- Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522)
- Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567)
- Added
verify_flagsoption tocreate_urllib3_contextwith a default ofVERIFY_X509_PARTIAL_CHAINandVERIFY_X509_STRICTfor Python 3.13+. (#3571)
- Fixed a bug with partial reads of streaming data in Emscripten. (#3555)
- Switched to uv for installing development dependecies. (#3550)
- Removed the
multiple.intoto.jsonlasset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566)
- Added
HTTPResponse.shutdown()to stop any ongoing or future reads for a specific response. It callsshutdown(SHUT_RD)on the underlying socket. This feature was sponsored by LaunchDarkly. (#2868) - Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly
requests and streaming, and makes it possible to use in Node.js if you launch it as
node --experimental-wasm-stack-switching. (#3400) - Added the
proxy_is_tunnelingproperty toHTTPConnectionandHTTPSConnection. (#3285) - Added pickling support to
NewConnectionErrorandNameResolutionError. (#3480)
- Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (#3489)
- Removed support for Python 3.8. (#3492)
- Added support for Python 3.13. (#3473)
- Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)
- Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (#3252)
- Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)
- Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)
- Fixed mypy error when adding to
HTTPConnection.default_socket_options. (#3448)
HTTP/2 support is still in early development.
Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)
Added version checking for
h2(https://pypi.org/project/h2/) usage.Now only accepting supported h2 major version 4.x.x. (#3290)
Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)
Add support for sending a request body with HTTP/2 (#3302)
- Note for downstream distributors: the
_version.pyfile has been removed and is now created at build time by hatch-vcs. (#3412) - Drop support for end-of-life PyPy3.8 and PyPy3.9. (#3475)
- Added the
Proxy-Authorizationheader to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect. - Allowed passing negative integers as
amtto read methods ofhttp.client.HTTPResponseas an alternative toNone. (#3122) - Fixed return types representing copying actions to use
typing.Self. (#3363)
- Fixed issue where
InsecureRequestWarningwas emitted for HTTPS connections when using Emscripten. (#3331) - Fixed
HTTPConnectionPool.urlopento stop automatically casting non-proxy headers toHTTPHeaderDict. This change was premature as it did not apply to proxy headers andHTTPHeaderDictdoes not handle byte header values correctly yet. (#3343) - Changed
InvalidChunkLengthtoProtocolErrorwhen response terminates before the chunk length is sent. (#2860) - Changed
ProtocolErrorto be more verbose on incomplete reads with excess content. (#3261)
- Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
- Added support for
HTTPResponse.read1()method. (#3186) - Added rudimentary support for HTTP/2. (#3284)
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (#2244)
- Fixed
HTTPConnection.proxy_is_verifiedandHTTPSConnection.proxy_is_verifiedto be always set to a boolean after connecting to a proxy. It could beNonein some cases previously. (#3130) - Fixed an issue where
headerspassed in a request withjson=would be mutated (#3203) - Fixed
HTTPSConnection.is_verifiedto be set toFalsewhen connecting from a HTTPS proxy to an HTTP target. It was set toTruepreviously. (#3267) - Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (#3268)
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (#3325)
- Note for downstream distributors: To run integration tests, you now need to run the tests a second
time with the
--integrationpytest flag. (#3181)
- Removed support for the deprecated urllib3[secure] extra. (#2680)
- Removed support for the deprecated SecureTransport TLS implementation. (#2681)
- Removed support for the end-of-life Python 3.7. (#3143)
- Allowed loading CA certificates from memory for proxies. (#3065)
- Fixed decoding Gzip-encoded responses which specified
x-gzipcontent-encoding. (#3174)
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.
- Added the
Cookieheader to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect.
- Allowed pyOpenSSL third-party module without any deprecation warning. (#3126)
- Fixed default
blocksizeofHTTPConnectionclasses to match high-level classes. Previously was 8KiB, now 16KiB. (#3066)
- Added support for union operators to
HTTPHeaderDict(#2254) - Added
BaseHTTPResponsetourllib3.__all__(#3078) - Fixed
urllib3.connection.HTTPConnectionto raise thehttp.client.connectaudit event to have the same behavior as the standard library HTTP client (#2757) - Relied on the standard library for checking hostnames in supported PyPy releases (#3087)
- Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (#3020)
- Deprecated URLs which don't have an explicit scheme (#2950)
- Fixed response decoding with Zstandard when compressed data is made of several frames. (#3008)
- Fixed
assert_hostname=Falseto correctly skip hostname check. (#3051)
- Fixed
HTTPResponse.stream()to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (#3009)
- Fixed a socket leak when fingerprint or hostname verifications fail. (#2991)
- Fixed an error when
HTTPResponse.read(0)was the firstreadcall or when the internal response body buffer was otherwise empty. (#2998)
Read the v2.0 migration guide for help upgrading to the latest version of urllib3.
- Removed support for Python 2.7, 3.5, and 3.6 (#883, #2336).
- Removed fallback on certificate
commonNameinmatch_hostname()function. This behavior was deprecated in May 2000 in RFC 2818. Instead onlysubjectAltNameis used to verify the hostname by default. To enable verifying the hostname againstcommonNameuseSSLContext.hostname_checks_common_name = True(#2113). - Removed support for Python with an
sslmodule compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (#2168). - Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support.
When an incompatible OpenSSL version is detected an
ImportErroris raised (#2168). - Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (#2082).
