issue2550925 strip HTTP_PROXY environment variable if deployed as CGI and client sends an http PROXY header, the tainted HTTP_PROXY environment variable is created. It can affect calls using requests package or curl. A roundup admin would have to write detectors/extensions that use these mechanisms. Not exploitable in default config. See: https://httpoxy.org/

from roundup.dist.command.build import build_message_files, check_manifest
from distutils.command.install_lib import install_lib as base

class install_lib(base):

    def run(self):
        check_manifest()
        build_message_files(self)
        base.run(self)