Skip to content

Commit

Permalink
Bump aiohttp to v3.8.5 a security release
Browse files Browse the repository at this point in the history
  • Loading branch information
webknjaz committed Jul 19, 2023
1 parent 7c02129 commit 9c13a52
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 8 deletions.
39 changes: 39 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,45 @@

.. towncrier release notes start
3.8.5 (2023-07-19)
==================

Security bugfixes
-----------------

- Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:`webknjaz`
and :user:`Dreamsorcerer`.

Thanks to :user:`sethmlarson` for reporting this and providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`#7346 <https://github.com/aio-libs/aiohttp/issues/7346>`_


Features
--------

- Added information to C parser exceptions to show which character caused the error. -- by :user:`Dreamsorcerer`

`#7366 <https://github.com/aio-libs/aiohttp/issues/7366>`_


Bugfixes
--------

- Fixed a transport is :data:`None` error -- by :user:`Dreamsorcerer`.

`#3355 <https://github.com/aio-libs/aiohttp/issues/3355>`_



----


3.8.4 (2023-02-12)
==================

Expand Down
1 change: 0 additions & 1 deletion CHANGES/3355.bugfix

This file was deleted.

5 changes: 0 additions & 5 deletions CHANGES/7346.feature

This file was deleted.

1 change: 0 additions & 1 deletion CHANGES/7366.feature

This file was deleted.

2 changes: 1 addition & 1 deletion aiohttp/__init__.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
__version__ = "3.8.4.post0.dev0"
__version__ = "3.8.5"

from typing import Tuple

Expand Down
1 change: 1 addition & 0 deletions docs/spelling_wordlist.txt
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ botocore
brotli
brotlipy
bugfix
bugfixes
Bugfixes
builtin
BytesIO
Expand Down

0 comments on commit 9c13a52

Please # to comment.