Explore top 10 tips to secure your open-source projects now. Read More
×Tornado is an open source version of the scalable, non-blocking web
server and tools.
The framework is distinct from most mainstream web server frameworks
(and certainly most Python frameworks) because it is non-blocking and
reasonably fast. Because it is non-blocking and uses epoll, it can
handle thousands of simultaneous standing connections, which means it is
ideal for real-time web services.
Update Information:
Update to 6.5.7 - CVE-2026-35536 (rhbz#2457335), CVE-2026-31958 (rhbz#2451660)
* Mon Jun 22 2026 Peter Robinson
[ 1 ] Bug #2451660 - CVE-2026-31958 python-tornado: Tornado: Denial of Service via large multipart bodies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451660
[ 2 ] Bug #2457335 - CVE-2026-35536 python-tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457335
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0f40de2581' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.