From 411986d6191114dd1d1bbb9c72c948dbf0ef0425 Mon Sep 17 00:00:00 2001
From: benoitc <bchesneau@gmail.com>
Date: Sat, 10 Aug 2024 22:34:28 +0200
Subject: [PATCH] fix doc

---
 docs/site/index.html      |  2 +-
 docs/source/2024-news.rst | 61 +++++++++++++++++++++++++++++++++++++++
 docs/source/news.rst      |  5 ++--
 3 files changed, 65 insertions(+), 3 deletions(-)
 create mode 100644 docs/source/2024-news.rst

diff --git a/docs/site/index.html b/docs/site/index.html
index 7e099a586..f8f811ca8 100644
--- a/docs/site/index.html
+++ b/docs/site/index.html
@@ -16,7 +16,7 @@
     <div class="logo-div">
       <div class="latest">
         Latest version: <strong><a
-            href="https://docs.gunicorn.org/en/stable/">22.0.0</a></strong>
+            href="https://docs.gunicorn.org/en/stable/">23.0.0</a></strong>
       </div>
 
       <div class="logo"><img src="images/logo.jpg" ></div>
diff --git a/docs/source/2024-news.rst b/docs/source/2024-news.rst
new file mode 100644
index 000000000..376699b4d
--- /dev/null
+++ b/docs/source/2024-news.rst
@@ -0,0 +1,61 @@
+================
+Changelog - 2024
+================
+
+23.0.0 - 2024-08-10
+===================
+
+- minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`)
+- worker_class parameter accepts a class (:pr:`3079`)
+- fix deadlock if request terminated during chunked parsing (:pr:`2688`)
+- permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`)
+- permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`)
+- sdist generation now explicitly excludes sphinx build folder (:pr:`3257`)
+- decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`)
+- raise correct Exception when encounting invalid chunked requests (:pr:`3258`)
+- the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`)
+- include IPv6 loopback address ``[::1]`` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`)
+
+** NOTE **
+
+- The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
+- Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted
+- Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0
+
+** Breaking changes **
+
+- refuse requests where the uri field is empty (:pr:`3255`)
+- refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`)
+- remove temporary ``--tolerate-dangerous-framing`` switch from 22.0 (:pr:`3260`)
+- If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.
+
+22.0.0 - 2024-04-17
+===================
+
+- use `utime` to notify workers liveness 
+- migrate setup to pyproject.toml
+- fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
+- parsing additional requests is no longer attempted past unsupported request framing
+- on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
+- requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
+- Trailer fields are no longer inspected for headers indicating secure scheme
+- support Python 3.12
+
+** Breaking changes **
+
+- minimum version is Python 3.7
+- the limitations on valid characters in the HTTP method have been bounded to Internet Standards
+- requests specifying unsupported transfer coding (order) are refused by default (rare)
+- HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
+- HTTP methods containing the number sign (#) are no longer accepted by default (rare)
+- HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
+- HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
+- HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
+- HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
+- requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
+- empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
+
+
+** SECURITY **
+
+- fix CVE-2024-1135
diff --git a/docs/source/news.rst b/docs/source/news.rst
index 28fecabb7..2a61fafe3 100644
--- a/docs/source/news.rst
+++ b/docs/source/news.rst
@@ -2,7 +2,7 @@
 Changelog
 =========
 
-23.0.0 - unreleased
+23.0.0 - 2024-08-10
 ===================
 
 - minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`)
@@ -65,7 +65,8 @@ History
 
 .. toctree::
    :titlesonly:
-
+   
+   2024-news
    2023-news
    2021-news
    2020-news