An update for python-requests is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2807 Final 1.0 1.0 2025-12-12 Initial 2025-12-12 2025-12-12 openEuler SA Tool V1.0 2025-12-12 python-requests security update An update for python-requests is now available for openEuler-24.03-LTS Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work (even method overrides) to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. + Multipart File Uploads. + CookieJar Support. + Redirection History. + Redirection Recursion Urllib Fix. + Automatic Decompression of GZipped Content. + Unicode URL Support. - Authentication: + URL + HTTP Auth Registry. Security Fix(es): Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.(CVE-2024-35195) An update for python-requests is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium python-requests https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2807 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 openEuler-24.03-LTS python-requests-2.31.0-4.oe2403.src.rpm python-requests-help-2.31.0-4.oe2403.noarch.rpm python3-requests-2.31.0-4.oe2403.noarch.rpm Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0. 2025-12-12 CVE-2024-35195 openEuler-24.03-LTS Medium 5.6 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N python-requests security update 2025-12-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2807