characters outside the Latin alphabet). 6.9.2 What’s new in Tornado 6.5.0 May 15, 2025 Security Improvements • Previously, malformed multipart-form-data requests could log multiple warnings and constitute on_message_callback is not deprecated. 6.9.3 What’s new in Tornado 6.4.2 Nov 21, 2024 Security Improvements • Parsing of the cookie header is now much more efficient. The older algorithm sometimes had 167Tornado Documentation, Release 6.5.1 6.9.4 What’s new in Tornado 6.4.1 Jun 6, 2024 Security Improvements • Parsing of the Transfer-Encoding header is now stricter. Unexpected transfer-encoding values

most characters outside the Latin alphabet).What’s new in Tornado 6.5.0 May 15, 2025 Security Improvements Previously, malformed multipart-form-data requests could log multiple warnings and constitute that on_message_callback is not deprecated.What’s new in Tornado 6.4.2 Nov 21, 2024 Security Improvements Parsing of the cookie header is now much more efficient. The older algorithm sometimes had quadratic event loop. This change fixes CVE-2024-7592.What’s new in Tornado 6.4.1 Jun 6, 2024 Security Improvements Parsing of the Transfer-Encoding header is now stricter. Unexpected transfer- encoding values

list (which was mutable and reused) 6.9.2 What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements • The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly when deployed behind certain proxies. 6.9.3 What’s new in Tornado 6.3.2 May 13, 2023 Security improvements • Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. 6 enabled by default in more places (primarily in client- side usage of SSLIOStream). • Various improvements to type hints throughout the package. • CI has moved from Travis and Appveyor to Github Actions

list (which was mutable and reused) 6.9.2 What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements • The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly when deployed behind certain proxies. 6.9.3 What’s new in Tornado 6.3.2 May 13, 2023 Security improvements • Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. 6 enabled by default in more places (primarily in client- side usage of SSLIOStream). • Various improvements to type hints throughout the package. • CI has moved from Travis and Appveyor to Github Actions

list (which was mutable and reused) 6.9.2 What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements • The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly when deployed behind certain proxies. 6.9.3 What’s new in Tornado 6.3.2 May 13, 2023 Security improvements • Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. 6 enabled by default in more places (primarily in client- side usage of SSLIOStream). • Various improvements to type hints throughout the package. • CI has moved from Travis and Appveyor to Github Actions

in a Chrome tab. 6.9 Release notes 6.9.1 What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements • The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly when deployed behind certain proxies. 6.9.2 What’s new in Tornado 6.3.2 May 13, 2023 Security improvements • Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. 6 enabled by default in more places (primarily in client- side usage of SSLIOStream). • Various improvements to type hints throughout the package. • CI has moved from Travis and Appveyor to Github Actions

empty list (which was mutable and reused) What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according vulnerabilities when deployed behind certain proxies. What’s new in Tornado 6.3.2 May 13, 2023 Security improvements Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. What’s now enabled by default in more places (primarily in client-side usage of SSLIOStream). Various improvements to type hints throughout the package. CI has moved from Travis and Appveyor to Github Actions

empty list (which was mutable and reused) What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according vulnerabilities when deployed behind certain proxies. What’s new in Tornado 6.3.2 May 13, 2023 Security improvements Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. What’s now enabled by default in more places (primarily in client-side usage of SSLIOStream). Various improvements to type hints throughout the package. CI has moved from Travis and Appveyor to Github Actions

empty list (which was mutable and reused) What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according vulnerabilities when deployed behind certain proxies. What’s new in Tornado 6.3.2 May 13, 2023 Security improvements Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. What’s now enabled by default in more places (primarily in client-side usage of SSLIOStream). Various improvements to type hints throughout the package. CI has moved from Travis and Appveyor to Github Actions

What’s new in Tornado 1.0 July 22, 2010 What’s new in Tornado 6.3.3 Aug 11, 2023 Security improvements The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according vulnerabilities when deployed behind certain proxies. What’s new in Tornado 6.3.2 May 13, 2023 Security improvements Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. What’s now enabled by default in more places (primarily in client-side usage of SSLIOStream). Various improvements to type hints throughout the package. CI has moved from Travis and Appveyor to Github Actions