- Added support for waiting for I/O using selectors other than select, improving urllib3's behaviour with large numbers of concurrent connections. (Pull #1001)
- Updated the date for the system clock check. (Issue #1005)
- ConnectionPools now correctly consider hostnames to be case-insensitive. (Issue #1032)
- Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Pull #1063)
- Outdated versions of cryptography now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Issue #1044)
- Automatically attempt to rewind a file-like body object when a request is retried or redirected. (Pull #1039)
- Fix some bugs that occur when modules incautiously patch the queue module. (Pull #1061)
- Prevent retries from occuring on read timeouts for which the request method was not in the method whitelist. (Issue #1059)
- Changed the PyOpenSSL contrib module to lazily load idna to avoid unnecessarily bloating the memory of programs that don't need it. (Pull #1076)
- Add support for IPv6 literals with zone identifiers. (Pull #1013)
- ... [Short description of non-trivial change.] (Issue #)
- Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025)
- urllib3 now respects Retry-After headers on 413, 429, and 503 responses when using the default retry logic. (Pull #955)
- Remove markers from setup.py to assist ancient setuptools versions. (Issue #986)
- Disallow superscripts and other integerish things in URL ports. (Issue #989)
- Allow urllib3's HTTPResponse.stream() method to continue to work with non-httplib underlying FPs. (Pull #990)
- Empty filenames in multipart headers are now emitted as such, rather than being supressed. (Issue #1015)
- Prefer user-supplied Host headers on chunked uploads. (Issue #1009)
CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with PyOpenSSL injection and OpenSSL 1.1.0 must upgrade to this version. This release fixes a vulnerability whereby urllib3 in the above configuration would silently fail to validate TLS certificates due to erroneously setting invalid flags in OpenSSL's
SSL_CTX_set_verify
function. These erroneous flags do not cause a problem in OpenSSL versions before 1.1.0, which interprets the presence of any flag as requesting certificate validation.There is no PR for this patch, as it was prepared for simultaneous disclosure and release. The master branch received the same fix in PR #1010.
- Fixed incorrect message for IncompleteRead exception. (PR #973)
- Accept
iPAddress
subject alternative name fields in TLS certificates. (Issue #258) - Fixed consistency of
HTTPResponse.closed
between Python 2 and 3. (Issue #977) - Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979)
- Accept
SSLContext
objects for use in SSL/TLS negotiation. (Issue #835) - ConnectionPool debug log now includes scheme, host, and port. (Issue #897)
- Substantially refactored documentation. (Issue #887)
- Used URLFetch default timeout on AppEngine, rather than hardcoding our own. (Issue #858)
- Normalize the scheme and host in the URL parser (Issue #833)
HTTPResponse
contains the lastRetry
object, which now also contains retries history. (Issue #848)- Timeout can no longer be set as boolean, and must be greater than zero. (PR #924)
- Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We now use cryptography and idna, both of which are already dependencies of PyOpenSSL. (PR #930)
- Fixed infinite loop in
stream
when amt=None. (Issue #928) - Try to use the operating system's certificates when we are using an
SSLContext
. (PR #941) - Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to ChaCha20, but ChaCha20 is then preferred to everything else. (PR #947)
- Updated cipher suite list to remove 3DES-based cipher suites. (PR #958)
- Removed the cipher suite fallback to allow HIGH ciphers. (PR #958)
- Implemented
length_remaining
to determine remaining content to be read. (PR #949) - Implemented
enforce_content_length
to enable exceptions when incomplete data chunks are received. (PR #949) - Dropped connection start, dropped connection reset, redirect, forced retry, and new HTTPS connection log levels to DEBUG, from INFO. (PR #967)
- Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840)
- Provide
key_fn_by_scheme
pool keying mechanism that can be overridden. (Issue #830) - Normalize scheme and host to lowercase for pool keys, and include
source_address
. (Issue #830) - Cleaner exception chain in Python 3 for
_make_request
. (Issue #861) - Fixed installing
urllib3[socks]
extra. (Issue #864) - Fixed signature of
ConnectionPool.close
so it can actually safely be called by subclasses. (Issue #873) - Retain
release_conn
state across retries. (Issues #651, #866) - Add customizable
HTTPConnectionPool.ResponseCls
, which defaults toHTTPResponse
but can be replaced with a subclass. (Issue #879)
- Fix packaging to include backports module. (Issue #841)
