SUSE-SU-2025:20034-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202520034-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20034-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:20034-1
- Upstream
- Related
- Published
- 2025-02-03T08:52:32Z
- Modified
- 2026-03-11T07:30:32.375186Z
- Summary
- Security update for python-requests
- Details
-
This update for python-requests fixes the following issues:
Update to 2.32.2
- To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed getconnection to a new public API, getconnectionwithtlscontext. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
Update to 2.32.1
- Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (bsc#1224788, CVE-2024-35195)
- verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests.
- Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area.
- Requests has officially added support for CPython 3.12 and dropped support for CPython 3.7.
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling.
- References