{"id":1782,"library":"waitress","title":"Waitress WSGI Server","description":"Waitress is a production-quality pure-Python WSGI server with a focus on simplicity and reliability. It's actively maintained by the Pylons Project, receiving frequent updates to support new Python versions and address security concerns. The current version is 3.0.2.","status":"active","version":"3.0.2","language":"en","source_language":"en","source_url":"https://github.com/Pylons/waitress","tags":["wsgi","server","http","production"],"install":[{"cmd":"pip install waitress","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"The primary function to start the WSGI server.","symbol":"serve","correct":"from waitress import serve"}],"quickstart":{"code":"from waitress import serve\n\ndef simple_app(environ, start_response):\n    \"\"\"A barebones WSGI application.\"\"\"\n    status = '200 OK'\n    headers = [('Content-type', 'text/plain; charset=utf-8')]\n    start_response(status, headers)\n    return [b\"Hello from Waitress!\"]\n\nif __name__ == '__main__':\n    print(\"Serving on http://127.0.0.1:8080\")\n    serve(simple_app, host='127.0.0.1', port=8080)","lang":"python","description":"This example demonstrates how to serve a minimal WSGI application using Waitress. It defines a simple WSGI callable `simple_app` and then uses `waitress.serve()` to run it on `127.0.0.1:8080`."},"warnings":[{"fix":"Upgrade your Python environment to 3.9 or newer. Python 3.13 is supported from v3.0.1.","message":"Waitress dropped support for Python 3.8 starting with version 3.0.1. Running on Python 3.8 or older will result in errors.","severity":"breaking","affected_versions":"3.0.1+"},{"fix":"Review your application's reliance on `X-Forwarded-For`, `X-Forwarded-Proto`, etc. when `trusted_proxy_headers` is enabled. Ensure your proxy configuration and application logic are compatible with Waitress's new, stricter header processing.","message":"Waitress v3.0.2 changed how `trusted_proxy_headers` are handled for security. Untrusted values from proxy headers are now dropped, and Waitress *updates* the headers passed to the WSGI app with validated values. Applications might receive different, more secure header values than before, potentially breaking logic that relied on previously available, untrusted headers.","severity":"breaking","affected_versions":"3.0.2+"},{"fix":"Ensure client requests adhere to HTTP/1.0 or HTTP/1.1 specifications for methods and versions. Clients sending non-standard or malformed requests may need updates.","message":"Starting with version 3.0.0, Waitress performs stricter validation of HTTP request methods and versions according to RFCs. Malformed requests that previously might have passed through could now be rejected with a 400 Bad Request.","severity":"breaking","affected_versions":"3.0.0+"},{"fix":"When calling `waitress.serve()`, pass `host='0.0.0.0'` (to bind to all available public interfaces) or the specific public IP address you want to bind to, e.g., `serve(app, host='0.0.0.0', port=8080)`.","message":"Waitress binds to `127.0.0.1` (localhost) by default. If you need to serve the application on a network interface accessible from other machines (e.g., in a Docker container or a public server), you must explicitly set the `host` parameter.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}