Change log#
To be included in the next release#
v11.0.0b1.dev40+gdc9f895.d20240420 /UNRELEASED DRAFT/#
(2024-04-20)
Bug fixes#
Fixed a flaw where internally unhandled exceptions could crash the worker threads and eventually starve the server of its processing resources. It is no longer and issue and the unhandled errors are now logged and suppressed except for a few expected exceptions that are used for normal interruption requests.
– by @cameronbrunner and @webknjaz
Related issues and pull requests on GitHub: #310, #346, #354, #358, #365, #375, #599, #641, #649.
Fixed compatibility with Python 3.8 in the built-in TLS adapter that relies on
ssl
.Modern Python versions communicate specialized exceptions
ssl.SSLEOFError
andssl.SSLZeroReturnError
where the older versions errored out in a very generic way.
Removals and backward incompatible breaking changes#
Packaging updates and notes for downstreams#
Started signing the package distribution artifacts in CI/CD with Sigstore and uploading them to GitHub Releases – by @webknjaz.
The minimum version of the
setuptools-scm
build dependency has been set to 7. The Git archives are now produced by it natively, instead of relying on a third party plugin which is no longer being used.– by @serhii73
Related issues and pull requests on GitHub: #628.
The changelog management is now implemented through the Towncrier tool – by @webknjaz.
The contributors are now expected to include change log fragment files in their pull requests.
These news snippets can link one or more issues or pull requests, and be of one or more of the following categories:
bugfix
: A bug fix for something we deemed an improper undesired behavior that got corrected in the release to match pre-agreed expectations.feature
: A new behavior, public APIs. That sort of stuff.deprecation
: A declaration of future API removals and breaking changes in behavior.breaking
: When something public gets removed in a breaking way. Could be deprecated in an earlier release.doc
: Notable updates to the documentation structure or build process.packaging
: Notes for downstreams about unobvious side effects and tooling. Changes in the test invocation considerations and runtime assumptions.contrib
: Stuff that affects the contributor experience. e.g. Running tests, building the docs, setting up the development environment.misc
: Changes that are hard to assign to any of the above categories.
Related issues and pull requests on GitHub: #654.
Contributor-facing changes#
Started type-checking the project with MyPy against a range of versions instead of just one — Python 3.8–3.12 – by @webknjaz.
The project how has a
.git-blame-ignore-revs
letting GitHub know which auto-formatting revisions to ignore. It is also possible to integrate it locally, if one wants to do so.– by @webknjaz
The project adopted the
autopep8
tool to assist with automatic code formatting. It is chosen overblack
because it is less intrusive which is important to the maintainer as it promotes inclusivity.autopep8
is integrated into thepre-commit
check runner and is configured to only correct PEP 8 violations, avoiding changes to compliant snippets.– by @webknjaz
Related commits on GitHub: 65ba7e69.
The continuous integration and pull request merges have been set up to only merge pull requests through merge queues – by @webknjaz.
Related commits on GitHub: a7149e0c.
Documented the upgraded release process – by @webknjaz.
Related commits on GitHub: df0d1a08.
The changelog management is now implemented through the Towncrier tool – by @webknjaz.
The contributors are now expected to include change log fragment files in their pull requests.
These news snippets can link one or more issues or pull requests, and be of one or more of the following categories:
bugfix
: A bug fix for something we deemed an improper undesired behavior that got corrected in the release to match pre-agreed expectations.feature
: A new behavior, public APIs. That sort of stuff.deprecation
: A declaration of future API removals and breaking changes in behavior.breaking
: When something public gets removed in a breaking way. Could be deprecated in an earlier release.doc
: Notable updates to the documentation structure or build process.packaging
: Notes for downstreams about unobvious side effects and tooling. Changes in the test invocation considerations and runtime assumptions.contrib
: Stuff that affects the contributor experience. e.g. Running tests, building the docs, setting up the development environment.misc
: Changes that are hard to assign to any of the above categories.
Related issues and pull requests on GitHub: #654.
