What’s new in Tornado 2.2.1¶
Apr 23, 2012¶
tornado.web.RequestHandler.set_headernow properly sanitizes input values to protect against header injection, response splitting, etc. (it has always attempted to do this, but the check was incorrect). Note that redirects, the most likely source of such bugs, are protected by a separate check in
Colored logging configuration in
tornado.optionsis compatible with Python 3.2.3 (and 3.3).