blocks
================
Changelog - 2020
================
.. note::
Please see :doc:`news` for the latest changes
================
Changelog - 2021
================
.. note::
Please see :doc:`news` for the latest changes
```
### 19.10.0
```
====================
- unblock select loop during reload of a sync worker
- security fix: http desync attack
- handle `wsgi.input_terminated`
- added support for str and bytes in unix socket addresses
- fixed `max_requests` setting
- headers values are now encoded as LATN1, not ASCII
- fixed `InotifyReloadeder`: handle `module.__file__` is None
- fixed compatibility with tornado 6
- fixed root logging
- Prevent removalof unix sockets from `reuse_port`
- Clear tornado ioloop before os.fork
- Miscellaneous fixes and improvement for linting using Pylint
```
### 19.9.0
```
===================
- fix: address a regression that prevented syslog support from working
(:issue:`1668`, :pr:`1773`)
- fix: correctly set `REMOTE_ADDR` on versions of Python 3 affected by
`Python Issue 30205 <https://bugs.python.org/issue30205>`_
(:issue:`1755`, :pr:`1796`)
- fix: show zero response length correctly in access log (:pr:`1787`)
- fix: prevent raising :exc:`AttributeError` when ``--reload`` is not passed
in case of a :exc:`SyntaxError` raised from the WSGI application.
(:issue:`1805`, :pr:`1806`)
- The internal module ``gunicorn.workers.async`` was renamed to ``gunicorn.workers.base_async``
since ``async`` is now a reserved word in Python 3.7.
(:pr:`1527`)
```
### 19.8.1
```
===================
- fix: secure scheme headers when bound to a unix socket
(:issue:`1766`, :pr:`1767`)
```
### 19.8.0
```
===================
- Eventlet 0.21.0 support (:issue:`1584`)
- Tornado 5 support (:issue:`1728`, :pr:`1752`)
- support watching additional files with ``--reload-extra-file``
(:pr:`1527`)
- support configuring logging with a dictionary with ``--logging-config-dict``
(:issue:`1087`, :pr:`1110`, :pr:`1602`)
- add support for the ``--config`` flag in the ``GUNICORN_CMD_ARGS`` environment
variable (:issue:`1576`, :pr:`1581`)
- disable ``SO_REUSEPORT`` by default and add the ``--reuse-port`` setting
(:issue:`1553`, :issue:`1603`, :pr:`1669`)
- fix: installing `inotify` on MacOS no longer breaks the reloader
(:issue:`1540`, :pr:`1541`)
- fix: do not throw ``TypeError`` when ``SO_REUSEPORT`` is not available
(:issue:`1501`, :pr:`1491`)
- fix: properly decode HTTP paths containing certain non-ASCII characters
(:issue:`1577`, :pr:`1578`)
- fix: remove whitespace when logging header values under gevent (:pr:`1607`)
- fix: close unlinked temporary files (:issue:`1327`, :pr:`1428`)
- fix: parse ``--umask=0`` correctly (:issue:`1622`, :pr:`1632`)
- fix: allow loading applications using relative file paths
(:issue:`1349`, :pr:`1481`)
- fix: force blocking mode on the gevent sockets (:issue:`880`, :pr:`1616`)
- fix: preserve leading `/` in request path (:issue:`1512`, :pr:`1511`)
- fix: forbid contradictory secure scheme headers
- fix: handle malformed basic authentication headers in access log
(:issue:`1683`, :pr:`1684`)
- fix: defer handling of ``USR1`` signal to a new greenlet under gevent
(:issue:`1645`, :pr:`1651`)
- fix: the threaded worker would sometimes close the wrong keep-alive
connection under Python 2 (:issue:`1698`, :pr:`1699`)
- fix: re-open log files on ``USR1`` signal using ``handler._open`` to
support subclasses of ``FileHandler`` (:issue:`1739`, :pr:`1742`)
- deprecation: the ``gaiohttp`` worker is deprecated, see the
:ref:`worker-class` documentation for more information
(:issue:`1338`, :pr:`1418`, :pr:`1569`)
================
Changelog - 2019
================
.. note::
Please see :doc:`news` for the latest changes
```
Links
- PyPI: https://pypi.org/project/gunicorn
- Changelog: https://data.safetycli.com/changelogs/gunicorn/
This PR updates gunicorn from 19.7.1 to 23.0.0.