- Added Retry(raise_on_status=False). (Issue #720)
- Always use setuptools, no more distutils fallback. (Issue #785)
- Dropped support for Python 3.2. (Issue #786)
- Chunked transfer encoding when requesting with
chunked=True
. (Issue #790) - Fixed regression with IPv6 port parsing. (Issue #801)
- Append SNIMissingWarning messages to allow users to specify it in the PYTHONWARNINGS environment variable. (Issue #816)
- Handle unicode headers in Py2. (Issue #818)
- Log certificate when there is a hostname mismatch. (Issue #820)
- Preserve order of request/response headers. (Issue #821)
- contrib: SOCKS proxy support! (Issue #762)
- Fixed AppEngine handling of transfer-encoding header and bug in Timeout defaults checking. (Issue #763)
- Fixed regression in IPv6 + SSL for match_hostname. (Issue #761)
- Fixed
pip install urllib3[secure]
on modern pip. (Issue #706) - pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717)
- pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
- Close connections more defensively on exception. (Issue #734)
- Adjusted
read_chunked
to handle gzipped, chunk-encoded bodies without repeatedly flushing the decoder, to function better on Jython. (Issue #743) - Accept
ca_cert_dir
for SSL-related PoolManager configuration. (Issue #758)
- Rely on
six
for importinghttplib
to work around conflicts with other Python 3 shims. (Issue #688) - Add support for directories of certificate authorities, as supported by OpenSSL. (Issue #701)
- New exception:
NewConnectionError
, raised when we fail to establish a new connection, usuallyECONNREFUSED
socket error.
- When
ca_certs
is given,cert_reqs
defaults to'CERT_REQUIRED'
. (Issue #650) pip install urllib3[secure]
will install Certifi and PyOpenSSL as dependencies. (Issue #678)- Made
HTTPHeaderDict
usable as aheaders
input value (Issues #632, #679) - Added urllib3.contrib.appengine
which has an
AppEngineManager
for usingURLFetch
in a Google AppEngine environment. (Issue #664) - Dev: Added test suite for AppEngine. (Issue #631)
- Fix performance regression when using PyOpenSSL. (Issue #626)
- Passing incorrect scheme (e.g.
foo://
) will raiseValueError
instead ofAssertionError
(backwards compatible for now, but please migrate). (Issue #640) - Fix pools not getting replenished when an error occurs during a
request using
release_conn=False
. (Issue #644) - Fix pool-default headers not applying for url-encoded requests like GET. (Issue #657)
- log.warning in Python 3 when headers are skipped due to parsing errors. (Issue #642)
- Close and discard connections if an error occurs during read. (Issue #660)
- Fix host parsing for IPv6 proxies. (Issue #668)
- Separate warning type SubjectAltNameWarning, now issued once per host. (Issue #671)
- Fix
httplib.IncompleteRead
not getting converted toProtocolError
when usingHTTPResponse.stream()
(Issue #674)
- Migrate tests to Tornado 4. (Issue #594)
- Append default warning configuration rather than overwrite. (Issue #603)
- Fix streaming decoding regression. (Issue #595)
- Fix chunked requests losing state across keep-alive connections. (Issue #599)
- Fix hanging when chunked HEAD response has no body. (Issue #605)
- Emit
InsecurePlatformWarning
when SSLContext object is missing. (Issue #558) - Fix regression of duplicate header keys being discarded. (Issue #563)
Response.stream()
returns a generator for chunked responses. (Issue #560)- Set upper-bound timeout when waiting for a socket in PyOpenSSL. (Issue #585)
- Work on platforms without ssl module for plain HTTP requests. (Issue #587)
- Stop relying on the stdlib's default cipher list. (Issue #588)
- Fix file descriptor leakage on retries. (Issue #548)
- Removed RC4 from default cipher list. (Issue #551)
- Header performance improvements. (Issue #544)
- Fix PoolManager not obeying redirect retry settings. (Issue #553)
- Pools can be used as context managers. (Issue #545)
- Don't re-use connections which experienced an SSLError. (Issue #529)
- Don't fail when gzip decoding an empty stream. (Issue #535)
- Add sha256 support for fingerprint verification. (Issue #540)
- Fixed handling of header values containing commas. (Issue #533)
- Disabled SSLv3. (Issue #473)
- Add
Url.url
property to return the composed url string. (Issue #394) - Fixed PyOpenSSL + gevent
WantWriteError
. (Issue #412) MaxRetryError.reason
will always be an exception, not string. (Issue #481)- Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
- Py3: Use
ssl.create_default_context()
when available. (Issue #473) - Emit
InsecureRequestWarning
for every insecure HTTPS request. (Issue #496) - Emit
SecurityWarning
when certificate has nosubjectAltName
. (Issue #499) - Close and discard sockets which experienced SSL-related errors. (Issue #501)
- Handle
body
param in.request(...)
