Release v3.2.2: What's new in Tornado 3.2.2 · damui/tornado

v3.2.2
6765549
Compare

Choose a tag to compare

Loading

View all tags

v3.2.2
6765549
Compare

Choose a tag to compare

Loading

View all tags

bdarnell tagged this 04 Jun 03:39

===========================

June 3, 2014
------------

Security fixes
~~~~~~~~~~~~~~

* The XSRF token is now encoded with a random mask on each request.
  This makes it safe to include in compressed pages without being
  vulnerable to the `BREACH attack <http://breachattack.com>`_.
  This applies to most applications that use both the ``xsrf_cookies``
  and ``gzip`` options (or have gzip applied by a proxy).

Backwards-compatibility notes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* If Tornado 3.2.2 is run at the same time as older versions on the same
  domain, there is some potential for issues with the differing cookie
  versions.  The `.Application` setting ``xsrf_cookie_version=1`` can
  be used for a transitional period to generate the older cookie format
  on newer servers.

Other changes
~~~~~~~~~~~~~

* ``tornado.platform.asyncio`` is now compatible with ``trollius`` version 0.3.

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly