FEDORA-2026-8ad863685a
Packages in this update:
- python-pulp-glue-0.37.0-5.fc43
- python-requests-2.33.1-1.fc43
Update description:
2.33.1 (2026-03-30)
Bugfixes
- Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory.
- Fixed Content-Type header parsing for malformed values.
- Improved error consistency for malformed header values.
2.33.0 (2026-03-25)
Announcements
- 📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at
#7271.
Give it a try, and report any gaps or feedback you may have in the issue. 📣
Security
- CVE-2026-25645
requests.utils.extract_zipped_paths now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.
Improvements
- Migrated to a PEP 517 build system using setuptools.
Bugfixes
- Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+.
Deprecations
- Dropped support for Python 3.9 following its end of support.
Documentation
- Various typo fixes and doc improvements.