STINNER Victor <vstin...@redhat.com> added the comment:
It seems like a change has been pushed into urllib3 to fix this issue, but that there is an issue with international URLs and that maybe RFC 3986 should be updated. RFC 3986: "Uniform Resource Identifier (URI): Generic Syntax" (January 2005) https://www.ietf.org/rfc/rfc3986.txt "Without #1531 or IRI support in rfc3986 releasing master in it's current state will break backwards compatibility with international URLs." https://github.com/urllib3/urllib3/issues/1553#issuecomment-474046652 => where 1531 means https://github.com/urllib3/urllib3/pull/1531 "wave Hi! I've noticed that CVE-2019-11236 has been assigned to the CRLF injection issue described here. It seems that the library has been patched in GitHub, but no new release has been made to pypi. Will a new release containing the fix be made to pypi soon? Based on @theacodes comment it seems like a release was going to be made, but I also see her status has her perhaps unavailable. Is someone else perhaps able to cut a new release into pypi?" https://github.com/urllib3/urllib3/issues/1553#issuecomment-484113222 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue30458> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
