Twisted

============================

Features
--------

- twisted.trial.successResultOf, twisted.trial.failureResultOf, and
twisted.trial.assertNoResult accept coroutines as well as Deferreds. (9006)


Bugfixes
--------

- Fixed circular import in twisted.trial.reporter, introduced in Twisted 16.0.0. (8267)
- The POP3 server implemented by twisted.mail.pop3 now accepts passwords that contain spaces. (9100)
- Incoming HTTP/2 connections will now not time out if they persist for longer than one minute. (9653)
- The serial extra now requires pywin32 on Windows enabling use of twisted.internet.serialport without specifying the windows_platform extra. (9700)


Misc
----

- 8506, 9677, 9684, 9687, 9688


Conch
-----

Bugfixes
~~~~~~~~

- twisted.conch.ssh.keys now correctly writes the "iqmp" parameter in serialized RSA private keys as q^-1 mod p rather than p^-1 mod q. (9681)


Misc
~~~~

- 9689


Web
---

Features
~~~~~~~~

- twisted.web.server.Request will now use twisted.web.server.Site.getContentFile, if it exists, to get a file into which to write request content. If getContentFile is not provided by the site, it will fall back to the previous behavior of using io.BytesIO for small requests and tempfile.TemporaryFile for large ones. (9655)


Bugfixes
~~~~~~~~

- twisted.web.client.FileBodyProducer will now stop producing when the Deferred returned by FileBodyProducer.startProducing is cancelled. (9547)
- The HTTP/2 server implementation now enforces TCP flow control on control frame messages and times out clients that send invalid data without reading responses. This closes CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. (9694)


Mail
----

No significant changes.


Words
-----

No significant changes.


Names
-----

No significant changes.

===========================

Features
--------

- The callable argument to twisted.internet.task.deferLater() is no longer required. (9577)
- Twisted's minimum Cryptography requirement is now 2.5. (9592)
- twisted.internet.utils.getProcessOutputAndValue now accepts `stdinBytes` to write to the child process's standard input. (9607)
- Add new twisted.logger.capturedLogs context manager for capturing observed log events in tests. (9617)
- twisted.internet.base.PluggableResolverMixin, which implements the pluggable resolver interfaces for easier re-use in other reactors, has been factored out of ReactorBase. (9632)
- The PyPI page for Twisted has been enhanced to include more information and useful links. (9648)


Bugfixes
--------

- twisted.internet.endpoints is now importable on Windows when pywin32 is not installed. (6032)
- twisted.conch.ssh now generates correct keys when using hmac-sha2-512 with SHA1 based KEX algorithms. (8258)
- twisted.internet.iocpreactor.abstract.FileHandle no longer duplicates/looses outgoing data when .write() is called in rapid succession with large payloads (9446)
- twisted.application.backoffPolicy will not fail on connection attempts > 1750 with default settings. (9476)
- Trial on Python 3 will now properly re-raise ImportErrors that occur during the import of a module, rather than saying the module doesn't exist. (9628)
- twisted.internet.process does not fail on import when the process has more than 1024 file descriptors opened. (9636)
- Add the stackLevel keyword argument to twisted.logger.STDLibLogObserver._findCaller to fix an incompatibility with Python 3.8. (9668)


Improved Documentation
----------------------

- Fix the incorrect docstring for twisted.python.components.Componentized.addComponent which stated that the function returned a list of interfaces, even though the function doesn't actually do so. (9637)


Deprecations and Removals
-------------------------

- twisted.test.proto_helpers has moved to twisted.internet.testing. twisted.test.proto_helpers has been deprecated. (6435)
- twisted.protocols.mice, deprecated since Twisted 16.0, has been removed. (9602)
- twisted.conch.insults.client and twisted.conch.insults.colors, deprecated since Twisted 10.1, have been removed. (9603)
- The __version__ attribute of Twisted submodules that were previously packaged separately, deprecated since Twisted 16.0, has been removed. (9604)
- Python 3.4 is no longer supported. (9613)
- twisted.python.compat.OrderedDict, an alias for collections.OrderedDict and deprecated since Twisted 15.5, has been removed. (9639)


