Skip to content

python-urllib3: update to 2.6.3 #28286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
BKPepe merged 1 commit into from
Jan 10, 2026
Merged

python-urllib3: update to 2.6.3 #28286

BKPepe merged 1 commit into from
Jan 10, 2026

Conversation

@Yang-Wei-Ting
Copy link
Contributor

@Yang-Wei-Ting Yang-Wei-Ting commented Jan 8, 2026

📦 Package Details

Maintainer: @BKPepe

Description:
Update python-urllib3 to version 2.6.3.

🧪 Run Testing Details

  • OpenWrt Version: master
  • OpenWrt Target/Subtarget: Arm SystemReady (EFI) compliant / 64-bit (armv8) machines
  • OpenWrt Device: QEMU

✅ Formalities

  • I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

BKPepe
BKPepe reviewed Jan 9, 2026
View reviewed changes
lang/python/python-urllib3/Makefile Outdated
@@ -1,5 +1,5 @@
#
# Copyright (C) 2007-2025 OpenWrt.org
# Copyright (C) 2007-2026 OpenWrt.org
Copy link
Member

@BKPepe BKPepe Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not touch this, though. As said in the contributing.md. :-(

Copy link
Contributor Author

@Yang-Wei-Ting Yang-Wei-Ting Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops sorry. Fixed.

@Yang-Wei-Ting
python-urllib3: update to 2.6.3
72c07f6 
- Fixed HTTPResponse.read_chunked() to properly handle leftover data
  in the decoder's buffer when reading compressed chunked responses.
- Fixed a security issue where decompression-bomb safeguards of the
  streaming API were bypassed when HTTP redirects were followed.
  (CVE-2026-21441)
- Started treating Retry-After times greater than 6 hours as 6 hours
  by default.
- Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten.

Release notes:
https://github.com/urllib3/urllib3/releases/tag/2.6.2
https://github.com/urllib3/urllib3/releases/tag/2.6.3

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
@Yang-Wei-Ting Yang-Wei-Ting requested a review from BKPepe January 9, 2026 13:18
@BKPepe BKPepe merged commit 295c75a into openwrt:master Jan 10, 2026
12 checks passed
@Yang-Wei-Ting Yang-Wei-Ting deleted the update-urllib3 branch January 10, 2026 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BKPepe BKPepe Awaiting requested review from BKPepe

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Yang-Wei-Ting @BKPepe