From f9df39f600a784f6edabdb9f1777c0eef78a7527 Mon Sep 17 00:00:00 2001 From: Benoit Chesneau Date: Fri, 23 Jan 2026 00:59:51 +0100 Subject: [PATCH] gevent: Require gevent 24.10.1+ to address CVE-2024-3219 --- gunicorn/config.py | 4 ++-- gunicorn/workers/ggevent.py | 6 +++--- pyproject.toml | 4 ++-- tests/workers/test_ggevent.py | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/gunicorn/config.py b/gunicorn/config.py index 56c7df3c..2dcf64d0 100644 --- a/gunicorn/config.py +++ b/gunicorn/config.py @@ -680,9 +680,9 @@ class WorkerClass(Setting): * ``sync`` * ``eventlet`` - Requires eventlet >= 0.40.3 (or install it via ``pip install gunicorn[eventlet]``) - * ``gevent`` - Requires gevent >= 23.9.0 (or install it via + * ``gevent`` - Requires gevent >= 24.10.1 (or install it via ``pip install gunicorn[gevent]``) - * ``tornado`` - Requires tornado >= 0.2 (or install it via + * ``tornado`` - Requires tornado >= 6.5.0 (or install it via ``pip install gunicorn[tornado]``) * ``gthread`` - Python 2 requires the futures package to be installed (or install it via ``pip install gunicorn[gthread]``) diff --git a/gunicorn/workers/ggevent.py b/gunicorn/workers/ggevent.py index ad9ecc83..2e623874 100644 --- a/gunicorn/workers/ggevent.py +++ b/gunicorn/workers/ggevent.py @@ -11,11 +11,11 @@ import time try: import gevent except ImportError: - raise RuntimeError("gevent worker requires gevent 23.9.0 or higher") + raise RuntimeError("gevent worker requires gevent 24.10.1 or higher") else: from packaging.version import parse as parse_version - if parse_version(gevent.__version__) < parse_version('23.9.0'): - raise RuntimeError("gevent worker requires gevent 23.9.0 or higher") + if parse_version(gevent.__version__) < parse_version('24.10.1'): + raise RuntimeError("gevent worker requires gevent 24.10.1 or higher") from gevent.pool import Pool from gevent.server import StreamServer diff --git a/pyproject.toml b/pyproject.toml index b1a386cd..c176784f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -47,13 +47,13 @@ Documentation = "https://docs.gunicorn.org" Changelog = "https://docs.gunicorn.org/en/stable/news.html" [project.optional-dependencies] -gevent = ["gevent>=23.9.0"] +gevent = ["gevent>=24.10.1"] eventlet = ["eventlet>=0.40.3"] tornado = ["tornado>=6.5.0"] gthread = [] setproctitle = ["setproctitle"] testing = [ - "gevent>=23.9.0", + "gevent>=24.10.1", "eventlet>=0.40.3", "coverage", "pytest", diff --git a/tests/workers/test_ggevent.py b/tests/workers/test_ggevent.py index 7e5d581e..8c3c2199 100644 --- a/tests/workers/test_ggevent.py +++ b/tests/workers/test_ggevent.py @@ -20,10 +20,10 @@ def test_import(): def test_version_requirement(): - """Test that gevent 23.9.0+ is required.""" + """Test that gevent 24.10.1+ is required.""" from gunicorn.workers import ggevent from packaging.version import parse as parse_version - assert parse_version(gevent.__version__) >= parse_version('23.9.0') + assert parse_version(gevent.__version__) >= parse_version('24.10.1') class TestGeventWorkerInit: