requests v2.6.0 released
Ian Cordasco
graffatcolmingov at gmail.com
Sat Mar 14 18:01:15 CET 2015
About Requests
++++++++++++++
Requests is an Apache2 Licensed HTTP library, written in Python, for human
beings. Requests takes all of the work out of Python HTTP/1.1 — making your
integration with web services seamless. There’s no need to manually add
query strings to your URLs, or to form-encode your POST data. Keep-alive
and HTTP connection pooling are 100% automatic, powered by urllib3.
2.6.0 (2015-03-14)
++++++++++++++++++
**Bugfixes**
- Fix handling of cookies on redirect. Previously a cookie without a host
value set would use the hostname for the redirected URL exposing requests
users to session fixation attacks and potentially cookie stealing. This
was
disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
An CVE identifier has not yet been assigned for this. This affects all
versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
- Fix error when requests is an ``install_requires`` dependency and ``python
setup.py test`` is run. (#2462)
- Fix error when urllib3 is unbundled and requests continues to use the
vendored import location.
- Include fixes to ``urllib3``'s header handling.
- Requests' handling of unvendored dependencies is now more restrictive.
**Features and Improvements**
- Support bytearrays when passed as parameters in the ``files`` argument.
(#2468)
- Avoid data duplication when creating a request with ``str``, ``bytes``, or
``bytearray`` input to the ``files`` argument.
(Release notes are also available
http://docs.python-requests.org/en/latest/community/updates/#software-updates
)
More information about the Python-announce-list
mailing list