- Update to 1.26.18 (bsc#1216377, CVE-2023-45803):
  * Made body stripped from HTTP requests changing the request method
    to GET after HTTP 303 "See Other" redirect responses.
- Update to 1.26.17 (bsc#1215968, CVE-2023-43804):
  * Added the Cookie header to the list of headers to strip from
  * requests when redirecting to a different host. As before,
  * different headers can be set via Retry.remove_headers_on_redirect.
- Update to 1.26.16:
  * Fixed thread-safety issue where accessing a ``PoolManager``
    with many distinct origins would cause connection pools to
    be closed while requests are in progress
- Update to 1.26.15:
  * Fix socket timeout value when ``HTTPConnection`` is reused
  * Remove "!" character from the unreserved characters in IPv6
    Zone ID parsing
  * Fix IDNA handling of '<80>' byte
- Update to 1.26.14:
  * Fixed parsing of port 0 (zero) returning None, instead of 0.
  * Removed deprecated getheaders() calls in contrib module.
- Update to 1.26.13
  * Deprecated the ``HTTPResponse.getheaders()`` and
    ``HTTPResponse.getheader()`` methods.
  * Fixed an issue where parsing a URL with leading zeroes in the
    port would be rejected
    even when the port number after removing the zeroes was valid.
  * Fixed a deprecation warning when using cryptography v39.0.0.
  * Removed the ``<4`` in the ``Requires-Python`` packaging
    metadata field.
- Update to 1.26.12:
  * Deprecated the `urllib3[secure]` extra and the

• Files Changed
• Browse Source