Re: SECURITY UPDATE: www/py-requests 2.20.0

On Wed, 31 Oct 2018 18:19:11 -0500, Edward Lopez-Acosta wrote: > Changelog: > - Fixed in 2.20.0 - CVE 2018-18074 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074 > > The Requests package before 2.20.0 for Python sends an HTTP > Authorization header to an http URI upon receiving a

SECURITY UPDATE: www/py-requests 2.20.0

Changelog: - Fixed in 2.20.0 - CVE 2018-18074 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote