• ba53748 MINOR: [Release] Update versions for 14.0.1
• 529f376 MINOR: [Release] Update .deb/.rpm changelogs for 14.0.1
• b84bbca MINOR: [Release] Update CHANGELOG.md for 14.0.1
• f141709 GH-38607: [Python] Disable PyExtensionType autoload (#38608)
• 5a37e74 GH-38431: [Python][CI] Update fs.type_name checks for s3fs tests (#38455)
• 2dcee3f MINOR: [Release] Update versions for 14.0.0
• 297428c MINOR: [Release] Update .deb/.rpm changelogs for 14.0.0
• 3e9734f MINOR: [Release] Update CHANGELOG.md for 14.0.0
• 9f90995 GH-38332: [CI][Release] Resolve symlinks in RAT lint (#38337)
• bd61239 GH-35531: [Python] C Data Interface PyCapsule Protocol (#37797)
• Additional commits viewable in compare view

• ba53748 MINOR: [Release] Update versions for 14.0.1
• 529f376 MINOR: [Release] Update .deb/.rpm changelogs for 14.0.1
• b84bbca MINOR: [Release] Update CHANGELOG.md for 14.0.1
• f141709 GH-38607: [Python] Disable PyExtensionType autoload (#38608)
• 5a37e74 GH-38431: [Python][CI] Update fs.type_name checks for s3fs tests (#38455)
• 2dcee3f MINOR: [Release] Update versions for 14.0.0
• 297428c MINOR: [Release] Update .deb/.rpm changelogs for 14.0.0
• 3e9734f MINOR: [Release] Update CHANGELOG.md for 14.0.0
• 9f90995 GH-38332: [CI][Release] Resolve symlinks in RAT lint (#38337)
• bd61239 GH-35531: [Python] C Data Interface PyCapsule Protocol (#37797)
• Additional commits viewable in compare view

Sourced from grpcio's releases.

Release v1.53.2

This is release gRPC Core 1.53.2 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Core

• [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion by @​drfloob in grpc/grpc#33672

Release v1.53.1

This is release gRPC Core 1.53.1 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

• Fixed CVE-2023-32731
• Fixed CVE-2023-32732

Release v1.53.0

This is release 1.53.0 (glockenspiel) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• xDS: fix crash when removing the last endpoint from the last locality in weighted_target. (#32592)
• filter stack: pass peer name up via recv_initial_metadata batch. (#31933)
• [EventEngine] Add advice against blocking work in callbacks. (#32397)
• [http2] Dont drop connections on metadata limit exceeded. (#32309)
• xDS: reject aggregate cluster with empty cluster list. (#32238)
• Fix Python epoll1 Fork Support. (#32196)
• server: introduce ServerMetricRecorder API and move per-call reporting from a C++ interceptor to a C-core filter. (#32106)
• [EventEngine] Add invalid handle types to the public API. (#32202)
• [EventEngine] Refactoring the EventEngine Test Suite: Part 1. (#32127)
• xDS: fix WeightedClusters total weight handling. (#32134)

C++

• Update minimum MSVC version to 2019. (#32615)
• Use CMake variables for paths in pkg-config files. (#31671)

... (truncated)

Sourced from grpcio's changelog.

gRPC Release Schedule

Below is the release schedule for gRPC Java, Go and Core and its dependent languages C++, C#, Objective-C, PHP, Python and Ruby.

Releases are scheduled every six weeks on Tuesdays on a best effort basis. In some unavoidable situations a release may be delayed or released early or a language may skip a release altogether and do the next release to catch up with other languages. See the past releases in the links above. A six-week cycle gives us a good balance between delivering new features/fixes quickly and keeping the release overhead low.

The gRPC release support policy can be found here.

Releases are cut from release branches. For Core and Java repos, the release branch is cut two weeks before the scheduled release date. For Go, the branch is cut just before the release. An RC (release candidate) is published for Core and its dependent languages just after the branch cut. This RC is later promoted to release version if no further changes are made to the release branch. We do our best to keep head of master branch stable at all times regardless of release schedule. Daily build packages from master branch for C#, PHP, Python, Ruby and Protoc plugins are published on packages.grpc.io. If you depend on gRPC in production we recommend to set up your CI system to test the RCs and, if possible, the daily builds.

Names of gRPC releases are here.