Released versions#
v10.0.0#
(2023-05-20)
v9.0.0#
(2022-11-19)
#252 via PR #339: Cheroot now requires Python 3.6 or later. Python 3.5 and Python 2.7 are still supported by the maint/8.x branch and stabilizing bugfixes will be accepted to that branch.
v8.6.0#
(2022-01-03)
Significant improvements:
#384 via PR #385, PR #406: Exposed type stubs with annotations for public API – by @kasium.
PR #401 (related to the PR #352 effort): Started reusing the the
expriration_interval
setting as timeout in the low-levelselect()
invocation, effectively reducing the system load when idle, that is noticeable on low-end hardware systems. On Windows OS, due to differentselect()
behavior, the effect is less significant and comes with a theoretically decreased performance on quickly repeating requests, which has however found to be not significant in real world scenarios. – by @MichaIng.
Internal changes:
Implemented a manual-trigger-based release workflow.
Integrated publishing GitHub Releases into the workflow.
Migrated the docs theme to Furo (created by @pradyunsg).
Attempted to improve the stability of testing.
Configured the CI to test the same distribution as will be shipped.
Improved the linting setup and contributor checklists.
Stopped running tests under Ubuntu 16.04.
Tweaked the distribution packages metadata to satisfy strict checks.
Implemented distribution build reproducibility using a pip constraints lock-file.
Added per-environment lock-files into the tox test environments.
v8.5.2#
(2021-01-18)
#358 via PR #359: Fixed a regression from PR #199 that made the worker threads exit on invalid connection attempts and could make the whole server unresponsive once there was no workers left. – by @cameronbrunner.
v8.5.1#
(2020-12-12)
CherryPy #1873 via PR #340: Resurrected an unintentionally removed feature of interrupting a server main thread by externally assigning an exception to the
HTTPServer.interrupt
property – by @liamstask.PR #350: Fixed the incarnation of an earlier regression of not resetting the serving state on
SIGINT
originally fixed by PR #322 and PR #331 but reintroduced by the changes in PR #311 – by @liamstask.
v8.5.0#
(2020-12-05)
#305 via PR #311: In
ConnectionManager
, process connections as they become active rather than waiting for atick
event, addressing performance degradation introduced in v8.1.0 – by @liamstask.#341 via PR #342: Suppress legitimate OS errors expected on shutdown – by @webknjaz.
v8.4.8#
(2020-11-24)
#317 via PR #337: Fixed a regression in 8.4.5 where the connections dictionary would change size during iteration, leading to a
RuntimeError
raised in the logs – by @liamstask.
v8.4.7#
(2020-11-15)
v8.4.6#
(2020-11-15)
v8.4.5#
(2020-08-24)
#312 via PR #313: Fixed a regression introduced in the earlier refactoring in v8.4.4 via PR #309 that caused the connection manager to modify the selector map while looping over it – by @liamstask.
#312 via PR #316: Added a regression test for the error handling in
get_conn()
to ensure more stability – by @cyraxjoe.
v8.4.4#
(2020-08-12)
#304 via PR #309: Refactored
ConnectionManager
to useget_map()
and reorganized the readable connection tracking – by @liamstask.#304 via PR #309: Fixed the server shutdown sequence to avoid race condition resulting in accepting new connections while it is being terminated – by @liamstask.
v8.4.3#
(2020-08-12)
PR #282: Fixed a race condition happening when an HTTP client attempts to reuse a persistent HTTP connection after it’s been discarded on the server in
HTTPRequest
but no TCP FIN packet has been received yet over the wire – by @meaksh.This change populates the
Keep-Alive
header exposing the timeout value for persistent HTTP/1.1 connections which helps mitigate such race conditions by letting the client know not to reuse the connection after that time interval.
v8.4.2#
(2020-07-28)
v8.4.1#
(2020-07-26)
Prevent
ConnectionAbortedError
traceback from being printed out to the terminal output during the app start-up on Windows when built-in TLS adapter is used (#302 via PR #306) - by @mxii-ca.
v8.4.0#
(2020-07-23)
Converted management from low-level
select()
to high-levelselectors
(#249 via PR #301) - by @tommilligan.This change also introduces a conditional dependency on
selectors2
as a fall-back for legacy Python interpreters.
v8.3.1#
(2020-07-13)
v8.3.0#
(2020-02-09)
CherryPy #910 via PR #243: Provide TLS-related details via WSGI environment interface.
