TL;DR: If you use the Uplink, you need to
pip install --upgrade anvil-uplink
Hi folks,
It is my unpleasant duty to announce a security issue with anvil-uplink versions prior to v0.5.1. It turns out that a library we have been using was incorrectly implementing TLS, and not verifying server certificates. 
This opens the door to a whole range of nasties: if someone can fool your DNS or otherwise intercept your uplink connections, they could impersonate your Uplink script to Anvil, or impersonate Anvil to your Uplink script, or both.
We have forked and patched the library in question (ws4py) as an immediate fix, and will be submitting the patch upstream. The new version of the Uplink library (0.5.1) “just” updates its dependencies to use the patched library.
Recommended actions:
If you use the Uplink, upgrade your anvil-uplink library everywhere you use it to the latest version by running:
pip install --upgrade anvil-uplink
As a precaution, we would also recommend generating new Uplink keys (there’s a handy reset button in the Publish dialog, aka the Environments dialog).