mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-01 18:21:30 +08:00
Upgrade minimum eventlet version to 0.40.3 to address security vulnerabilities: - CVE-2021-21419 (Moderate 6.9): Websocket memory exhaustion via large/compressed frames (fixed in 0.31.0) - CVE-2025-58068 (Moderate 6.3): HTTP Request Smuggling via improper trailer handling (fixed in 0.40.3) Also restructure module to call monkey_patch() at import time for better patching coverage, while keeping hubs.use_hub() in the worker's patch() method since it creates OS resources that don't survive fork. Add comprehensive tests for the eventlet worker.