. (Issue #513) - Respect timeout with HTTPS proxy. (Issue #505)
- PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
- Apply socket arguments before binding. (Issue #427)
- More careful checks if fp-like object is closed. (Issue #435)
- Fixed packaging issues of some development-related files not getting included. (Issue #440)
- Allow performing only fingerprint verification. (Issue #444)
- Emit
SecurityWarning
if system clock is waaay off. (Issue #445) - Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
- Fixed
BrokenPipeError
andConnectionError
handling in Py3. (Issue #443)
- Shuffled around development-related files. If you're maintaining a distro package of urllib3, you may need to tweak things. (Issue #415)
- Unverified HTTPS requests will trigger a warning on the first request. See our new security documentation for details. (Issue #426)
- New retry logic and
urllib3.util.retry.Retry
configuration object. (Issue #326) - All raised exceptions should now wrapped in a
urllib3.exceptions.HTTPException
-extending exception. (Issue #326) - All errors during a retry-enabled request should be wrapped in
urllib3.exceptions.MaxRetryError
, including timeout-related exceptions which were previously exempt. Underlying error is accessible from the.reason
propery. (Issue #326) urllib3.exceptions.ConnectionError
renamed tourllib3.exceptions.ProtocolError
. (Issue #326)- Errors during response read (such as IncompleteRead) are now wrapped in
urllib3.exceptions.ProtocolError
. (Issue #418) - Requesting an empty host will raise
urllib3.exceptions.LocationValueError
. (Issue #417) - Catch read timeouts over SSL connections as
urllib3.exceptions.ReadTimeoutError
. (Issue #419) - Apply socket arguments before connecting. (Issue #427)
- Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
- Add
disable_cache
option tourllib3.util.make_headers
. (Issue #393) - Wrap
socket.timeout
exception withurllib3.exceptions.ReadTimeoutError
. (Issue #399) - Fixed proxy-related bug where connections were being reused incorrectly. (Issues #366, #369)
- Added
socket_options
keyword parameter which allows to definesetsockopt
configuration of new sockets. (Issue #397) - Removed
HTTPConnection.tcp_nodelay
in favor ofHTTPConnection.default_socket_options
. (Issue #397) - Fixed
TypeError
bug in Python 2.6.4. (Issue #411)
- Fix
urllib3.util
not being included in the package.
- Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356)
- Don't install
dummyserver
intosite-packages
as it's only needed for the test suite. (Issue #362) - Added support for specifying
source_address
. (Issue #352)
- Improved url parsing in
urllib3.util.parse_url
(properly parse '@' in username, and blank ports like 'hostname:'). - New
urllib3.connection
module which contains all the HTTPConnection objects. - Several
urllib3.util.Timeout
-related fixes. Also changed constructor signature to a more sensible order. [Backwards incompatible] (Issues #252, #262, #263) - Use
backports.ssl_match_hostname
if it's installed. (Issue #274) - Added
.tell()
method tourllib3.response.HTTPResponse
which returns the number of bytes read so far. (Issue #277) - Support for platforms without threading. (Issue #289)
- Expand default-port comparison in
HTTPConnectionPool.is_same_host
to allow a pool with no specified port to be considered equal to to an HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) - Improved default SSL/TLS settings to avoid vulnerabilities. (Issue #309)
- Fixed
urllib3.poolmanager.ProxyManager
not retrying on connect errors. (Issue #310) - Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests will send the entire HTTP request ~200 milliseconds faster; however, some of the resulting TCP packets will be smaller. (Issue #254)
- Increased maximum number of SubjectAltNames in
urllib3.contrib.pyopenssl
from the default 64 to 1024 in a single certificate. (Issue #318) - Headers are now passed and stored as a custom
urllib3.collections_.HTTPHeaderDict
object rather than a plaindict
. (Issue #329, #333) - Headers no longer lose their case on Python 3. (Issue #236)
urllib3.contrib.pyopenssl
now uses the operating system's default CA certificates on inject. (Issue #332)- Requests with
retries=False
will immediately raise any exceptions without wrapping them inMaxRetryError
. (Issue #348) - Fixed open socket leak with SSL-related failures. (Issue #344, #348)
- Added granular timeout support with new
urllib3.util.Timeout
class. (Issue #231) - Fixed Python 3.4 support. (Issue #238)
- More exceptions are now pickle-able, with tests. (Issue #174)
- Fixed redirecting with relative URLs in Location header. (Issue #178)
- Support for relative urls in
Location: ...