PR #248: Fix parsing of the
--bind
CLI option for abstract UNIX sockets.
v8.2.1#
(2019-10-17)
CherryPy #1818: Restore support for
None
default argument toWebCase.getPage()
.
v8.2.0#
(2019-10-14)
Deprecated use of negative timeouts as alias for infinite timeouts in
ThreadPool.stop
.CherryPy #1662 via PR #74: For OPTION requests, bypass URI as path if it does not appear absolute.
v8.1.0#
(2019-10-09)
v8.0.0#
(2019-10-09)
v7.0.0#
(2019-09-26)
PR #224: Refactored “open URL” behavior in
webtest
to rely on retry_call. Callers can no longer passraise_subcls
orssl_context
positionally, but must pass them as keyword arguments.
v6.6.0#
(2019-09-25)
Revisit PR #85 under PR #221. Now
backports.functools_lru_cache
is only required on Python 3.2 and earlier.CherryPy #1206 via PR #204: Fix race condition in threadpool shrink code.
v6.5.8#
(2019-09-05)
v6.5.7#
(2019-09-03)
#198 via 9f7affe: Fix race condition when toggling stats counting in the middle of request processing.
Improve post Python 3.9 compatibility checks.
Fix support of abstract namespace sockets.
v6.5.6#
(2019-08-19)
v6.5.5#
(2019-04-25)
#99 via PR #186: Sockets now collect statistics (bytes read and written) on Python 3 same as Python 2.
CherryPy #1618 via PR #180: Ignore OpenSSL’s 1.1+ Error 0 under any Python while wrapping a socket.
v6.5.4#
(2019-01-01)
#113: Fix
cheroot.ssl.pyopenssl
under Python 3.#154 via PR #159: Remove custom license field from dist metadata.
#95: Fully integrate
trustme
into all TLS tests. Also remove all hardcoded TLS certificates.Fix invalid input processing in
cheroot._compat.extract_bytes()
.Fix returning error explanation over plain HTTP for PyOpenSSL.
Add a fallback for
os.lchmod()
where it’s missing.Avoid traceback for invalid client cert with builtin
ssl
adapter.Avoid deprecation warning with
OpenSSL.SSL.Connection
.Fix socket wrapper in PyOpenSSL adapter.
Improve tests coverage:
Client TLS certificate tests
PEERCREDS
lookup
v6.5.3#
(2018-12-20)
PR #149: Make
SCRIPT_NAME
optional per PEP 333.
v6.5.2#
(2018-09-03)
#6 via PR #109: Fix import of
cheroot.ssl.pyopenssl
by refactoring and separatingcheroot.makefile
’s stream wrappers.#95 via PR #109: Add initial tests for SSL layer with use of
trustme
v6.5.1#
(2018-09-02)
#93 via PR #110: Improve UNIX socket FS access mode in
cheroot.server.HTTPServer.prepare()
on a file socket when starting to listen to it.
v6.5.0#
(2018-08-29)
CherryPy #1001 via PR #52 and PR #108: Add support for validating client certificates.
v6.4.0#
(2018-08-01)
#68 via PR #98: Factor out parts of
cheroot.server.HTTPServer.start()
intoprepare()
andserve()
v6.3.3#
(2018-07-10)
Fix bug with returning empty result in
cheroot.ssl.builtin.BuiltinSSLAdapter.wrap()
v6.3.2#
(2018-06-16)
v6.3.1#
(2018-05-21)
CherryPy #1618: Ignore OpenSSL’s 1.1+ Error 0 under Python 2 while wrapping a socket.
