Sourced from apache-airflow's releases.

Apache Airflow 2.10.3

Significant Changes

No significant changes.

Bug Fixes

• Improves the handling of value masking when setting Airflow variables for enhanced security. (#43123) (#43278)
• Adds support for task_instance_mutation_hook to handle mapped operators with index 0. (#42661) (#43089)
• Fixes executor cleanup to properly handle zombie tasks when task instances are terminated. (#43065)
• Adds retry logic for HTTP 502 and 504 errors in internal API calls to handle webserver startup issues. (#42994) (#43044)
• Restores the use of separate sessions for writing and deleting RTIF data to prevent StaleDataError. (#42928) (#43012)
• Fixes PythonOperator error by replacing hyphens with underscores in DAG names. (#42993)
• Improving validation of task retries to handle None values (#42532) (#42915)
• Fixes error handling in dataset managers when resolving dataset aliases into new datasets (#42733)
• Enables clicking on task names in the DAG Graph View to correctly select the corresponding task. (#38782) (#42697)
• Prevent redirect loop on /home with tags/last run filters (#42607) (#42609) (#42628)
• Support of host.name in OTEL metrics and usage of OTEL_RESOURCE_ATTRIBUTES in metrics (#42428) (#42604)
• Reduce eyestrain in dark mode with reduced contrast and saturation (#42567) (#42583)
• Handle ENTER key correctly in trigger form and allow manual JSON (#42525) (#42535)
• Ensure DAG trigger form submits with updated parameters upon keyboard submit (#42487) (#42499)
• Do not attempt to provide not stringified objects to UI via xcom if pickling is active (#42388) (#42486)
• Fix the span link of task instance to point to the correct span in the scheduler_job_loop (#42430) (#42480)
• Bugfix task execution from runner in Windows (#42426) (#42478)
• Allows overriding the hardcoded OTEL_SERVICE_NAME with an environment variable (#42242) (#42441)
• Improves trigger performance by using selectinload instead of joinedload (#40487) (#42351)
• Suppress warnings when masking sensitive configs (#43335) (#43337)
• Masking configuration values irrelevant to DAG author (#43040) (#43336)
• Execute templated bash script as file in BashOperator (#43191)
• Fixes schedule_downstream_tasks to include upstream tasks for one_success trigger rule (#42582) (#43299)
• Add retry logic in the scheduler for updating trigger timeouts in case of deadlocks. (#41429) (#42651)
• Mark all tasks as skipped when failing a dag_run manually (#43572)
• Fix TrySelector for Mapped Tasks in Logs and Details Grid Panel (#43566)
• Conditionally add OTEL events when processing executor events (#43558) (#43567)
• Fix broken stat scheduler_loop_duration (#42886) (#43544)
• Ensure total_entries in /api/v1/dags (#43377) (#43429)
• Include limit and offset in request body schema for List task instances (batch) endpoint (#43479)
• Don't raise a warning in ExecutorSafeguard when execute is called from an extended operator (#42849) (#43577)

Miscellaneous

• Deprecate session auth backend (#42911)
• Removed unicodecsv dependency for providers with Airflow version 2.8.0 and above (#42765) (#42970)
• Remove the referrer from Webserver to Scarf (#42901) (#42942)
• Bump dompurify from 2.2.9 to 2.5.6 in /airflow/www (#42263) (#42270)
• Correct docstring format in _get_template_context (#42244) (#42272)
• Backport: Bump Flask-AppBuilder to 4.5.2 (#43309) (#43318)
• Check python version that was used to install pre-commit venvs (#43282) (#43310)
• Resolve warning in Dataset Alias migration (#43425)

... (truncated)

Sourced from apache-airflow's changelog.

Airflow 2.10.3 (2024-11-04)

Significant Changes ^^^^^^^^^^^^^^^^^^^

No significant changes.

