I've just release txAWS 0.2.3.1. txAWS is a library for interacting with Amazon Web Services (AWS) using Twisted.
AWSServiceEndpoint's ssl_hostname_verification's parameter now defaults to True instead of False. This affects all txAWS APIs which issue requests to AWS endpoints. For any application which uses the default AWSServiceEndpoints, the server's TLS certificate will now be verified.
This resolves a security issue in which txAWS applications were vulnerable to man-in-the-middle attacks which could either steal sensitive information or, possibly, alter the AWS operation requested.
The new release is available on PyPI in source and wheel forms. You can also find txAWS at its new home on github, <https://github.com/twisted/txaws
Special thanks to Least Authority Enterprises (https://leastauthority.com/) for sponsoring the work to find and fix this issue and to publish this new release.