ยซ Changelog History


requests v2.6.0 Release Notes

Release Date: 2015-03-14 // about 9 years ago

  • ๐Ÿ›  Bugfixes

    • CVE-2015-2296: Fix handling of cookies on redirect. Previously a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing. This was disclosed privately by Matthew Daley of BugFuzz. This affects all versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
    • Fix error when requests is an install_requires dependency and python setup.py test is run. (#2462)
    • Fix error when urllib3 is unbundled and requests continues to use the vendored import location.
    • ๐Ÿ›  Include fixes to urllib3's header handling.
    • Requests' handling of unvendored dependencies is now more restrictive.

    ๐Ÿ”‹ Features and Improvements

    • ๐Ÿ‘ Support bytearrays when passed as parameters in the files argument. (#2468)
    • Avoid data duplication when creating a request with str, bytes, or bytearray input to the files argument.