- Removed
urllib3.contrib.appengine.AppEngineManagerand support for Google App Engine Standard Environment (#2044). - Removed deprecated
Retryoptionsmethod_whitelist,DEFAULT_REDIRECT_HEADERS_BLACKLIST(#2086). - Removed
urllib3.HTTPResponse.from_httplib(#2648). - Removed default value of
Nonefor therequest_contextparameter ofurllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value ofNonewas an invalid option and was never used (#1897). - Removed the
urllib3.requestmodule.urllib3.request.RequestMethodshas been made a private API. This change was made to ensure thatfrom urllib3 import requestimported the top-levelrequest()function instead of theurllib3.requestmodule (#2269). - Removed support for SSLv3.0 from the
urllib3.contrib.pyopenssleven when support is available from the compiled OpenSSL library (#2233). - Removed the deprecated
urllib3.contrib.ntlmpoolmodule (#2339). - Removed
DEFAULT_CIPHERS,HAS_SNI,USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private moduleurllib3.util.ssl_(#2168). - Removed
urllib3.exceptions.SNIMissingWarning(#2168). - Removed the
_prepare_connmethod fromHTTPConnectionPool. Previously this was only used to callHTTPSConnection.set_cert()byHTTPSConnectionPool(#1985). - Removed
tls_in_tls_requiredproperty fromHTTPSConnection. This is now determined from theschemeparameter inHTTPConnection.set_tunnel()(#1985). - Removed the
strictparameter/attribute fromHTTPConnection,HTTPSConnection,HTTPConnectionPool,HTTPSConnectionPool, andHTTPResponse(#2064).
- Deprecated
HTTPResponse.getheaders()andHTTPResponse.getheader()which will be removed in urllib3 v2.1.0. Instead useHTTPResponse.headersandHTTPResponse.headers.get(name, default). (#1543, #2814). - Deprecated
urllib3.contrib.pyopensslmodule which will be removed in urllib3 v2.1.0 (#2691). - Deprecated
urllib3.contrib.securetransportmodule which will be removed in urllib3 v2.1.0 (#2692). - Deprecated
ssl_versionoption in favor ofssl_minimum_version.ssl_versionwill be removed in urllib3 v2.1.0 (#2110). - Deprecated the
strictparameter ofPoolManager.connection_from_context()as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#2267) - Deprecated the
NewConnectionError.poolattribute which will be removed in urllib3 v2.1.0 (#2271). - Deprecated
format_header_param_html5andformat_header_paramin favor offormat_multipart_header_param(#2257). - Deprecated
RequestField.header_formatterparameter which will be removed in urllib3 v2.1.0 (#2257). - Deprecated
HTTPSConnection.set_cert()method. Instead pass parameters to theHTTPSConnectionconstructor (#1985). - Deprecated
HTTPConnection.request_chunked()method which will be removed in urllib3 v2.1.0. Instead passchunked=TruetoHTTPConnection.request()(#1985).
- Added top-level
urllib3.requestfunction which uses a preconfigured module-globalPoolManagerinstance (#2150). - Added the
jsonparameter tourllib3.request(),PoolManager.request(), andConnectionPool.request()methods to send JSON bodies in requests. Using this parameter will set the headerContent-Type: application/jsonifContent-Typeisn't already defined. Added support for parsing JSON response bodies withHTTPResponse.json()method (#2243). - Added type hints to the
urllib3module (#1897). - Added
ssl_minimum_versionandssl_maximum_versionoptions which setSSLContext.minimum_versionandSSLContext.maximum_version(#2110). - Added support for Zstandard (RFC 8878) when
zstandard1.18.0 or later is installed. Added thezstdextra which installs thezstandardpackage (#1992). - Added
urllib3.response.BaseHTTPResponseclass. All future response classes will be subclasses ofBaseHTTPResponse(#2083). - Added
FullPoolErrorwhich is raised whenPoolManager(block=True)and a connection is returned to a full pool (#2197). - Added
HTTPHeaderDictto the top-levelurllib3namespace (#2216). - Added support for configuring header merging behavior with HTTPHeaderDict
When using a
HTTPHeaderDictto provide headers for a request, by default duplicate header values will be repeated. But ifcombine=Trueis passed into a call toHTTPHeaderDict.add, then the added header value will be merged in with an existing value into a comma-separated list (X-My-Header: foo, bar) (#2242). - Added
NameResolutionErrorexception when a DNS error occurs (#2305). - Added
proxy_assert_hostnameandproxy_assert_fingerprintkwargs toProxyManager(#2409). - Added a configurable
backoff_maxparameter to theRetryclass. If a custombackoff_maxis provided to theRetryclass, it will replace theRetry.DEFAULT_BACKOFF_MAX(#2494). - Added the
authorityproperty to the Url class as per RFC 3986 3.2. This property should be used in place ofnetlocfor users who want to include the userinfo (auth) component of the URI (#2520). - Added the
schemeparameter toHTTPConnection.set_tunnelto configure the scheme of the origin being tunnelled to (#1985). - Added the
is_closed,is_connectedandhas_connected_to_proxyproperties toHTTPConnection(#1985). - Added optional
backoff_jitterparameter toRetry. (#2952)
Changed
urllib3.response.HTTPResponse.readto respect the semantics ofio.BufferedIOBaseregardless of compression. Specifically, this method:- Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
- Never returns more bytes than requested.
- Can issue any number of system calls: zero, one or multiple.
