23 Commits

Author SHA1 Message Date
Benoit Chesneau
7ff671bca3 chore: replace README.rst with README.md, remove modernization-plan.md 2026-02-01 09:18:11 +01:00
Benoit Chesneau
780e2cf055 Add HTTP/2 tests
Unit tests for HTTP/2 implementation:
- test_http2_stream.py: Stream state management tests
- test_http2_request.py: Request interface tests
- test_http2_connection.py: Connection handling tests
- test_http2_async_connection.py: Async connection tests
- test_http2_config.py: Configuration tests
- test_http2_alpn.py: ALPN negotiation tests
- test_http2_errors.py: Error handling tests
- test_http2_integration.py: Integration tests

Docker integration tests:
- Full HTTP/2 testing environment with nginx proxy
- Direct connection tests and proxy tests
- Concurrent stream tests
- Protocol behavior tests
- Error handling tests
- Header handling tests
- Performance tests
2026-01-27 09:57:32 +01:00
Benoit Chesneau
c711d9fb6f Add HTTP/2 dependency and configuration
- Add optional h2 dependency for HTTP/2 support
- Add http2 module skeleton with availability check and errors
- Add HTTP/2 configuration settings (max_concurrent_streams,
  initial_window_size, max_frame_size, max_header_list_size)
- Add ALPN support to SSL context for HTTP/2 negotiation
2026-01-27 09:57:01 +01:00
Benoit Chesneau
b67ff0b31d test: fix warnings and flaky tests in dirty arbiter tests
- Close coroutines in mocked asyncio.run to prevent "never awaited" warning
- Fix flaky integration tests with proper async cleanup and try/finally
- Add uvloop to testing dependencies so uvloop test runs
- Add pytest warning filter for eventlet/asyncio incompatibility
2026-01-25 10:23:25 +01:00
Benoit Chesneau
7894d1c170 release: prepare 24.1.0
- Bump version to 24.1.0
- Add PROXY protocol v2 documentation to deploy guide
- Add 24.1.0 changelog with new features and bug fixes
- Update all docs.gunicorn.org URLs to gunicorn.org
2026-01-23 18:47:17 +01:00
Benoit Chesneau
f9df39f600 gevent: Require gevent 24.10.1+ to address CVE-2024-3219 2026-01-23 00:59:51 +01:00
Benoit Chesneau
db3b0819dc build: Update license config to PEP 639 format for uv compatibility 2026-01-23 00:51:32 +01:00
Benoit Chesneau
086dadfa1e testing: Pin gevent and eventlet minimum versions 2026-01-23 00:26:35 +01:00
Benoit Chesneau
4062a82ba7 eventlet: Require eventlet 0.40.3+ for security fixes
Upgrade minimum eventlet version to 0.40.3 to address security
vulnerabilities:

- CVE-2021-21419 (Moderate 6.9): Websocket memory exhaustion via
  large/compressed frames (fixed in 0.31.0)
- CVE-2025-58068 (Moderate 6.3): HTTP Request Smuggling via improper
  trailer handling (fixed in 0.40.3)

Also restructure module to call monkey_patch() at import time for
better patching coverage, while keeping hubs.use_hub() in the worker's
patch() method since it creates OS resources that don't survive fork.

Add comprehensive tests for the eventlet worker.
2026-01-23 00:25:50 +01:00
Benoit Chesneau
543854c123 gevent: Require gevent 23.9.0+ for security fixes
Address CVE-2023-41419 (Critical - remote privilege escalation via
WSGIServer) by requiring gevent 23.9.0 or higher.

Changes:
- Update minimum gevent version from 1.4.0 to 23.9.0
- Remove legacy server.kill() code path (gevent < 1.0)
- Update documentation to reflect new version requirement
- Add comprehensive tests for gevent worker
2026-01-23 00:14:11 +01:00
Benoit Chesneau
4b9d787c93 tornado: Require Tornado 6.5.0+ for security fixes
Update minimum Tornado version to 6.5.0 to address:
- CVE-2024-52804 (Medium): HTTP Cookie Parsing DoS
- CVE-2025-47287 (High 7.5): Multipart/Form-Data Parser DoS

This simplifies the tornado worker by removing legacy code paths
for Tornado < 5.0 and < 6.0, reducing the codebase by ~30%.

