Open LLM text
Share with AI
Ask Claude Ask ChatGPT Ask Gemini Ask Copilot
2 min read 346 words

0.6.0

Subinterpreter workers, RFC 9842 compression dictionaries, sendfile, framework compat tests, and 60+ fixes

Highlights

  • Subinterpreter workers — New--worker-mode subinterpreter option using Python 3.14's concurrent.interpreters(PEP 734). Thread-like performance with process-like isolation, all in one process.
  • RFC 9842 Compression Dictionary Transport — Shared zstd dictionaries fordcz content-encoding, Available-Dictionary / Use-As-Dictionary header negotiation, and built-in dictionary serving at /.well-known/compression-dictionary/.
  • Zero-copy sendfileos.sendfile()for static file serving on non-TLS connections, plus RFC 7233 multipart range requests.
  • TOML config — Load settings frompounce.toml or [tool.pounce] in pyproject.toml.
  • Framework compatibility tests — 48 integration tests proving compatibility with FastAPI, Starlette, Django, and Litestar through real Pounce workers.
  • Security hardening — Fixed 12 security issues including CRLF injection, unenforced limits, weak TLS ciphers, and world-writable UDS sockets.

Added

  • Subinterpreter worker mode (--worker-mode subinterpreter) via PEP 734
  • RFC 9842 Compression Dictionary Transport withdczcontent-encoding
  • Zero-copyos.sendfile()for static file serving on non-TLS connections
  • RFC 7233 multipart range requests
  • TOML config file support (pounce.toml / [tool.pounce])
  • 48 framework compatibility integration tests (FastAPI, Starlette, Django, Litestar)
  • Towncrier changelog management with CI-enforced fragments
  • bengal-zoomies 0.3.1: QUIC client tests, QPACK compression, 0-RTT policy control

Changed

  • Bump milo-cli to 0.2.2 and kida-templates to 0.6.0 (get_env()cache fix: 122 us to 125 ns)
  • Split_apply_integrations()god method into 7 focused private methods

Fixed

  • 60+ bug fixes across protocols, config, CLI, middleware, and worker lifecycle
  • Fixed Python 2 exception syntax errors across 27 files that would crash on import
  • Worker shutdown hang when keep-alive/WebSocket/SSE connections were open
  • CLI config precedence: explicit args now always override TOML values
  • Exponential backoff for worker restart to prevent tight crash-restart loops
  • CORS/security middleware now skip headers already set by the app
  • Hardened subinterpreter workers: socket FD leak, lifespan state drops, error messages

Security

  • Fixed CRLF injection in proxy headers and request IDs
  • Enforcedmax_headers and websocket_max_message_sizelimits
  • Strengthened TLS cipher suite defaults
  • Fixed world-writable UDS socket permissions
  • Completed security middleware header coverage

Install

uv add "bengal-pounce==0.6.0"