fence-agents/RHEL-11988-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch

27 lines
1.1 KiB
Diff
Raw Normal View History

From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@gmail.com>
Date: Mon, 2 Oct 2023 19:46:16 +0400
Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
---
CHANGES.rst | 5 ++++
docs/user-guide.rst | 3 +++
src/urllib3/util/retry.py | 2 +-
test/test_retry.py | 4 +--
test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
5 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
index ea48afe3ca..7572bfd26a 100644
--- a/kubevirt/urllib3/util/retry.py
+++ b/kubevirt/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Maximum backoff time.
BACKOFF_MAX = 120