Benoit Chesneau 0a736ea4a2 fix: keep _body_receiver alive across the keepalive smuggling gate
The smuggling guard added in #3614 reads self._body_receiver after
_handle_http_request returns to refuse keepalive on a body that did
not finish framing.  But _handle_http_request's finally cleared the
receiver before returning, so the gate always saw None and let
keepalive proceed unconditionally.  Move the clear into the
connection loop's per-iteration cleanup (it already had one there
for the same purpose).

Adds an end-to-end regression test that pipelines a partial-body POST
followed by a smuggled GET and asserts the second request is not
served and the transport closes.
2026-05-03 21:03:49 +02:00
2026-02-06 08:21:18 +01:00
2026-01-23 01:20:03 +01:00
2026-02-06 08:21:18 +01:00
2026-01-27 09:46:42 +01:00
2026-02-06 08:21:18 +01:00
2026-03-24 23:21:23 +01:00

Gunicorn

Gunicorn is maintained by volunteers. If it powers your production, please consider supporting us:
GitHub Sponsors Revolut

PyPI version Supported Python versions Build Status

Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It's a pre-fork worker model ported from Ruby's Unicorn project. The Gunicorn server is broadly compatible with various web frameworks, simply implemented, light on server resource usage, and fairly speedy.

New in v25: Per-app worker allocation for dirty arbiters, HTTP/2 support (beta)!

Quick Start

pip install gunicorn
gunicorn myapp:app --workers 4

For ASGI applications (FastAPI, Starlette):

gunicorn myapp:app --worker-class asgi

Features

  • WSGI support for Django, Flask, Pyramid, and any WSGI framework
  • ASGI support for FastAPI, Starlette, Quart
  • HTTP/2 support (beta) with multiplexed streams
  • Dirty Arbiters (beta) for heavy workloads (ML models, long-running tasks)
  • uWSGI binary protocol for nginx integration
  • Multiple worker types: sync, gthread, gevent, eventlet, asgi
  • Graceful worker process management
  • Compatible with Python 3.9+

Documentation

Full documentation at https://gunicorn.org

Community

Support

Powering Python apps since 2010. Support continued development.

Become a Sponsor

Sponsors

Enki Multimedia

License

Gunicorn is released under the MIT License. See the LICENSE file for details.

Description
gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.
Readme MIT 8.2 MiB
Languages
Python 99.9%