CVS commit: pkgsrc/www/py-tornado

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/py-tornado
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 9 Jun 2014 12:33:43 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Jun  9 12:33:43 UTC 2014

Modified Files:
        pkgsrc/www/py-tornado: Makefile distinfo

Log Message:
Update to 3.2.2:

Security fixes
~~~~~~~~~~~~~~

* The XSRF token is now encoded with a random mask on each request.
  This makes it safe to include in compressed pages without being
  vulnerable to the `BREACH attack <http://breachattack.com>`_.
  This applies to most applications that use both the ``xsrf_cookies``
  and ``gzip`` options (or have gzip applied by a proxy).

Backwards-compatibility notes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* If Tornado 3.2.2 is run at the same time as older versions on the same
  domain, there is some potential for issues with the differing cookie
  versions.  The `.Application` setting ``xsrf_cookie_version=1`` can
  be used for a transitional period to generate the older cookie format
  on newer servers.

Other changes
~~~~~~~~~~~~~

* ``tornado.platform.asyncio`` is now compatible with ``trollius`` version 0.3.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/py-tornado/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/py-tornado/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index