Skip to content

1.2.4

Latest
Latest

Choose a tag to compare

View all tags
@oscarvalenzuelab oscarvalenzuelab released this 16 Mar 04:33
· 10 commits to main since this release
v1.2.4
08fc223
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

[1.2.4] - 2026-03-15

Security

Updated urllib3 from >=2.5.0 to >=2.6.3 to address multiple high-severity vulnerabilities:

  • CVE-2026-21441: Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

  • CVE-2025-66471: Streaming API improperly handles highly compressed data

  • CVE-2025-66418: Unbounded number of links in the decompression chain

Assets 2
Loading