python-waitress received a security fix in Version 1.0.0
(2016-08-31). The changelog states:
- Waitress will now drop HTTP headers that contain an underscore in the key
when received from a client. This is to stop any possible underscore/dash
conflation that may lead to security issues. See
See https://pypi.python.org/pypi/waitress/1.0.2 and
Should this change be backported to python-waitess
version 0.8.9-5.el7 in EPEL?
FEDORA-EPEL-2020-fa8a2e97c6 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6