If you want each
urllib3.response.HTTPResponse.readcall to issue a single system call, you need to disable decompression by settingdecode_content=False(#2128).Changed
urllib3.HTTPConnection.getresponseto return an instance ofurllib3.HTTPResponseinstead ofhttp.client.HTTPResponse(#2648).Changed
ssl_versionto instead set the correspondingSSLContext.minimum_versionandSSLContext.maximum_versionvalues. Regardless ofssl_versionpassedSSLContextobjects are now constructed usingssl.PROTOCOL_TLS_CLIENT(#2110).Changed default
SSLContext.minimum_versionto beTLSVersion.TLSv1_2in line with Python 3.10 (#2373).Changed
ProxyErrorto wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (#2482).Changed
urllib3.util.create_urllib3_contextto not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (#2168).Changed
multipart/form-dataheader parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (#2257).Changed the error raised when connecting via HTTPS when the
sslmodule isn't available fromSSLErrortoImportError(#2589).Changed
HTTPConnection.request()to always use lowercase chunk boundaries when sending requests withTransfer-Encoding: chunked(#2515).Changed
enforce_content_lengthdefault to True, preventing silent data loss when reading streamed responses (#2514).Changed internal implementation of
HTTPHeaderDictto usedictinstead ofcollections.OrderedDictfor better performance (#2080).Changed the
urllib3.contrib.pyopensslmodule to wrapOpenSSL.SSL.Errorwithssl.SSLErrorinPyOpenSSLContext.load_cert_chain(#2628).Changed usage of the deprecated
socket.errortoOSError(#2120).Changed all parameters in the
HTTPConnectionandHTTPSConnectionconstructors to be keyword-only excepthostandport(#1985).Changed
HTTPConnection.getresponse()to set the socket timeout fromHTTPConnection.timeoutvalue before reading data from the socket. This previously was done manually by theHTTPConnectionPoolcallingHTTPConnection.sock.settimeout(...)(#1985).Changed the
_proxy_hostproperty to_tunnel_hostinHTTPConnectionPoolto more closely match how the property is used (value inHTTPConnection.set_tunnel()) (#1985).Changed name of
Retry.BACK0FF_MAXto beRetry.DEFAULT_BACKOFF_MAX.Changed TLS handshakes to use
SSLContext.check_hostnamewhen possible (#2452).Changed
server_hostnameto behave like other parameters only used byHTTPSConnectionPool(#2537).Changed the default
blocksizeto 16KB to match OpenSSL's default read amounts (#2348).Changed
HTTPResponse.read()to raise an error when calling withdecode_content=Falseafter usingdecode_content=Trueto prevent data loss (#2800).
- Fixed thread-safety issue where accessing a
PoolManagerwith many distinct origins would cause connection pools to be closed while requests are in progress (#1252). - Fixed an issue where an
HTTPConnectioninstance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now ifHTTPConnection.timeoutis updated before sending the next request the new timeout value will be used (#2645). - Fixed
socket.error.errnowhen raised from pyOpenSSL'sOpenSSL.SSL.SysCallError(#2118). - Fixed the default value of
HTTPSConnection.socket_optionsto matchHTTPConnection(#2213). - Fixed a bug where
headerswould be modified by theremove_headers_on_redirectfeature (#2272). - Fixed a reference cycle bug in
urllib3.util.connection.create_connection()(#2277). - Fixed a socket leak if
HTTPConnection.connect()fails (#2571). - Fixed
urllib3.contrib.pyopenssl.WrappedSocketandurllib3.contrib.securetransport.WrappedSocketclose methods (#2970)
- Fixed a crash where certain standard library hash functions were absent in FIPS-compliant environments. (#3432)
- Replaced deprecated dash-separated setuptools entries in
setup.cfg. (#3461) - Took into account macOS setting
ECONNRESETinstead ofEPROTOTYPEin its newer versions. (#3416) - Backported changes to our tests and CI configuration from v2.x to support testing with CPython 3.12 and 3.13. (#3436)
- Added the
Proxy-Authorizationheader to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect. - Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. (#3405)
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.
- Added the
Cookieheader to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect. (#3139)
- Fixed thread-safety issue where accessing a
PoolManagerwith many distinct origins would cause connection pools to be closed while requests are in progress (#2954)
- Fix socket timeout value when
HTTPConnectionis reused (#2645) - Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (#2899)
- Fix IDNA handling of 'x80' byte (#2901)
- Fixed parsing of port 0 (zero) returning None, instead of 0. (#2850)
- Removed deprecated getheaders() calls in contrib module. Fixed the type hint of
PoolKey.key_retriesby addingboolto the union. (#2865)
- Deprecated the
HTTPResponse.getheaders()andHTTPResponse.getheader()methods. - Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
- Fixed a deprecation warning when using cryptography v39.0.0.
- Removed the
<4in theRequires-Pythonpackaging metadata field.
- Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate.
- Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.readwould raise anOverflowErroron Python 3.9 and earlier.
- Removed support for Python 3.5
- Fixed an issue where a
ProxyErrorrecommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
- Changed
urllib3[brotli]extra to favor installing Brotli libraries that are still receiving updates likebrotliandbrotlicffiinstead ofbrotlipy. This change does not impact behavior of urllib3, only which dependencies are installed. - Fixed a socket leaking when
HTTPSConnection.connect()raises an exception. - Fixed
server_hostnamebeing forwarded fromPoolManagertoHTTPConnectionPoolwhen requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
- Added extra message to
urllib3.exceptions.ProxyErrorwhen urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP. - Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
- Added explicit support for Python 3.11.
- Deprecated the
Retry.MAX_BACKOFFclass property in favor ofRetry.DEFAULT_MAX_BACKOFFto better match the rest of the default parameter names.Retry.MAX_BACKOFFis removed in v2.0. - Changed location of the vendored
ssl.match_hostnamefunction fromurllib3.packages.ssl_match_hostnametourllib3.util.ssl_match_hostnameto ensure Python 3.10+ compatibility after being repackaged by downstream distributors. - Fixed absolute imports, all imports are now relative.
- Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI. (Issue #2400)
- Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching. (Issue #2240)
- Deprecated the
urllib3.contrib.ntlmpoolmodule. urllib3 is not able to support it properly due to reasons listed in this issue. If you are a user of this module please leave a comment. - Changed
HTTPConnection.request_chunked()to not erroneously emit multipleTransfer-Encodingheaders in the case that one is already specified. - Fixed typo in deprecation message to recommend
Retry.DEFAULT_ALLOWED_METHODS.
- Fixed deprecation warnings emitted in Python 3.10.
- Updated vendored
sixlibrary to 1.16.0. - Improved performance of URL parser when splitting the authority component.
- Changed behavior of the default
SSLContextwhen connecting to HTTPS proxy during HTTPS requests. The defaultSSLContextnow setscheck_hostname=True.
- Fixed bytes and string comparison issue with headers (Pull #2141)
- Changed
ProxySchemeUnknownerror message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)
- Fixed an issue where
wrap_socketandCERT_REQUIREDwouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)
- Fixed an issue where two
User-Agentheaders would be sent if aUser-Agentheader key is passed asbytes(Pull #2047)
- NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap.
- Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
- Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning
should opt-in explicitly by setting
ssl_version=ssl.PROTOCOL_TLSv1_1(Pull #2002) Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail - Deprecated
RetryoptionsRetry.DEFAULT_METHOD_WHITELIST,Retry.DEFAULT_REDIRECT_HEADERS_BLACKLISTandRetry(method_whitelist=...)in favor ofRetry.DEFAULT_ALLOWED_METHODS,Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, andRetry(allowed_methods=...)(Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed - Added default
User-Agentheader to every request (Pull #1750) - Added
urllib3.util.SKIP_HEADERfor skippingUser-Agent,Accept-Encoding, andHostheaders from being automatically emitted with requests (Pull #2018) - Collapse
transfer-encoding: chunkedrequest data and framing into the samesocket.send()call (Pull #1906) - Send
http/1.1ALPN identifier with every TLS handshake by default (Pull #1894) - Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
- Don't emit an
SNIMissingWarningwhen passingserver_hostname=Noneto SecureTransport (Pull #1903) - Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
- Suppress
BrokenPipeErrorwhen writing request body after the server has closed the socket (Pull #1524) - Wrap
ssl.SSLErrorthat can be raised from reading a socket (e.g. "bad MAC") into anurllib3.exceptions.SSLError(Pull #1939)
- Fix retry backoff time parsed from
Retry-Afterheader when given in the HTTP date format. The HTTP date was parsed as the local timezone rather than accounting for the timezone in the HTTP date (typically UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) - Fix issue where an error would be raised when the
SSLKEYLOGFILEenvironment variable was set to the empty string. NowSSLContext.keylog_fileis not set in this situation (Pull #2016)
- Added support for
SSLKEYLOGFILEenvironment variable for logging TLS session keys with use with programs like Wireshark for decrypting captured web traffic (Pull #1867) - Fixed loading of SecureTransport libraries on macOS Big Sur due to the new dynamic linker cache (Pull #1905)
- Collapse chunked request bodies data and framing into one
call to
send()to reduce the number of TCP packets by 2-4x (Pull #1906) - Don't insert
NoneintoConnectionPoolif the pool was empty when requesting a connection (Pull #1866) - Avoid
hasattrcall inBrotliDecoder.decompress()(Pull #1858)
Added
InvalidProxyConfigurationWarningwhich is raised when erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently support connecting to HTTPS proxies but will soon be able to and we would like users to migrate properly without much breakage.See this GitHub issue for more information on how to fix your proxy config. (Pull #1851)
Drain connection after
PoolManagerredirect (Pull #1817)Ensure
load_verify_locationsraisesSSLErrorfor all backends (Pull #1812)Rename
VerifiedHTTPSConnectiontoHTTPSConnection(Pull #1805)Allow the CA certificate data to be passed as a string (Pull #1804)
Raise
ValueErrorif method contains control characters (Pull #1800)Add
__repr__toTimeout(Pull #1795)
- Drop support for EOL Python 3.4 (Pull #1774)
- Optimize _encode_invalid_chars (Pull #1787)
- Preserve
chunkedparameter on retries (Pull #1715, Pull #1734) - Allow unset
SERVER_SOFTWAREin App Engine (Pull #1704, Issue #1470) - Fix issue where URL fragment was sent within the request target. (Pull #1732)
- Fix issue where an empty query section in a URL would fail to parse. (Pull #1732)
- Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703)
- Fix issue where tilde (
~) characters were incorrectly percent-encoded in the path. (Pull #1692)
- Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which
caused certificate verification to be enabled when using
cert_reqs=CERT_NONE. (Issue #1682)
- Propagate Retry-After header settings to subsequent retries. (Pull #1607)
- Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
- Remove dependency on
rfc3986for URL parsing. - Fix issue where URLs containing invalid characters within
Url.authwould raise an exception instead of percent-encoding those characters. - Add support for
HTTPResponse.auto_close = Falsewhich makes HTTP responses work well with BufferedReaders and otheriomodule features. (Pull #1652) - Percent-encode invalid characters in URL for
HTTPConnectionPool.request()(Pull #1673)
- Change
HTTPSConnectionto load system CA certificates whenca_certs,ca_cert_dir, andssl_contextare unspecified. (Pull #1608, Issue #1603) - Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Change
is_ipaddressto not detect IPvFuture addresses. (Pull #1583) - Change
parse_urlto percent-encode invalid characters within the path, query, and target components. (Pull #1586)
- Add support for Google's
Brotlipackage. (Pull #1572, Pull #1579) - Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require and validate certificates by default when using HTTPS (Pull #1507)
- Upgraded
urllib3.utils.parse_url()to be RFC 3986 compliant. (Pull #1487) - Added support for
key_passwordforHTTPSConnectionPoolto use encryptedkey_filewithout creating your ownSSLContextobject. (Pull #1489) - Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport
SSLContextimplementations. (Pull #1496) - Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492)
- Fixed issue where OpenSSL would block if an encrypted client private key was
given and no password was given. Instead an
SSLErroris raised. (Pull #1489) - Added support for Brotli content encoding. It is enabled automatically if
brotlipypackage is installed which can be requested withurllib3[brotli]extra. (Pull #1532) - Drop ciphers using DSS key exchange from default TLS cipher suites. Improve default ciphers when using SecureTransport. (Pull #1496)
- Implemented a more efficient
HTTPResponse.__iter__()method. (Issue #1483)
- Apply fix for CVE-2019-9740. (Pull #1591)
- Don't load system certificates by default when any other
ca_certs,ca_certs_dirorssl_contextparameters are specified. - Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
- Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
- Remove quadratic behavior within
GzipDecoder.decompress()(Issue #1467) - Restored functionality of
ciphersparameter forcreate_urllib3_context(). (Issue #1462)
- Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
- Test against Python 3.7 on AppVeyor. (Pull #1453)
- Early-out ipv6 checks when running on App Engine. (Pull #1450)
- Change ambiguous description of backoff_factor (Pull #1436)
- Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
- Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
- Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397)
- Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
- Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
- Move urllib3 to src/urllib3 (Pull #1409)
- Allow providing a list of headers to strip from requests when redirecting
to a different host. Defaults to the
Authorizationheader. Different headers can be set viaRetry.remove_headers_on_redirect. (Issue #1316) - Fix
util.selectors._fileobj_to_fdto acceptlong(Issue #1247). - Dropped Python 3.3 support. (Pull #1242)
- Put the connection back in the pool when calling stream() or read_chunked() on a chunked HEAD response. (Issue #1234)
- Fixed pyOpenSSL-specific ssl client authentication issue when clients attempted to auth via certificate + chain (Issue #1060)
- Add the port to the connectionpool connect print (Pull #1251)
- Don't use the
uuidmodule to create multipart data boundaries. (Pull #1380) read_chunked()on a closed response returns no chunks. (Issue #1088)- Add Python 2.6 support to
contrib.securetransport(Pull #1359) - Added support for auth info in url for SOCKS proxy (Pull #1363)
- Fixed missing brackets in
HTTP CONNECTwhen connecting to IPv6 address via IPv6 proxy. (Issue #1222) - Made the connection pool retry on
SSLError. The originalSSLErroris available onMaxRetryError.reason. (Issue #1112) - Drain and release connection before recursing on retry/redirect. Fixes deadlocks with a blocking connectionpool. (Issue #1167)
- Fixed compatibility for cookiejar. (Issue #1229)
- pyopenssl: Use vendored version of
six. (Issue #1231)
- Fixed SecureTransport issue that would cause long delays in response body delivery. (Pull #1154)
- Fixed regression in 1.21 that threw exceptions when users passed the
socket_optionsflag to thePoolManager. (Issue #1165) - Fixed regression in 1.21 that threw exceptions when users passed the
assert_hostnameorassert_fingerprintflag to thePoolManager. (Pull #1157)
- Improved performance of certain selector system calls on Python 3.5 and later. (Pull #1095)
- Resolved issue where the PyOpenSSL backend would not wrap SysCallError exceptions appropriately when sending data. (Pull #1125)
- Selectors now detects a monkey-patched select module after import for modules that patch the select module like eventlet, greenlet. (Pull #1128)
- Reduced memory consumption when streaming zlib-compressed responses (as opposed to raw deflate streams). (Pull #1129)
- Connection pools now use the entire request context when constructing the pool key. (Pull #1016)
PoolManager.connection_from_*methods now accept a new keyword argument,pool_kwargs, which are merged with the existingconnection_pool_kw. (Pull #1016)- Add retry counter for
status_forcelist. (Issue #1147) - Added
contribmodule for using SecureTransport on macOS:urllib3.contrib.securetransport. (Pull #1122) - urllib3 now only normalizes the case of
http://andhttps://schemes: for schemes it does not recognise, it assumes they are case-sensitive and leaves them unchanged. (Issue #1080)
- Added support for waiting for I/O using selectors other than select, improving urllib3's behaviour with large numbers of concurrent connections. (Pull #1001)
- Updated the date for the system clock check. (Issue #1005)
- ConnectionPools now correctly consider hostnames to be case-insensitive. (Issue #1032)
- Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Pull #1063)
- Outdated versions of cryptography now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Issue #1044)
- Automatically attempt to rewind a file-like body object when a request is retried or redirected. (Pull #1039)
- Fix some bugs that occur when modules incautiously patch the queue module. (Pull #1061)
- Prevent retries from occurring on read timeouts for which the request method was not in the method whitelist. (Issue #1059)
- Changed the PyOpenSSL contrib module to lazily load idna to avoid unnecessarily bloating the memory of programs that don't need it. (Pull #1076)
- Add support for IPv6 literals with zone identifiers. (Pull #1013)
- Added support for socks5h:// and socks4a:// schemes when working with SOCKS proxies, and controlled remote DNS appropriately. (Issue #1035)
- Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025)
- urllib3 now respects Retry-After headers on 413, 429, and 503 responses when using the default retry logic. (Pull #955)
- Remove markers from setup.py to assist ancient setuptools versions. (Issue #986)
- Disallow superscripts and other integerish things in URL ports. (Issue #989)
- Allow urllib3's HTTPResponse.stream() method to continue to work with non-httplib underlying FPs. (Pull #990)
- Empty filenames in multipart headers are now emitted as such, rather than being suppressed. (Issue #1015)
- Prefer user-supplied Host headers on chunked uploads. (Issue #1009)
CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with PyOpenSSL injection and OpenSSL 1.1.0 must upgrade to this version. This release fixes a vulnerability whereby urllib3 in the above configuration would silently fail to validate TLS certificates due to erroneously setting invalid flags in OpenSSL's
SSL_CTX_set_verifyfunction. These erroneous flags do not cause a problem in OpenSSL versions before 1.1.0, which interprets the presence of any flag as requesting certificate validation.There is no PR for this patch, as it was prepared for simultaneous disclosure and release. The master branch received the same fix in Pull #1010.