v6.3.0#
(2018-05-17)
PR #87: Add
cheroot
command and runpy launcher to launch a WSGI app from the command-line.
v6.2.4#
(2018-04-19)
Fix missing
resolve_peer_creds
argument incheroot.wsgi.Server
being bypassed intocheroot.server.HTTPServer
.PR #85: Revert conditional dependencies. System packagers should honor the dependencies as declared by cheroot, which are defined intentionally.
v6.2.3#
(2018-04-14)
PR #85: Skip installing dependencies from backports namespace under Python 3.
v6.2.2#
(2018-04-14)
#84 (CherryPy #1704): Fix regression, causing
ModuleNotFoundError
undercygwin
.
v6.2.1#
(2018-04-10)
PR #83: Fix regression, caused by inverted check for Windows OS.
Add more URLs to distribution metadata
v6.2.0#
(2018-04-10)
PR #37: Implement PEERCRED lookup over UNIX-socket HTTP connection.
Discover connected process’ PID/UID/GID
Respect server switches:
peercreds_enabled
andpeercreds_resolve_enabled
get_peer_creds
andresolve_peer_creds
methods on connectionpeer_pid
,peer_uid
,peer_gid
,peer_user
andpeer_group
properties on connectionX_REMOTE_PID
,X_REMOTE_UID
,X_REMOTE_GID
,X_REMOTE_USER
(REMOTE_USER
) andX_REMOTE_GROUP
WSGI environment variables when enabled and supportedPer-connection caching to reduce lookup cost
v6.1.2#
(2018-04-08)
#81: Fix regression introduced by PR #80.
Restore
storing bound socket
in Windows broken by use ofsocket.AF_UNIX
v6.1.1#
(2018-04-07)
PR #80: Fix regression introduced by 68a5769.
Get back support for
socket.AF_UNIX
in stored bound address incheroot.server.HTTPServer.bind_addr
v6.1.0#
(2018-04-05)
PR #67: Refactor test suite to completely rely on pytest.
Integrate
pytest-testmon
andpytest-watch
Stabilize testing
CherryPy #1664 via PR #66: Implement input termination flag support as suggested by @mitsuhiko in his wsgi.input_terminated Proposal.
#73: Fix SSL error bypassing.
#77 via PR #78: Fix WSGI documentation example to support Python 3.
PR #76: Send correct conditional HTTP error in helper function.
CherryPy #1404 via PR #75: Fix headers being unsent before request closed. Now we double check that they’ve been sent.
Minor docs improvements.
Minor refactoring.
v6.0.0#
(2017-12-04)
Drop support for Python 2.6, 3.1, 3.2, and 3.3.
Also drop built-in SSL support for Python 2.7 earlier than 2.7.9.
v5.11.0#
(2017-12-04)
CherryPy #1621: To support
webtest
applications that feed absolute URIs togetPage()
but expect the scheme/host/port to be ignored (as cheroot 5.8 and earlier did), provide astrip_netloc
helper and recipe for calling it in a subclass.
v5.10.0#
(2017-11-23)
Minor refactorings of
cheroot/server.py
to reduce redundancy of behavior.Delinting with fewer exceptions.
Restored license to BSD.
v5.9.2#
(2017-11-23)
#61: Re-release without spurious files in the distribution.
v5.9.1#
(2017-11-17)
#58: Reverted encoding behavior in wsgi module to correct regression in CherryPy tests.
v5.9.0#
(2017-11-16)
CherryPy #1088 and PR #53: Avoid using SO_REUSEADDR on Windows where it has different semantics.
cheroot.tests.webtest
adopts the one method that was unique in CherryPy, now superseding the implementation there.Substantial cleanup around compatibility functions (
_compat
module).License unintentionally changed to MIT. BSD still declared and intended.
