From Newsgroup: comp.lang.python.announce
We're happy to announce a coordinated 26.6 release of the complete WAMP-for-Python stack: the Crossbar.io router, the Autobahn|Python
library, and the supporting packages, all released and cross-tested
together.
What is this
============
WAMP (the Web Application Messaging Protocol) is an open protocol that
provides two messaging patterns over a single connection: routed Remote Procedure Calls (RPC) and Publish/Subscribe (PubSub). It lets you build distributed applications and microservices where components -- in the
browser, on a server, or on a device -- call each other's procedures and
share events in real time.
The packages in this release:
* Crossbar.io -- the WAMP router (the broker/dealer that all
clients connect to)
* Autobahn|Python -- WAMP and WebSocket client/server library; runs
unmodified on both Twisted and asyncio
* txaio -- the Twisted/asyncio compatibility helper
* zLMDB -- object-relational in-memory persistence on LMDB
* cfxdb -- Crossbar.io database schema package (on zLMDB)
* xbr -- XBR data-market extensions for WAMP
All packages run on CPython 3.11-3.14 and PyPy 3.11.
Highlights
==========
* Coordinated, cross-tested release. The whole stack was released
together at 26.6, with the router (Crossbar.io) acting as the
integration oracle: the libraries are exercised together against the
WAMP test suite, on both CPython and PyPy, before any package is
tagged.
* Router reliability fix. Fixed a bug in the router's dealer where,after
a particular call-cancel / disconnect sequence, a callee registration
could be left behind as a "zombie" that silently dropped routed calls
(reported from a production deployment). Added a regression test.
* Serializer coverage on CPython and PyPy. JSON, MsgPack, CBOR and
FlatBuffers are now covered by round-trip tests on both interpreters,
with graceful handling when an optional serializer (UBJSON) isn't
available on a given platform.
* Broader binary wheels and portable native code. Added the missing
aarch64 wheels (CPython 3.12 / 3.14) and macOS wheels for a symmetric
platform matrix (#1848), and fixed a PyPy/Windows wheel gap (#1859).
The optional NVX native-vectorized WebSocket acceleration now builds
against a portable CPU baseline (x86-64-v2 / armv8-a) instead of
possibly emitting "-march=native", which could cause SIGILL on a
different CPU than the build host; native tuning is now opt-in.
musllinux / Alpine (musl libc) wheels are not yet published but are on
the roadmap (#1877).
* Software supply chain (SLSA). The release pipeline was reworked for a
verifiable chain of custody: each artifact is built once, its checksum
is verified, and the exact verified bytes are what gets published --
there is no rebuild between testing and publishing -- using OIDC
trusted publishing with attestations. A shell-injection attack surface
in the CI/CD pipeline itself was also closed (GHSA-6658-6vq6-hjpr).
To be precise: this concerned the build pipeline that *produces* our
artifacts, not a runtime vulnerability in the shipped packages.
On the roadmap
==============
Work in progress, with design details in the Autobahn|Python issue
tracker:
* Software supply chain: SLSA Level 2/3 provenance and PEP 740
attestations (#1842)
* Post-quantum cryptography for WAMP: ML-KEM / ML-DSA (#1847)
* FIPS: run on FIPS-enabled Linux kernels (RHEL 9 / Rocky 9) and a
crypto-policy option (#1844, #1846)
Where to get it
===============
Crossbar.io 26.6.1
PyPI:
https://pypi.org/project/crossbar/26.6.1/
Git:
https://github.com/crossbario/crossbar/tree/v26.6.1
Autobahn|Python 26.6.2
PyPI:
https://pypi.org/project/autobahn/26.6.2/
Git:
https://github.com/crossbario/autobahn-python/tree/v26.6.2
txaio 26.6.1
PyPI:
https://pypi.org/project/txaio/26.6.1/
Git:
https://github.com/crossbario/txaio/tree/v26.6.1
zLMDB 26.6.1
PyPI:
https://pypi.org/project/zlmdb/26.6.1/
Git:
https://github.com/crossbario/zlmdb/tree/v26.6.1
cfxdb 26.6.1
PyPI:
https://pypi.org/project/cfxdb/26.6.1/
Git:
https://github.com/crossbario/cfxdb/tree/v26.6.1
xbr 26.6.1
PyPI:
https://pypi.org/project/xbr/26.6.1/
Git:
https://github.com/wamp-proto/wamp-xbr/tree/v26.6.1
Documentation and community
===========================
* Protocol:
https://wamp-proto.org/
* Crossbar.io:
https://crossbario.readthedocs.io/
* Autobahn:
https://autobahn.readthedocs.io/
* txaio:
https://txaio.readthedocs.io/
* zLMDB:
https://zlmdb.readthedocs.io/
* cfxdb:
https://cfxdb.readthedocs.io/
* xbr:
https://xbr.readthedocs.io/
* Issues / discussions: see each project's GitHub repository
Licensing: Crossbar.io is EUPL-1.2; the libraries (Autobahn|Python,
txaio, zLMDB, cfxdb) are MIT-licensed.
-- The Crossbar.io / Autobahn team
--- Synchronet 3.22a-Linux NewsLink 1.2