Release	Scheduled Branch Cut	Scheduled Release Date
v1.17.0	Nov 19, 2018	Dec 4, 2018
v1.18.0	Jan 2, 2019	Jan 15, 2019
v1.19.0	Feb 12, 2019	Feb 26, 2019
v1.20.0	Mar 26, 2019	Apr 9, 2019
v1.21.0	May 7, 2019	May 21, 2019
v1.22.0	Jun 18, 2019	Jul 2, 2019
v1.23.0	Jul 30, 2019	Aug 13, 2019
v1.24.0	Sept 10, 2019	Sept 24, 2019
v1.25.0	Oct 22, 2019	Nov 5, 2019
v1.26.0	Dec 3, 2019	Dec 17, 2019
v1.27.0	Jan 14, 2020	Jan 28, 2020
v1.28.0	Feb 25, 2020	Mar 10, 2020
v1.29.0	Apr 7, 2020	Apr 21, 2020
v1.30.0	May 19, 2020	Jun 2, 2020
v1.31.0	Jul 14, 2020	Jul 28, 2020
v1.32.0	Aug 25, 2020	Sep 8, 2020
v1.33.0	Oct 6, 2020	Oct 20, 2020
v1.34.0	Nov 17, 2020	Dec 1, 2020
v1.35.0	Dec 29, 2020	Jan 12, 2021
v1.36.0	Feb 9, 2021	Feb 23, 2021
v1.37.0	Mar 23, 2021	Apr 6, 2021
v1.38.0	May 4, 2021	May 18, 2021
v1.39.0	Jun 15, 2021	Jun 29, 2021
v1.40.0	Jul 27, 2021	Aug 10, 2021
v1.41.0	Sep 7, 2021	Sep 21, 2021

• afb307f [v1.53.x][Interop] Backport Python image update (#33864)
• 7a9373b [Backport] [dependency] Restrict cython to less than 3.X (#33770)
• fdb64a6 [v1.53][Build] Update Phusion baseimage (#33767) (#33836)
• cdf4186 [PSM Interop] Legacy tests: fix xDS test client build (v1.53.x backport) (#33...
• ce5b93a [PSM Interop] Legacy test builds always pull the driver from master (v1.53.x ...
• b24b6ea [release] Bump release version to 1.53.2 (#33709)
• 1e86ca5 [backport][iomgr][EventEngine] Improve server handling of file descriptor exh...
• aff3066 [PSM interop] Don't fail url_map target if sub-target already failed (v1.53.x...
• 539d75c [PSM interop] Don't fail target if sub-target already failed (#33222) (v1.53....
• 3e79c88 [Release] Bump version to 1.53.1 (on v1.53.x branch) (#33047)
• Additional commits viewable in compare view

• ba53748 MINOR: [Release] Update versions for 14.0.1
• 529f376 MINOR: [Release] Update .deb/.rpm changelogs for 14.0.1
• b84bbca MINOR: [Release] Update CHANGELOG.md for 14.0.1
• f141709 GH-38607: [Python] Disable PyExtensionType autoload (#38608)
• 5a37e74 GH-38431: [Python][CI] Update fs.type_name checks for s3fs tests (#38455)
• 2dcee3f MINOR: [Release] Update versions for 14.0.0
• 297428c MINOR: [Release] Update .deb/.rpm changelogs for 14.0.0
• 3e9734f MINOR: [Release] Update CHANGELOG.md for 14.0.0
• 9f90995 GH-38332: [CI][Release] Resolve symlinks in RAT lint (#38337)
• bd61239 GH-35531: [Python] C Data Interface PyCapsule Protocol (#37797)
• Additional commits viewable in compare view

Sourced from grpcio's releases.

