This update for python3-requests provides the following fix:
python-requests was updated to 2.20.1.
Update to version 2.20.1:
- Fixed bug with unintended Authorization header stripping for
redirects using default ports (http/80, https/443).
Update to version 2.20.0:
-
Bugfixes
- Content-Type header parsing is now case-insensitive
(e.g. charset=utf8 v Charset=utf8).
- Fixed exception leak where certain redirect urls would raise
uncaught urllib3 exceptions.
- Requests removes Authorization header from requests redirected
from https to http on the same hostname. (CVE-2018-18074)
- should_bypass_proxies now handles URIs without hostnames
(e.g. files).
Update to version 2.19.1:
- Fixed issue where status_codes.py’s init function failed trying
to append to a doc value of None.
Update to version 2.19.0:
-
Improvements
- Warn about possible slowdown with cryptography version < 1.3.4
- Check host in proxy URL, before forwarding request to adapter.
- Maintain fragments properly across redirects. (RFC7231 7.1.2)
- Removed use of cgi module to expedite library load time.
- Added support for SHA-256 and SHA-512 digest auth algorithms.
- Minor performance improvement to Request.content.
-
Bugfixes
- Parsing empty Link headers with parse_header_links() no longer
return one bogus entry.
- Fixed issue where loading the default certificate bundle from
a zip archive would raise an IOError.
- Fixed issue with unexpected ImportError on windows system
which do not support winreg module.
- DNS resolution in proxy bypass no longer includes the username
and password in the request. This also fixes the issue of DNS
queries failing on macOS.
- Properly normalize adapter prefixes for url comparison.
- Passing None as a file pointer to the files param no longer
raises an exception.
- Calling copy on a RequestsCookieJar will now preserve the
cookie policy correctly.
Update to version 2.18.4:
*...