Bug Fixes """""""""

• Improves the handling of value masking when setting Airflow variables for enhanced security. (#43123) (#43278)
• Adds support for task_instance_mutation_hook to handle mapped operators with index 0. (#42661) (#43089)
• Fixes executor cleanup to properly handle zombie tasks when task instances are terminated. (#43065)
• Adds retry logic for HTTP 502 and 504 errors in internal API calls to handle webserver startup issues. (#42994) (#43044)
• Restores the use of separate sessions for writing and deleting RTIF data to prevent StaleDataError. (#42928) (#43012)
• Fixes PythonOperator error by replacing hyphens with underscores in DAG names. (#42993)
• Improving validation of task retries to handle None values (#42532) (#42915)
• Fixes error handling in dataset managers when resolving dataset aliases into new datasets (#42733)
• Enables clicking on task names in the DAG Graph View to correctly select the corresponding task. (#38782) (#42697)
• Prevent redirect loop on /home with tags/last run filters (#42607) (#42609) (#42628)
• Support of host.name in OTEL metrics and usage of OTEL_RESOURCE_ATTRIBUTES in metrics (#42428) (#42604)
• Reduce eyestrain in dark mode with reduced contrast and saturation (#42567) (#42583)
• Handle ENTER key correctly in trigger form and allow manual JSON (#42525) (#42535)
• Ensure DAG trigger form submits with updated parameters upon keyboard submit (#42487) (#42499)
• Do not attempt to provide not stringified objects to UI via xcom if pickling is active (#42388) (#42486)
• Fix the span link of task instance to point to the correct span in the scheduler_job_loop (#42430) (#42480)
• Bugfix task execution from runner in Windows (#42426) (#42478)
• Allows overriding the hardcoded OTEL_SERVICE_NAME with an environment variable (#42242) (#42441)
• Improves trigger performance by using selectinload instead of joinedload (#40487) (#42351)
• Suppress warnings when masking sensitive configs (#43335) (#43337)
• Masking configuration values irrelevant to DAG author (#43040) (#43336)
• Execute templated bash script as file in BashOperator (#43191)
• Fixes schedule_downstream_tasks to include upstream tasks for one_success trigger rule (#42582) (#43299)
• Add retry logic in the scheduler for updating trigger timeouts in case of deadlocks. (#41429) (#42651)
• Mark all tasks as skipped when failing a dag_run manually (#43572)
• Fix TrySelector for Mapped Tasks in Logs and Details Grid Panel (#43566)
• Conditionally add OTEL events when processing executor events (#43558) (#43567)
• Fix broken stat scheduler_loop_duration (#42886) (#43544)
• Ensure total_entries in /api/v1/dags (#43377) (#43429)
• Include limit and offset in request body schema for List task instances (batch) endpoint (#43479)
• Don't raise a warning in ExecutorSafeguard when execute is called from an extended operator (#42849) (#43577)

Miscellaneous """""""""""""

• Deprecate session auth backend (#42911)
• Removed unicodecsv dependency for providers with Airflow version 2.8.0 and above (#42765) (#42970)
• Remove the referrer from Webserver to Scarf (#42901) (#42942)
• Bump dompurify from 2.2.9 to 2.5.6 in /airflow/www (#42263) (#42270)
• Correct docstring format in _get_template_context (#42244) (#42272)
• Backport: Bump Flask-AppBuilder to 4.5.2 (#43309) (#43318)

... (truncated)

• c99887e Update RELEASE_NOTES.rst
• 1c7fba7 mark test_task_workflow_trigger_success as flaky (#42972) (#43580)
• 08bbf89 FIX: Don't raise a warning in ExecutorSafeguard when execute is called from a...
• 7e86bf8 Mark all tasks as skipped when failing a dag_run manually including t… (#43572)
• 8e79c7a Fix TrySelector for Mapped Tasks in Logs and Details Grid Panel (#43566)
• c12e628 Conditionally add OTEL events when processing executor events (#43558) (#43567)
• 898f332 Fix broken stat scheduler_loop_duration (#42886) (#43544)
• 7aea4b5 Ensure total_entries in /api/v1/dags (#43377) (#43429)
• 9c044ea include limit and offset in request body schema for List task instances (batc...
• dd296c5 This PR resolves an SQLAlchemy warning in the migration by correctly setting ...
• Additional commits viewable in compare view

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

... (truncated)

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

... (truncated)

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

... (truncated)

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

... (truncated)

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Sourced from py's changelog.

1.11.0 (2021-11-04)

• Support Python 3.11
• Support NO_COLOR environment variable
• Update vendored apipkg: 1.5 => 2.0

1.10.0 (2020-12-12)

• Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651)
• Update vendored apipkg: 1.4 => 1.5
• Update vendored iniconfig: 1.0.0 => 1.1.1

• 447bac5 Update CHANGELOG.rst
• 6d003d9 Update CHANGELOG.rst
• 9cf613f Declare support for Python 3.8-3.10
• d831150 Update python_requires: Python 3.4 was already dropped
• e68532e Update CHANGELOG for 1.11.0
• 2f03e5a Merge pull request #258 from blueyed/NO_COLOR
• e116b2b Merge pull request #275 from pytest-dev/upgrade-vendor-libs
• f3a1a59 remove build pin again
• f6cbf28 try to use pipx tox
• 3fe9ad7 try to use preinstalled tox
• Additional commits viewable in compare view

Sourced from apache-airflow's releases.

