docs: Copy 6.4.2 release notes to master branch

author Ben Darnell <ben@bendarnell.com>

Thu, 21 Nov 2024 21:26:44 +0000 (16:26 -0500)

committer Ben Darnell <ben@bendarnell.com>

Tue, 29 Apr 2025 19:55:02 +0000 (15:55 -0400)
author Ben Darnell <ben@bendarnell.com>
Thu, 21 Nov 2024 21:26:44 +0000 (16:26 -0500)
committer Ben Darnell <ben@bendarnell.com>
Tue, 29 Apr 2025 19:55:02 +0000 (15:55 -0400)
diff --git a/docs/releases.rst b/docs/releases.rst

index 8a0fad4c2f040c5b6cd30680a870af7ecacfe630..5c7a106d879ae53d6aac11c93374368d617e6616 100644 (file)
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -4,6 +4,7 @@ Release notes
  .. toctree::
     :maxdepth: 2
  
+   releases/v6.4.2
     releases/v6.4.1
     releases/v6.4.0
     releases/v6.3.3
diff --git a/docs/releases/v6.4.2.rst b/docs/releases/v6.4.2.rst

new file mode 100644 (file)

index 0000000..0dc567d
--- /dev/null
+++ b/docs/releases/v6.4.2.rst
@@ -0,0 +1,12 @@
+What's new in Tornado 6.4.2
+===========================
+
+Nov 21, 2024
+------------
+
+Security Improvements
+~~~~~~~~~~~~~~~~~~~~~
+
+- Parsing of the cookie header is now much more efficient. The older algorithm sometimes had
+  quadratic performance which allowed for a denial-of-service attack in which the server would spend
+  excessive CPU time parsing cookies and block the event loop. This change fixes CVE-2024-7592.
+\ No newline at end of file
author	Ben Darnell <ben@bendarnell.com>
	Thu, 21 Nov 2024 21:26:44 +0000 (16:26 -0500)
committer	Ben Darnell <ben@bendarnell.com>
	Tue, 29 Apr 2025 19:55:02 +0000 (15:55 -0400)
docs/releases.rst		patch \| blob \| blame \| history
docs/releases/v6.4.2.rst	[new file with mode: 0644]	patch \| blob