Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔖 Release 2.8.905 #138

Merged
merged 1 commit into from
Aug 4, 2024
Merged

🔖 Release 2.8.905 #138

merged 1 commit into from
Aug 4, 2024

Conversation

Ousret
Copy link
Member

@Ousret Ousret commented Aug 4, 2024

  • Fixed wrong upgrade attempt to QUIC when using a SOCKS proxy. Any usage of a proxy disable HTTP/3 over QUIC as per documented. until proper support is implemented in a next minor version.
  • Backported upstream urllib3 util/ssl: make code resilient to missing hash functions urllib3/urllib3#3434: util/ssl: make code resilient to missing hash functions. In certain environments such as in a FIPS enabled system, certain algorithms such as md5 may be unavailable. Due to the importing of such a module on a system where it is unavailable, urllib3(-future) will crash and is unusable. util/ssl: make code resilient to missing hash functions urllib3/urllib3#3434
  • Backported upstream urllib3 GHSA-34jh-p97f-mpxf: Strip Proxy-Authorization header on redirects. Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
  • Fixed state-machine desync on a rare scenario when uploading a body using HTTP/3 over QUIC.

@Ousret
🔖 Release 2.8.905
c4d108f 
- Fixed wrong upgrade attempt to QUIC when using a SOCKS proxy. Any usage of a proxy disable HTTP/3 over QUIC as per documented.
  until proper support is implemented in a next minor version.
- Backported upstream urllib3 urllib3#3434: util/ssl: make code resilient to missing hash functions.
  In certain environments such as in a FIPS enabled system, certain algorithms such as md5 may be unavailable. Due
  to the importing of such a module on a system where it is unavailable, urllib3(-future) will crash and is unusable.
  urllib3#3434
- Backported upstream urllib3 GHSA-34jh-p97f-mpxf: Strip Proxy-Authorization header on redirects.
  Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host.
  As before, different headers can be set via ``Retry.remove_headers_on_redirect``.
- Fixed state-machine desync on a rare scenario when uploading a body using HTTP/3 over QUIC.
@Ousret Ousret merged commit 8a03252 into main Aug 4, 2024
32 of 45 checks passed
@Ousret Ousret deleted the release-2.8.905 branch August 4, 2024 05:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Ousret