HCE3-SA-2026-0035 Important HCE 3.0 Security Fix(es): urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0. (CVE-2025-66418) Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0. (CVE-2024-35195) HCE 3.0 python3-pip-23.3.1-2.r8.hce3.noarch.rpm python-pip-help-23.3.1-2.r8.hce3.noarch.rpm python-pip-wheel-23.3.1-2.r8.hce3.noarch.rpm