Register | Log in

gunicorn

Event-based HTTP/WSGI server

Choose email to subscribe with

general

source: gunicorn (main)
version: 25.1.0-1
maintainer: Debian Python Team (DMD)
uploaders: Chris Lamb [DMD] – Michael Fladischer [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20.1.0-1
o-o-sec: 20.1.0-1+deb11u1
oldstable: 20.1.0-6+deb12u1
stable: 23.0.0-1
testing: 23.0.0-1
unstable: 25.1.0-1

versioned links

20.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20.1.0-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20.1.0-6+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
23.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
25.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gunicorn (1 bugs: 0, 1, 0, 0)
gunicorn-examples
python-gunicorn-doc
python3-gunicorn

action needed

lintian reports 80 warnings normal

Lintian reports 80 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-02-16 Last update: 2026-02-16 10:49

debian/patches: 4 patches to forward upstream low

Among the 4 debian patches available in version 25.1.0-1 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-02-16 10:55

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2024-6827: (needs triaging) Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-03-21 Last update: 2026-02-16 10:52

testing migrations

excuses:
- Migration status for gunicorn (23.0.0-1 to 25.1.0-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for a2d: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for debusine/0.14.4: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Ignored failure ♻ (reference ♻), riscv64: Test triggered (failure will be ignored), s390x: Test triggered
- ∙ ∙ Autopkgtest for gunicorn: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for mailman3: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for octavia: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for openstack-trove: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for pgsql-http: amd64: Test triggered, arm64: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for python-aiohttp: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for python-pecan: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Too young, only 4 of 10 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/g/gunicorn.html
- ∙ ∙ Reproducible on amd64
- ∙ ∙ Reproducible on arm64
- ∙ ∙ Reproducible on armhf
- ∙ ∙ Reproducible on i386
- ∙ ∙ Reproducible on ppc64el
- Not considered

news

[2026-02-15] Accepted gunicorn 25.1.0-1 (source) into unstable (Michael Fladischer)
[2026-02-11] Accepted gunicorn 25.0.3-2 (source all) into unstable (Debian FTP Masters) (signed by: Michael Fladischer)
[2026-02-08] Accepted gunicorn 25.0.3-1 (source) into unstable (Michael Fladischer)
[2024-12-29] Accepted gunicorn 20.1.0-6+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2024-12-20] Accepted gunicorn 20.1.0-1+deb11u1 (source) into oldstable-security (Adrian Bunk)
[2024-08-17] gunicorn 23.0.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-14] Accepted gunicorn 23.0.0-1 (source) into unstable (Colin Watson)
[2024-06-30] Accepted gunicorn 19.9.0-1+deb10u1 (source) into oldoldstable (Markus Koschany)
[2024-05-30] gunicorn 22.0.0-1 MIGRATED to testing (Debian testing watch)
[2024-05-27] Accepted gunicorn 22.0.0-1 (source) into unstable (Colin Watson)
[2022-11-03] gunicorn 20.1.0-6 MIGRATED to testing (Debian testing watch)
[2022-10-31] Accepted gunicorn 20.1.0-6 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2022-10-31] gunicorn 20.1.0-5 MIGRATED to testing (Debian testing watch)
[2022-10-28] Accepted gunicorn 20.1.0-5 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2022-10-21] gunicorn 20.1.0-4 MIGRATED to testing (Debian testing watch)
[2022-10-19] gunicorn 20.1.0-3 MIGRATED to testing (Debian testing watch)
[2022-10-18] Accepted gunicorn 20.1.0-4 (source) into unstable (Antonio Terceiro)
[2022-10-17] Accepted gunicorn 20.1.0-3 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2021-11-05] gunicorn 20.1.0-2 MIGRATED to testing (Debian testing watch)
[2021-11-02] Accepted gunicorn 20.1.0-2 (source) into unstable (Chris Lamb)
[2021-02-27] Accepted gunicorn 20.1.0-1~bpo10+1 (source all) into buster-backports (Chris Lamb)
[2021-02-27] gunicorn 20.1.0-1 MIGRATED to testing (Debian testing watch)
[2021-02-17] Accepted gunicorn 20.1.0-1 (source) into unstable (Chris Lamb)
[2020-03-27] Accepted gunicorn 20.0.4-4~bpo10+1 (source all) into buster-backports (Chris Lamb)
[2020-03-27] gunicorn 20.0.4-4 MIGRATED to testing (Debian testing watch)
[2020-03-24] Accepted gunicorn 20.0.4-4 (source) into unstable (Chris Lamb)
[2020-03-16] Accepted gunicorn 20.0.4-3~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Chris Lamb)
[2020-03-01] gunicorn 20.0.4-3 MIGRATED to testing (Debian testing watch)
[2020-02-27] Accepted gunicorn 20.0.4-3 (source) into unstable (Chris Lamb)
[2020-02-10] gunicorn 20.0.4-2 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 80)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 25.0.3-2
2 bugs (1 patch)

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing