Fedora alert FEDORA-2025-3673a159a9 (python-socketio)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: python-socketio-5.14.2-1.fc43 | |
| Date: | Sat, 25 Oct 2025 21:20:32 +0000 | |
| Message-ID: | <20251025212032.990B2987B2@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3673a159a9 2025-10-25 20:54:13.409102+00:00 -------------------------------------------------------------------------------- Name : python-socketio Product : Fedora 43 Version : 5.14.2 Release : 1.fc43 URL : https://github.com/miguelgrinberg/python-socketio Summary : Socket.IO server Description : Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients (typically, though not always, web browsers) and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python implementations of both, each with standard and asyncio variants. -------------------------------------------------------------------------------- Update Information: Release 5.14.2 - 2025-10-15 Restore binary message support in message queue setups Fix formatting of client connection error Release 5.14.1 - 2025-10-02 Restore support for rediss:// URLs, and add support for valkeys:// as well Add support for Redis connections using unix sockets Release 5.14.0 - 2025-09-30 Replace pickle with json in message queue communications Add support for Valkey in the Redis client managers Keep track of which namespaces failed to connect Fixed transport property of the simple clients to be a string as documented SimpleClient.call does not raise TimeoutError on timeout Wait for client to end background tasks on disconnect Better error logging for the Redis managers Channel was not properly initialized in several pubsub client managers Add message queue deployment recommendations for security Add missing async on session examples for the async server Add SPDX license identifier -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2025 Packit <hello@packit.dev> - 5.14.2-1 - Update to 5.14.2 upstream release - Resolves: rhbz#2404261 * Thu Oct 2 2025 Packit <hello@packit.dev> - 5.14.1-1 - Update to 5.14.1 upstream release - Resolves: rhbz#2401144 * Tue Sep 30 2025 Packit <hello@packit.dev> - 5.14.0-1 - Update to 5.14.0 upstream release - Resolves: rhbz#2400545 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2401144 - python-socketio-5.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2401144 [ 2 ] Bug #2401937 - CVE-2025-61765 python-socketio: python-socketio code execution (RCE) via pickle deserialization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2401937 [ 3 ] Bug #2404261 - python-socketio-5.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2404261 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3673a159a9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue