fence-agents/RHEL-11988-2-aws-fix-bundled-urllib3-CVE-2023-43804.patch
Oyvind Albrigtsen afa5fa38bc - bundled urllib3: fix CVE-2023-43804
Resolves: RHEL-11988
2023-10-12 16:29:42 +02:00

27 lines
1.1 KiB
Diff

From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@gmail.com>
Date: Mon, 2 Oct 2023 19:46:16 +0400
Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
---
CHANGES.rst | 5 ++++
docs/user-guide.rst | 3 +++
src/urllib3/util/retry.py | 2 +-
test/test_retry.py | 4 +--
test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
5 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
index ea48afe3ca..7572bfd26a 100644
--- a/aws/urllib3/util/retry.py
+++ b/aws/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Maximum backoff time.
BACKOFF_MAX = 120