requests v2.6.0 Release Notes
Release Date: 2015-03-14 // about 9 years ago-
๐ Bugfixes
- CVE-2015-2296: Fix handling of cookies on redirect. Previously a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing. This was disclosed privately by Matthew Daley of BugFuzz. This affects all versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
- Fix error when requests is an
install_requires
dependency andpython setup.py test
is run. (#2462) - Fix error when urllib3 is unbundled and requests continues to use the vendored import location.
- ๐ Include fixes to
urllib3
's header handling. - Requests' handling of unvendored dependencies is now more restrictive.
๐ Features and Improvements
- ๐ Support bytearrays when passed as parameters in the
files
argument. (#2468) - Avoid data duplication when creating a request with
str
,bytes
, orbytearray
input to thefiles
argument.