Misc
----

- 9217, 9445, 9454, 9605, 9614, 9615, 9619, 9625, 9633, 9640, 9674


Conch
-----

Bugfixes
~~~~~~~~

- t.c.ssh.connection.SSHConnection now fails channels that are in the process of opening when the connection is lost. (2782)


Misc
~~~~

- 9610


Web
---

Features
~~~~~~~~

- twisted.web.tap, the module that is run by `twist web`, now accepts --display-tracebacks to render tracebacks on uncaught exceptions. (9656)


Bugfixes
~~~~~~~~

- twisted.web.http.Request.write after the channel is disconnected will no longer raise AttributeError. (9410)
- twisted.web.client.Agent.request() and twisted.web.client.ProxyAgent.request() now produce TypeError when the method argument is not bytes, rather than failing to generate the request. (9643)
- twisted.web.http.HTTPChannel no longer raises TypeError internally when receiving a line-folded HTTP header on Python 3. (9644)
- All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. (9647)
- twisted.web.server.Site's instance variable displayTracebacks is now set to False by default. (9656)


Improved Documentation
~~~~~~~~~~~~~~~~~~~~~~

- twisted.web.iweb.IRequest's "prepath" and "postpath" attributes, which have existed for a long time, are now documented. (5533)
- The documented type of t.w.iweb.IRequest's "method" and "uri" attributes on Python 3 has been corrected to match the implementation. (9091)
- t.w.iweb.IRequest's "args" attribute is now correctly documented to be bytes. (9458)
- The API documentation of twisted.web.iweb.IRequest and twisted.web.http.Request has been updated and extended to match the implementation. (9593)


Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~

- Passing a path argument to twisted.web.resource.Resource.putChild which is not of type bytes is now deprecated. In the future, passing a non-bytes argument to putChild will return an error. (9135)
- Passing --notracebacks/-n to twisted.web.tap, the module that is run by `twist web`, is now deprecated due to traceback rendering being disabled by default. (9656)


Misc
~~~~

- 9597


Mail
----

No significant changes.


Words
-----

Features
~~~~~~~~

- twisted.words.protocols.jabber.xmlstream.TLSInitiatingInitializer and twisted.words.protocols.jabber.client.XMPPClientFactory now take an optional configurationForTLS for customizing certificate options for StartTLS. (9561)


Bugfixes
~~~~~~~~

- twisted.words.protocols.jabber.xmlstream.TLSInitiatingInitializer now properly verifies the server's certificate against platform CAs and the stream's domain, mitigating CVE-2019-12855. (9561)


Names
-----

Bugfixes
~~~~~~~~

- twisted.names.client.Resolver will no longer infinite loop if it cannot bind a UDP port to use for resolving. (9620)

===========================

This is the final release that will support Python 3.4.

Features
--------

- twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context. (9463)
- DeferredLock and DeferredSemaphore can be used as asynchronous context
managers on Python 3.5+. (9546)
- t.i.b.BaseConnector has custom __repr__ (9548)
- twisted.internet.ssl.optionsForClientTLS now supports validating IP addresses from the certificate subjectAltName (9585)
- Twisted's minimum Cryptography requirement is now 2.5. (9592)


Bugfixes
--------

- twisted.web.proxy.ReverseProxyResource fixed documentation and example snippet (9192)
- twisted.python.failure.Failure.getTracebackObject now returns traceback objects whose frames can be passed into traceback.print_stack for better debugging of where the exception came from. (9305)
- twisted.internet.ssl.KeyPair.generate: No longer generate 1024-bit RSA keys by default. Anyone who generated a key with this method using the default value should move to replace it immediately. (9453)
- The message of twisted.internet.error.ConnectionAborted is no longer truncated. (9522)
- twisted.enterprise.adbapi.ConnectionPool.connect now logs only the dbapiName and not the connection arguments, which may contain credentials (9544)
- twisted.python.runtime.Platform.supportsINotify no longer considers the result of isDocker for its own result. (9579)


Improved Documentation
----------------------

- The documentation for the the twisted.internet.interfaces.IConsumer, IProducer, and IPullProducer interfaces is more detailed. (2546)
- The errback example in the docstring of twisted.logger.Logger.failure has been corrected. (9334)
- The sample code in the "Twisted Web In 60 Seconds" tutorial runs on Python 3. (9559)


Misc
----

- 8921, 9071, 9125, 9428, 9536, 9540, 9580


Conch
-----

Features
~~~~~~~~

- twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. (9515)


Bugfixes
~~~~~~~~

- Conch now uses pyca/cryptography for Diffie-Hellman key generation and agreement. (8831)


Misc
~~~~

- 9584


Web
---

Features
~~~~~~~~

- twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option. The policy caches a specified number of twisted.internet.interfaces.IOpenSSLClientConnectionCreator instances to to avoid the cost of instantiating a connection creator for multiple requests to the same host. (9138)


Bugfixes
~~~~~~~~

- twisted.web.http.Request.cookies, twisted.web.http.HTTPChannel.writeHeaders, and twisted.web.http_headers.Headers were all vulnerable to header injection attacks. They now replace linear whitespace ('\r', '\n', and '\r\n') with a single space. twisted.web.http.Reqeuest.cookies also replaces semicolons (';') with a single space. (9420)
- twisted.web.client.Request and twisted.web.client.HTTPClient were both vulnerable to header injection attacks. They now replace linear whitespace ('\r', '\n', and '\r\n') with a single space. (9421)


Mail
----

No significant changes.


Words
-----

No significant changes.


Names
-----

Features
~~~~~~~~

- twisted.names.dns now has IRecord implementations for the SSHFP and TSIG record types. (9373)

===========================

Features
--------

- twisted.internet._sslverify.ClientTLSOptions no longer raises IDNAError when given an IPv6 address as a hostname in a HTTPS URL. (9433)
- The repr() of a twisted.internet.base.DelayedCall now encodes the same information as its str(), exposing details of its scheduling and target callable. (9481)
- Python 3.7 is now supported. (9502)


Bugfixes
--------

- twisted.logger.LogBeginner's default critical observer now prints tracebacks for new and legacy log system events through the use of the new eventAsText API. This API also does not raise an error for non-ascii encoded data in Python2, it attempts as well as possible to format the traceback. (7927)
- Syntax error under Python 3.7 fixed for twisted.conch.manhole and
twisted.main.imap4. (9384)
- `trial -j` reports tracebacks on test failures under Python 3. (9436)
- Properly format multi-byte and non-ascii encoded data in a traceback. (9456)
- twisted.python.rebuild now functions on Python 3.7. (9492)
- HTTP/2 server connections will no longer time out active downloads that take too long. (9529)


Improved Documentation
----------------------

- Several minor formatting problems in the API documentation have been corrected. (9461)
- The documentation of twisted.internet.defer.Deferred.fromFuture() has been updated to reflect upstream changes. (9539)


Deprecations and Removals
-------------------------

- async keyword argument is deprecated in twisted.conch.manhole
(ManholeInterpreter.write and Manhole.add) and in
twisted.main.imap4.IMAP4Server.sendUntaggedResponse,
isAsync keyword argument is introduced instead. (9384)


Misc
----

- 9379, 9485, 9489, 9499, 9501, 9511, 9514, 9523, 9524, 9525, 9538


Conch
-----

Bugfixes
~~~~~~~~

- twisted.conch.keys.Key.public returns the same twisted.conch.keys.Key instance when it is already a public key instead of failing with an exception. (9441)
- RSA private keys are no longer corrupted during loading, allowing OpenSSL's fast-path to operate for RSA signing. (9518)