- Fixed incorrect message for IncompleteRead exception. (Pull #973)
- Accept
iPAddresssubject alternative name fields in TLS certificates. (Issue #258) - Fixed consistency of
HTTPResponse.closedbetween Python 2 and 3. (Issue #977) - Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979)
- Accept
SSLContextobjects for use in SSL/TLS negotiation. (Issue #835) - ConnectionPool debug log now includes scheme, host, and port. (Issue #897)
- Substantially refactored documentation. (Issue #887)
- Used URLFetch default timeout on AppEngine, rather than hardcoding our own. (Issue #858)
- Normalize the scheme and host in the URL parser (Issue #833)
HTTPResponsecontains the lastRetryobject, which now also contains retries history. (Issue #848)- Timeout can no longer be set as boolean, and must be greater than zero. (Pull #924)
- Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We now use cryptography and idna, both of which are already dependencies of PyOpenSSL. (Pull #930)
- Fixed infinite loop in
streamwhen amt=None. (Issue #928) - Try to use the operating system's certificates when we are using an
SSLContext. (Pull #941) - Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947)
- Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958)
- Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958)
- Implemented
length_remainingto determine remaining content to be read. (Pull #949) - Implemented
enforce_content_lengthto enable exceptions when incomplete data chunks are received. (Pull #949) - Dropped connection start, dropped connection reset, redirect, forced retry, and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967)
- Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840)
- Provide
key_fn_by_schemepool keying mechanism that can be overridden. (Issue #830) - Normalize scheme and host to lowercase for pool keys, and include
source_address. (Issue #830) - Cleaner exception chain in Python 3 for
_make_request. (Issue #861) - Fixed installing
urllib3[socks]extra. (Issue #864) - Fixed signature of
ConnectionPool.closeso it can actually safely be called by subclasses. (Issue #873) - Retain
release_connstate across retries. (Issues #651, #866) - Add customizable
HTTPConnectionPool.ResponseCls, which defaults toHTTPResponsebut can be replaced with a subclass. (Issue #879)
- Fix packaging to include backports module. (Issue #841)
- Added Retry(raise_on_status=False). (Issue #720)
- Always use setuptools, no more distutils fallback. (Issue #785)
- Dropped support for Python 3.2. (Issue #786)
- Chunked transfer encoding when requesting with
chunked=True. (Issue #790) - Fixed regression with IPv6 port parsing. (Issue #801)
- Append SNIMissingWarning messages to allow users to specify it in the PYTHONWARNINGS environment variable. (Issue #816)
- Handle unicode headers in Py2. (Issue #818)
- Log certificate when there is a hostname mismatch. (Issue #820)
- Preserve order of request/response headers. (Issue #821)
- contrib: SOCKS proxy support! (Issue #762)
- Fixed AppEngine handling of transfer-encoding header and bug in Timeout defaults checking. (Issue #763)
- Fixed regression in IPv6 + SSL for match_hostname. (Issue #761)
- Fixed
pip install urllib3[secure]on modern pip. (Issue #706) - pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717)
- pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
- Close connections more defensively on exception. (Issue #734)
- Adjusted
read_chunkedto handle gzipped, chunk-encoded bodies without repeatedly flushing the decoder, to function better on Jython. (Issue #743) - Accept
ca_cert_dirfor SSL-related PoolManager configuration. (Issue #758)
- Rely on
sixfor importinghttplibto work around conflicts with other Python 3 shims. (Issue #688) - Add support for directories of certificate authorities, as supported by OpenSSL. (Issue #701)
- New exception:
NewConnectionError, raised when we fail to establish a new connection, usuallyECONNREFUSEDsocket error.
- When
ca_certsis given,cert_reqsdefaults to'CERT_REQUIRED'. (Issue #650) pip install urllib3[secure]will install Certifi and PyOpenSSL as dependencies. (Issue #678)- Made
HTTPHeaderDictusable as aheadersinput value (Issues #632, #679) - Added urllib3.contrib.appengine
which has an
AppEngineManagerfor usingURLFetchin a Google AppEngine environment. (Issue #664) - Dev: Added test suite for AppEngine. (Issue #631)
- Fix performance regression when using PyOpenSSL. (Issue #626)
- Passing incorrect scheme (e.g.
foo://) will raiseValueErrorinstead ofAssertionError(backwards compatible for now, but please migrate). (Issue #640) - Fix pools not getting replenished when an error occurs during a
request using
release_conn=False. (Issue #644) - Fix pool-default headers not applying for url-encoded requests like GET. (Issue #657)
- log.warning in Python 3 when headers are skipped due to parsing errors. (Issue #642)
- Close and discard connections if an error occurs during read. (Issue #660)
- Fix host parsing for IPv6 proxies. (Issue #668)
- Separate warning type SubjectAltNameWarning, now issued once per host. (Issue #671)
- Fix
httplib.IncompleteReadnot getting converted toProtocolErrorwhen usingHTTPResponse.stream()(Issue #674)
- Migrate tests to Tornado 4. (Issue #594)
- Append default warning configuration rather than overwrite. (Issue #603)
- Fix streaming decoding regression. (Issue #595)
- Fix chunked requests losing state across keep-alive connections. (Issue #599)
- Fix hanging when chunked HEAD response has no body. (Issue #605)
- Emit
InsecurePlatformWarningwhen SSLContext object is missing. (Issue #558) - Fix regression of duplicate header keys being discarded. (Issue #563)
Response.stream()returns a generator for chunked responses. (Issue #560)- Set upper-bound timeout when waiting for a socket in PyOpenSSL. (Issue #585)
- Work on platforms without ssl module for plain HTTP requests. (Issue #587)
- Stop relying on the stdlib's default cipher list. (Issue #588)
- Fix file descriptor leakage on retries. (Issue #548)
- Removed RC4 from default cipher list. (Issue #551)
- Header performance improvements. (Issue #544)
- Fix PoolManager not obeying redirect retry settings. (Issue #553)
- Pools can be used as context managers. (Issue #545)
- Don't re-use connections which experienced an SSLError. (Issue #529)
- Don't fail when gzip decoding an empty stream. (Issue #535)
- Add sha256 support for fingerprint verification. (Issue #540)
