This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients gregory.p.smith, martin.panter, orange, serhiy.storchaka, vstinner, ware, xiang.zhang, xtreak
Date 2019-04-17.15:35:49
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
"wave Hi! I've noticed that CVE-2019-11236 has been assigned to the CRLF injection issue described here. It seems that the library has been patched in GitHub, but no new release has been made to pypi. (...)"

This urllib3 change:

urllib3 now vendors a copy of the rfc3986 library:
Date User Action Args
2019-04-17 15:35:49vstinnersetrecipients: + vstinner, gregory.p.smith, martin.panter, serhiy.storchaka, xiang.zhang, orange, xtreak, ware
2019-04-17 15:35:49vstinnersetmessageid: <>
2019-04-17 15:35:49vstinnerlinkissue30458 messages
2019-04-17 15:35:49vstinnercreate