Apache Airflow 2.10.3

Significant Changes

No significant changes.

Bug Fixes

• Improves the handling of value masking when setting Airflow variables for enhanced security. (#43123) (#43278)
• Adds support for task_instance_mutation_hook to handle mapped operators with index 0. (#42661) (#43089)
• Fixes executor cleanup to properly handle zombie tasks when task instances are terminated. (#43065)
• Adds retry logic for HTTP 502 and 504 errors in internal API calls to handle webserver startup issues. (#42994) (#43044)
• Restores the use of separate sessions for writing and deleting RTIF data to prevent StaleDataError. (#42928) (#43012)
• Fixes PythonOperator error by replacing hyphens with underscores in DAG names. (#42993)
• Improving validation of task retries to handle None values (#42532) (#42915)
• Fixes error handling in dataset managers when resolving dataset aliases into new datasets (#42733)
• Enables clicking on task names in the DAG Graph View to correctly select the corresponding task. (#38782) (#42697)
• Prevent redirect loop on /home with tags/last run filters (#42607) (#42609) (#42628)
• Support of host.name in OTEL metrics and usage of OTEL_RESOURCE_ATTRIBUTES in metrics (#42428) (#42604)
• Reduce eyestrain in dark mode with reduced contrast and saturation (#42567) (#42583)
• Handle ENTER key correctly in trigger form and allow manual JSON (#42525) (#42535)
• Ensure DAG trigger form submits with updated parameters upon keyboard submit (#42487) (#42499)
• Do not attempt to provide not stringified objects to UI via xcom if pickling is active (#42388) (#42486)
• Fix the span link of task instance to point to the correct span in the scheduler_job_loop (#42430) (#42480)
• Bugfix task execution from runner in Windows (#42426) (#42478)
• Allows overriding the hardcoded OTEL_SERVICE_NAME with an environment variable (#42242) (#42441)
• Improves trigger performance by using selectinload instead of joinedload (#40487) (#42351)
• Suppress warnings when masking sensitive configs (#43335) (#43337)
• Masking configuration values irrelevant to DAG author (#43040) (#43336)
• Execute templated bash script as file in BashOperator (#43191)
• Fixes schedule_downstream_tasks to include upstream tasks for one_success trigger rule (#42582) (#43299)
• Add retry logic in the scheduler for updating trigger timeouts in case of deadlocks. (#41429) (#42651)
• Mark all tasks as skipped when failing a dag_run manually (#43572)
• Fix TrySelector for Mapped Tasks in Logs and Details Grid Panel (#43566)
• Conditionally add OTEL events when processing executor events (#43558) (#43567)
• Fix broken stat scheduler_loop_duration (#42886) (#43544)
• Ensure total_entries in /api/v1/dags (#43377) (#43429)
• Include limit and offset in request body schema for List task instances (batch) endpoint (#43479)
• Don't raise a warning in ExecutorSafeguard when execute is called from an extended operator (#42849) (#43577)

Miscellaneous

• Deprecate session auth backend (#42911)
• Removed unicodecsv dependency for providers with Airflow version 2.8.0 and above (#42765) (#42970)
• Remove the referrer from Webserver to Scarf (#42901) (#42942)
• Bump dompurify from 2.2.9 to 2.5.6 in /airflow/www (#42263) (#42270)
• Correct docstring format in _get_template_context (#42244) (#42272)
• Backport: Bump Flask-AppBuilder to 4.5.2 (#43309) (#43318)
• Check python version that was used to install pre-commit venvs (#43282) (#43310)
• Resolve warning in Dataset Alias migration (#43425)

... (truncated)

Sourced from apache-airflow's changelog.

Airflow 2.10.3 (2024-11-04)

Significant Changes ^^^^^^^^^^^^^^^^^^^

No significant changes.

