Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hello!
This is a preapproval to unblock package python-urllib3 1.26.5-1.
[ Reason ]
The upload would fix CVE-2021-33503[¹] for bullseye.
[ Impact ]
CVE-2021-33503 is a DoS, and is reproducible during parsing of an URL.
[ Tests ]
Unfortunately automated tests are not yet enabled, I tested manually with the
following:
>>> from urllib3.util.url import parse_url
>>> URL = "https://"; + ("@" * 10000) + "["
>>> parse_url(URL)
Using 1.26.4-1 there is a CPU spike that is not reproducible in 1.26.5-1
[ Risks ]
The code for the fix is trivial, I packaged the new release because when I
looked at diff between the 2 tags, there were: the fix for CVE-2021-33503, some
fix for deprecation warnings emitted in Python 3.10 and docstrings changes
(mostly spaces removed). In the debdiff attached there is a huge part that is
due metadata stuff.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
If this upload it's not OK due the freeze, it's not a problem, I can branch[²]
python-urllib3 1.26.4-1 and release a python-urllib3 1.26.4-2 with only the fix.
My ETA is this week for this (I will also do the same for buster.)
Please tell me if the unblock of python-urllib3/1.26.5-1 is feasible.
Many thanks!
Kind regards,
[¹] https://security-tracker.debian.org/tracker/CVE-2021-33503
[²] Unfortunately I already pushed the new upstream release on salsa.
--
Daniele Tricoli 'eriol'
https://mornie.org
diff -Nru python-urllib3-1.26.4/CHANGES.rst python-urllib3-1.26.5/CHANGES.rst
--- python-urllib3-1.26.4/CHANGES.rst 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/CHANGES.rst 2021-05-26 19:01:29.000000000 +0200
@@ -1,6 +1,15 @@
Changes
=======
+1.26.5 (2021-05-26)
+-------------------
+
+* Fixed deprecation warnings emitted in Python 3.10.
+* Updated vendored ``six`` library to 1.16.0.
+* Improved performance of URL parser when splitting
+ the authority component.
+
+
1.26.4 (2021-03-15)
-------------------
diff -Nru python-urllib3-1.26.4/debian/changelog python-urllib3-1.26.5/debian/changelog
--- python-urllib3-1.26.4/debian/changelog 2021-05-12 02:30:00.000000000 +0200
+++ python-urllib3-1.26.5/debian/changelog 2021-06-15 00:41:10.000000000 +0200
@@ -1,3 +1,12 @@
+python-urllib3 (1.26.5-1) unstable; urgency=medium
+
+ * New upstream version 1.26.5
+ - CVE-2021-33503: Catastrophic backtracking in URL authority parser when
+ passed URL containing many @ characters. (Closes: #989848)
+ * Refresh patches.
+
+ -- Daniele Tricoli <eriol@debian.org> Tue, 15 Jun 2021 00:41:10 +0200
+
python-urllib3 (1.26.4-1) unstable; urgency=medium
* Team upload.
diff -Nru python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch python-urllib3-1.26.5/debian/patches/01_do-not-use-embedded-python-six.patch
--- python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch 2021-05-12 02:30:00.000000000 +0200
+++ python-urllib3-1.26.5/debian/patches/01_do-not-use-embedded-python-six.patch 2021-06-15 00:41:10.000000000 +0200
@@ -44,7 +44,7 @@
35 files changed, 49 insertions(+), 49 deletions(-)
diff --git a/dummyserver/handlers.py b/dummyserver/handlers.py
-index c047094..c0e9330 100644
+index c90c2fc..f8bdf25 100644
--- a/dummyserver/handlers.py
+++ b/dummyserver/handlers.py
@@ -14,9 +14,9 @@ from io import BytesIO
@@ -76,7 +76,7 @@
__all__ = ["RecentlyUsedContainer", "HTTPHeaderDict"]
diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py
-index 45580b7..1cddda4 100644
+index efa19af..638a8aa 100644
--- a/src/urllib3/connection.py
+++ b/src/urllib3/connection.py
@@ -9,9 +9,9 @@ import warnings
@@ -93,7 +93,7 @@
try: # Compiled with SSL?
diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py
-index 4708c5b..8dbbc5c 100644
+index 4018321..a9c0908 100644
--- a/src/urllib3/connectionpool.py
+++ b/src/urllib3/connectionpool.py
@@ -33,8 +33,8 @@ from .exceptions import (
@@ -147,7 +147,7 @@
log = getLogger(__name__)
diff --git a/src/urllib3/contrib/pyopenssl.py b/src/urllib3/contrib/pyopenssl.py
-index 0cabab1..c1d52e3 100644
+index def83af..e081163 100644
--- a/src/urllib3/contrib/pyopenssl.py
+++ b/src/urllib3/contrib/pyopenssl.py
@@ -75,7 +75,7 @@ import ssl
@@ -156,9 +156,9 @@
from .. import util
-from ..packages import six
+import six
+ from ..util.ssl_ import PROTOCOL_TLS_CLIENT
__all__ = ["inject_into_urllib3", "extract_from_urllib3"]
-
diff --git a/src/urllib3/exceptions.py b/src/urllib3/exceptions.py
index cba6f3f..053758e 100644
--- a/src/urllib3/exceptions.py
@@ -241,7 +241,7 @@
log = logging.getLogger(__name__)
diff --git a/src/urllib3/util/connection.py b/src/urllib3/util/connection.py
-index cd57455..0332f37 100644
+index bdc240c..c0d69c8 100644
--- a/src/urllib3/util/connection.py
+++ b/src/urllib3/util/connection.py
@@ -5,7 +5,7 @@ import socket
@@ -294,7 +294,7 @@
def is_fp_closed(obj):
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
-index d25a41b..e11f585 100644
+index 180e82b..998ae23 100644
--- a/src/urllib3/util/retry.py
+++ b/src/urllib3/util/retry.py
@@ -17,7 +17,7 @@ from ..exceptions import (
@@ -307,7 +307,7 @@
log = logging.getLogger(__name__)
diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py
-index 236aa8e..709f703 100644
+index 134ec10..12720f9 100644
--- a/src/urllib3/util/ssl_.py
+++ b/src/urllib3/util/ssl_.py
@@ -13,7 +13,7 @@ from ..exceptions import (
@@ -320,7 +320,7 @@
SSLContext = None
diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py
-index 6ff238f..101819b 100644
+index 81a03da..6fd2b2d 100644
--- a/src/urllib3/util/url.py
+++ b/src/urllib3/util/url.py
@@ -4,7 +4,7 @@ import re
@@ -333,7 +333,7 @@
url_attrs = ["scheme", "auth", "host", "port", "path", "query", "fragment"]
diff --git a/test/__init__.py b/test/__init__.py
-index c03cfac..6c7cacd 100644
+index 3675f48..89693d2 100644
--- a/test/__init__.py
+++ b/test/__init__.py
@@ -16,7 +16,7 @@ except ImportError:
@@ -441,7 +441,7 @@
from urllib3.util.response import is_fp_closed
from urllib3.util.retry import RequestHistory, Retry
diff --git a/test/test_retry.py b/test/test_retry.py
-index cc36089..23153ee 100644
+index 8ff4cbd..f2698f0 100644
--- a/test/test_retry.py
+++ b/test/test_retry.py
@@ -11,8 +11,8 @@ from urllib3.exceptions import (
@@ -456,7 +456,7 @@
from urllib3.util.retry import RequestHistory, Retry
diff --git a/test/test_retry_deprecated.py b/test/test_retry_deprecated.py
-index 0c8de37..670bb43 100644
+index c001e3d..9079654 100644
--- a/test/test_retry_deprecated.py
+++ b/test/test_retry_deprecated.py
@@ -12,8 +12,8 @@ from urllib3.exceptions import (
@@ -471,7 +471,7 @@
from urllib3.util.retry import RequestHistory, Retry
diff --git a/test/test_util.py b/test/test_util.py
-index 827df42..145c4d2 100644
+index 88409e2..1dce178 100644
--- a/test/test_util.py
+++ b/test/test_util.py
@@ -19,7 +19,7 @@ from urllib3.exceptions import (
@@ -484,7 +484,7 @@
from urllib3.util import is_fp_closed
from urllib3.util.connection import _has_ipv6, allowed_gai_family, create_connection
diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py
-index f6a6618..304199f 100644
+index 8ea2cce..c083616 100644
--- a/test/with_dummyserver/test_connectionpool.py
+++ b/test/with_dummyserver/test_connectionpool.py
@@ -28,8 +28,8 @@ from urllib3.exceptions import (
@@ -499,7 +499,7 @@
from urllib3.util.retry import RequestHistory, Retry
from urllib3.util.timeout import Timeout
diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py
-index 92e23c9..7e8f1c4 100644