Changelog
### 23.0.0 ``` =================== - minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`) - worker_class parameter accepts a class (:pr:`3079`) - fix deadlock if request terminated during chunked parsing (:pr:`2688`) - permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`) - permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`) - sdist generation now explicitly excludes sphinx build folder (:pr:`3257`) - decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`) - raise correct Exception when encounting invalid chunked requests (:pr:`3258`) - the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`) - include IPv6 loopback address ``[::1]`` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`) ** NOTE ** - The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release - Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted - Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0 ** Breaking changes ** - refuse requests where the uri field is empty (:pr:`3255`) - refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`) - remove temporary ``--tolerate-dangerous-framing`` switch from 22.0 (:pr:`3260`) - If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies. ``` ### 22.0.0 ``` =================== - use `utime` to notify workers liveness - migrate setup to pyproject.toml - fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors) - parsing additional requests is no longer attempted past unsupported request framing - on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits) - requests conflicting configured or passed SCRIPT_NAME now produce a verbose error - Trailer fields are no longer inspected for headers indicating secure scheme - support Python 3.12 ** Breaking changes ** - minimum version is Python 3.7 - the limitations on valid characters in the HTTP method have been bounded to Internet Standards - requests specifying unsupported transfer coding (order) are refused by default (rare) - HTTP methods are no longer casefolded by default (IANA method registry contains none affected) - HTTP methods containing the number sign () are no longer accepted by default (rare) - HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported) - HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted - HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software - HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits) - requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling) - empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies) ** SECURITY ** - fix CVE-2024-1135 ``` ### 21.2.0 ``` =================== - fix thread worker: revert change considering connection as idle . *** NOTE *** This is fixing the bad file description error. ``` ### 21.1.0 ``` =================== - fix thread worker: fix socket removal from the queue ``` ### 21.0.1 ``` =================== - fix documentation build ``` ### 21.0.0 ``` =================== - support python 3.11 - fix gevent and eventlet workers - fix threads support (gththread): improve performance and unblock requests - SSL: now use SSLContext object - HTTP parser: miscellaneous fixes - remove unnecessary setuid calls - fix testing - improve logging - miscellaneous fixes to core engine *** RELEASE NOTE *** We made this release major to start our new release cycle. More info will be provided on our discussion forum. ================ Changelog - 2024 ================ ``` ### 20.1.0 ``` =================== - document WEB_CONCURRENCY is set by, at least, Heroku - capture peername from accept: Avoid calls to getpeername by capturing the peer name returned by accept - log a warning when a worker was terminated due to a signal - fix tornado usage with latest versions of Django - add support for python -m gunicorn - fix systemd socket activation example - allows to set wsgi application in config file using `wsgi_app` - document `--timeout = 0` - always close a connection when the number of requests exceeds the max requests - Disable keepalive during graceful shutdown - kill tasks in the gthread workers during upgrade - fix latency in gevent worker when accepting new requests - fix file watcher: handle errors when new worker reboot and ensure the list of files is kept - document the default name and path of the configuration file - document how variable impact configuration - document the `$PORT` environment