Apparently upstream has moved the changelog entry for this CVE fix from 3.2.1 to 3.2.2. > In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
cleanup done.
Thank you! Of course, now everybody that has fixed it will need to fix it again... But, no GLSA from us, relatively few revdeps and likely hard to exploit given it requires using attacker infrastructure. All done.