Release v1.53.2

This is release gRPC Core 1.53.2 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Core

• [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion by @​drfloob in grpc/grpc#33672

Release v1.53.1

This is release gRPC Core 1.53.1 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

• Fixed CVE-2023-32731
• Fixed CVE-2023-32732

Release v1.53.0

This is release 1.53.0 (glockenspiel) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• xDS: fix crash when removing the last endpoint from the last locality in weighted_target. (#32592)
• filter stack: pass peer name up via recv_initial_metadata batch. (#31933)
• [EventEngine] Add advice against blocking work in callbacks. (#32397)
• [http2] Dont drop connections on metadata limit exceeded. (#32309)
• xDS: reject aggregate cluster with empty cluster list. (#32238)
• Fix Python epoll1 Fork Support. (#32196)
• server: introduce ServerMetricRecorder API and move per-call reporting from a C++ interceptor to a C-core filter. (#32106)
• [EventEngine] Add invalid handle types to the public API. (#32202)
• [EventEngine] Refactoring the EventEngine Test Suite: Part 1. (#32127)
• xDS: fix WeightedClusters total weight handling. (#32134)

C++

• Update minimum MSVC version to 2019. (#32615)
• Use CMake variables for paths in pkg-config files. (#31671)

... (truncated)

Sourced from grpcio's changelog.

gRPC Release Schedule

Below is the release schedule for gRPC Java, Go and Core and its dependent languages C++, C#, Objective-C, PHP, Python and Ruby.

Releases are scheduled every six weeks on Tuesdays on a best effort basis. In some unavoidable situations a release may be delayed or released early or a language may skip a release altogether and do the next release to catch up with other languages. See the past releases in the links above. A six-week cycle gives us a good balance between delivering new features/fixes quickly and keeping the release overhead low.

The gRPC release support policy can be found here.

Releases are cut from release branches. For Core and Java repos, the release branch is cut two weeks before the scheduled release date. For Go, the branch is cut just before the release. An RC (release candidate) is published for Core and its dependent languages just after the branch cut. This RC is later promoted to release version if no further changes are made to the release branch. We do our best to keep head of master branch stable at all times regardless of release schedule. Daily build packages from master branch for C#, PHP, Python, Ruby and Protoc plugins are published on packages.grpc.io. If you depend on gRPC in production we recommend to set up your CI system to test the RCs and, if possible, the daily builds.

Names of gRPC releases are here.

Release	Scheduled Branch Cut	Scheduled Release Date
v1.17.0	Nov 19, 2018	Dec 4, 2018
v1.18.0	Jan 2, 2019	Jan 15, 2019
v1.19.0	Feb 12, 2019	Feb 26, 2019
v1.20.0	Mar 26, 2019	Apr 9, 2019
v1.21.0	May 7, 2019	May 21, 2019
v1.22.0	Jun 18, 2019	Jul 2, 2019
v1.23.0	Jul 30, 2019	Aug 13, 2019
v1.24.0	Sept 10, 2019	Sept 24, 2019
v1.25.0	Oct 22, 2019	Nov 5, 2019
v1.26.0	Dec 3, 2019	Dec 17, 2019
v1.27.0	Jan 14, 2020	Jan 28, 2020
v1.28.0	Feb 25, 2020	Mar 10, 2020
v1.29.0	Apr 7, 2020	Apr 21, 2020
v1.30.0	May 19, 2020	Jun 2, 2020
v1.31.0	Jul 14, 2020	Jul 28, 2020
v1.32.0	Aug 25, 2020	Sep 8, 2020
v1.33.0	Oct 6, 2020	Oct 20, 2020
v1.34.0	Nov 17, 2020	Dec 1, 2020
v1.35.0	Dec 29, 2020	Jan 12, 2021
v1.36.0	Feb 9, 2021	Feb 23, 2021
v1.37.0	Mar 23, 2021	Apr 6, 2021
v1.38.0	May 4, 2021	May 18, 2021
v1.39.0	Jun 15, 2021	Jun 29, 2021
v1.40.0	Jul 27, 2021	Aug 10, 2021
v1.41.0	Sep 7, 2021	Sep 21, 2021

• afb307f [v1.53.x][Interop] Backport Python image update (#33864)
• 7a9373b [Backport] [dependency] Restrict cython to less than 3.X (#33770)
• fdb64a6 [v1.53][Build] Update Phusion baseimage (#33767) (#33836)
• cdf4186 [PSM Interop] Legacy tests: fix xDS test client build (v1.53.x backport) (#33...
• ce5b93a [PSM Interop] Legacy test builds always pull the driver from master (v1.53.x ...
• b24b6ea [release] Bump release version to 1.53.2 (#33709)
• 1e86ca5 [backport][iomgr][EventEngine] Improve server handling of file descriptor exh...
• aff3066 [PSM interop] Don't fail url_map target if sub-target already failed (v1.53.x...
• 539d75c [PSM interop] Don't fail target if sub-target already failed (#33222) (v1.53....
• 3e79c88 [Release] Bump version to 1.53.1 (on v1.53.x branch) (#33047)
• Additional commits viewable in compare view

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12

** Breaking changes **

minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

** SECURITY **

fix CVE-2024-1135

1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
2. Packages: https://pypi.org/project/gunicorn/

Gunicorn 21.2.0 has been released

Gunicorn 21.2.0 has been released. This version fix the issue introduced in the threaded worker.

Changes:

21.2.0 - 2023-07-19
===================
fix thread worker: revert change considering connection as idle .
</tr></table> 

... (truncated)

• f63d59e bump to 22.0
• 4ac81e0 Merge pull request #3175 from e-kwsm/typo
• 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
• 0243ec3 fix(deps): exclude eventlet 0.36.0
• 628a0bc chore: fix typos
• 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
• deae2fc CI: back off the agressive timeout
• f470382 docs: promise 3.12 compat
• 5e30bfa add changelog to project.urls (updated for PEP621)
• 481c3f9 remove setup.cfg - overridden by pyproject.toml
• Additional commits viewable in compare view

• ba53748 MINOR: [Release] Update versions for 14.0.1
• 529f376 MINOR: [Release] Update .deb/.rpm changelogs for 14.0.1
• b84bbca MINOR: [Release] Update CHANGELOG.md for 14.0.1
• f141709 GH-38607: [Python] Disable PyExtensionType autoload (#38608)
• 5a37e74 GH-38431: [Python][CI] Update fs.type_name checks for s3fs tests (#38455)
• 2dcee3f MINOR: [Release] Update versions for 14.0.0
• 297428c MINOR: [Release] Update .deb/.rpm changelogs for 14.0.0
• 3e9734f MINOR: [Release] Update CHANGELOG.md for 14.0.0
• 9f90995 GH-38332: [CI][Release] Resolve symlinks in RAT lint (#38337)
• bd61239 GH-35531: [Python] C Data Interface PyCapsule Protocol (#37797)
• Additional commits viewable in compare view

Sourced from grpcio's releases.

Release v1.53.2

This is release gRPC Core 1.53.2 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Core

• [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion by @​drfloob in grpc/grpc#33672

Release v1.53.1

This is release gRPC Core 1.53.1 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

• Fixed CVE-2023-32731
• Fixed CVE-2023-32732

Release v1.53.0

This is release 1.53.0 (glockenspiel) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• xDS: fix crash when removing the last endpoint from the last locality in weighted_target. (#32592)
• filter stack: pass peer name up via recv_initial_metadata batch. (#31933)
• [EventEngine] Add advice against blocking work in callbacks. (#32397)
• [http2] Dont drop connections on metadata limit exceeded. (#32309)
• xDS: reject aggregate cluster with empty cluster list. (#32238)
• Fix Python epoll1 Fork Support. (#32196)
• server: introduce ServerMetricRecorder API and move per-call reporting from a C++ interceptor to a C-core filter. (#32106)
• [EventEngine] Add invalid handle types to the public API. (#32202)
• [EventEngine] Refactoring the EventEngine Test Suite: Part 1. (#32127)
• xDS: fix WeightedClusters total weight handling. (#32134)

C++

• Update minimum MSVC version to 2019. (#32615)
• Use CMake variables for paths in pkg-config files. (#31671)

... (truncated)

Sourced from grpcio's changelog.

gRPC Release Schedule

Below is the release schedule for gRPC Java, Go and Core and its dependent languages C++, C#, Objective-C, PHP, Python and Ruby.

Releases are scheduled every six weeks on Tuesdays on a best effort basis. In some unavoidable situations a release may be delayed or released early or a language may skip a release altogether and do the next release to catch up with other languages. See the past releases in the links above. A six-week cycle gives us a good balance between delivering new features/fixes quickly and keeping the release overhead low.

The gRPC release support policy can be found here.

Releases are cut from release branches. For Core and Java repos, the release branch is cut two weeks before the scheduled release date. For Go, the branch is cut just before the release. An RC (release candidate) is published for Core and its dependent languages just after the branch cut. This RC is later promoted to release version if no further changes are made to the release branch. We do our best to keep head of master branch stable at all times regardless of release schedule. Daily build packages from master branch for C#, PHP, Python, Ruby and Protoc plugins are published on packages.grpc.io. If you depend on gRPC in production we recommend to set up your CI system to test the RCs and, if possible, the daily builds.

