urllib3 Newsletter #4

Published 2021-05-03 by Seth Larson
Reading time: 1 minute

Welcome to our fourth newsletter! If you'd like to join our community you can find us on Discord.

Thanks to all of our Sponsors!

If you'd like to support our team we have a GitHub Sponsors, GitCoin Grant, and Open Collective.

Big thank you to the generous individuals who are lending their financial support:

If you or your organization uses Python: consider sponsoring our team's effort to keep urllib3 maintained and to ship urllib3 v2.0 in 2021, we really appreciate it.

Unreasonable effectiveness of investing in Open Source

Fellow urllib3 maintainer Quentin Pradet recently set aside time for extended work on urllib3 v2.0, specifically to complete a complex issue regarding urllib3 using Python's built-in ssl.SSLContext for certificate hostname verification instead of using our current method of verifying certificates via our own vendored ssl.match_hostname.

Quentin wrote on his blog about the work that was completed and about the unreasonable effectiveness of financial contributions to Open Source.

In summary about 20 hours of work was able to uncover a security vulnerability in urllib3, a bug in CPython related to ssl.SSLContext.hostname_check_common_name, and a fix in OpenSSL along with completing the original task of making urllib3 use SSLContext for hostname verification. Wow!

HTTP on Mars

urllib3 is officially running on two planets! 🚀

GitHub recently announced a list of Open Source projects hosted on GitHub that were running on the Mars Helicopter Ingenuity and urllib3 was among them. This announcement has been a super exciting achievement for our team and we're all excited to see the future of Open Source being used within the realm of space exploration.


urllib3 1.26.4 included a fix for CVE-2021-28363 thanks to Quentin Pradet and Jorge Lopez-Silva for their work here! Versions of urllib3 that are vulnerable to re 1.26.0 to 1.26.3. Versions prior to 1.26.0 are not affected.

Welcoming a new collaborator!

After multiple impactful contributions to the project our team welcomes Franek Magiera. Franek has been contributing to the effort of completely type-hinting the urllib3 API which is one of the highlighted improvements coming to urllib3 v2.0. Thanks for all the hard work, Franek!

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0