Hey all, I just released a new version of Waitress to fix a bug in the regular expression that was used to parse the HTTP headers. The bug would allow for catastrophic backtracking which would cause the waitress process to spend 100% CPU time in attempting to match the regular expression.
Thanks to Fil Zembowicz for reporting this issue! pip install waitress==1.4.3 For more information: https://pypi.org/project/waitress/1.4.3/ https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc Have questions or comments about this advisory, feel free to reply to this email, or: • open an issue at https://github.com/Pylons/waitress/issues (if not sensitive or security related) • email the Pylons Security mailing list: pylons-project-secur...@googlegroups.com (if security related) Thank you, Bert JW Regeer -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/008E12B6-7A1C-405B-99ED-5DF7F4F6C00F%400x58.com.
