Product

Amazon Linux 2023

Package

python-urllib3

Why do you need this package?

Please make amzn2023.0.12 available here.

In the current version AL2023 (21.3.1-2.amzn2023.0.11 ) Python/pip3 installs a python-urllib3 package that has a security finding: CVE-2025-50181 (e.g. showing up in ECR image inspector scans). According to ECR scans, this finding can be remedied via:

• python3-pip: 0:21.3.1-2.amzn2023.0.12 -- but this is not yet available as a container image here yet
• python3-pip: 0:21.3.1-2.amzn2023.0.12 -- but this is not yet available as a container image here yet
• urllib3: 2.5.0 -- probably beyond the scope of AL2023