gunicorn/SECURITY.md
Benoit Chesneau 5d819cf360 release: 26.0.0
- Bump version_info to (26, 0, 0)
- Update SECURITY.md supported releases (26.0.0, 25.3.0)
- Add 26.0.0 entry to news.md and 2026-news.md covering eventlet
  removal, ASGI framework compatibility suite, RFC 9110/9112
  request-target and header hardening, smuggling fixes, HEAD/204/304
  body framing, WebSocket close handshake compliance, HTTP/2 ASGI
  stream completion, early-hints validation, framework fixes
  (Django/Litestar/Quart/BlackSheep), and gunicorn_h1c >= 0.6.5
2026-05-05 08:35:19 +02:00

1.2 KiB

Security Policy

Reporting a Vulnerability

Please note that public Github issues are open for everyone to see!

If you believe you are found a problem in Gunicorn software, examples or documentation, we encourage you to send your report privately via email, or via Github using the Report a vulnerability button in the Security section.

Supported Releases

Please target reports against or current master. Please understand that will not receive further security attention.

Version Status
26.0.0
25.3.0
24.1.1
23.0.0
22.0.0
< 22.0

Python Versions

Gunicorn runs on Python 3.10+, supporting Python versions that are still maintained by the PSF. We highly recommend the latest release of a supported series and will not prioritize issues affecting EoL environments.