8000 Prep for releasing 9.1 with security fix. · python-websockets/websockets@dfecbd0 · GitHub
[go: up one dir, main page]
Skip to content

Commit dfecbd0

Browse files
aaugustinaaugustin
committed
Prep for releasing 9.1 with security fix.
1 parent 5e69983 commit dfecbd0

File tree

1 file changed

+13
- 10000 2
lines changed

1 file changed

+13
-2
lines changed

docs/project/changelog.rst

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,11 +45,22 @@ They may change at any time.
4545

4646
* Optimized default compression settings to reduce memory usage.
4747

48-
* Protected against timing attacks on HTTP Basic Auth.
49-
5048
* Made it easier to customize authentication with
5149
:meth:`~auth.BasicAuthWebSocketServerProtocol.check_credentials`.
5250

51+
9.1
52+
...
53+
54+
*May 27, 2021*
55+
56+
.. note::
57+
58+
**Version 9.1 fixes a security issue introduced in version 8.0.**
59+
60+
Version 8.0 was vulnerable to timing attacks on HTTP Basic Auth passwords.
61+
62+
.. _CVE-2018-1000518: https://nvd.nist.gov/vuln/detail/CVE-2018-1000518
63+
5364
9.0.2
5465
.....
5566

0 commit comments

Comments
 (0)
0