{"affected":[{"ecosystem_specific":{"binaries":[{"python311-requests":"2.32.2-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.32.2-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-requests fixes the following issues:\n\n- Update to 2.32.2\n * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, \n we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing \n custom HTTPAdapters will need to migrate their code to use this new API. get_connection is \n considered deprecated in all versions of Requests>=2.32.0.\n\n- Update to 2.32.1\n * Fixed an issue where setting verify=False on the first request from a Session \n will cause subsequent requests to the same origin to also ignore cert verification, \n regardless of the value of verify. (bsc#1224788, CVE-2024-35195)\n * verify=True now reuses a global SSLContext which should improve request time \n variance between first and subsequent requests.\n * Requests now supports optional use of character detection (chardet or charset_normalizer) \n when repackaged or vendored. This enables pip and other projects to minimize their \n vendoring surface area.\n * Requests has officially added support for CPython 3.12 and dropped support for CPython 3.7.\n * Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling.\n","id":"SUSE-SU-2025:20034-1","modified":"2025-02-03T08:52:32Z","published":"2025-02-03T08:52:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520034-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224788"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-35195"}],"related":["CVE-2024-35195"],"summary":"Security update for python-requests","upstream":["CVE-2024-35195"]}