Published 2021-05-03 by Seth Michael Larson
Reading time: 1 minute
Subscribe for more content like this through the mailing list or RSS.
Welcome to our fourth newsletter! If you'd like to join our community you can find us on Discord.
If you'd like to support our team we have a GitHub Sponsors, GitCoin Grant, and Open Collective.
Big thank you to the generous individuals who are lending their financial support:
If you or your organization uses Python: consider sponsoring our team's effort to keep urllib3 maintained and to ship urllib3 v2.0 in 2021, we really appreciate it.
Fellow urllib3 maintainer Quentin Pradet recently set aside time for extended work on urllib3 v2.0, specifically
to complete a complex issue regarding urllib3 using Python's built-in ssl.SSLContext for certificate hostname
verification instead of using our current method of verifying certificates via our own vendored ssl.match_hostname.
Quentin wrote on his blog about the work that was completed and about the unreasonable effectiveness of financial contributions to Open Source.
In summary about 20 hours of work was able to uncover a security vulnerability in urllib3,
a bug in CPython related to ssl.SSLContext.hostname_check_common_name,
and a fix in OpenSSL along with completing the original task of making urllib3 use SSLContext for hostname verification. Wow!
urllib3 is officially running on two planets! 🚀
GitHub recently announced a list of Open Source projects hosted on GitHub that were running on the Mars Helicopter Ingenuity and urllib3 was among them. This announcement has been a super exciting achievement for our team and we're all excited to see the future of Open Source being used within the realm of space exploration.
urllib3 1.26.4 included a fix for CVE-2021-28363 thanks to Quentin Pradet and Jorge Lopez-Silva for their work here! Versions of urllib3 that are vulnerable to re 1.26.0 to 1.26.3. Versions prior to 1.26.0 are not affected.
After multiple impactful contributions to the project our team welcomes Franek Magiera. Franek has been contributing to the effort of completely type-hinting the urllib3 API which is one of the highlighted improvements coming to urllib3 v2.0. Thanks for all the hard work, Franek!