Welcome to our fourth newsletter! If you'd like to join our community you can find us on Discord.
Thanks to all of our Sponsors!
If you'd like to support our team we have a GitHub Sponsors, GitCoin Grant, and Open Collective.
Big thank you to the generous individuals who are lending their financial support:
- Andrew Janke
- Cory Benfield
- Cosmin Stejerean
- DJ
- FilePreviews
- Jeff Triplett
- Michael McHugh
- MiraiSawatari
- Sebastián Ramírez
- mickeybrew
- ume
- Many contributors to our GitCoin Grant during Grant Round 9!
If you or your organization uses Python: consider sponsoring our team's effort to keep urllib3 maintained and to ship urllib3 v2.0 in 2021, we really appreciate it.
Unreasonable effectiveness of investing in Open Source
Fellow urllib3 maintainer Quentin Pradet recently set aside time for extended work on urllib3 v2.0, specifically
to complete a complex issue regarding urllib3 using Python's built-in ssl.SSLContext for certificate hostname
verification instead of using our current method of verifying certificates via our own vendored ssl.match_hostname.
Quentin wrote on his blog about the work that was completed and about the unreasonable effectiveness of financial contributions to Open Source.
In summary about 20 hours of work was able to uncover a security vulnerability in urllib3,
a bug in CPython related to ssl.SSLContext.hostname_check_common_name,
and a fix in OpenSSL along with completing the original task of making urllib3 use SSLContext for hostname verification. Wow!
HTTP on Mars
urllib3 is officially running on two planets! 🚀
GitHub recently announced a list of Open Source projects hosted on GitHub that were running on the Mars Helicopter Ingenuity and urllib3 was among them. This announcement has been a super exciting achievement for our team and we're all excited to see the future of Open Source being used within the realm of space exploration.
CVE-2021-28363
urllib3 1.26.4 included a fix for CVE-2021-28363 thanks to Quentin Pradet and Jorge Lopez-Silva for their work here! Versions of urllib3 that are vulnerable to re 1.26.0 to 1.26.3. Versions prior to 1.26.0 are not affected.
Welcoming a new collaborator!
After multiple impactful contributions to the project our team welcomes Franek Magiera. Franek has been contributing to the effort of completely type-hinting the urllib3 API which is one of the highlighted improvements coming to urllib3 v2.0. Thanks for all the hard work, Franek!
Don't let social media algorithms decide what you want to see.
Get notified of new publications by subscribing to the RSS feed or the email newsletter:
This work is licensed under 