Names of gRPC releases are here.

Release	Scheduled Branch Cut	Scheduled Release Date
v1.17.0	Nov 19, 2018	Dec 4, 2018
v1.18.0	Jan 2, 2019	Jan 15, 2019
v1.19.0	Feb 12, 2019	Feb 26, 2019
v1.20.0	Mar 26, 2019	Apr 9, 2019
v1.21.0	May 7, 2019	May 21, 2019
v1.22.0	Jun 18, 2019	Jul 2, 2019
v1.23.0	Jul 30, 2019	Aug 13, 2019
v1.24.0	Sept 10, 2019	Sept 24, 2019
v1.25.0	Oct 22, 2019	Nov 5, 2019
v1.26.0	Dec 3, 2019	Dec 17, 2019
v1.27.0	Jan 14, 2020	Jan 28, 2020
v1.28.0	Feb 25, 2020	Mar 10, 2020
v1.29.0	Apr 7, 2020	Apr 21, 2020
v1.30.0	May 19, 2020	Jun 2, 2020
v1.31.0	Jul 14, 2020	Jul 28, 2020
v1.32.0	Aug 25, 2020	Sep 8, 2020
v1.33.0	Oct 6, 2020	Oct 20, 2020
v1.34.0	Nov 17, 2020	Dec 1, 2020
v1.35.0	Dec 29, 2020	Jan 12, 2021
v1.36.0	Feb 9, 2021	Feb 23, 2021
v1.37.0	Mar 23, 2021	Apr 6, 2021
v1.38.0	May 4, 2021	May 18, 2021
v1.39.0	Jun 15, 2021	Jun 29, 2021
v1.40.0	Jul 27, 2021	Aug 10, 2021
v1.41.0	Sep 7, 2021	Sep 21, 2021

• afb307f [v1.53.x][Interop] Backport Python image update (#33864)
• 7a9373b [Backport] [dependency] Restrict cython to less than 3.X (#33770)
• fdb64a6 [v1.53][Build] Update Phusion baseimage (#33767) (#33836)
• cdf4186 [PSM Interop] Legacy tests: fix xDS test client build (v1.53.x backport) (#33...
• ce5b93a [PSM Interop] Legacy test builds always pull the driver from master (v1.53.x ...
• b24b6ea [release] Bump release version to 1.53.2 (#33709)
• 1e86ca5 [backport][iomgr][EventEngine] Improve server handling of file descriptor exh...
• aff3066 [PSM interop] Don't fail url_map target if sub-target already failed (v1.53.x...
• 539d75c [PSM interop] Don't fail target if sub-target already failed (#33222) (v1.53....
• 3e79c88 [Release] Bump version to 1.53.1 (on v1.53.x branch) (#33047)
• Additional commits viewable in compare view

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12

** Breaking changes **

minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

** SECURITY **

fix CVE-2024-1135

1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
2. Packages: https://pypi.org/project/gunicorn/

Gunicorn 21.2.0 has been released

Gunicorn 21.2.0 has been released. This version fix the issue introduced in the threaded worker.

Changes:

21.2.0 - 2023-07-19
===================
fix thread worker: revert change considering connection as idle .
</tr></table> 

... (truncated)

• f63d59e bump to 22.0
• 4ac81e0 Merge pull request #3175 from e-kwsm/typo
• 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
• 0243ec3 fix(deps): exclude eventlet 0.36.0
• 628a0bc chore: fix typos
• 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
• deae2fc CI: back off the agressive timeout
• f470382 docs: promise 3.12 compat
• 5e30bfa add changelog to project.urls (updated for PEP621)
• 481c3f9 remove setup.cfg - overridden by pyproject.toml
• Additional commits viewable in compare view

Sourced from apache-airflow's releases.