Improved Documentation
~~~~~~~~~~~~~~~~~~~~~~

- The documentation for IConchUser.gotGlobalRequest() is more accurate. (9413)


Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~

- twisted.conch.ssh.filetransfer.ClientDirectory's use as an iterator has been deprecated. (9527)


Web
---

Bugfixes
~~~~~~~~

- twisted.web.server.Request.getSession now returns a new session if the
previous session has expired. (9288)


Misc
~~~~

- 9479, 9480, 9482, 9491


Mail
----

No significant changes.


Words
-----

No significant changes.


Names
-----

No significant changes.

===========================

Features
--------

- Cancelling a Deferred returned by twisted.internet.defer.inlineCallbacks now cancels the Deferred it is waiting on. (4632)
- twisted.application.internet.ClientService now accepts a function to initialize or validate a connection before it is returned by the whenConnected method as the prepareConnection argument. (8375)
- Traceback generated for twisted.internet.defer.inlineCallbacks now includes the full stack of inlineCallbacks generators between catcher and raiser (before it only contained raiser's stack). (9176)
- Add optional cwd argument to twisted.runner.procmon.ProcMon.addProcess (9287)
- twisted.python.failure.Failure tracebacks generated by coroutines scheduled with twisted.internet.defer.ensureDeferred - i.e. any Deferred-awaiting coroutine - now contain fewer extraneous frames from the trampoline implementation, and correctly indicate the source of exceptions raised in other call stacks - i.e. the function that raised the exception. In other words: if you 'await' a function that raises an exception, you'll be able to see where the error came from. (9459)


Bugfixes
--------

- On UNIX-like platforms, Twisted attempts to recover from EMFILE when accepting connections on TCP and UNIX ports by shedding incoming clients. (5368)
- The documentation of IReactorTime.getDelayedCalls() has been corrected to indicate that the method returns a list, not a tuple. (9418)
- "python -m twisted web --help" now refers to "--listen" instead of the non-existing "--http" (9434)
- twisted.python.htmlizer.TokenPrinter now explicitly works on bytestrings. (9442)
- twisted.enterprise.adbapi.ConnectionPool.runWithConnection and runInteraction now use the reactor that is passed to ConnectionPool's constructor. (9467)


Improved Documentation
----------------------

- The Twisted Coding Standard now contains examples of how to mark up a feature as added in the next Twisted release. (9460)


Deprecations and Removals
-------------------------

- Deprecate direct introspection of ProcMon's processes: processes should not be directly accessed or pickled. (9287)
- twisted.internet.address.IPv4Address._bwHack and twisted.internet.address.UNIXAddress._bwHack, as well as the parameters to the constructors, deprecated since Twisted 11.0, have been removed. (9450)


Misc
----

- 7495, 9399, 9406, 9411, 9425, 9439, 9449, 9450, 9452


Conch
-----

Features
~~~~~~~~

- twisted.conch.ssh.transport.SSHTransportBase now includes Twisted's version in the software version string it sends to the server, allowing servers to apply compatibility workarounds for bugs in particular client versions. (9424)


Bugfixes
~~~~~~~~

- If the command run by twisted.conch.endpoints.SSHCommandClientEndpoint exits because of a delivered signal, the client protocol's connectionLost is now called with a ProcessTerminated exception instead of a ConnectionDone exception. (9412)
- twisted.conch.ssh.transport.SSHTransportBase now correctly handles MSG_DEBUG with a false alwaysDisplay field on Python 2 (broken since 8.0.0). (9422)
- twisted.conch.manhole.lastColorizedLine now does not throw a UnicodeDecodeError on non-ASCII input. (9442)


Web
---

Features
~~~~~~~~

- Added support for SameSite cookies in ``http.Request.addCookie``. (9387)


