Python 3.7 urllib3 with CVE-2025-66471 security patches
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
# urllib3-lts-py37 🛡️
**Security Backport for Python 3.7**
Base: `urllib3 v2.0.7` | Patch Level: `2026.21441`
## 🚨 Security Fixes Included
This release backports fixes for **5 Critical/High/Moderate Vulnerabilities** found in the official `v2.0.7` release.
| CVE ID | Severity | Description | Status |
|:---|:---|:---|:---|
| **CVE-2026-21441** | 🔴 HIGH | **Decompression/Retry DoS:** Guarded redirect streaming & capped Retry-After. | 🛡️ **FIXED** |
| **CVE-2025-66471** | 🔴 HIGH | **Compression Bomb DoS:** Added `max_length` limits to decompression. | 🛡️ **FIXED** |
| **CVE-2025-66418** | 🔴 HIGH | **Unbounded Links:** Limited decompression chain depth. | 🛡️ **FIXED** |
| **CVE-2025-50181** | 🟡 MOD | **Redirect Bypass:** Fixed retry logic when redirects disabled. | 🛡️ **FIXED** |
| **CVE-2024-37891** | 🟡 MOD | **Header Leak:** Strips Proxy-Authorization on redirect. | 🛡️ **FIXED** |
## 📦 Installation
```bash
pip install urllib3-lts-py37==2026.21441
🌐 The OmniPKG Ecosystem
Maintained by 1minds3t.
Manage your environment:
pip install omnipkg
omnipkg reset -y
⚠️ Installation Warning
Uninstall urllib3 before installing this package:
pip uninstall urllib3 -y
pip install urllib3-lts-py37
This ensures the security patches are applied and not overwritten.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file urllib3_lts_py37-2026.21441.1.tar.gz.
File metadata
- Download URL: urllib3_lts_py37-2026.21441.1.tar.gz
- Upload date:
- Size: 153.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
debe82001e7a21564666f6dea7b69550de2e0d92b264edbd07b0b48d8315004d
|
|
| MD5 |
e3ca4270ac48e725ff75a1f7238c21ce
|
|
| BLAKE2b-256 |
c997ec7d43168fb881e15cac2cc9949ccfca17006f27ddac97333cca6eb4060a
|
Provenance
The following attestation bundles were made for urllib3_lts_py37-2026.21441.1.tar.gz:
Publisher:
publish.yml on 1minds3t/urllib3-lts
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
urllib3_lts_py37-2026.21441.1.tar.gz -
Subject digest:
debe82001e7a21564666f6dea7b69550de2e0d92b264edbd07b0b48d8315004d - Sigstore transparency entry: 976724439
- Sigstore integration time:
-
Permalink:
1minds3t/urllib3-lts@44e9241b63f7af16144f93feab0adee2fd5d8db8 -
Branch / Tag:
refs/tags/CVE-2026-21441.1-py37 - Owner: https://github.com/1minds3t
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@44e9241b63f7af16144f93feab0adee2fd5d8db8 -
Trigger Event:
release
-
Statement type:
File details
Details for the file urllib3_lts_py37-2026.21441.1-py3-none-any.whl.
File metadata
- Download URL: urllib3_lts_py37-2026.21441.1-py3-none-any.whl
- Upload date:
- Size: 125.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e6783627741565464f003f74b6415c8f0a70c37a04ffd64112c5d413ab0ad14b
|
|
| MD5 |
bc1e98166f573f4d1304dab4f0e22d6e
|
|
| BLAKE2b-256 |
d384aca390c76d8e54af6afe95a0cf5b9e992f31b93c2b36e61beab31e075bd7
|
Provenance
The following attestation bundles were made for urllib3_lts_py37-2026.21441.1-py3-none-any.whl:
Publisher:
publish.yml on 1minds3t/urllib3-lts
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
urllib3_lts_py37-2026.21441.1-py3-none-any.whl -
Subject digest:
e6783627741565464f003f74b6415c8f0a70c37a04ffd64112c5d413ab0ad14b - Sigstore transparency entry: 976724443
- Sigstore integration time:
-
Permalink:
1minds3t/urllib3-lts@44e9241b63f7af16144f93feab0adee2fd5d8db8 -
Branch / Tag:
refs/tags/CVE-2026-21441.1-py37 - Owner: https://github.com/1minds3t
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@44e9241b63f7af16144f93feab0adee2fd5d8db8 -
Trigger Event:
release
-
Statement type:
