Request.host and get_host return the empty string if the header is missing or has invalid characters.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Use dashes instead of underscores for METADATA.toml field names
- Update most test/lint dependencies
- Update mypy to 1.20.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
=============
- Add pre_load and post_load parameters to marshmallow.fields.Field for field-level pre- and post-processing
- Typing: improvements to marshmallow.validate
- marshmallow.validate.URL and marshmallow.validate.Email accept Internationalized Domain Names (IDNs)
marshmallow.validate.Email also correctly rejects IDN domains with leading/trailing hyphens.
- Typing: Fix typing of nested in marshmallow.fields.Nested
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
- Improved: Fixes Japanese character encoding issues.
- Added: noColor option for configureOutput, which disables
colored output. It is set to False by default.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
* Switch to 3.14 for testing
* Drop 3.9 support
* More visible deprecation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add do_install function to resolve following issue.
python3-legacy-cgi-2.6.4-r0 do_package_qa: QA Issue: /usr/lib/python3.14/site-packages/.pc/0001-cgi.py-fixup-interpreter-according-to-OE.patch/cgi.py contained in package python3-legacy-cgi requires /usr/local/bin/python, but no providers found in RDEPENDS:python3-legacy-cgi? [file-rdeps]
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This reverts commit 812f091414b34dbebe4a3990c9039cbaadc4dd71.
The runtime dependency on python3-setuptools is no longer needed
since the patch 0001-Drop-the-deprecated-pkg_resources.patch
replaced the pkg_resources usage with importlib.metadata, which
is part of the Python 3.8+ standard library. Keeping this RDEPENDS
pulls in an unnecessary dependency on the target system.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
pkg_resources is deprecated as an API. The pkg_resources package
has been removed from setuptools, so the way of obtaining the
version needs to be replaced with importlib.metadata module.
Signed-off-by: Bai, Haiqing <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
Skipped the duplicate singleton header check in lax mode (the default for response
parsing). In strict mode (request parsing, or -X dev), all RFC 9110 singletons
are still enforced.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Without it, it will throw "ModuleNotFoundError: No module named
'unittest'" from pyroute2/netlink/rtnl/iprsocket.py" line 6.
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fixes issues introduced in commit 16a72067f5 ("python3-ninja: upgrade
1.11.1.1 -> 1.13.0").
Upstream's __init__.py uses a relative import:
from .ninja_syntax import Writer, escape, expand
This requires ninja_syntax.py to be present inside the ninja package
directory. Upstream relies on CMake (via scikit-build-core) to copy
ninja_syntax.py from ninja-upstream/misc/ into the package during
build [1]. Since the OE recipe replaces scikit-build-core with
setuptools (no-scikit-build.patch), CMake is not invoked and this
copy does not happen, causing ImportError at runtime.
Similarly, upstream uses scikit-build-core's generate feature to
create _version.py from the SCM version. With setuptools, this
does not happen automatically, so generate it in do_configure.
[1] https://github.com/scikit-build/ninja-python-distributions/commit/f3b4a786be
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- parse_list_header preserves partially quoted items, discards empty items, and
returns empty for unclosed quoted values.
- WWWAuthenticate.to_header does not produce a trailing space when there are no
parameters.
- Transfer-Encoding is parsed as a set.
- Request.host, get_host, and host_is_trusted validate the characters of the
value. An empty value is no longer allowed. A Unix socket server address is
ignored. The trusted_list argument to host_is_trusted is optional.
- Fix multipart form parser handling of newline at boundary.
- Response.make_conditional sets the Accept-Ranges header even if it is not a
satisfiable range request.
- merge_slashes merges any number of consecutive slashes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
Limit number of parts of a TOML key to address quadratic time complexity
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
=========
- (asgi) Add option to disable suppressing chained exceptions
- (logging) Separate ignore lists for events/breadcrumbs and sentry logs
- Set exception info on streaming span when applicable
- Patch AsyncStream.close() and AsyncMessageStream.close() to finish spans
- Patch Stream.close() and MessageStream.close() to finish spans
- (starlette) Catch Jinja2Templates ImportError
- Add note on AI PRs to CONTRIBUTING.md
- Pin GitHub Actions to full-length commit SHAs
- Add -latest alias for each integration test suite
- Use date-based branch names for toxgen PRs
- Update test matrix with new releases (03/19)
- Add client report tests for span streaming
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- Fix AttributeError in cluster metrics recording when connection is None or
ClusterNode object instance is used to extract the connection info (#3999)
- Fixing security concern in repr methods for ConnectionPools - passwords might
leak in plain text logs (#3998)
- Refactored connection count and SCH metric collection (#4001)
- Refactored health check logic for MultiDBClient (#3994)
- Expose basic Otel classes and functions to be importable through
redis.observability to match the examples in the readthedocs
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Make marshmallow.fields.Number and marshmallow.fields.Mapping abstract base
classes to prevent using them within Schemas
- Allow required to be set on marshmallow.fields.Contant
- Fix marshmallow.validate.OneOf emitting extra pairs when labels outnumber
choices
- Fix behavior when passing a dot-delimited attribute name to partial for a key
with data_key set
- Fix Enum field by-name lookup to only return actual members
- marshmallow.fields.DateTime with format="timestamp_ms" properly rejects bool
values
- Fix typing of error_essages argument to marshmallow.fields.Field
- Add ipaddress.* to marshmallow.Schema.TYPE_MAPPING
-
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Bug Fixes
==========
- HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2
ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)
- ASGI Chunked EOF Handling: Add finish() method to callback parser to handle
chunked encoding edge case where connection closes before final CRLF after
zero-chunk
- HTTP/2 Documentation: Fix http_protocols examples to use comma-separated
string instead of list syntax (#3561)
- Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC
9112 (#3556)
- Request Line Limit: Fix --limit-request-line 0 to mean unlimited as
documented, instead of using default maximum. Works with both Python and fast
C parser. (#3563)
- uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when
using gevent or gthread workers with uwsgi protocol behind nginx.
- FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to
FileWrapper for full PEP 3333 compliance. Previously only supported old-style
__getitem__ iteration which broke code explicitly using iter() or next().
Security =============
- ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
- Reject duplicate Content-Length headers
- Reject requests with both Content-Length and Transfer-Encoding
- Reject chunked transfer encoding in HTTP/1.0
- Reject stacked chunked encoding
- Validate Transfer-Encoding values
- Strict chunk size validation
Changes ==========
- Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property
and InvalidChunkExtension validation for bare CR rejection
- ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser
- Docker Images: Update to Python 3.14
New Features ============
- Fast HTTP Parser (gunicorn_h1c 0.6.0): Integrate new exception types and
limit parameters from gunicorn_h1c 0.6.0 for both WSGI and ASGI workers
- Requires gunicorn_h1c >= 0.6.0 for http_parser='fast'
- Falls back to Python parser in auto mode if version not met
- Proper HTTP status codes for limit errors (414, 431)
Performance ============
- ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance
- Callback-based parsing with direct bytearray buffer operations
- Use bytearray.find() directly instead of converting to bytes first
- Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs
O(n))
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
