django.git/tests/asgi, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-04-07T11:12:27Z Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body size in ASGI requests. 2026-04-07T11:12:27Z Natalia 124304+nessita@users.noreply.github.com 2026-03-11T13:26:18Z urn:sha1:953c238058c0ce387a1a41cb491bfc1875d73ad0 The `body` property in `HttpRequest` checks DATA_UPLOAD_MAX_MEMORY_SIZE against the declared `Content-Length` header before reading. On the ASGI path, chunked requests carry no `Content-Length`, so the check evaluated to 0 and always passed regardless of the actual body size. This work adds a new check on the actual number of bytes consumed. Thanks to Superior for the report, and to Jake Howard and Jacob Walls for reviews. Fixed CVE-2026-3902 -- Ignored headers with underscores in ASGIRequest. 2026-04-07T11:12:09Z Jacob Walls jacobtylerwalls@gmail.com 2026-01-22T22:01:46Z urn:sha1:caf90a971f09323775ed0cacf94eadaf39d040e0 Thanks Tarek Nakkouch for the report and Jake Howard and Natalia Bidart for reviews. Fixed CVE-2025-14550 -- Optimized repeated header parsing in ASGI requests. 2026-02-03T12:53:12Z Jake Howard git@theorangeone.net 2026-01-14T15:25:45Z urn:sha1:eb22e1d6d643360e952609ef562c139a100ea4eb Thanks Jiyong Yang for the report, and Natalia Bidart, Jacob Walls, and Shai Berger for reviews. Refs #33735 -- Coped with stacklevel change in ASGITest.test_file_response(). 2026-01-23T18:16:30Z Jacob Walls jacobtylerwalls@gmail.com 2026-01-23T17:08:15Z urn:sha1:68d110f1fe593b7a368486c41cd062563a74fe0a Follow-up to c042fe3a74fb213c93b1052f7de4d99a6e6948e0. The original ignore was added in 0bd2c0c9015b53c41394a1c0989afbfd94dc2830 but was not adjusted when the stacklevel changed. Fixed #36399 -- Added support for multiple Cookie headers in HTTP/2 for ASGIRequest. 2025-08-21T14:48:54Z SaJH wogur981208@gmail.com 2025-08-20T13:54:46Z urn:sha1:f2a6c0477fd95518ffb4fcea8e655a9062874bd2 Signed-off-by: SaJH <wogur981208@gmail.com> Refs #36467 -- Added test for Set-Cookie header values in ASGIHandler. 2025-06-18T09:25:14Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-06-18T06:55:15Z urn:sha1:1cd91d5d4bfb65ea7b5c7177310f849d05037609 Fixed #36281 -- Used async-safe write in ASGIHandler.read_body(). 2025-05-04T12:53:08Z 신우진 zebra0345@naver.com 2025-04-08T07:20:37Z urn:sha1:1fb3f57e81239a75eb8f873b392e11534c041fdc Thanks Carlton Gibson for reviews. Fixed warnings per flake8 7.2.0. 2025-03-30T15:54:15Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-03-30T15:54:15Z urn:sha1:281910ff8e9ae98fa78ee5d26ae3f0b713ccf418 https://github.com/PyCQA/flake8/releases/tag/7.2.0 Refs #33735 -- Captured stderr during ASGITest.test_file_response. 2024-11-27T10:00:05Z Jacob Walls jacobtylerwalls@gmail.com 2024-11-23T21:43:38Z urn:sha1:a5bc0cfd35c50d3446215c0674e60786d9e498d1 Refs #35059 -- Used asyncio.Event in ASGITest.test_asyncio_cancel_error to enforce specific interleaving. 2024-05-28T17:36:34Z Carlton Gibson carlton.gibson@noumenal.es 2024-05-28T17:36:34Z urn:sha1:f4a08b6ddfcacadfe9ff8364bf1c6c54f5dd370f Sleep call leads to a hard to trace error in CI. Using an Event is more deterministic, and should be less prone to environment variations. Bug in 11393ab1316f973c5fbb534305750740d909b4e4.