+index ed50990..f7e7a36 100644
--- a/test/with_dummyserver/test_https.py
+++ b/test/with_dummyserver/test_https.py
@@ -42,7 +42,7 @@ from urllib3.exceptions import (
@@ -512,7 +512,7 @@
from .. import has_alpn
diff --git a/test/with_dummyserver/test_socketlevel.py b/test/with_dummyserver/test_socketlevel.py
-index 7c06875..1fe1531 100644
+index 6e57d67..7bb5827 100644
--- a/test/with_dummyserver/test_socketlevel.py
+++ b/test/with_dummyserver/test_socketlevel.py
@@ -17,7 +17,7 @@ from urllib3.exceptions import (
diff -Nru python-urllib3-1.26.4/debian/patches/02_require-cert-verification.patch python-urllib3-1.26.5/debian/patches/02_require-cert-verification.patch
--- python-urllib3-1.26.4/debian/patches/02_require-cert-verification.patch 2021-05-12 02:30:00.000000000 +0200
+++ python-urllib3-1.26.5/debian/patches/02_require-cert-verification.patch 2021-06-15 00:41:10.000000000 +0200
@@ -13,7 +13,7 @@
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py
-index 8dbbc5c..79041de 100644
+index a9c0908..4d7a08f 100644
--- a/src/urllib3/connectionpool.py
+++ b/src/urllib3/connectionpool.py
@@ -874,6 +874,8 @@ class HTTPSConnectionPool(HTTPConnectionPool):
diff -Nru python-urllib3-1.26.4/dev-requirements.txt python-urllib3-1.26.5/dev-requirements.txt
--- python-urllib3-1.26.4/dev-requirements.txt 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/dev-requirements.txt 2021-05-26 19:01:29.000000000 +0200
@@ -5,7 +5,8 @@
PySocks==1.7.1
# https://github.com/Anorov/PySocks/issues/131
win-inet-pton==1.1.0
-pytest==4.6.9
+pytest==4.6.9; python_version<"3.10"
+pytest==6.2.4; python_version>="3.10"
pytest-timeout==1.3.4
pytest-freezegun==0.4.2
flaky==3.6.1
diff -Nru python-urllib3-1.26.4/dummyserver/handlers.py python-urllib3-1.26.5/dummyserver/handlers.py
--- python-urllib3-1.26.4/dummyserver/handlers.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/dummyserver/handlers.py 2021-05-26 19:01:29.000000000 +0200
@@ -62,27 +62,27 @@
"""
def get(self):
- """ Handle GET requests """
+ """Handle GET requests"""
self._call_method()
def post(self):
- """ Handle POST requests """
+ """Handle POST requests"""
self._call_method()
def put(self):
- """ Handle PUT requests """
+ """Handle PUT requests"""
self._call_method()
def options(self):
- """ Handle OPTIONS requests """
+ """Handle OPTIONS requests"""
self._call_method()
def head(self):
- """ Handle HEAD requests """
+ """Handle HEAD requests"""
self._call_method()
def _call_method(self):
- """ Call the correct method in this class based on the incoming URI """
+ """Call the correct method in this class based on the incoming URI"""
req = self.request
req.params = {}
for k, v in req.arguments.items():
diff -Nru python-urllib3-1.26.4/dummyserver/server.py python-urllib3-1.26.5/dummyserver/server.py
--- python-urllib3-1.26.4/dummyserver/server.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/dummyserver/server.py 2021-05-26 19:01:29.000000000 +0200
@@ -40,7 +40,7 @@
def _resolves_to_ipv6(host):
- """ Returns True if the system resolves host to an IPv6 address by default. """
+ """Returns True if the system resolves host to an IPv6 address by default."""
resolves_to_ipv6 = False
try:
for res in socket.getaddrinfo(host, None, socket.AF_UNSPEC):
@@ -54,7 +54,7 @@
def _has_ipv6(host):
- """ Returns True if the system can bind an IPv6 address. """
+ """Returns True if the system can bind an IPv6 address."""
sock = None
has_ipv6 = False
diff -Nru python-urllib3-1.26.4/PKG-INFO python-urllib3-1.26.5/PKG-INFO
--- python-urllib3-1.26.4/PKG-INFO 2021-03-15 16:03:55.002221800 +0100
+++ python-urllib3-1.26.5/PKG-INFO 2021-05-26 19:02:03.421620600 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: urllib3
-Version: 1.26.4
+Version: 1.26.5
Summary: HTTP library with thread-safe connection pooling, file post, and more.
