The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356
This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!
Loved talking Glen about #webrtc and Sans IO in #rustlang – full on geek talk!
https://podcasts.apple.com/es/podcast/netstack-fm/id1833932472?l=en-GB
In other formats here:
Just released multipart 1.0 on #pypi
https://pypi.org/project/multipart/
https://github.com/defnull/multipart/
For this release I completely re-wrote the multipart/form-data parser, this time as an incremental #SansIO (non-blocking) parser suitable for #asyncio or other time or memory constrained environments. It's also really fast now (~3GB/s). Nice enough to justify a 1.0 release.
The entire package is distributed as a pure #Python single-file module with no dependencies, as usual ;)
I rewrote my #foss implementation of a #python #multipart form data parser as a #sansio (push based #nonblocking ) parser, and it is now not only suitable for #async applications, but also 2x to10x faster than the old (blocking) implementation. Was a ton of work, but totally worth it. Release will follow later this week.
defnull
Martin Algesten