Bugfixes
~~~~~~~~

- twisted.web.server.GzipEncoderFactory would sometimes fail to gzip requests if the Accept-Encoding header contained whitespace between the comma-separated acceptable encodings. It now trims whitespace before checking if gzip is an acceptable encoding. (9086)
- twisted.web.static.File renders directory listings on Python 2, including those with text paths. (9438)
- twisted.python.http.Request now correcly parses multipart bodies on Python 3.7. (9448)
- twisted.web.http.combinedLogFormatter (used by t.w.http.Server and t.w.server.Site) no longer produces DeprecationWarning about Request.getClientIP. (9470)


Misc
~~~~

- 9432, 9466, 9479, 9480


Mail
----

No significant changes.


Words
-----

No significant changes.


Names
-----

Misc
~~~~

- 9398

===========================

Features
--------

- The --port/--https arguments to web plugin are now deprecated, in favor of
--listen. The --listen argument can be given multiple times to listen on
multiple ports. (6670)
- Twisted now requires zope.interface 4.4.2 or higher across all platforms and
Python versions. (8149)
- The osx_platform setuptools extra has been renamed to macos_platform, with
the former name being a compatibility alias. (8848)
- Zsh completions are now provided for the twist command. (9338)
- twisted.internet.endpoints.HostnameEndpoint now has a __repr__ method which
includes the host and port to which the endpoint connects. (9341)


Bugfixes
--------

- twistd now uses the UID's default GID to initialize groups when --uid is
given but --gid is not. This prevents an unhandled TypeError from being
raised when os.initgroups() is called. (4442)
- twisted.protocols.basic.LineReceiver checks received lines' lengths against
its MAX_LENGTH only after receiving a complete delimiter. A line ending in a
multi-byte delimiter like '\r\n' might be split by the network, with the
first part arriving before the rest; previously, LineReceiver erroneously
disconnected if the first part, e.g. 'zzzz....\r' exceeded MAX_LENGTH.
LineReceiver now checks received data against MAX_LENGTH plus the delimiter's
length, allowing short reads to complete a line. (6556)
- twisted.protocols.basic.LineOnlyReceiver disconnects the transport after
receiving a line that exceeds MAX_LENGTH, like LineReceiver. (6557)
- twisted.web.http.Request.getClientIP now returns the host part of the
client's address when connected over IPv6. (7704)
- twisted.application.service.IService is now documented as requiring the
'running', 'name' and 'parent' attributes (the documentation previously
implied they were required, but was unclear). (7922)
- twisted.web.wsgi.WSGIResource no longer raises an exception when a client
connects over IPv6. (8241)
- When using TLS enable automatic ECDH curve selection on OpenSSL 1.0.2+
instead of only supporting P-256 (9210)
- twisted.trial._dist.worker and twisted.trial._dist.workertrial consistently
pass bytes, not unicode to AMP. This fixes "trial -j" on Python 3. (9264)
- twisted.trial.runner now uses the 'importlib' module instead of the 'imp'
module on Python 3+. This eliminates DeprecationWarnings caused by importing
'imp' on Python 3. (9275)
- twisted.web.client.HTTP11ClientProtocol now closes the connection when the
server is sending a header line which is longer than he line limit of
twisted.protocols.basic.LineReceiver.MAX_LENGTH. (9295)
- twisted.python.failure now handles long stacktraces better; in particular it
will log tracebacks for stack overflow errors. (9301)
- The "--_shell-completion" argument to twistd now works on Python 3. (9303)
- twisted.python.failure.Failure now raises the wrapped exception in Python3,
and self (Failure) n Python2 when trap() is called without a matching
exception (9307)
- Writing large amounts of data no longer implies repeated, expensive copying
under Python 3. Python 3's write speeds are now as fast as Python 2's.
(9324)
- twisted.protocols.postfix now properly encodes errors which are unicode
strings to bytes. (9335)
- twisted.protocols.policies.ProtocolWrapper and
twisted.protocols.tls.TLSMemoryBIOProtocol no longer create circular
references that keep protocol instances in memory after connection is closed.
(9374)
- twisted.conch.ssh.transport.SSHTransportBase no longer strips trailing spaces
from the SSH version string of the connected peer. (9377)
- `trial -j` no longer crashes on Python 2 on test failure messages containing
non-ASCII bytes. (9378)
- RSA keys replaced with 2048bit ones in twisted.conch.test.keydata in order to
be compatible with OpenSSH 7.6. (9388)
- AsyncioSelectorReactor uses the global policy's event loop. asyncio libraries
that retrieve the running event loop with get_event_loop() will now receive
the one used by AsyncioSelectorReactor. (9390)


Improved Documentation
----------------------

- public attributes of `twisted.logger.Logger` are now documented as
attributes. (8157)
- List indentation formatting errors have been corrected throughout the
documentation. (9256)


Deprecations and Removals
-------------------------

- twisted.protocols.basic.LineOnlyReceiver.lineLengthExceeded no longer returns
twisted.internet.error.ConnectionLost. It instead directly disconnects the
transport and returns None. (6557)
- twisted.python.win32.getProgramsMenuPath and
twisted.python.win32.getProgramFilesPath were deprecated in Twisted 15.3.0
and have now been removed. (9312)
- Python 3.3 is no longer supported. (9352)


Misc
----

- 7033, 8887, 9204, 9289, 9291, 9292, 9293, 9302, 9336, 9355, 9356,
9364, 9375, 9381, 9382, 9389, 9391, 9393, 9394, 9396


Conch
-----

Bugfixes
~~~~~~~~

