Python 3.8 urllib3 with CVE-2025-66471 security patches
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
urllib3-lts-py38 🛡️
Security Backport for Python 3.8 Base: urllib3 v2.x | Patch Level: 2026.21441 | Auditor: 1minds3t
🚨 Security Matrix (Cumulative)
This release provides a hardened backport for Python 3.8, mitigating 5 Critical/High/Moderate Vulnerabilities identified between 2025 and 2026.
| CVE ID | Severity | Description | Status |
|---|---|---|---|
| CVE-2026-21441 | 🔴 HIGH | Infinite Sleep DoS: Limits Retry-After to 6 hours max. |
🛡️ FIXED |
| CVE-2025-66471 | 🔴 HIGH | Header/Collection Logic: Hardened internal data structures. | 🛡️ FIXED |
| CVE-2025-66418 | 🔴 HIGH | Credential Leakage: Strips sensitive headers on cross-origin redirects. | 🛡️ FIXED |
| CVE-2025-50182 | 🟡 MOD | Resource Exhaustion: Prevents DoS via unread compressed data. | 🛡️ FIXED |
| CVE-2025-50181 | 🟡 MOD | Redirect/Decompress: Fixed retry logic and resource cleanup. | 🛡️ FIXED |
🛠️ Patch Architecture
Unlike standard upstream releases, this LTS version is specifically tuned for Python 3.8:
- Targeted Fixes: Only security-critical logic was backported; "modernization" noise (Python 3.14+ compatibility) was stripped to maintain a minimal diff.
- Resource Safety: Implemented mandatory
retry_after_maxand lazy decompression guards to prevent resource hanging. - Localization: All internal strings and error messages were handled via an AI automated translation chain for consistency across the codebase.
📦 Installation
pip install urllib3-lts-py38==2026.21441
🌐 The OmniPKG Ecosystem
Maintained by 1minds3t.
Manage your environment:
pip install omnipkg
omnipkg reset -y
⚠️ Critical Installation Warning
You MUST uninstall the standard urllib3 before installing this package to avoid namespace conflicts:
pip uninstall urllib3 -y
pip install urllib3-lts-py38
All patches verified via omnipatcher manual human review on 2026-02-22.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file urllib3_lts_py38-2026.21441.tar.gz.
File metadata
- Download URL: urllib3_lts_py38-2026.21441.tar.gz
- Upload date:
- Size: 156.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8729fa8f601b7ad9449fbb5d78c9e2596e8694ada617ea63f57a5c0fa193f2c7
|
|
| MD5 |
20a652c53b6ed8727cc0676a0fb603ca
|
|
| BLAKE2b-256 |
508d2a51da2a068541b963e30f26b5dea9e4505bddc226f2660fea684fa12b85
|
Provenance
The following attestation bundles were made for urllib3_lts_py38-2026.21441.tar.gz:
Publisher:
publish.yml on 1minds3t/urllib3-lts
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
urllib3_lts_py38-2026.21441.tar.gz -
Subject digest:
8729fa8f601b7ad9449fbb5d78c9e2596e8694ada617ea63f57a5c0fa193f2c7 - Sigstore transparency entry: 977993817
- Sigstore integration time:
-
Permalink:
1minds3t/urllib3-lts@31cf297e9875d6ef9dc31920982e03c70eaa9c23 -
Branch / Tag:
refs/tags/CVE-2026-21441-py38 - Owner: https://github.com/1minds3t
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@31cf297e9875d6ef9dc31920982e03c70eaa9c23 -
Trigger Event:
release
-
Statement type:
File details
Details for the file urllib3_lts_py38-2026.21441-py3-none-any.whl.
File metadata
- Download URL: urllib3_lts_py38-2026.21441-py3-none-any.whl
- Upload date:
- Size: 125.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e774420b6609b82d75a0faa85e9e4d65c319493a69fdb1ee735edcdaf8e3e177
|
|
| MD5 |
9ed57545e253983c73c30b2d8570dfc7
|
|
| BLAKE2b-256 |
e64ed8eb024e34b991453cc25d9554d6a25de29882905fdac5155f86394b7d8b
|
Provenance
The following attestation bundles were made for urllib3_lts_py38-2026.21441-py3-none-any.whl:
Publisher:
publish.yml on 1minds3t/urllib3-lts
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
urllib3_lts_py38-2026.21441-py3-none-any.whl -
Subject digest:
e774420b6609b82d75a0faa85e9e4d65c319493a69fdb1ee735edcdaf8e3e177 - Sigstore transparency entry: 977993883
- Sigstore integration time:
-
Permalink:
1minds3t/urllib3-lts@31cf297e9875d6ef9dc31920982e03c70eaa9c23 -
Branch / Tag:
refs/tags/CVE-2026-21441-py38 - Owner: https://github.com/1minds3t
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@31cf297e9875d6ef9dc31920982e03c70eaa9c23 -
Trigger Event:
release
-
Statement type:
