CherryPy v18.8.0 Release Notes

    • :issue:1974: Dangerous characters received in a host header encoded using RFC 2047 are now elided by default. Currently, dangerous characters are defined as CR and LF. The original value is still available as cherrypy.request.headers['Host'].raw if needed.