Security update for python-requests
| Announcement ID: | SUSE-SU-2025:20094-1 |
|---|---|
| Release Date: | 2025-02-03T09:12:09Z |
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability and has two fixes can now be installed.
Description:
This update for python-requests contains the following fixes:
-
Add patch to fix to inject the default CA bundles if they are not specified. (bsc#1226321, bsc#1231500)
-
Remove Requires on python-py, it should have been removed earlier.
-
update to 2.32.3:
- Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter.
-
Fixed issue where Requests started failing to run on Python versions compiled without the
sslmodule. -
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is
- Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification,
- verify=True now reuses a global SSLContext which should improve request time
- Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Micro 6.0
zypper in -t patch SUSE-SLE-Micro-6.0-125=1
Package List:
-
SUSE Linux Micro 6.0 (noarch)
- python311-requests-2.32.3-1.1