header. (Issue #179) urllib3.response.HTTPResponse
now inherits fromio.IOBase
for bonus file-like functionality. (Issue #187)- Passing
assert_hostname=False
when creating a HTTPSConnectionPool will skip hostname verification for SSL connections. (Issue #194) - New method
urllib3.response.HTTPResponse.stream(...)
which acts as a generator wrapped around.read(...)
. (Issue #198) - IPv6 url parsing enforces brackets around the hostname. (Issue #199)
- Fixed thread race condition in
urllib3.poolmanager.PoolManager.connection_from_host(...)
(Issue #204) ProxyManager
requests now include non-default port inHost: ...
header. (Issue #217)- Added HTTPS proxy support in
ProxyManager
. (Issue #170 #139) - New
RequestField
object can be passed to thefields=...
param which can specify headers. (Issue #220) - Raise
urllib3.exceptions.ProxyError
when connecting to proxy fails. (Issue #221) - Use international headers when posting file names. (Issue #119)
- Improved IPv6 support. (Issue #203)
- Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156)
ProxyManager
automatically addsHost: ...
header if not given.- Improved SSL-related code.
cert_req
now optionally takes a string like "REQUIRED" or "NONE". Same withssl_version
takes strings like "SSLv23" The string values reflect the suffix of the respective constant variable. (Issue #130) - Vendored
socksipy
now based on Anorov's fork which handles unexpectedly closed proxy connections and larger read buffers. (Issue #135) - Ensure the connection is closed if no data is received, fixes connection leak on some platforms. (Issue #133)
- Added SNI support for SSL/TLS connections on Py32+. (Issue #89)
- Tests fixed to be compatible with Py26 again. (Issue #125)
- Added ability to choose SSL version by passing an
ssl.PROTOCOL_*
constant to thessl_version
parameter ofHTTPSConnectionPool
. (Issue #109) - Allow an explicit content type to be specified when encoding file fields. (Issue #126)
- Exceptions are now pickleable, with tests. (Issue #101)
- Fixed default headers not getting passed in some cases. (Issue #99)
- Treat "content-encoding" header value as case-insensitive, per RFC 2616 Section 3.5. (Issue #110)
- "Connection Refused" SocketErrors will get retried rather than raised. (Issue #92)
- Updated vendored
six
, no longer overrides the globalsix
module namespace. (Issue #113) urllib3.exceptions.MaxRetryError
contains areason
property holding the exception that prompted the final retry. Ifreason is None
then it was due to a redirect. (Issue #92, #114)- Fixed
PoolManager.urlopen()
from not redirecting more than once. (Issue #149) - Don't assume
Content-Type: text/plain
for multi-part encoding parameters that are not files. (Issue #111) - Pass strict param down to
httplib.HTTPConnection
. (Issue #122) - Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or against an arbitrary hostname (when connecting by IP or for misconfigured servers). (Issue #140)
- Streaming decompression support. (Issue #159)
- Added
urllib3.add_stderr_logger()
for quickly enabling STDERR debug logging in urllib3. - Native full URL parsing (including auth, path, query, fragment) available in
urllib3.util.parse_url(url)
. - Built-in redirect will switch method to 'GET' if status code is 303. (Issue #11)
urllib3.PoolManager
strips the scheme and host before sending the request uri. (Issue #8)- New
urllib3.exceptions.DecodeError
exception for when automatic decoding, based on the Content-Type header, fails. - Fixed bug with pool depletion and leaking connections (Issue #76). Added
explicit connection closing on pool eviction. Added
urllib3.PoolManager.clear()
. - 99% -> 100% unit test coverage.
