History

  • #312 via PR #313: Fixed a regression introduced in the earlier refactoring in v8.4.4 via PR #309 that caused the connection manager to modify the selector map while looping over it – by @liamstask.

  • #312 via PR #316: Added a regression test for the error handling in get_conn() to ensure more stability – by @cyraxjoe.

  • #304 via PR #309: Refactored ConnectionManager to use get_map() and reorganized the readable connection tracking – by @liamstask.

  • #304 via PR #309: Fixed the server shutdown sequence to avoid race condition resulting in accepting new connections while it is being terminated – by @liamstask.

  • PR #282: Fixed a race condition happening when an HTTP client attempts to reuse a persistent HTTP connection after it’s been discarded on the server in HTTPRequest but no TCP FIN packet has been received yet over the wire – by @meaksh.

    This change populates the Keep-Alive header exposing the timeout value for persistent HTTP/1.1 connections which helps mitigate such race conditions by letting the client know not to reuse the connection after that time interval.

  • Fixed a significant performance regression introduced in v8.1.0 (#305 via PR #308) - by @mar10.

    The issue turned out to add 0.1s delay on new incoming connection processing. We’ve lowered that delay to mitigate the problem short-term, better fix is yet to come.

  • Prevent ConnectionAbortedError traceback from being printed out to the terminal output during the app start-up on Windows when built-in TLS adapter is used (#302 via PR #306) - by @mxii-ca.

  • Converted management from low-level select() to high-level selectors (#249 via PR #301) - by @tommilligan.

    This change also introduces a conditional dependency on selectors2 as a fall-back for legacy Python interpreters.

  • Fixed TLS socket related unclosed resource warnings (PR #291 and PR #298).

  • Made terminating keep-alive connections more graceful (#263 via PR #277).

  • CherryPy #910 via PR #243: Provide TLS-related details via WSGI environment interface.

  • PR #248: Fix parsing of the --bind CLI option for abstract UNIX sockets.

  • CherryPy #1818: Restore support for None default argument to WebCase.getPage().

  • Deprecated use of negative timeouts as alias for infinite timeouts in ThreadPool.stop.

  • CherryPy #1662 via PR #74: For OPTION requests, bypass URI as path if it does not appear absolute.

  • Workers are now request-based, addressing the long-standing issue with keep-alive connections (#91 via PR #199).

  • #231 via PR #232: Remove custom setup.cfg parser handling, allowing the project (including sdist) to build/run on setuptools 41.4. Now building cheroot requires setuptools 30.3 or later (for declarative config support) and preferably 34.4 or later (as indicated in pyproject.toml).

  • PR #224: Refactored “open URL” behavior in webtest to rely on retry_call. Callers can no longer pass raise_subcls or ssl_context positionally, but must pass them as keyword arguments.

  • Revisit PR #85 under PR #221. Now backports.functools_lru_cache is only required on Python 3.2 and earlier.

  • CherryPy #1206 via PR #204: Fix race condition in threadpool shrink code.

  • #222 via 621f4ee: Fix socket.SO_PEERCRED constant fallback value under PowerPC.

  • #198 via 9f7affe: Fix race condition when toggling stats counting in the middle of request processing.

  • Improve post Python 3.9 compatibility checks.

  • Fix support of abstract namespace sockets.

  • #218 via PR #219: Fix HTTP parser to return 400 on invalid major-only HTTP version in Request-Line.

  • #99 via PR #186: Sockets now collect statistics (bytes read and written) on Python 3 same as Python 2.

  • CherryPy #1618 via PR #180: Ignore OpenSSL’s 1.1+ Error 0 under any Python while wrapping a socket.

  • #113: Fix cheroot.ssl.pyopenssl under Python 3.

  • #154 via PR #159: Remove custom license field from dist metadata.

  • #95: Fully integrate trustme into all TLS tests. Also remove all hardcoded TLS certificates.

  • #42: Remove traces of unittest and ddt usage.

  • Fix invalid input processing in cheroot._compat.extract_bytes().

  • Fix returning error explanation over plain HTTP for PyOpenSSL.

  • Add a fallback for os.lchmod() where it’s missing.

  • Avoid traceback for invalid client cert with builtin ssl adapter.

  • Avoid deprecation warning with OpenSSL.SSL.Connection.

  • Fix socket wrapper in PyOpenSSL adapter.

  • Improve tests coverage:

  • PR #149: Make SCRIPT_NAME optional per PEP 333.

  • #100 via PR #101: Respond with HTTP 400 to malicious Content-Length in request headers.

  • CherryPy #1618: Ignore OpenSSL’s 1.1+ Error 0 under Python 2 while wrapping a socket.

  • PR #87: Add cheroot command and runpy launcher to launch a WSGI app from the command-line.

  • Fix missing resolve_peer_creds argument in cheroot.wsgi.Server being bypassed into cheroot.server.HTTPServer.

  • PR #85: Revert conditional dependencies. System packagers should honor the dependencies as declared by cheroot, which are defined intentionally.

  • PR #85: Skip installing dependencies from backports namespace under Python 3.

  • PR #83: Fix regression, caused by inverted check for Windows OS.

  • Add more URLs to distribution metadata

  • PR #37: Implement PEERCRED lookup over UNIX-socket HTTP connection.

