Saturday, August 27, 2016

Twisted 16.4.0 Released

On behalf of Twisted Matrix Laboratories, I am honoured to announce the release of Twisted 16.4.0.

The highlights of this release are:
  • twist, a new command line tool for running Twisted plugins, similar to twistd but with a simpler, cleaner interface.
  • A new interface for Protocols, IHandshakeListener, which tells Twisted to tell the Protocol when the TLS handshake has been completed.
  • async/await support for Deferreds, allowing you to write Python 3.5+ coroutines using Twisted
  • Trial can be invoked with "python -m twisted.trial".
  • All Twisted executables (trial, twistd, etc) are now Setuptools console scripts, meaning they will work much better on Windows.
  • 35+ more modules ported to Python 3, and many many cleanups on the way to Python 3 on Windows support.
  • All the security fixes of Twisted 16.3.1 + 16.3.2 (httpoxy, HTTP session identifier strengthening, HTTP+TLS consuming sockets)
  • 240+ closed tickets overall.
For more information, check the NEWS file (link provided below).

You can find the downloads on PyPI (or alternatively our website). The NEWS file is also available on GitHub.

Many thanks to everyone who had a part in this release - the supporters of the Twisted Software Foundation, the developers who contributed code as well as documentation, and all the people building great things with Twisted!

Twisted Regards,
Amber Brown (HawkOwl)

PS: Twisted 16.4.1 will be coming soon after this with a patch mitigating SWEET32, by updating the acceptable cipher list.

Friday, August 19, 2016

Twisted 16.3.2 Released

On behalf of Twisted Matrix Laboratories, I am honoured to announce the release of Twisted 16.3.2.

This is a bug fix & security fix release, and is recommended for all users of Twisted. The fixes are:
  • A bugfix for a HTTP/2 edge case, (included in 16.3.1)
  • Fix for CVE-2008-7317 (generating potentially guessable HTTP session identifiers) (included in 16.3.1)
  • Fix for CVE-2008-7318 (sending secure session cookies over insecured connections) (included in 16.3.1)
  • Fix for CVE-2016-1000111 (http://httpoxy.org/) (included in 16.3.1)
  • Twisted's HTTP server, when operating over TLS, would not cleanly close sockets, causing it to build up CLOSE_WAIT sockets until it would eventually run out of file descriptors.
For more information, check the NEWS file (link provided below).

You can find the downloads on PyPI (or alternatively our website). The NEWS file is also available at on GitHub.

Many thanks to everyone who had a part in this release - the supporters of the Twisted Software Foundation, the developers who contributed code as well as documentation, and all the people building great things with Twisted!

Twisted Regards,
Amber Brown (HawkOwl)