Overview
Request 1195702 accepted
- Add CVE-2024-37891.patch (bsc#1226469, bsc#1229654)
- Update to 2.0.7 (bsc#1216377, CVE-2023-45803):
* Made body stripped from HTTP requests changing the request method
to GET after HTTP 303 "See Other" redirect responses.
- Update Buildrequires to upstream list.
- Update to 2.0.6 (bsc#1215968, CVE-2023-43804):
* Added the Cookie header to the list of headers to strip from
requests when redirecting to a different host. As before, different
headers can be set via Retry.remove_headers_on_redirect
- Update to 2.0.5:
* Allowed pyOpenSSL third-party module without any deprecation
warning. #3126
* Fixed default blocksize of HTTPConnection classes to match
high-level classes. Previously was 8KiB, now 16KiB. #3066
- Update to 2.0.4:
* Added support for union operators to ``HTTPHeaderDict``
* Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078
* Fixed ``urllib3.connection.HTTPConnection`` to raise the
``http.client.connect`` audit event to have the same behavior
as the standard library HTTP client
* Relied on the standard library for checking hostnames in
supported PyPy releases
- Disable test_deprecated_no_scheme so it needs network connection to
run correctly.
- Update to 2.0.3:
* Allowed alternative SSL libraries such as LibreSSL, while
still issuing a warning as we cannot help users facing issues
with implementations other than OpenSSL.
* Deprecated URLs which don't have an explicit scheme
* Fixed response decoding with Zstandard when compressed data
- Created by vizhestkov
- In state accepted
Request History
vizhestkov created request
- Add CVE-2024-37891.patch (bsc#1226469, bsc#1229654)
- Update to 2.0.7 (bsc#1216377, CVE-2023-45803):
* Made body stripped from HTTP requests changing the request method
to GET after HTTP 303 "See Other" redirect responses.
- Update Buildrequires to upstream list.
- Update to 2.0.6 (bsc#1215968, CVE-2023-43804):
* Added the Cookie header to the list of headers to strip from
requests when redirecting to a different host. As before, different
headers can be set via Retry.remove_headers_on_redirect
- Update to 2.0.5:
* Allowed pyOpenSSL third-party module without any deprecation
warning. #3126
* Fixed default blocksize of HTTPConnection classes to match
high-level classes. Previously was 8KiB, now 16KiB. #3066
- Update to 2.0.4:
* Added support for union operators to ``HTTPHeaderDict``
* Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078
* Fixed ``urllib3.connection.HTTPConnection`` to raise the
``http.client.connect`` audit event to have the same behavior
as the standard library HTTP client
* Relied on the standard library for checking hostnames in
supported PyPy releases
- Disable test_deprecated_no_scheme so it needs network connection to
run correctly.
- Update to 2.0.3:
* Allowed alternative SSL libraries such as LibreSSL, while
still issuing a warning as we cannot help users facing issues
with implementations other than OpenSSL.
* Deprecated URLs which don't have an explicit scheme
* Fixed response decoding with Zstandard when compressed data
ygutierrez accepted request