- Fixed handling of header values containing commas. (Issue #533)
- Disabled SSLv3. (Issue #473)
- Add
Url.urlproperty to return the composed url string. (Issue #394) - Fixed PyOpenSSL + gevent
WantWriteError. (Issue #412) MaxRetryError.reasonwill always be an exception, not string. (Issue #481)- Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
- Py3: Use
ssl.create_default_context()when available. (Issue #473) - Emit
InsecureRequestWarningfor every insecure HTTPS request. (Issue #496) - Emit
SecurityWarningwhen certificate has nosubjectAltName. (Issue #499) - Close and discard sockets which experienced SSL-related errors. (Issue #501)
- Handle
bodyparam in.request(...). (Issue #513) - Respect timeout with HTTPS proxy. (Issue #505)
- PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
- Apply socket arguments before binding. (Issue #427)
- More careful checks if fp-like object is closed. (Issue #435)
- Fixed packaging issues of some development-related files not getting included. (Issue #440)
- Allow performing only fingerprint verification. (Issue #444)
- Emit
SecurityWarningif system clock is waaay off. (Issue #445) - Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
- Fixed
BrokenPipeErrorandConnectionErrorhandling in Py3. (Issue #443)
- Shuffled around development-related files. If you're maintaining a distro package of urllib3, you may need to tweak things. (Issue #415)
- Unverified HTTPS requests will trigger a warning on the first request. See our new security documentation for details. (Issue #426)
- New retry logic and
urllib3.util.retry.Retryconfiguration object. (Issue #326) - All raised exceptions should now wrapped in a
urllib3.exceptions.HTTPException-extending exception. (Issue #326) - All errors during a retry-enabled request should be wrapped in
urllib3.exceptions.MaxRetryError, including timeout-related exceptions which were previously exempt. Underlying error is accessible from the.reasonproperty. (Issue #326) urllib3.exceptions.ConnectionErrorrenamed tourllib3.exceptions.ProtocolError. (Issue #326)- Errors during response read (such as IncompleteRead) are now wrapped in
urllib3.exceptions.ProtocolError. (Issue #418) - Requesting an empty host will raise
urllib3.exceptions.LocationValueError. (Issue #417) - Catch read timeouts over SSL connections as
urllib3.exceptions.ReadTimeoutError. (Issue #419) - Apply socket arguments before connecting. (Issue #427)
- Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
- Add
disable_cacheoption tourllib3.util.make_headers. (Issue #393) - Wrap
socket.timeoutexception withurllib3.exceptions.ReadTimeoutError. (Issue #399) - Fixed proxy-related bug where connections were being reused incorrectly. (Issues #366, #369)
- Added
socket_optionskeyword parameter which allows to definesetsockoptconfiguration of new sockets. (Issue #397) - Removed
HTTPConnection.tcp_nodelayin favor ofHTTPConnection.default_socket_options. (Issue #397) - Fixed
TypeErrorbug in Python 2.6.4. (Issue #411)
- Fix
urllib3.utilnot being included in the package.
- Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356)
- Don't install
dummyserverintosite-packagesas it's only needed for the test suite. (Issue #362) - Added support for specifying
source_address. (Issue #352)
- Improved url parsing in
urllib3.util.parse_url(properly parse '@' in username, and blank ports like 'hostname:'). - New
urllib3.connectionmodule which contains all the HTTPConnection objects. - Several
urllib3.util.Timeout-related fixes. Also changed constructor signature to a more sensible order. [Backwards incompatible] (Issues #252, #262, #263) - Use
backports.ssl_match_hostnameif it's installed. (Issue #274) - Added
.tell()method tourllib3.response.HTTPResponsewhich returns the number of bytes read so far. (Issue #277) - Support for platforms without threading. (Issue #289)
- Expand default-port comparison in
HTTPConnectionPool.is_same_hostto allow a pool with no specified port to be considered equal to to an HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) - Improved default SSL/TLS settings to avoid vulnerabilities. (Issue #309)
- Fixed
urllib3.poolmanager.ProxyManagernot retrying on connect errors. (Issue #310) - Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests will send the entire HTTP request ~200 milliseconds faster; however, some of the resulting TCP packets will be smaller. (Issue #254)
- Increased maximum number of SubjectAltNames in
urllib3.contrib.pyopensslfrom the default 64 to 1024 in a single certificate. (Issue #318) - Headers are now passed and stored as a custom
urllib3.collections_.HTTPHeaderDictobject rather than a plaindict. (Issue #329, #333) - Headers no longer lose their case on Python 3. (Issue #236)
urllib3.contrib.pyopensslnow uses the operating system's default CA certificates on inject. (Issue #332)- Requests with
retries=Falsewill immediately raise any exceptions without wrapping them inMaxRetryError. (Issue #348) - Fixed open socket leak with SSL-related failures. (Issue #344, #348)
- Added granular timeout support with new
urllib3.util.Timeoutclass. (Issue #231) - Fixed Python 3.4 support. (Issue #238)
- More exceptions are now pickle-able, with tests. (Issue #174)
- Fixed redirecting with relative URLs in Location header. (Issue #178)
- Support for relative urls in
Location: ...header. (Issue #179) urllib3.response.HTTPResponsenow inherits fromio.IOBasefor bonus file-like functionality. (Issue #187)- Passing
assert_hostname=Falsewhen creating a HTTPSConnectionPool will skip hostname verification for SSL connections. (Issue #194) - New method
urllib3.response.HTTPResponse.stream(...)which acts as a generator wrapped around.read(...). (Issue #198) - IPv6 url parsing enforces brackets around the hostname. (Issue #199)
- Fixed thread race condition in
urllib3.poolmanager.PoolManager.connection_from_host(...)(Issue #204) ProxyManagerrequests now include non-default port inHost: ...header. (Issue #217)- Added HTTPS proxy support in
ProxyManager. (Issue #170 #139) - New
RequestFieldobject can be passed to thefields=...param which can specify headers. (Issue #220) - Raise
urllib3.exceptions.ProxyErrorwhen connecting to proxy fails. (Issue #221) - Use international headers when posting file names. (Issue #119)
- Improved IPv6 support. (Issue #203)
- Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156)
ProxyManagerautomatically addsHost: ...header if not given.- Improved SSL-related code.
