All Versions
Latest Version
Avg Release Cycle
53 days
Latest Release
601 days ago

Changelog History
Page 4

  • v1.22 Changes

    July 20, 2017
    • ๐Ÿ›  Fixed missing brackets in HTTP CONNECT when connecting to IPv6 address via IPv6 proxy. (Issue #1222)

    • Made the connection pool retry on SSLError. The original SSLError is available on MaxRetryError.reason. (Issue #1112)

    • ๐Ÿš€ Drain and release connection before recursing on retry/redirect. Fixes deadlocks with a blocking connectionpool. (Issue #1167)

    • ๐Ÿ›  Fixed compatibility for cookiejar. (Issue #1229)

    • pyopenssl: Use vendored version of six. (Issue #1231)

  • v1.21.1 Changes

    May 02, 2017
    • ๐Ÿ›  Fixed SecureTransport issue that would cause long delays in response body delivery. (Pull #1154)

    • ๐Ÿ›  Fixed regression in 1.21 that threw exceptions when users passed the socket_options flag to the PoolManager. (Issue #1165)

    • ๐Ÿ›  Fixed regression in 1.21 that threw exceptions when users passed the assert_hostname or assert_fingerprint flag to the PoolManager. (Pull #1157)

  • v1.21 Changes

    April 25, 2017
    • ๐Ÿ‘Œ Improved performance of certain selector system calls on Python 3.5 and later. (Pull #1095)

    • Resolved issue where the PyOpenSSL backend would not wrap SysCallError exceptions appropriately when sending data. (Pull #1125)

    • Selectors now detects a monkey-patched select module after import for modules that patch the select module like eventlet, greenlet. (Pull #1128)

    • โฌ‡๏ธ Reduced memory consumption when streaming zlib-compressed responses (as opposed to raw deflate streams). (Pull #1129)

    • Connection pools now use the entire request context when constructing the pool key. (Pull #1016)

    • PoolManager.connection_from_* methods now accept a new keyword argument, pool_kwargs, which are merged with the existing connection_pool_kw. (Pull #1016)

    • โž• Add retry counter for status_forcelist. (Issue #1147)

    • โž• Added contrib module for using SecureTransport on macOS: urllib3.contrib.securetransport. (Pull #1122)

    • urllib3 now only normalizes the case of http:// and https:// schemes: for schemes it does not recognise, it assumes they are case-sensitive and leaves them unchanged. (Issue #1080)

  • v1.20 Changes

    January 19, 2017
    • โž• Added support for waiting for I/O using selectors other than select, improving urllib3's behaviour with large numbers of concurrent connections. (Pull #1001)

    • โšก๏ธ Updated the date for the system clock check. (Issue #1005)

    • ConnectionPools now correctly consider hostnames to be case-insensitive. (Issue #1032)

    • Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Pull #1063)

    • Outdated versions of cryptography now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Issue #1044)

    • Automatically attempt to rewind a file-like body object when a request is retried or redirected. (Pull #1039)

    • ๐Ÿ›  Fix some bugs that occur when modules incautiously patch the queue module. (Pull #1061)

    • Prevent retries from occurring on read timeouts for which the request method was not in the method whitelist. (Issue #1059)

    • ๐Ÿ”„ Changed the PyOpenSSL contrib module to lazily load idna to avoid unnecessarily bloating the memory of programs that don't need it. (Pull


    • โž• Add support for IPv6 literals with zone identifiers. (Pull #1013)

    • โž• Added support for socks5h:// and socks4a:// schemes when working with SOCKS proxies, and controlled remote DNS appropriately. (Issue #1035)

  • v1.19.1 Changes

    November 16, 2016
    • ๐Ÿ›  Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025)
  • v1.19 Changes

    November 03, 2016
    • urllib3 now respects Retry-After headers on 413, 429, and 503 responses when using the default retry logic. (Pull #955)

    • โœ‚ Remove markers from to assist ancient setuptools versions. (Issue


    • Disallow superscripts and other integerish things in URL ports. (Issue #989)

    • ๐Ÿ‘ Allow urllib3's method to continue to work with non-httplib underlying FPs. (Pull #990)

    • Empty filenames in multipart headers are now emitted as such, rather than being suppressed. (Issue #1015)

    • Prefer user-supplied Host headers on chunked uploads. (Issue #1009)

  • v1.18.1 Changes

    October 27, 2016
    • CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with PyOpenSSL injection and OpenSSL 1.1.0 must upgrade to this version. This release fixes a vulnerability whereby urllib3 in the above configuration would silently fail to validate TLS certificates due to erroneously setting invalid flags in OpenSSL's SSL_CTX_set_verify function. These erroneous flags do not cause a problem in OpenSSL versions before 1.1.0, which interprets the presence of any flag as requesting certificate validation.

    There is no PR for this patch, as it was prepared for simultaneous disclosure and release. The master branch received the same fix in Pull #1010.

  • v1.18 Changes

    September 26, 2016
    • ๐Ÿ›  Fixed incorrect message for IncompleteRead exception. (Pull #973)

    • Accept iPAddress subject alternative name fields in TLS certificates. (Issue #258)

    • ๐Ÿ›  Fixed consistency of HTTPResponse.closed between Python 2 and 3. (Issue #977)

    • ๐Ÿ›  Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979)

  • v1.17 Changes

    September 06, 2016
    • Accept SSLContext objects for use in SSL/TLS negotiation. (Issue #835)

    • ๐ŸŒฒ ConnectionPool debug log now includes scheme, host, and port. (Issue #897)

    • ๐Ÿ“š Substantially refactored documentation. (Issue #887)

    • 0๏ธโƒฃ Used URLFetch default timeout on AppEngine, rather than hardcoding our own. (Issue #858)

    • ๐Ÿ“œ Normalize the scheme and host in the URL parser (Issue #833)

    • HTTPResponse contains the last Retry object, which now also contains retries history. (Issue #848)

    • โฑ Timeout can no longer be set as boolean, and must be greater than zero. (Pull #924)

    • โœ‚ Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We now use cryptography and idna, both of which are already dependencies of PyOpenSSL. (Pull #930)

    • ๐Ÿ›  Fixed infinite loop in stream when amt=None. (Issue #928)

    • Try to use the operating system's certificates when we are using an SSLContext. (Pull #941)

    • โšก๏ธ Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947)

    • โšก๏ธ Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958)

    • โœ‚ Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958)

    • Implemented length_remaining to determine remaining content to be read. (Pull #949)

    • Implemented enforce_content_length to enable exceptions when incomplete data chunks are received. (Pull #949)

    • โฌ‡๏ธ Dropped connection start, dropped connection reset, redirect, forced retry, and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967)

  • v1.16 Changes

    June 11, 2016
    • Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840)

    • Provide key_fn_by_scheme pool keying mechanism that can be overridden. (Issue #830)

    • Normalize scheme and host to lowercase for pool keys, and include source_address. (Issue #830)

    • ๐Ÿ‘‰ Cleaner exception chain in Python 3 for _make_request. (Issue #861)

    • ๐Ÿ›  Fixed installing urllib3[socks] extra. (Issue #864)

    • ๐Ÿ›  Fixed signature of ConnectionPool.close so it can actually safely be called by subclasses. (Issue #873)

    • ๐Ÿš€ Retain release_conn state across retries. (Issues #651, #866)

    • โž• Add customizable HTTPConnectionPool.ResponseCls, which defaults to HTTPResponse but can be replaced with a subclass. (Issue #879)