Release notes for 6.3.3

author Ben Darnell <ben@bendarnell.com>

Fri, 11 Aug 2023 02:38:19 +0000 (22:38 -0400)

committer Ben Darnell <ben@bendarnell.com>

Fri, 11 Aug 2023 15:28:12 +0000 (11:28 -0400)
author Ben Darnell <ben@bendarnell.com>
Fri, 11 Aug 2023 02:38:19 +0000 (22:38 -0400)
committer Ben Darnell <ben@bendarnell.com>
Fri, 11 Aug 2023 15:28:12 +0000 (11:28 -0400)
diff --git a/docs/releases.rst b/docs/releases.rst

index fc7e41654f4d00790aa08c93019579921ff34315..076ac863314f0bdcff9faf97cec5a883016c0473 100644 (file)
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -4,6 +4,7 @@ Release notes
  .. toctree::
     :maxdepth: 2
  
+   releases/v6.3.3
     releases/v6.3.2
     releases/v6.3.1
     releases/v6.3.0
diff --git a/docs/releases/v6.3.3.rst b/docs/releases/v6.3.3.rst

new file mode 100644 (file)

index 0000000..7fe0110
--- /dev/null
+++ b/docs/releases/v6.3.3.rst
@@ -0,0 +1,12 @@
+What's new in Tornado 6.3.3
+===========================
+
+Aug 11, 2023
+------------
+
+Security improvements
+~~~~~~~~~~~~~~~~~~~~~
+
+- The ``Content-Length`` header and ``chunked`` ``Transfer-Encoding`` sizes are now parsed
+  more strictly (according to the relevant RFCs) to avoid potential request-smuggling
+  vulnerabilities when deployed behind certain proxies.
author	Ben Darnell <ben@bendarnell.com>
	Fri, 11 Aug 2023 02:38:19 +0000 (22:38 -0400)
committer	Ben Darnell <ben@bendarnell.com>
	Fri, 11 Aug 2023 15:28:12 +0000 (11:28 -0400)
docs/releases.rst		patch \| blob \| blame \| history
docs/releases/v6.3.3.rst	[new file with mode: 0644]	patch \| blob