Changes:
- pyproject.toml: Update tornado requirement to >=6.5.0
- gtornado.py: Remove TORNADO5 constant and legacy code paths
- tornadoapp.py: Update example to use async/await syntax
- test_gtornado.py: Add comprehensive test suite
2026-01-23 00:02:01 +01:00
Benoit Chesneau
99ffa0cc6b tests: Exclude docker tests from regular pytest runs
- Add tests/docker to norecursedirs in pyproject.toml to prevent
  docker tests from running during regular test suite (they require
  docker and the requests library)
- Add -p no:cov to docker integration workflow to disable coverage
  plugin since pytest-cov is not installed in that environment
2026-01-22 19:24:30 +01:00
Benoit Chesneau
ae1eea8108 asgi: Add native ASGI worker with HTTP and WebSocket support
Add a new ASGI worker type that provides native async support using
gunicorn's own HTTP parsing infrastructure adapted for asyncio.

Features:
- HTTP/1.1 with keepalive support
- WebSocket connections (RFC 6455)
- ASGI lifespan protocol for startup/shutdown hooks
- Optional uvloop support for improved performance
- Full proxy protocol support (inherited from gunicorn)

New configuration options:
- --asgi-loop: Event loop selection (auto/asyncio/uvloop)
- --asgi-lifespan: Lifespan protocol control (auto/on/off)
- --root-path: ASGI root path for reverse proxy setups

Usage: gunicorn -k asgi myapp:app
2026-01-22 17:05:29 +01:00
Benoit Chesneau
56b5ad87f8
Restore Python 3.10 and 3.11 support (#3425)
This change extends Python support back to 3.10 and 3.11, which are
still actively maintained by the PSF:
- Python 3.10: Security support until Oct 2026
- Python 3.11: Active support (latest feature release)
- Python 3.12: Active support
- Python 3.13: Latest stable release

The previous change to support only 3.12+ was too restrictive as many
users are still on Python 3.10 and 3.11 in production environments.

Changes:
- Updated pyproject.toml to set minimum Python to 3.10
- Added Python 3.10, 3.11, and PyPy 3.10 to CI matrix
- Updated all documentation to reflect Python 3.10+ requirement
- Maintained compatibility with latest pylint for Python 3.12+
2025-10-05 22:45:21 +02:00
Benoit Chesneau
1dc4ce9d59
Update to support only Python 3.12 and 3.13 (#3422)
* Update CI and project to support only Python N (3.13) and N-1 (3.12)

- Update GitHub Actions workflows to test only Python 3.12 and 3.13
- Update pyproject.toml to require Python >= 3.12
- Update tox.ini to test only py312 and py313
- Update documentation to reflect Python 3.12+ requirement
- Clean up AppVeyor configuration for Python 3.12
* Update pylint to 3.3.2 for Python 3.12 compatibility
* Disable new pylint warnings for pre-existing issues
2025-10-05 19:55:32 +02:00
David Huggins-Daines
0243ec39ef fix(deps): exclude eventlet 0.36.0 2024-03-26 10:15:11 -04:00
Thomas Grainger
5e30bfa6b1 add changelog to project.urls (updated for PEP621) 2023-12-29 05:12:08 +01:00
Paul J. Dorn
c2e48b3014 Merge #3085 2023-12-29 05:10:42 +01:00
Paul J. Dorn
09ee579f44 Merge #3083 2023-12-29 05:09:19 +01:00
Paul J. Dorn
611746edc9 CI: check entry points
Fixes: fdd23e82926d7d10ec4a8e65e42b5184a4ee20ce
2023-12-07 21:12:38 +01:00
Paul J. Dorn
c3396b9786 github actions: cache and test run_module (-m) 2023-12-07 20:02:55 +01:00
Mathieu Dupuy
7acd83bfb6
pyproject.toml: fix license-files field 2023-12-02 11:03:13 +01:00
Mathieu Dupuy
fdd23e8292
migrate to pyproject.toml 2023-09-12 00:43:37 +02:00