From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Sat, 14 Mar 2015 16:42:38 +0000 (-0500)
Subject: Bump version and add release notes for 2.6.0
X-Git-Tag: v2.6.0^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=80a3e87bf39f05a7b255cd757d84bb46e23c3a86;p=services%2Fpython-requests.git

Bump version and add release notes for 2.6.0
---

diff --git a/HISTORY.rst b/HISTORY.rst
index 1fc4f3b..254656c 100644
--- a/HISTORY.rst
+++ b/HISTORY.rst
@@ -3,6 +3,36 @@
 Release History
 ---------------
 
+2.6.0 (2015-03-14)
+++++++++++++++++++
+
+**Bugfixes**
+
+- Fix handling of cookies on redirect. Previously a cookie without a host
+  value set would use the hostname for the redirected URL exposing requests
+  users to session fixation attacks and potentially cookie stealing. This was
+  disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
+  An CVE identifier has not yet been assigned for this. This affects all
+  versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
+
+- Fix error when requests is an ``install_requires`` dependency and ``python
+  setup.py test`` is run. (#2462)
+
+- Fix error when urllib3 is unbundled and requests continues to use the
+  vendored import location.
+
+- Include fixes to ``urllib3``'s header handling.
+
+- Requests' handling of unvendored dependencies is now more restrictive.
+
+**Features and Improvements**
+
+- Support bytearrays when passed as parameters in the ``files`` argument.
+  (#2468)
+
+- Avoid data duplication when creating a request with ``str``, ``bytes``, or
+  ``bytearray`` input to the ``files`` argument.
+
 2.5.3 (2015-02-24)
 ++++++++++++++++++
 
diff --git a/requests/__init__.py b/requests/__init__.py
index b90d792..446500b 100644
--- a/requests/__init__.py
+++ b/requests/__init__.py
@@ -42,7 +42,7 @@ is at <http://python-requests.org>.
 """
 
 __title__ = 'requests'
-__version__ = '2.5.3'
+__version__ = '2.6.0'
 __build__ = 0x020503
 __author__ = 'Kenneth Reitz'
 __license__ = 'Apache 2.0'