Home-page: https://urllib3.readthedocs.io/
Author: Andrey Petrov
@@ -9,1328 +9,6 @@
Project-URL: Documentation, https://urllib3.readthedocs.io/
Project-URL: Code, https://github.com/urllib3/urllib3
Project-URL: Issue tracker, https://github.com/urllib3/urllib3/issues
-Description:
- urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the
- Python ecosystem already uses urllib3 and you should too.
- urllib3 brings many critical features that are missing from the Python
- standard libraries:
-
- - Thread safety.
- - Connection pooling.
- - Client-side SSL/TLS verification.
- - File uploads with multipart encoding.
- - Helpers for retrying requests and dealing with HTTP redirects.
- - Support for gzip, deflate, and brotli encoding.
- - Proxy support for HTTP and SOCKS.
- - 100% test coverage.
-
- urllib3 is powerful and easy to use:
-
- .. code-block:: python
-
- >>> import urllib3
- >>> http = urllib3.PoolManager()
- >>> r = http.request('GET', 'http://httpbin.org/robots.txt')
- >>> r.status
- 200
- >>> r.data
- 'User-agent: *\nDisallow: /deny\n'
-
-
- Installing
- ----------
-
- urllib3 can be installed with `pip <https://pip.pypa.io>`_::
-
- $ python -m pip install urllib3
-
- Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_::
-
- $ git clone git://github.com/urllib3/urllib3.git
- $ python setup.py install
-
-
- Documentation
- -------------
-
- urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_.
-
-
- Contributing
- ------------
-
- urllib3 happily accepts contributions. Please see our
- `contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_
- for some tips on getting started.
-
-
- Security Disclosures
- --------------------
-
- To report a security vulnerability, please use the
- `Tidelift security contact <https://tidelift.com/security>`_.
- Tidelift will coordinate the fix and disclosure with maintainers.
-
-
- Maintainers
- -----------
-
- - `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson)
- - `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet)
- - `@theacodes <https://github.com/theacodes>`__ (Thea Flowers)
- - `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro)
- - `@lukasa <https://github.com/lukasa>`__ (Cory Benfield)
- - `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco)
- - `@shazow <https://github.com/shazow>`__ (Andrey Petrov)
-
- 👋
-
-
- Sponsorship
- -----------
-
- If your company benefits from this library, please consider `sponsoring its
- development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_.
-
-
- For Enterprise
- --------------
-
- .. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png
- :width: 75
- :alt: Tidelift
-
- .. list-table::
- :widths: 10 100
-
- * - |tideliftlogo|
- - Professional support for urllib3 is available as part of the `Tidelift
- Subscription`_. Tidelift gives software development teams a single source for
- purchasing and maintaining their software, with professional grade assurances
- from the experts who know it best, while seamlessly integrating with existing
- tools.
-
- .. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme
-
-
- Changes
- =======
-
- 1.26.4 (2021-03-15)
- -------------------
-
- * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
- during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
-
-
- 1.26.3 (2021-01-26)
- -------------------
-
- * Fixed bytes and string comparison issue with headers (Pull #2141)
-
- * Changed ``ProxySchemeUnknown`` error message to be
- more actionable if the user supplies a proxy URL without
- a scheme. (Pull #2107)
-
-
- 1.26.2 (2020-11-12)
- -------------------
-
- * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't
- be imported properly on Python 2.7.8 and earlier (Pull #2052)
-
-
- 1.26.1 (2020-11-11)
- -------------------
-
- * Fixed an issue where two ``User-Agent`` headers would be sent if a
- ``User-Agent`` header key is passed as ``bytes`` (Pull #2047)
-
-
- 1.26.0 (2020-11-10)
- -------------------
-
- * **NOTE: urllib3 v2.0 will drop support for Python 2**.
- `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_.
