Pip news

A denial-of-service vulnerability was found in pip, the Python package manager. The flaw, related to how its urllib3 library handles compressed data, could allow an attacker to crash development environments and CI/CD pipelines by consuming excessive resources. Ubuntu has released a patch to fix the issue.

Ubuntu has rolled back a recent security patch for the Python package manager, pip, on its 22.04, 24.04, and 26.04 LTS releases. The update, intended to fix a vulnerability, caused a regression that broke pip's functionality, forcing a temporary reversal.