- Minor AppEngine-related fixes.
- Switched from
mimetools.choose_boundary
touuid.uuid4()
. - Improved url parsing. (Issue #73)
- IPv6 url support. (Issue #72)
- Removed pre-1.0 deprecated API.
- Refactored helpers into a
urllib3.util
submodule. - Fixed multipart encoding to support list-of-tuples for keys with multiple values. (Issue #48)
- Fixed multiple Set-Cookie headers in response not getting merged properly in Python 3. (Issue #53)
- AppEngine support with Py27. (Issue #61)
- Minor
encode_multipart_formdata
fixes related to Python 3 strings vs bytes.
- Fixed packaging bug of not shipping
test-requirements.txt
. (Issue #47)
- Fixed another bug related to when
ssl
module is not available. (Issue #41) - Location parsing errors now raise
urllib3.exceptions.LocationParseError
which inherits fromValueError
.
- Added Python 3 support (tested on 3.2.2)
- Dropped Python 2.5 support (tested on 2.6.7, 2.7.2)
- Use
select.poll
instead ofselect.select
for platforms that support it. - Use
Queue.LifoQueue
instead ofQueue.Queue
for more aggressive connection reusing. Configurable by overridingConnectionPool.QueueCls
. - Fixed
ImportError
during install whenssl
module is not available. (Issue #41) - Fixed
PoolManager
redirects between schemes (such as HTTP -> HTTPS) not completing properly. (Issue #28, uncovered by Issue #10 in v1.1) - Ported
dummyserver
to usetornado
instead ofwebob
+eventlet
. Removed extraneous unsupported dummyserver testing backends. Added socket-level tests. - More tests. Achievement Unlocked: 99% Coverage.
- Refactored
dummyserver
to its own root namespace module (used for testing). - Added hostname verification for
VerifiedHTTPSConnection
by vendoring in Py32'sssl_match_hostname
. (Issue #25) - Fixed cross-host HTTP redirects when using
PoolManager
. (Issue #10) - Fixed
decode_content
being ignored when set throughurlopen
. (Issue #27) - Fixed timeout-related bugs. (Issues #17, #23)
- Fixed typo in
VerifiedHTTPSConnection
which would only present as a bug if you're using the object manually. (Thanks pyos) - Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by wrapping the access log in a mutex. (Thanks @christer)
- Made RecentlyUsedContainer more dict-like (corrected
__delitem__
and__getitem__
behaviour), with tests. Shouldn't affect core urllib3 code.
- Fixed a bug where the same connection would get returned into the pool twice, causing extraneous "HttpConnectionPool is full" log warnings.
- Added
PoolManager
with LRU expiration of connections (tested and documented). - Added
ProxyManager
(needs tests, docs, and confirmation that it works with HTTPS proxies). - Added optional partial-read support for responses when
preload_content=False
. You can now make requests and just read the headers without loading the content. - Made response decoding optional (default on, same as before).
- Added optional explicit boundary string for
encode_multipart_formdata
. - Convenience request methods are now inherited from
RequestMethods
. Old helpers likeget_url
andpost_url
should be abandoned in favour of the newrequest(method, url, ...)
. - Refactored code to be even more decoupled, reusable, and extendable.
- License header added to
.py
files. - Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code
and docs in
docs/
and on urllib3.readthedocs.org. - Embettered all the things!
- Started writing this file.
- Minor bug fixes, code cleanup.
- Better unicode support.
- Added
VerifiedHTTPSConnection
. - Added
NTLMConnectionPool
in contrib. - Minor improvements.
- Added
assert_host_name
optional parameter. Now compatible with proxies.
- Added HTTPS support.
- Minor bug fixes.
- Refactored, broken backwards compatibility with 0.2.
- API to be treated as stable from this version forward.
- Added unit tests.
- Bug fixes.
- First release.