From: Ben Darnell <ben@bendarnell.com>
Date: Fri, 11 Aug 2023 02:38:19 +0000 (-0400)
Subject: Release notes for 6.3.3
X-Git-Tag: v6.4.0b1~14^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3309%2Fhead;p=thirdparty%2Ftornado.git

Release notes for 6.3.3
---

diff --git a/docs/releases.rst b/docs/releases.rst
index fc7e41654..076ac8633 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -4,6 +4,7 @@ Release notes
 .. toctree::
    :maxdepth: 2
 
+   releases/v6.3.3
    releases/v6.3.2
    releases/v6.3.1
    releases/v6.3.0
diff --git a/docs/releases/v6.3.3.rst b/docs/releases/v6.3.3.rst
new file mode 100644
index 000000000..7fe0110fd
--- /dev/null
+++ b/docs/releases/v6.3.3.rst
@@ -0,0 +1,12 @@
+What's new in Tornado 6.3.3
+===========================
+
+Aug 11, 2023
+------------
+
+Security improvements
+~~~~~~~~~~~~~~~~~~~~~
+
+- The ``Content-Length`` header and ``chunked`` ``Transfer-Encoding`` sizes are now parsed
+  more strictly (according to the relevant RFCs) to avoid potential request-smuggling
+  vulnerabilities when deployed behind certain proxies.