Requests 2.33.1 is a small patch release focused on bug fixes and cleanup. It tightens malformed header handling, fixes Content-Type parsing, and cleans up a test artifact left behind during CVE-related test coverage.
What's new
- No new user-facing features were called out in this patch release.
Fixes
- Fixed test cleanup for CVE-2026-25645 so the
extract_zipped_pathtest no longer leaves extra files in the temporary directory after it runs. (#7305) - Fixed
Content-Typeheader parsing so malformed parameter values are ignored instead of being partially assigned. (#7309) - Improved error consistency for malformed header values so Requests raises its own uniform error instead of leaking standard library messages. (#7308)
Other notable changes
- Packaging extras were tidied up so the
testextra reusesrequests[socks]rather than repeating the PySocks dependency definition. (#7277) - The
testextra was corrected after being introduced unintentionally during thepyproject.tomlmove, and two missing dependencies were added. (#7306)
Contributors
- @ferdnyc
- @nateprewitt