omnipkg v2.0.7 - The Security Shield Release
"Protecting the legacy so the future can build."
This release introduces critical security enforcement for legacy Python environments (3.7 & 3.8) and major stability fixes for Windows/Cross-platform environments.
🔒 Security Enhancements
- Forced
urllib3-ltsAdoption: Now mandates the installation ofurllib3-ltson Python 3.7 and 3.8.- Protects against:
- 🚨 CVE-2025-66471: Compression Bomb DoS
- 🚨 CVE-2025-66418: Unbounded Links DoS
- 🚨 CVE-2025-50181: Redirect Retry Bypass
- Omnipkg automatically injects this backport to heal the dependency tree where upstream
requestshas dropped support.
- Protects against:
🐛 Bug Fixes
- Fix: Windows Interpreter Detection: Resolved a critical regression where the integrity check would fail on Windows by looking in the wrong parent directory (
interpretersvscpython-3.x). Now correctly handlespython.exe(Windows) vsbin/python(Unix) structures. - Fix: Package Name Normalization: Fixed an issue where
pip downloadfallbacks failed for packages with dashes (e.g.,urllib3-lts) because the filename extractor didn't account for PyPI's underscore normalization (urllib3_lts).
📝 Documentation
- Added notes regarding potential future need for
safety-ltsto handlemarshmallowCVEs on older environments.
Upgrade Now:
pip install --upgrade omnipkg