– Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. – Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified (https://www.openwall.com/lists/oss-security/2019/04/17/3) Full changelog at: https://github.com/urllib3/urllib3/blob/1.24.2/CHANGES.rst