Users who are using an HTTPS proxy to issue HTTPS requests and haven't configured their own SSLContext via proxy_config
.
Only the default SSLContext is impacted.
urllib3 >=1.26.4 has the issue resolved. urllib3<1.26 is not impacted due to not supporting HTTPS requests via HTTPS proxies.
Upgrading is recommended as this is a minor release and not likely to break current usage.
Configuring an SSLContext
with check_hostname=True
and passing via proxy_config
instead of relying on the default SSLContext
If you have any questions or comments about this advisory: * Email us at sethmichaellarson@gmail.com