variable - added milliseconds option to request_time in access_log - added PIP requirements to be used for example - remove version from the Server header - fix sendfile: use `socket.sendfile` instead of `os.sendfile` - reloader: use absolute path to prevent empty to prevent0 `InotifyError` when a file is added to the working directory - Add --print-config option to print the resolved settings at startup. - remove the `--log-dict-config` CLI flag because it never had a working format (the `logconfig_dict` setting in configuration files continues to work) ** Breaking changes ** - minimum version is Python 3.5 - remove version from the Server header ** Documentation ** ** Others ** - miscellaneous changes in the code base to be a better citizen with Python 3 - remove dead code - fix documentation generation ================ Changelog - 2023 ================ ``` ### 20.0.4 ``` =================== - fix binding a socket using the file descriptor - remove support for the `bdist_rpm` build ``` ### 20.0.3 ``` =================== - fixed load of a config file without a Python extension - fixed `socketfromfd.fromfd` when defaults are not set .. note:: we now warn when we load a config file without Python Extension ``` ### 20.0.2 ``` =================== - fix changelog ``` ### 20.0.1 ``` =================== - fixed the way the config module is loaded. `__file__` is now available - fixed `wsgi.input_terminated`. It is always true. - use the highest protocol version of openssl by default - only support Python >= 3.5 - added `__repr__` method to `Config` instance - fixed support of AIX platform and musl libc in `socketfromfd.fromfd` function - fixed support of applications loaded from a factory function - fixed chunked encoding support to prevent any `request smuggling <https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn>`_ - Capture os.sendfile before patching in gevent and eventlet workers. fix `RecursionError`. - removed locking in reloader when adding new files - load the WSGI application before the loader to pick up all files .. note:: this release add official support for applications loaded from a factory function as documented in Flask and other places. ``` ### 20.0 ``` ================= - Fixed `fdopen` `RuntimeWarning` in Python 3.8 - Added check and exception for str type on value in Response process_headers method. - Ensure WSGI header value is string before conducting regex search on it. - Added pypy3 to list of tested environments - Grouped `StopIteration` and `KeyboardInterrupt` exceptions with same body together in Arbiter.run() - Added `setproctitle` module to `extras_require` in setup.py - Avoid unnecessary chown of temporary files - Logging: Handle auth type case insensitively - Removed `util.import_module` - Removed fallback for `types.SimpleNamespace` in tests utils - Use `SourceFileLoader` instead instead of `execfile_` - Use `importlib` instead of `__import__` and eval` - Fixed eventlet patching - Added optional `datadog <https://www.datadoghq.com>`_ tags for statsd metrics - Header values now are encoded using latin-1, not ascii. - Rewritten `parse_address` util added test - Removed redundant super() arguments - Simplify `futures` import in gthread module - Fixed worker_connections` setting to also affects the Gthread worker type - Fixed setting max_requests - Bump minimum Eventlet and Gevent versions to 0.24 and 1.4 - Use Python default SSL cipher list by default - handle `wsgi.input_terminated` extension - Simplify Paste Deployment documentation - Fix root logging: root and logger are same level. - Fixed typo in ssl_version documentation - Documented systemd deployment unit examples - Added systemd sd_notify support - Fixed typo in gthread.py - Added `tornado <https://www.tornadoweb.org/>`_ 5 and 6 support - Declare our setuptools dependency - Added support to `--bind` to open file descriptors - Document how to serve WSGI app modules from Gunicorn - Provide guidance on X-Forwarded-For access log in documentation - Add support for named constants in the `--ssl-version` flag - Clarify log format usage of header & environment in documentation - Fixed systemd documentation to properly setup gunicorn unix socket - Prevent removal unix socket for reuse_port - Fix `ResourceWarning` when reading a Python config module - Remove unnecessary call to dict keys method - Support str and bytes for UNIX socket addresses - fixed `InotifyReloadeder`: handle `module.