gevent: Require gevent 24.10.1+ to address CVE-2024-3219

This commit is contained in:
Benoit Chesneau 2026-01-23 00:59:51 +01:00
parent db3b0819dc
commit f9df39f600
4 changed files with 9 additions and 9 deletions

View File

@ -680,9 +680,9 @@ class WorkerClass(Setting):
* ``sync`` * ``sync``
* ``eventlet`` - Requires eventlet >= 0.40.3 (or install it via * ``eventlet`` - Requires eventlet >= 0.40.3 (or install it via
``pip install gunicorn[eventlet]``) ``pip install gunicorn[eventlet]``)
* ``gevent`` - Requires gevent >= 23.9.0 (or install it via * ``gevent`` - Requires gevent >= 24.10.1 (or install it via
``pip install gunicorn[gevent]``) ``pip install gunicorn[gevent]``)
* ``tornado`` - Requires tornado >= 0.2 (or install it via * ``tornado`` - Requires tornado >= 6.5.0 (or install it via
``pip install gunicorn[tornado]``) ``pip install gunicorn[tornado]``)
* ``gthread`` - Python 2 requires the futures package to be installed * ``gthread`` - Python 2 requires the futures package to be installed
(or install it via ``pip install gunicorn[gthread]``) (or install it via ``pip install gunicorn[gthread]``)

View File

@ -11,11 +11,11 @@ import time
try: try:
import gevent import gevent
except ImportError: except ImportError:
raise RuntimeError("gevent worker requires gevent 23.9.0 or higher") raise RuntimeError("gevent worker requires gevent 24.10.1 or higher")
else: else:
from packaging.version import parse as parse_version from packaging.version import parse as parse_version
if parse_version(gevent.__version__) < parse_version('23.9.0'): if parse_version(gevent.__version__) < parse_version('24.10.1'):
raise RuntimeError("gevent worker requires gevent 23.9.0 or higher") raise RuntimeError("gevent worker requires gevent 24.10.1 or higher")
from gevent.pool import Pool from gevent.pool import Pool
from gevent.server import StreamServer from gevent.server import StreamServer

View File

@ -47,13 +47,13 @@ Documentation = "https://docs.gunicorn.org"
Changelog = "https://docs.gunicorn.org/en/stable/news.html" Changelog = "https://docs.gunicorn.org/en/stable/news.html"
[project.optional-dependencies] [project.optional-dependencies]
gevent = ["gevent>=23.9.0"] gevent = ["gevent>=24.10.1"]
eventlet = ["eventlet>=0.40.3"] eventlet = ["eventlet>=0.40.3"]
tornado = ["tornado>=6.5.0"] tornado = ["tornado>=6.5.0"]
gthread = [] gthread = []
setproctitle = ["setproctitle"] setproctitle = ["setproctitle"]
testing = [ testing = [
"gevent>=23.9.0", "gevent>=24.10.1",
"eventlet>=0.40.3", "eventlet>=0.40.3",
"coverage", "coverage",
"pytest", "pytest",

View File

@ -20,10 +20,10 @@ def test_import():
def test_version_requirement(): def test_version_requirement():
"""Test that gevent 23.9.0+ is required.""" """Test that gevent 24.10.1+ is required."""
from gunicorn.workers import ggevent from gunicorn.workers import ggevent
from packaging.version import parse as parse_version from packaging.version import parse as parse_version
assert parse_version(gevent.__version__) >= parse_version('23.9.0') assert parse_version(gevent.__version__) >= parse_version('24.10.1')
class TestGeventWorkerInit: class TestGeventWorkerInit: