Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
duality-group
duality-group / tornado python
Repository URL to install this package:
|
Version:
6.1 ▾
|
What's new in Tornado 3.2.2
===========================
June 3, 2014
------------
Security fixes
~~~~~~~~~~~~~~
* The XSRF token is now encoded with a random mask on each request.
This makes it safe to include in compressed pages without being
vulnerable to the `BREACH attack <http://breachattack.com>`_.
This applies to most applications that use both the ``xsrf_cookies``
and ``gzip`` options (or have gzip applied by a proxy).
Backwards-compatibility notes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* If Tornado 3.2.2 is run at the same time as older versions on the same
domain, there is some potential for issues with the differing cookie
versions. The `.Application` setting ``xsrf_cookie_version=1`` can
be used for a transitional period to generate the older cookie format
on newer servers.
Other changes
~~~~~~~~~~~~~
* ``tornado.platform.asyncio`` is now compatible with ``trollius`` version 0.3.