|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2025-96c38634c7 (python-socketio)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: python-socketio-5.14.1-1.fc42


Date:
              Sat, 11 Oct 2025 00:58:42 +0000


Message-ID:
              <20251011005842.6A60E821E3@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-96c38634c7
2025-10-11 00:56:43.169085+00:00
--------------------------------------------------------------------------------

Name        : python-socketio
Product     : Fedora 42
Version     : 5.14.1
Release     : 1.fc42
URL         : https://github.com/miguelgrinberg/python-socketio
Summary     : Socket.IO server
Description :
Socket.IO is a transport protocol that enables real-time bidirectional
event-based communication between clients (typically, though not always, web
browsers) and a server. The official implementations of the client and server
components are written in JavaScript. This package provides Python
implementations of both, each with standard and asyncio variants.

--------------------------------------------------------------------------------
Update Information:

Release 5.14.1 - 2025-10-02
Restore support for rediss:// URLs, and add support for valkeys:// as well
Add support for Redis connections using unix sockets
Release 5.14.0 - 2025-09-30
Replace pickle with json in message queue communications
Add support for Valkey in the Redis client managers
Keep track of which namespaces failed to connect
Fixed transport property of the simple clients to be a string as documented
SimpleClient.call does not raise TimeoutError on timeout
Wait for client to end background tasks on disconnect
Better error logging for the Redis managers
Channel was not properly initialized in several pubsub client managers
Add message queue deployment recommendations for security
Add missing async on session examples for the async server
Add SPDX license identifier
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct  2 2025 Packit <hello@packit.dev> - 5.14.1-1
- Update to 5.14.1 upstream release
- Resolves: rhbz#2401144
* Tue Sep 30 2025 Packit <hello@packit.dev> - 5.14.0-1
- Update to 5.14.0 upstream release
- Resolves: rhbz#2400545
* Fri Sep 19 2025 Python Maint <python-maint@redhat.com> - 5.13.0-7
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint <python-maint@redhat.com> - 5.13.0-6
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 5.13.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jun 27 2025 Benjamin A. Beasley <code@musicinmybrain.net> - 5.13.0-4
- Re-enable uvicorn test dependency
* Thu Jun 12 2025 Benjamin A. Beasley <code@musicinmybrain.net> - 5.13.0-3
- Omit tests that need uvicorn on Python 3.14 for now
- Fixes RHBZ#2372142
* Thu May  8 2025 Benjamin A. Beasley <code@musicinmybrain.net> - 5.13.0-2
- F41+: Use the provisional pyproject declarative buildsystem
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2401144 - python-socketio-5.14.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2401144
  [ 2 ] Bug #2401937 - CVE-2025-61765 python-socketio: python-socketio code execution (RCE) via
pickle deserialization [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2401937
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-96c38634c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds