Mechanize v2.8.5 has been released with a security update.
The release notes
<Release 2.8.5 / 2022-06-09 · sparklemotion/mechanize · GitHub> are
reproduced below for your convenience.
The GHSA
<Authorization header leak on port redirect · Advisory · sparklemotion/mechanize · GitHub>
has more detail, but in summary: this fix ensures `Authorization` headers
are not sent after a same-site redirect that changes the port number.
···
---
2.8.5 / 2022-06-09Security
Fixes low-severity CVE-2022-31033, "Authorization header leak on port
redirect." See GHSA-64qm-hrgp-pgr9
<Authorization header leak on port redirect · Advisory · sparklemotion/mechanize · GitHub>
for
more details.