Update minimum Tornado version to 6.5.0 to address:
- CVE-2024-52804 (Medium): HTTP Cookie Parsing DoS
- CVE-2025-47287 (High 7.5): Multipart/Form-Data Parser DoS
This simplifies the tornado worker by removing legacy code paths
for Tornado < 5.0 and < 6.0, reducing the codebase by ~30%.
Changes:
- pyproject.toml: Update tornado requirement to >=6.5.0
- gtornado.py: Remove TORNADO5 constant and legacy code paths
- tornadoapp.py: Update example to use async/await syntax
- test_gtornado.py: Add comprehensive test suite
It is now possible to specify a file with "config" as an application
configuration key in a paste deploy configuration file. This allows
paster applications to use the full range of gunicorn settings even
when using paste/pserve rather than gunicorn_paster.
Fixes#540.
Allows gunicorn to listen on different interface. It can be either ipv6,
unix or ipv4 sockets.
Ex:
gunicorn -w3 -b 127.0.0.1:8001 -b 127.0.0.1:8000 -b [::1]:8000 test:app
fix#444
- handle new way to launch applications in django 1.4
- simplify the way we discover the project path and settings
- add --pythonpath & --settings options for django applications
- still compatible with older versions (>=1.1)
-handle DJANGO_SETTINGS_MODULE env.
close#283, #275, #274, #241
aren't correctly reloaded. First attempt to remove it from sys.modules
introduced more problem than it solved.
This new attempt, just get the module, reload it and populate currently
loaded settings with new values.
mange.py have to use USR2 signal if they want to upgrade the django
version instread of HUP. On the other hand, upgrading django version
with HUP is possible with gunicorn_django command.
blocking operation django example (we read a file already on the fs and
recreate another which blocked async schedulers).
While I'm here ease the code of eventlet worker. Just use the convenient
eventlet.serve function which already manage what we do and revert sopme
useless changes in body and header parsing.