cert_reqnow optionally takes a string like "REQUIRED" or "NONE". Same withssl_versiontakes strings like "SSLv23" The string values reflect the suffix of the respective constant variable. (Issue #130) - Vendored
socksipynow based on Anorov's fork which handles unexpectedly closed proxy connections and larger read buffers. (Issue #135) - Ensure the connection is closed if no data is received, fixes connection leak on some platforms. (Issue #133)
- Added SNI support for SSL/TLS connections on Py32+. (Issue #89)
- Tests fixed to be compatible with Py26 again. (Issue #125)
- Added ability to choose SSL version by passing an
ssl.PROTOCOL_*constant to thessl_versionparameter ofHTTPSConnectionPool. (Issue #109) - Allow an explicit content type to be specified when encoding file fields. (Issue #126)
- Exceptions are now pickleable, with tests. (Issue #101)
- Fixed default headers not getting passed in some cases. (Issue #99)
- Treat "content-encoding" header value as case-insensitive, per RFC 2616 Section 3.5. (Issue #110)
- "Connection Refused" SocketErrors will get retried rather than raised. (Issue #92)
- Updated vendored
six, no longer overrides the globalsixmodule namespace. (Issue #113) urllib3.exceptions.MaxRetryErrorcontains areasonproperty holding the exception that prompted the final retry. Ifreason is Nonethen it was due to a redirect. (Issue #92, #114)- Fixed
PoolManager.urlopen()from not redirecting more than once. (Issue #149) - Don't assume
Content-Type: text/plainfor multi-part encoding parameters that are not files. (Issue #111) - Pass strict param down to
httplib.HTTPConnection. (Issue #122) - Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or against an arbitrary hostname (when connecting by IP or for misconfigured servers). (Issue #140)
- Streaming decompression support. (Issue #159)
- Added
urllib3.add_stderr_logger()for quickly enabling STDERR debug logging in urllib3. - Native full URL parsing (including auth, path, query, fragment) available in
urllib3.util.parse_url(url). - Built-in redirect will switch method to 'GET' if status code is 303. (Issue #11)
urllib3.PoolManagerstrips the scheme and host before sending the request uri. (Issue #8)- New
urllib3.exceptions.DecodeErrorexception for when automatic decoding, based on the Content-Type header, fails. - Fixed bug with pool depletion and leaking connections (Issue #76). Added
explicit connection closing on pool eviction. Added
urllib3.PoolManager.clear(). - 99% -> 100% unit test coverage.
- Minor AppEngine-related fixes.
- Switched from
mimetools.choose_boundarytouuid.uuid4(). - Improved url parsing. (Issue #73)
- IPv6 url support. (Issue #72)
- Removed pre-1.0 deprecated API.
- Refactored helpers into a
urllib3.utilsubmodule. - Fixed multipart encoding to support list-of-tuples for keys with multiple values. (Issue #48)
- Fixed multiple Set-Cookie headers in response not getting merged properly in Python 3. (Issue #53)
- AppEngine support with Py27. (Issue #61)
- Minor
encode_multipart_formdatafixes related to Python 3 strings vs bytes.
- Fixed packaging bug of not shipping
test-requirements.txt. (Issue #47)
- Fixed another bug related to when
sslmodule is not available. (Issue #41) - Location parsing errors now raise
urllib3.exceptions.LocationParseErrorwhich inherits fromValueError.
- Added Python 3 support (tested on 3.2.2)
- Dropped Python 2.5 support (tested on 2.6.7, 2.7.2)
- Use
select.pollinstead ofselect.selectfor platforms that support it. - Use
Queue.LifoQueueinstead ofQueue.Queuefor more aggressive connection reusing. Configurable by overridingConnectionPool.QueueCls. - Fixed
ImportErrorduring install whensslmodule is not available. (Issue #41) - Fixed
PoolManagerredirects between schemes (such as HTTP -> HTTPS) not completing properly. (Issue #28, uncovered by Issue #10 in v1.1) - Ported
dummyserverto usetornadoinstead ofwebob+eventlet. Removed extraneous unsupported dummyserver testing backends. Added socket-level tests. - More tests. Achievement Unlocked: 99% Coverage.
- Refactored
dummyserverto its own root namespace module (used for testing). - Added hostname verification for
VerifiedHTTPSConnectionby vendoring in Py32'sssl_match_hostname. (Issue #25) - Fixed cross-host HTTP redirects when using
PoolManager. (Issue #10) - Fixed
decode_contentbeing ignored when set throughurlopen. (Issue #27) - Fixed timeout-related bugs. (Issues #17, #23)
- Fixed typo in
VerifiedHTTPSConnectionwhich would only present as a bug if you're using the object manually. (Thanks pyos) - Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by wrapping the access log in a mutex. (Thanks @christer)
- Made RecentlyUsedContainer more dict-like (corrected
__delitem__and__getitem__behaviour), with tests. Shouldn't affect core urllib3 code.
- Fixed a bug where the same connection would get returned into the pool twice, causing extraneous "HttpConnectionPool is full" log warnings.
- Added
PoolManagerwith LRU expiration of connections (tested and documented). - Added
ProxyManager(needs tests, docs, and confirmation that it works with HTTPS proxies). - Added optional partial-read support for responses when
preload_content=False. You can now make requests and just read the headers without loading the content. - Made response decoding optional (default on, same as before).
- Added optional explicit boundary string for
encode_multipart_formdata. - Convenience request methods are now inherited from
RequestMethods. Old helpers likeget_urlandpost_urlshould be abandoned in favour of the newrequest(method, url, ...). - Refactored code to be even more decoupled, reusable, and extendable.
- License header added to
.pyfiles. - Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code
and docs in
docs/and on https://urllib3.readthedocs.io/. - Embettered all the things!
- Started writing this file.
- Minor bug fixes, code cleanup.
- Better unicode support.
- Added
VerifiedHTTPSConnection. - Added
NTLMConnectionPoolin contrib. - Minor improvements.
- Added
assert_host_nameoptional parameter. Now compatible with proxies.
- Added HTTPS support.
- Minor bug fixes.
- Refactored, broken backwards compatibility with 0.2.
- API to be treated as stable from this version forward.
- Added unit tests.
- Bug fixes.
- First release.