mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-01 10:11:30 +08:00
Three findings against the ASGI PROXY protocol path: - High: an untrusted peer could send a PROXY v1/v2 header and have the client address surfaced to the app. _setup_callback_parser now passes proxy_protocol='off' to the parser when the peer is not in proxy_allow_ips. _effective_peername adds a defensive re-check. - Medium: PROXY v1 TCP4/TCP6 addresses were copied as strings without validation. Validate with socket.inet_pton, mirroring the WSGI parser. - Medium: PROXY v2 quietly mapped non-STREAM (DGRAM) protocols to UDP4/UDP6. gunicorn is an HTTP server; reject non-STREAM with InvalidProxyHeader, mirroring the WSGI parser.
Gunicorn
Gunicorn is maintained by volunteers. If it powers your production, please consider supporting us:
Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It's a pre-fork worker model ported from Ruby's Unicorn project. The Gunicorn server is broadly compatible with various web frameworks, simply implemented, light on server resource usage, and fairly speedy.
New in v25: Per-app worker allocation for dirty arbiters, HTTP/2 support (beta)!
Quick Start
pip install gunicorn
gunicorn myapp:app --workers 4
For ASGI applications (FastAPI, Starlette):
gunicorn myapp:app --worker-class asgi
Features
- WSGI support for Django, Flask, Pyramid, and any WSGI framework
- ASGI support for FastAPI, Starlette, Quart
- HTTP/2 support (beta) with multiplexed streams
- Dirty Arbiters (beta) for heavy workloads (ML models, long-running tasks)
- uWSGI binary protocol for nginx integration
- Multiple worker types: sync, gthread, gevent, eventlet, asgi
- Graceful worker process management
- Compatible with Python 3.9+
Documentation
Full documentation at https://gunicorn.org
Community
- Report bugs on GitHub Issues
- Chat in #gunicorn on Libera.chat
- See CONTRIBUTING.md for contribution guidelines
Support
Powering Python apps since 2010. Support continued development.
Sponsors
License
Gunicorn is released under the MIT License. See the LICENSE file for details.
Languages
Python
99.9%