gunicorn/docs/content/2026-news.md
2026-01-23 01:39:23 +01:00

48 lines
1.9 KiB
Markdown

<span id="news-2026"></span>
# Changelog - 2026
## 24.0.0 - 2026-01-23
### New Features
- **ASGI Worker (Beta)**: Native asyncio-based ASGI support for running async Python
frameworks like FastAPI, Starlette, and Quart without external dependencies
([PR #3444](https://github.com/benoitc/gunicorn/pull/3444))
- HTTP/1.1 with keepalive connections
- WebSocket support
- Lifespan protocol for startup/shutdown hooks
- Optional uvloop for improved performance
- New settings: `--asgi-loop`, `--asgi-lifespan`, `--root-path`
- **uWSGI Binary Protocol**: Support for receiving requests from nginx via
`uwsgi_pass` directive, enabling efficient binary protocol communication
([PR #3444](https://github.com/benoitc/gunicorn/pull/3444))
- New settings: `--protocol uwsgi`, `--uwsgi-allow-from`
- **Documentation Migration**: Migrated documentation from Sphinx to MkDocs
with Material theme for improved navigation and mobile experience
([PR #3426](https://github.com/benoitc/gunicorn/pull/3426))
### Security
- **eventlet**: Require eventlet >= 0.40.3 to address CVE-2021-21419 (websocket
memory exhaustion) and CVE-2025-58068 (HTTP request smuggling)
([PR #3445](https://github.com/benoitc/gunicorn/pull/3445))
- **gevent**: Require gevent >= 24.10.1 to address CVE-2023-41419 (HTTP request
smuggling) and CVE-2024-3219 (socket.socketpair vulnerability)
([PR #3445](https://github.com/benoitc/gunicorn/pull/3445))
- **tornado**: Require tornado >= 6.5.0 to address CVE-2025-47287 (HTTP request
smuggling) and other security fixes
([PR #3445](https://github.com/benoitc/gunicorn/pull/3445))
### Changes
- Documentation now hosted at https://gunicorn.org
- Updated license configuration to PEP 639 format for uv compatibility
!!! warning "ASGI Worker Beta"
The ASGI worker is a beta feature. While tested, the API and behavior
may change in future releases. Please report any issues on GitHub.