mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-01 18:21:30 +08:00
The early_hints callback constructs 103 Early Hints responses without any header validation, while process_headers validates against TOKEN_RE and HEADER_VALUE_RE for normal responses. This inconsistency means a WSGI app passing unsanitized data to wsgi.early_hints could enable HTTP response splitting via CRLF injection. Apply the same TOKEN_RE/HEADER_VALUE_RE checks from process_headers to the early_hints callback for defense-in-depth consistency. Closes #3585
Gunicorn
Gunicorn is maintained by volunteers. If it powers your production, please consider supporting us:
Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It's a pre-fork worker model ported from Ruby's Unicorn project. The Gunicorn server is broadly compatible with various web frameworks, simply implemented, light on server resource usage, and fairly speedy.
New in v25: Per-app worker allocation for dirty arbiters, HTTP/2 support (beta)!
Quick Start
pip install gunicorn
gunicorn myapp:app --workers 4
For ASGI applications (FastAPI, Starlette):
gunicorn myapp:app --worker-class asgi
Features
- WSGI support for Django, Flask, Pyramid, and any WSGI framework
- ASGI support for FastAPI, Starlette, Quart
- HTTP/2 support (beta) with multiplexed streams
- Dirty Arbiters (beta) for heavy workloads (ML models, long-running tasks)
- uWSGI binary protocol for nginx integration
- Multiple worker types: sync, gthread, gevent, eventlet, asgi
- Graceful worker process management
- Compatible with Python 3.9+
Documentation
Full documentation at https://gunicorn.org
Community
- Report bugs on GitHub Issues
- Chat in #gunicorn on Libera.chat
- See CONTRIBUTING.md for contribution guidelines
Support
Powering Python apps since 2010. Support continued development.
Sponsors
License
Gunicorn is released under the MIT License. See the LICENSE file for details.
Languages
Python
99.9%