[Twisted-Python] [SECURITY] Twisted 19.2.1 Release Announcement

Amber Brown hawkowl at atleastfornow.net
Thu Jun 6 08:46:36 MDT 2019

On behalf of Twisted Matrix Laboratories, I am honoured to announce the 
release of Twisted 19.2.1!

This is a security release, and contains the following changes:

- All HTTP clients in twisted.web.client now raise a ValueError when 
called with a method and/or URL that contain invalid characters. This 
mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this 

It is recommended you update to this release as soon as is practical.

Additional mitigation may be required if Twisted is not your only HTTP 
client library:

- This bug is present in all current versions of urllib2 in CPython. 
More information can be found on the Python bug tracker: 
- This bug was present in urllib3 up until version 1.24.3. More 
information can be found on the urllib3 bug tracker: 

You can find the downloads at <https://pypi.python.org/pypi/Twisted> (or 
alternatively <http://twistedmatrix.com/trac/wiki/Downloads>). The NEWS 
file is also available at 

Twisted Regards,
Amber Brown (HawkOwl)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20190607/dd3d7700/attachment.html>

More information about the Twisted-Python mailing list