Latest version in the Gentoo tree is 3.2.1 and the latest version in upstream is 3.2.2. Before updating, the status of this vulnerability should probably be checked whether it has been patched. https://www.cve.org/CVERecord?id=CVE-2023-48052 https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. Expected Behavior: The expected behavior for any HTTPS connection is that the client should validate the SSL certificate provided by the server to ensure it is trusted, not expired, and matches the requested hostname. Additionally, any HTTPS warnings should be displayed to the user, rather than being disabled, to avoid security oversights. Actual Behavior: The actual behavior observed in the code indicates that SSL certificate validation may not be properly enforced. Furthermore, HTTPS warnings that are essential for debugging and security awareness are not displayed, potentially causing the users to remain unaware of misconfigured or insecure SSL implementations.
