Released urllib3 2.5.0
Published on June 18, 2025 by Illia Volochii
๐ฆ urllib3 2.5.0 is now available!
It fixes two moderate security issues:
It fixes two moderate security issues:
- pool managers now properly control redirects when `retries` is passed โ CVE-2025-50181 (5.3 Medium) reported by Jacob Sandum
- redirects are now controlled by urllib3 in the Node.js runtime โ CVE-2025-50182 (5.3 Medium)
Additionally, the new version adds support for the zstd module in Python 3.14 and fixes issues related to shutting down responses and HTTP tunneling with IPv6.
https://github.com/urllib3/urllib3/releases/tag/2.5.0
Note that we're still raising funds for full HTTP/2 support!
https://github.com/urllib3/urllib3/releases/tag/2.5.0
Note that we're still raising funds for full HTTP/2 support!