kennethreitz/requests
1
0
Fork 0
mirror of https://github.com/kennethreitz/requests.git synced 2026-06-05 22:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from kennethreitz/master

Browse Source 
Only for me
This commit is contained in:
M.Yasoob Ullah Khalid ☺
2015-03-17 01:25:05 +05:00
parent 3711e04f37 cd3f7eb388
commit 81d2d5535a
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
HISTORY.rst
+6 -6
View File
@@ -8,12 +8,12 @@ Release History
**Bugfixes**
- Fix handling of cookies on redirect. Previously a cookie without a host
value set would use the hostname for the redirected URL exposing requests
users to session fixation attacks and potentially cookie stealing. This was
disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
An CVE identifier has not yet been assigned for this. This affects all
versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
- CVE-2015-2296: Fix handling of cookies on redirect. Previously a cookie
without a host value set would use the hostname for the redirected URL
exposing requests users to session fixation attacks and potentially cookie
stealing. This was disclosed privately by Matthew Daley of
`BugFuzz <https://bugfuzz.com>`_. This affects all versions of requests from
v2.1.0 to v2.5.3 (inclusive on both ends).
- Fix error when requests is an ``install_requires`` dependency and ``python
setup.py test`` is run. (#2462)