Skip to content

Commit

Permalink
Bump version to 6.4.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@bdarnell
bdarnell committed Nov 22, 2024
1 parent bc7df6b commit a5ecfab
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 2 deletions.
1 change: 1 addition & 0 deletions docs/releases.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ Release notes
.. toctree::
:maxdepth: 2

releases/v6.4.2
releases/v6.4.1
releases/v6.4.0
releases/v6.3.3
Expand Down
12 changes: 12 additions & 0 deletions docs/releases/v6.4.2.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
What's new in Tornado 6.4.2
===========================

Nov 21, 2024
------------

Security Improvements
~~~~~~~~~~~~~~~~~~~~~

- Parsing of the cookie header is now much more efficient. The older algorithm sometimes had
quadratic performance which allowed for a denial-of-service attack in which the server would spend
excessive CPU time parsing cookies and block the event loop. This change fixes CVE-2024-7592.
4 changes: 2 additions & 2 deletions tornado/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@
# is zero for an official release, positive for a development branch,
# or negative for a release candidate or beta (after the base version
# number has been incremented)
version = "6.4.1"
version_info = (6, 4, 0, 1)
version = "6.4.2"
version_info = (6, 4, 2, 0)

import importlib
import typing
Expand Down

0 comments on commit a5ecfab

Please sign in to comment.