    • Discover connected process’ PID/UID/GID

    • Respect server switches: peercreds_enabled and peercreds_resolve_enabled

    • get_peer_creds and resolve_peer_creds methods on connection

    • peer_pid, peer_uid, peer_gid, peer_user and peer_group properties on connection

    • X_REMOTE_PID, X_REMOTE_UID, X_REMOTE_GID, X_REMOTE_USER (REMOTE_USER) and X_REMOTE_GROUP WSGI environment variables when enabled and supported

    • Per-connection caching to reduce lookup cost

  • PR #67: Refactor test suite to completely rely on pytest.

    • Integrate pytest-testmon and pytest-watch

    • Stabilize testing

  • CherryPy #1664 via PR #66: Implement input termination flag support as suggested by @mitsuhiko in his wsgi.input_terminated Proposal.

  • #73: Fix SSL error bypassing.

  • #77 via PR #78: Fix WSGI documentation example to support Python 3.

  • PR #76: Send correct conditional HTTP error in helper function.

  • CherryPy #1404 via PR #75: Fix headers being unsent before request closed. Now we double check that they’ve been sent.

  • Minor docs improvements.

  • Minor refactoring.

  • Drop support for Python 2.6, 3.1, 3.2, and 3.3.

  • Also drop built-in SSL support for Python 2.7 earlier than 2.7.9.

  • CherryPy #1621: To support webtest applications that feed absolute URIs to getPage() but expect the scheme/host/port to be ignored (as cheroot 5.8 and earlier did), provide a strip_netloc helper and recipe for calling it in a subclass.

  • Minor refactorings of cheroot/server.py to reduce redundancy of behavior.

  • Delinting with fewer exceptions.

  • Restored license to BSD.

  • #61: Re-release without spurious files in the distribution.

  • #58: Reverted encoding behavior in wsgi module to correct regression in CherryPy tests.

  • CherryPy #1088 and PR #53: Avoid using SO_REUSEADDR on Windows where it has different semantics.

  • cheroot.tests.webtest adopts the one method that was unique in CherryPy, now superseding the implementation there.

  • Substantial cleanup around compatibility functions (_compat module).

  • License unintentionally changed to MIT. BSD still declared and intended.

  • Improve HTTP request line validation:

    • Improve HTTP version parsing

  • Fix HTTP CONNECT method processing:

    • Respond with 405 Method Not Allowed if proxy_mode is False

    • Validate that request-target is in authority-form

  • Improve tests in test.test_core

  • PR #44: Fix EPROTOTYPE @ Mac OS

  • Fix PR #39 regression. Add HTTP request line check: absolute URI path must start with a forward slash (“/”).

  • CI improvements:

    • Switch to native PyPy support in Travis CI

    • Take into account PEP 257 compliant modules

    • Build wheel in AppVeyor and store it as an artifact

  • Improve urllib support in cheroot._compat

  • #38 via PR #39: Improve URI parsing:

    • Make it compliant with RFC 7230, RFC 7231 and RFC 2616

    • Fix setting of environ['QUERY_STRING'] in WSGI

    • Introduce proxy_mode and strict_mode argument in server.HTTPRequest

    • Fix decoding of Unicode URIs in WSGI 1.0 gateway

  • CI improvements:

    • Don’t run tests during deploy stage

    • Use VM based build job environments only for pyenv environments

    • Opt-in for beta trusty image @ Travis CI

    • Be verbose when running tests (show test names)

    • Show xfail/skip details during test run

  • #34: Fix _handle_no_ssl error handler calls

  • #21: Fix test_conn tests:

    • Improve setup_server def in HTTP connection tests

    • Fix HTTP streaming tests

    • Fix HTTP/1.1 pipelining test under Python 3

    • Fix test_readall_or_close test

    • Fix test_No_Message_Body

    • Clarify test_598 fail reason

  • #36: Add GitHub templates for PR, issue && contributing

  • #27: Default HTTP Server header to Cheroot version str

  • Cleanup _compat functions from server module

  • Fix all PEP 257 related errors in all non-test modules.

    cheroot/test/* folder is only one left allowed to fail with this linter.

  • CherryPy #1602 and PR #30: Optimize chunked body reader loop by returning empty data is the size is 0.

  • CherryPy #1486: Reset buffer if the body size is unknown

  • CherryPy #1131: Add missing size hint to SizeCheckWrapper

  • #17 via PR #25: Instead of a read_headers function, cheroot now supplies a HeaderReader class to perform the same function.

    Any HTTPRequest object may override the header_reader attribute to customize the handling of incoming headers.

    The server module also presents a provisional implementation of a DropUnderscoreHeaderReader that will exclude any headers containing an underscore. It remains an exercise for the implementer to demonstrate how this functionality might be employed in a server such as CherryPy.

  • PR #26: Configured TravisCI to run tests under OS X.

  • PR #22: Add “ciphers” parameter to SSLAdapter.

  • #5: Set Server.version to Cheroot version instead of CherryPy version.

  • PR #4: Prevent tracebacks and drop bad HTTPS connections in the BuiltinSSLAdapter, similar to pyOpenSSLAdapter.

  • #3: Test suite now runs and many tests pass. Some are still failing.

  • Removed the WSGI prefix from classes in cheroot.wsgi. Kept aliases for compatibility.

  • #1: Corrected docstrings in cheroot.server and cheroot.wsgi.

  • PR #2: Fixed ImportError when pkg_resources cannot find the cheroot distribution.

  • Fix error in parse_request_uri created in 68a5769.