__file__` is None - `/dev/shm` as a convenient alternative to making your own tmpfs mount in fchmod FAQ - fix examples to work on python3 - Fix typo in `--max-requests` documentation - Clear tornado ioloop before os.fork - Miscellaneous fixes and improvement for linting using Pylint Breaking Change +++++++++++++++ - Removed gaiohttp worker - Drop support for Python 2.x - Drop support for EOL Python 3.2 and 3.3 - Drop support for Paste Deploy server blocks ================ Changelog - 2020 ================ .. note:: Please see :doc:`news` for the latest changes ================ Changelog - 2021 ================ .. note:: Please see :doc:`news` for the latest changes ``` ### 19.10.0 ``` ==================== - unblock select loop during reload of a sync worker - security fix: http desync attack - handle `wsgi.input_terminated` - added support for str and bytes in unix socket addresses - fixed `max_requests` setting - headers values are now encoded as LATN1, not ASCII - fixed `InotifyReloadeder`: handle `module.__file__` is None - fixed compatibility with tornado 6 - fixed root logging - Prevent removalof unix sockets from `reuse_port` - Clear tornado ioloop before os.fork - Miscellaneous fixes and improvement for linting using Pylint ``` ### 19.9.0 ``` =================== - fix: address a regression that prevented syslog support from working (:issue:`1668`, :pr:`1773`) - fix: correctly set `REMOTE_ADDR` on versions of Python 3 affected by `Python Issue 30205 <https://bugs.python.org/issue30205>`_ (:issue:`1755`, :pr:`1796`) - fix: show zero response length correctly in access log (:pr:`1787`) - fix: prevent raising :exc:`AttributeError` when ``--reload`` is not passed in case of a :exc:`SyntaxError` raised from the WSGI application. (:issue:`1805`, :pr:`1806`) - The internal module ``gunicorn.workers.async`` was renamed to ``gunicorn.workers.base_async`` since ``async`` is now a reserved word in Python 3.7. (:pr:`1527`) ``` ### 19.8.1 ``` =================== - fix: secure scheme headers when bound to a unix socket (:issue:`1766`, :pr:`1767`) ``` ### 19.8.0 ``` =================== - Eventlet 0.21.0 support (:issue:`1584`) - Tornado 5 support (:issue:`1728`, :pr:`1752`) - support watching additional files with ``--reload-extra-file`` (:pr:`1527`) - support configuring logging with a dictionary with ``--logging-config-dict`` (:issue:`1087`, :pr:`1110`, :pr:`1602`) - add support for the ``--config`` flag in the ``GUNICORN_CMD_ARGS`` environment variable (:issue:`1576`, :pr:`1581`) - disable ``SO_REUSEPORT`` by default and add the ``--reuse-port`` setting (:issue:`1553`, :issue:`1603`, :pr:`1669`) - fix: installing `inotify` on MacOS no longer breaks the reloader (:issue:`1540`, :pr:`1541`) - fix: do not throw ``TypeError`` when ``SO_REUSEPORT`` is not available (:issue:`1501`, :pr:`1491`) - fix: properly decode HTTP paths containing certain non-ASCII characters (:issue:`1577`, :pr:`1578`) - fix: remove whitespace when logging header values under gevent (:pr:`1607`) - fix: close unlinked temporary files (:issue:`1327`, :pr:`1428`) - fix: parse ``--umask=0`` correctly (:issue:`1622`, :pr:`1632`) - fix: allow loading applications using relative file paths (:issue:`1349`, :pr:`1481`) - fix: force blocking mode on the gevent sockets (:issue:`880`, :pr:`1616`) - fix: preserve leading `/` in request path (:issue:`1512`, :pr:`1511`) - fix: forbid contradictory secure scheme headers - fix: handle malformed basic authentication headers in access log (:issue:`1683`, :pr:`1684`) - fix: defer handling of ``USR1`` signal to a new greenlet under gevent (:issue:`1645`, :pr:`1651`) - fix: the threaded worker would sometimes close the wrong keep-alive connection under Python 2 (:issue:`1698`, :pr:`1699`) - fix: re-open log files on ``USR1`` signal using ``handler._open`` to support subclasses of ``FileHandler`` (:issue:`1739`, :pr:`1742`) - deprecation: the ``gaiohttp`` worker is deprecated, see the :ref:`worker-class` documentation for more information (:issue:`1338`, :pr:`1418`, :pr:`1569`) ================ Changelog - 2019 ================ .. note:: Please see :doc:`news` for the latest changes ```Links
- PyPI: https://pypi.org/project/gunicorn - Changelog: https://data.safetycli.com/changelogs/gunicorn/