docs: Update 24.0.0 changelog with security fixes

This commit is contained in:
Benoit Chesneau 2026-01-23 01:39:23 +01:00
parent 3960372b82
commit e021e3e93f
2 changed files with 19 additions and 7 deletions

View File

@ -23,14 +23,24 @@
with Material theme for improved navigation and mobile experience
([PR #3426](https://github.com/benoitc/gunicorn/pull/3426))
### Security
- **eventlet**: Require eventlet >= 0.40.3 to address CVE-2021-21419 (websocket
memory exhaustion) and CVE-2025-58068 (HTTP request smuggling)
([PR #3445](https://github.com/benoitc/gunicorn/pull/3445))
- **gevent**: Require gevent >= 24.10.1 to address CVE-2023-41419 (HTTP request
smuggling) and CVE-2024-3219 (socket.socketpair vulnerability)
([PR #3445](https://github.com/benoitc/gunicorn/pull/3445))
- **tornado**: Require tornado >= 6.5.0 to address CVE-2025-47287 (HTTP request
smuggling) and other security fixes
([PR #3445](https://github.com/benoitc/gunicorn/pull/3445))
### Changes
- Minimum Python version is now 3.12
- Documentation now hosted at https://gunicorn.org
### Breaking changes
- Dropped support for Python versions before 3.12
- Updated license configuration to PEP 639 format for uv compatibility
!!! warning "ASGI Worker Beta"
The ASGI worker is a beta feature. While tested, the API and behavior

View File

@ -17,9 +17,11 @@
- **Documentation Migration**: Migrated to MkDocs with Material theme
### Breaking changes
### Security
- Minimum Python version is now 3.12
- **eventlet**: Require eventlet >= 0.40.3 (CVE-2021-21419, CVE-2025-58068)
- **gevent**: Require gevent >= 24.10.1 (CVE-2023-41419, CVE-2024-3219)
- **tornado**: Require tornado >= 6.5.0 (CVE-2025-47287)
---