Bug Fixes """""""""

• Improves the handling of value masking when setting Airflow variables for enhanced security. (#43123) (#43278)
• Adds support for task_instance_mutation_hook to handle mapped operators with index 0. (#42661) (#43089)
• Fixes executor cleanup to properly handle zombie tasks when task instances are terminated. (#43065)
• Adds retry logic for HTTP 502 and 504 errors in internal API calls to handle webserver startup issues. (#42994) (#43044)
• Restores the use of separate sessions for writing and deleting RTIF data to prevent StaleDataError. (#42928) (#43012)
• Fixes PythonOperator error by replacing hyphens with underscores in DAG names. (#42993)
• Improving validation of task retries to handle None values (#42532) (#42915)
• Fixes error handling in dataset managers when resolving dataset aliases into new datasets (#42733)
• Enables clicking on task names in the DAG Graph View to correctly select the corresponding task. (#38782) (#42697)
• Prevent redirect loop on /home with tags/last run filters (#42607) (#42609) (#42628)
• Support of host.name in OTEL metrics and usage of OTEL_RESOURCE_ATTRIBUTES in metrics (#42428) (#42604)
• Reduce eyestrain in dark mode with reduced contrast and saturation (#42567) (#42583)
• Handle ENTER key correctly in trigger form and allow manual JSON (#42525) (#42535)
• Ensure DAG trigger form submits with updated parameters upon keyboard submit (#42487) (#42499)
• Do not attempt to provide not stringified objects to UI via xcom if pickling is active (#42388) (#42486)
• Fix the span link of task instance to point to the correct span in the scheduler_job_loop (#42430) (#42480)
• Bugfix task execution from runner in Windows (#42426) (#42478)
• Allows overriding the hardcoded OTEL_SERVICE_NAME with an environment variable (#42242) (#42441)
• Improves trigger performance by using selectinload instead of joinedload (#40487) (#42351)
• Suppress warnings when masking sensitive configs (#43335) (#43337)
• Masking configuration values irrelevant to DAG author (#43040) (#43336)
• Execute templated bash script as file in BashOperator (#43191)
• Fixes schedule_downstream_tasks to include upstream tasks for one_success trigger rule (#42582) (#43299)
• Add retry logic in the scheduler for updating trigger timeouts in case of deadlocks. (#41429) (#42651)
• Mark all tasks as skipped when failing a dag_run manually (#43572)
• Fix TrySelector for Mapped Tasks in Logs and Details Grid Panel (#43566)
• Conditionally add OTEL events when processing executor events (#43558) (#43567)
• Fix broken stat scheduler_loop_duration (#42886) (#43544)
• Ensure total_entries in /api/v1/dags (#43377) (#43429)
• Include limit and offset in request body schema for List task instances (batch) endpoint (#43479)
• Don't raise a warning in ExecutorSafeguard when execute is called from an extended operator (#42849) (#43577)

Miscellaneous """""""""""""

• Deprecate session auth backend (#42911)
• Removed unicodecsv dependency for providers with Airflow version 2.8.0 and above (#42765) (#42970)
• Remove the referrer from Webserver to Scarf (#42901) (#42942)
• Bump dompurify from 2.2.9 to 2.5.6 in /airflow/www (#42263) (#42270)
• Correct docstring format in _get_template_context (#42244) (#42272)
• Backport: Bump Flask-AppBuilder to 4.5.2 (#43309) (#43318)

... (truncated)

• c99887e Update RELEASE_NOTES.rst
• 1c7fba7 mark test_task_workflow_trigger_success as flaky (#42972) (#43580)
• 08bbf89 FIX: Don't raise a warning in ExecutorSafeguard when execute is called from a...
• 7e86bf8 Mark all tasks as skipped when failing a dag_run manually including t… (#43572)
• 8e79c7a Fix TrySelector for Mapped Tasks in Logs and Details Grid Panel (#43566)
• c12e628 Conditionally add OTEL events when processing executor events (#43558) (#43567)
• 898f332 Fix broken stat scheduler_loop_duration (#42886) (#43544)
• 7aea4b5 Ensure total_entries in /api/v1/dags (#43377) (#43429)
• 9c044ea include limit and offset in request body schema for List task instances (batc...
• dd296c5 This PR resolves an SQLAlchemy warning in the migration by correctly setting ...
• Additional commits viewable in compare view

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

... (truncated)

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

... (truncated)

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links

• Pull Request Statistics

  Commits:
  1

  Files Changed:
  16

  Additions:
  +18

  Deletions:
  -18