Released urllib3 v2.2.2 and urllib3 v1.26.19
Published on June 17, 2024 by Quentin Pradet
urllib3 v2.2.2 and urllib3 v1.26.19 are now available, fixing CVE-2024-37891, where Proxy-Authorization header was not stripped in a specific case. This is a moderate severity (4.4/10) vulnerability that is uncommon in practice.