v5.8.3#
(2017-08-11)
Improve HTTP request line validation:
Improve HTTP version parsing
Fix HTTP CONNECT method processing:
Respond with
405 Method Not Allowed
ifproxy_mode is False
Validate that request-target is in authority-form
Improve tests in
test.test_core
PR #44: Fix EPROTOTYPE @ Mac OS
v5.8.2#
(2017-08-07)
Fix PR #39 regression. Add HTTP request line check: absolute URI path must start with a forward slash (“/”).
v5.8.1#
(2017-08-05)
CI improvements:
Add basic working Circle CI v2 config
Fix URI encoding bug introduced in PR #39
Improve
cheroot.test.helper.Controller
to properly match Unicode
v5.8.0#
(2017-08-01)
CI improvements:
Switch to native PyPy support in Travis CI
Take into account PEP 257 compliant modules
Build wheel in AppVeyor and store it as an artifact
Improve urllib support in
cheroot._compat
v5.7.0#
(2017-06-24)
CI improvements:
Don’t run tests during deploy stage
Use VM based build job environments only for
pyenv
environmentsOpt-in for beta trusty image @ Travis CI
Be verbose when running tests (show test names)
Show
xfail
/skip details during test run
#34: Fix
_handle_no_ssl
error handler calls#21: Fix
test_conn
tests:Improve setup_server def in HTTP connection tests
Fix HTTP streaming tests
Fix HTTP/1.1 pipelining test under Python 3
Fix
test_readall_or_close
testFix
test_No_Message_Body
Clarify
test_598
fail reason
#36: Add GitHub templates for PR, issue && contributing
#27: Default HTTP Server header to Cheroot version str
Cleanup
_compat
functions from server module
v5.6.0#
(2017-06-20)
Fix all PEP 257 related errors in all non-test modules.
cheroot/test/*
folder is only one left allowed to fail with this linter.CherryPy #1602 and PR #30: Optimize chunked body reader loop by returning empty data is the size is 0.
CherryPy #1486: Reset buffer if the body size is unknown
CherryPy #1131: Add missing size hint to SizeCheckWrapper
v5.5.2#
(2017-06-18)
PR #32: Ignore
"unknown error"
and"https proxy request"
SSL errors.Ref: sabnzbd/sabnzbd#820
Ref: sabnzbd/sabnzbd#860
v5.5.1#
(2017-06-18)
Make AppVeyor list separate tests in corresponding tab.
PR #29: Configure Travis CI build stages.
Prioritize tests by stages.
Move deploy stage to be run very last after all other stages finish.
PR #31: Ignore “Protocol wrong type for socket” (EPROTOTYPE) @ OSX for non-blocking sockets.
This was originally fixed for regular sockets in CherryPy #1392.
Ref: https://forums.sabnzbd.org/viewtopic.php?f=2&t=22728&p=112251
v5.5.0#
(2017-05-02)
#17 via PR #25: Instead of a read_headers function, cheroot now supplies a
HeaderReader
class to perform the same function.Any
HTTPRequest
object may override the header_reader attribute to customize the handling of incoming headers.The server module also presents a provisional implementation of a
DropUnderscoreHeaderReader
that will exclude any headers containing an underscore. It remains an exercise for the implementer to demonstrate how this functionality might be employed in a server such as CherryPy.PR #26: Configured TravisCI to run tests under OS X.
v5.4.0#
(2017-03-19)
PR #22: Add “ciphers” parameter to SSLAdapter.
v5.3.0#
(2017-03-12)
PR #8: Updated style to better conform to PEP 8.
Refreshed project with jaraco skeleton.
Docs now built and deployed at RTD.
v5.2.0#
(2017-03-02)
v5.1.0#
(2017-01-22)
Removed the WSGI prefix from classes in
cheroot.wsgi
. Kept aliases for compatibility.#1: Corrected docstrings in
cheroot.server
andcheroot.wsgi
.PR #2: Fixed
ImportError
when pkg_resources cannot find the cheroot distribution.
v5.0.1#
(2017-01-14)
Fix error in
parse_request_uri
created in 68a5769.
v5.0.0#
(2017-01-14)
Initial release based on cherrypy.cherrypy.wsgiserver 8.8.0.