- twisted.plugins.cred_unix now properly converts a username and password from
bytes to str on Python 3. In addition, passwords which are encrypted with
SHA512 and SH256 are properly verified. This fixes running a conch server
with: "twistd -n conch -d /etc/ssh/ --auth=unix". (9130)
- In twisted.conch.scripts.conch, on Python 3 do not write bytes directly to
sys.stderr. On Python 3, this fixes remote SSH execution of a command which
fails. (9344)


Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~

- twisted.conch.ssh.filetransfer.FileTransferClient.wasAFile attribute has been
removed as it serves no purpose. (9362)
- Removed deprecated support for PyCrypto key objects in conch (9368)


Web
---

Features
~~~~~~~~

- The new twisted.iweb.IRequest.getClientAddress returns the IAddress provider
representing the client's address. Callers should check the type of the
returned value before using it. (7707)
- Eliminate use of twisted.python.log in twisted.web modules. (9280)


Bugfixes
~~~~~~~~

- Scripts ending with .rpy, .epy, and .cgi now execute properly in Twisted Web
on Python 3. (9271)
- twisted.web.http.Request and twisted.web.server.Request are once again
hashable on Python 2, fixing a regression introduced in Twisted 17.5.0.
(9314)


Improved Documentation
~~~~~~~~~~~~~~~~~~~~~~

- Correct reactor docstrings for twisted.web.client.Agent and
twisted.web.client._StandardEndpointFactory to communicate interface
requirements since 17.1. (9274)
- The examples for the "Twisted Web in 60 Seconds" tutorial have been fixed to
work on Python 3. (9285)


Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~

- twisted.iweb.IRequest.getClientIP is deprecated. Use
twisted.iweb.IRequest.getClientAddress instead (see 7707). (7705)
- twisted.web.iweb.IRequest.getClient and its implementations (deprecated in
2552) have been removed. (9395)


Mail
----

Bugfixes
~~~~~~~~

- twistd.mail.scripts.mailmail has been ported to Python 3. (8487)
- twisted.mail.bounce now works on Python 3. (9260)
- twisted.mail.pop3 and twisted.mail.pop3client now work on Python 3. (9269)
- SMTP authentication in twisted.mail.smtp now works better on Python 3, due to
improved improved bytes vs unicode handling. (9299)


Misc
~~~~

- 9310


Words
-----

No significant changes.


Names
-----

No significant changes.