Skip to content

[AWSX] fix(log forwarder): bump urllib version - CVE-2025-66418#1034

Merged
ge0Aja merged 1 commit intomasterfrom
georgi/urllib3
Dec 11, 2025
Merged

[AWSX] fix(log forwarder): bump urllib version - CVE-2025-66418#1034
ge0Aja merged 1 commit intomasterfrom
georgi/urllib3

Conversation

@ge0Aja
Copy link
Copy Markdown
Contributor

@ge0Aja ge0Aja commented Dec 11, 2025

What does this PR do?

Motivation

Testing Guidelines

Additional Notes

Types of changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog
  • This PR passes the integration tests (ask a Datadog member to run the tests)
  • This PR passes the unit tests
  • This PR passes the installation tests (ask a Datadog member to run the tests)

@ge0Aja ge0Aja requested a review from a team as a code owner December 11, 2025 16:44
@github-actions github-actions bot added the aws label Dec 11, 2025
@ge0Aja ge0Aja merged commit 42b8eed into master Dec 11, 2025
11 checks passed
@ge0Aja ge0Aja deleted the georgi/urllib3 branch December 11, 2025 16:48
@pedrosanta
Copy link
Copy Markdown

pedrosanta commented Jan 9, 2026
edited
Loading

Hello, there's a new CVE related to urllib3: https://nvd.nist.gov/vuln/detail/CVE-2026-21441

urllib3 v2.6.3 fixes it: https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#263-2026-01-07

Needs a new v5.1.2 version (Layer v94) for AWS maybe to pick it up?

@ge0Aja
Copy link
Copy Markdown
Contributor Author

ge0Aja commented Jan 9, 2026

Hello, there's a new CVE related to urllib3: https://nvd.nist.gov/vuln/detail/CVE-2026-21441

urllib3 v2.6.3 fixes it: https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#263-2026-01-07

Needs a new v5.1.2 version (Layer v94) for AWS maybe to pick it up?

Thanks @pedrosanta we'll push a fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaphaelAllier RaphaelAllier RaphaelAllier approved these changes

Assignees

No one assigned

Labels

aws

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ge0Aja @pedrosanta @RaphaelAllier