mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-01 10:11:30 +08:00
- Bump version_info to (26, 0, 0) - Update SECURITY.md supported releases (26.0.0, 25.3.0) - Add 26.0.0 entry to news.md and 2026-news.md covering eventlet removal, ASGI framework compatibility suite, RFC 9110/9112 request-target and header hardening, smuggling fixes, HEAD/204/304 body framing, WebSocket close handshake compliance, HTTP/2 ASGI stream completion, early-hints validation, framework fixes (Django/Litestar/Quart/BlackSheep), and gunicorn_h1c >= 0.6.5
30 lines
1.2 KiB
Markdown
30 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
**Please note that public Github issues are open for everyone to see!**
|
|
|
|
If you believe you are found a problem in Gunicorn software, examples or documentation, we encourage you to send your
|
|
report privately via [email](mailto:security@gunicorn.org?subject=Security%20issue%20in%20Gunicorn), or via Github
|
|
using the *Report a vulnerability* button in the [Security](https://github.com/benoitc/gunicorn/security) section.
|
|
|
|
## Supported Releases
|
|
|
|
Please target reports against :white_check_mark: or current master. Please understand that :x: will
|
|
not receive further security attention.
|
|
|
|
| Version | Status |
|
|
| ------- | ------------------ |
|
|
| 26.0.0 | :white_check_mark: |
|
|
| 25.3.0 | :white_check_mark: |
|
|
| 24.1.1 | :x: |
|
|
| 23.0.0 | :x: |
|
|
| 22.0.0 | :x: |
|
|
| < 22.0 | :x: |
|
|
|
|
## Python Versions
|
|
|
|
Gunicorn runs on Python 3.10+, supporting Python versions that are still maintained by the PSF.
|
|
We *highly recommend* the latest release of a [supported series](https://devguide.python.org/versions/)
|
|
and will not prioritize issues affecting EoL environments.
|