Apache Airflow 2.9.0

Significant Changes

Following Listener API methods are considered stable and can be used for production system (were experimental feature in older Airflow versions) (#36376):

Lifecycle events:

• on_starting
• before_stopping

DagRun State Change Events:

• on_dag_run_running
• on_dag_run_success
• on_dag_run_failed

TaskInstance State Change Events:

• on_task_instance_running
• on_task_instance_success
• on_task_instance_failed

Support for Microsoft SQL-Server for Airflow Meta Database has been removed (#36514)

After discussion <https://lists.apache.org/thread/r06j306hldg03g2my1pd4nyjxg78b3h4>__ and a voting process <https://lists.apache.org/thread/pgcgmhf6560k8jbsmz8nlyoxosvltph2>__, the Airflow's PMC and Committers have reached a resolution to no longer maintain MsSQL as a supported Database Backend.

As of Airflow 2.9.0 support of MsSQL has been removed for Airflow Database Backend.

A migration script which can help migrating the database before upgrading to Airflow 2.9.0 is available in airflow-mssql-migration repo on Github <https://github.com/apache/airflow-mssql-migration>_. Note that the migration script is provided without support and warranty.

This does not affect the existing provider packages (operators and hooks), DAGs can still access and process data from MsSQL.

Dataset URIs are now validated on input (#37005)

Datasets must use a URI that conform to rules laid down in AIP-60, and the value will be automatically normalized when the DAG file is parsed. See documentation on Datasets <https://airflow.apache.org/docs/apache-airflow/stable/authoring-and-scheduling/datasets.html>_ for a more detailed description on the rules.

You may need to change your Dataset identifiers if they look like a URI, but are used in a less mainstream way, such as relying on the URI's auth section, or have a case-sensitive protocol name.

The method get_permitted_menu_items in BaseAuthManager has been renamed filter_permitted_menu_items (#37627)

Add REST API actions to Audit Log events (#37734)

... (truncated)

Sourced from apache-airflow's changelog.

Airflow 2.9.0 (2024-04-08)

Significant Changes ^^^^^^^^^^^^^^^^^^^

Following Listener API methods are considered stable and can be used for production system (were experimental feature in older Airflow versions) (#36376): """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Lifecycle events:

• on_starting
• before_stopping

DagRun State Change Events:

• on_dag_run_running
• on_dag_run_success
• on_dag_run_failed

TaskInstance State Change Events:

• on_task_instance_running
• on_task_instance_success
• on_task_instance_failed

Support for Microsoft SQL-Server for Airflow Meta Database has been removed (#36514) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

After discussion <https://lists.apache.org/thread/r06j306hldg03g2my1pd4nyjxg78b3h4>__ and a voting process <https://lists.apache.org/thread/pgcgmhf6560k8jbsmz8nlyoxosvltph2>__, the Airflow's PMC and Committers have reached a resolution to no longer maintain MsSQL as a supported Database Backend.

As of Airflow 2.9.0 support of MsSQL has been removed for Airflow Database Backend.

A migration script which can help migrating the database before upgrading to Airflow 2.9.0 is available in airflow-mssql-migration repo on Github <https://github.com/apache/airflow-mssql-migration>_. Note that the migration script is provided without support and warranty.

This does not affect the existing provider packages (operators and hooks), DAGs can still access and process data from MsSQL.

Dataset URIs are now validated on input (#37005) """"""""""""""""""""""""""""""""""""""""""""""""

Datasets must use a URI that conform to rules laid down in AIP-60, and the value will be automatically normalized when the DAG file is parsed. See documentation on Datasets <https://airflow.apache.org/docs/apache-airflow/stable/authoring-and-scheduling/datasets.html>_ for a more detailed description on the rules.

You may need to change your Dataset identifiers if they look like a URI, but are used in a less mainstream way, such as relying on the URI's auth section, or

... (truncated)

• 50f22ff fixup! fixup! Update RELEASE_NOTES.rst
• 3a9391c Update hatchling to latest version (1.22.5) (#38780)
• 35684a8 Rename pre-commit scripts, drop pre_commit_ prefix (#38667)
• b38575a fixup! Update RELEASE_NOTES.rst
• a3eb5f7 Load providers configuration when gunicorn workers start (#38795)
• 920921e Update RELEASE_NOTES.rst
• cbe61bc Fix decryption of trigger kwargs when downgrading. (#38743)
• 1fdfaf3 Edited timetable docs (#38505)
• 0518eba Fix grid header rendering (#38720)
• 0961e42 Reorder OpenAPI Spec tags alphabetically (#38717)
• Additional commits viewable in compare view

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15

• Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24

• Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
• Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22

</tr></table> 

... (truncated)

• fe18470 Bump for 42.0.4 release (