urllib3

Summary

New findings discovered during continuous monitoring.

Tasks

Current version of urllib3 is 1.26.5 with related CVE: CVE-2024-37891. Update to urllib3 1.26.19 or later is recommended.

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Note: You must mannually apply the StatusVerification label, in order to have a CHT member review your merge request.

Iron Bank:

Review findings and justifications
Close issue

Note: If the above process is rejected for any reason, the Status::Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Status::Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 02, 2025 by Dmytro Atamanchuk

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information