CherryPy 2.3

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

CherryPy 2.3

Christian Wyglendowski-2

Hi Florent,

We just packaged CherryPy 2.3.  It includes an important security fix
for the session filter when using file-based sessions.  See:

http://secunia.com/advisories/28354/
http://www.cherrypy.org/ticket/744

2.3 also contains a number of other changes, including many backported
fixes/enhancements from the 3.x line of development.

We were wondering if you could see how 2.3 integrates into TurboGears.
 If it is a seamless integration, then perhaps you could add it to a
new release.  If not, we can release a 2.2.2 with just the file-based
session security fix.

Thanks for your time,

Christian Wyglendowski
http://www.dowski.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-devel" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-devel
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: CherryPy 2.3

Florent Aide

On Jan 14, 2008 5:21 AM, Christian Wyglendowski <[hidden email]> wrote:
> Hi Florent,
>
> We just packaged CherryPy 2.3.  It includes an important security fix
> for the session filter when using file-based sessions.  See:
>
> http://secunia.com/advisories/28354/
> http://www.cherrypy.org/ticket/744

Hi Christian,

I will test this ASAP (tonight, in 12 hours) and tell you if it works
without changes. I'd like to be able to release tg 1.0.4 without too
much changes and breaking. If I encounter too much problem I'll let
you know and we'll see if you can help us by releasing an 2.2.2.

Thanks for your time also!

Best regards,
Florent.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-devel" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-devel
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: CherryPy 2.3

Felix Schwarz

Hi,

CherryPy 2.3 works for me with TurboGears 1.0.4 (some svn version from early
January) - all my private unit tests for my application do still pass.

Btw: Fedora, Fedora EPEL and Gentoo released security updates a week ago. There
is even a CVE name for the issue: CVE-2008-0252.

fs




--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-devel" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-devel
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: CherryPy 2.3

Florent Aide

On Jan 14, 2008 10:23 AM, Felix Schwarz <[hidden email]> wrote:
>
> Hi,
>
> CherryPy 2.3 works for me with TurboGears 1.0.4 (some svn version from early
> January) - all my private unit tests for my application do still pass.

Excellent news :)
I'll test everything tonight and make sure we require CP 2.3 in our
setup.py for tg 1.0.4 final.

Cheers,
Florent.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-devel" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-devel
-~----------~----~----~----~------~----~------~--~---