-
- * Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
-
- * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
- still wish to use TLS earlier than 1.2 without a deprecation warning
- should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002)
- **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail**
-
- * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
- and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
- ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
- (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
-
- * Added default ``User-Agent`` header to every request (Pull #1750)
-
- * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
- and ``Host`` headers from being automatically emitted with requests (Pull #2018)
-
- * Collapse ``transfer-encoding: chunked`` request data and framing into
- the same ``socket.send()`` call (Pull #1906)
-
- * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894)
-
- * Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
-
- * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
- to SecureTransport (Pull #1903)
-
- * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
-
- * Suppress ``BrokenPipeError`` when writing request body after the server
- has closed the socket (Pull #1524)
-
- * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC")
- into an ``urllib3.exceptions.SSLError`` (Pull #1939)
-
-
- 1.25.11 (2020-10-19)
- --------------------
-
- * Fix retry backoff time parsed from ``Retry-After`` header when given
- in the HTTP date format. The HTTP date was parsed as the local timezone
- rather than accounting for the timezone in the HTTP date (typically
- UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949)
-
- * Fix issue where an error would be raised when the ``SSLKEYLOGFILE``
- environment variable was set to the empty string. Now ``SSLContext.keylog_file``
- is not set in this situation (Pull #2016)
-
-
- 1.25.10 (2020-07-22)
- --------------------
-
- * Added support for ``SSLKEYLOGFILE`` environment variable for
- logging TLS session keys with use with programs like
- Wireshark for decrypting captured web traffic (Pull #1867)
-
- * Fixed loading of SecureTransport libraries on macOS Big Sur
- due to the new dynamic linker cache (Pull #1905)
-
- * Collapse chunked request bodies data and framing into one
- call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
-
- * Don't insert ``None`` into ``ConnectionPool`` if the pool
- was empty when requesting a connection (Pull #1866)
-
- * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
-
-
- 1.25.9 (2020-04-16)
- -------------------
-
- * Added ``InvalidProxyConfigurationWarning`` which is raised when
- erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
- support connecting to HTTPS proxies but will soon be able to
- and we would like users to migrate properly without much breakage.
-
- See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_
- for more information on how to fix your proxy config. (Pull #1851)
-
- * Drain connection after ``PoolManager`` redirect (Pull #1817)
-
- * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
-
- * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
-
- * Allow the CA certificate data to be passed as a string (Pull #1804)
-
- * Raise ``ValueError`` if method contains control characters (Pull #1800)
-
- * Add ``__repr__`` to ``Timeout`` (Pull #1795)
-
-
- 1.25.8 (2020-01-20)
- -------------------
-
- * Drop support for EOL Python 3.4 (Pull #1774)
-
- * Optimize _encode_invalid_chars (Pull #1787)
-
-
- 1.25.7 (2019-11-11)
- -------------------
-
- * Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734)
-
- * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470)
-
- * Fix issue where URL fragment was sent within the request target. (Pull #1732)
-
- * Fix issue where an empty query section in a URL would fail to parse. (Pull #1732)
-
- * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703)
-
-
- 1.25.6 (2019-09-24)
- -------------------
-
- * Fix issue where tilde (``~``) characters were incorrectly
- percent-encoded in the path. (Pull #1692)
-
-
- 1.25.5 (2019-09-19)
- -------------------
-
- * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which
- caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``.
- (Issue #1682)
-
-
- 1.25.4 (2019-09-19)
- -------------------
-
- * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
-
- * Fix edge case where Retry-After header was still respected even when
- explicitly opted out of. (Pull #1607)
-
- * Remove dependency on ``rfc3986`` for URL parsing.
-
- * Fix issue where URLs containing invalid characters within ``Url.auth`` would
- raise an exception instead of percent-encoding those characters.
-
- * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses
- work well with BufferedReaders and other ``io`` module features. (Pull #1652)
-
- * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673)
-
-
- 1.25.3 (2019-05-23)
- -------------------
-
- * Change ``HTTPSConnection`` to load system CA certificates
- when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are
- unspecified. (Pull #1608, Issue #1603)
-
- * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
-
-
- 1.25.2 (2019-04-28)
- -------------------
-
- * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583)
-
- * Change ``parse_url`` to percent-encode invalid characters within the
- path, query, and target components. (Pull #1586)
-
-
- 1.25.1 (2019-04-24)
- -------------------
-
- * Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579)
-
- * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
-
-
- 1.25 (2019-04-22)
- -----------------
-
- * Require and validate certificates by default when using HTTPS (Pull #1507)
-
- * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487)
-
- * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
- encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489)
-
- * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
- implementations. (Pull #1496)
-
- * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492)
-
- * Fixed issue where OpenSSL would block if an encrypted client private key was
- given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489)
-
- * Added support for Brotli content encoding. It is enabled automatically if
- ``brotlipy`` package is installed which can be requested with
- ``urllib3[brotli]`` extra. (Pull #1532)
-
- * Drop ciphers using DSS key exchange from default TLS cipher suites.
- Improve default ciphers when using SecureTransport. (Pull #1496)
-
- * Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483)
-
- 1.24.3 (2019-05-01)
- -------------------
-
- * Apply fix for CVE-2019-9740. (Pull #1591)
-
- 1.24.2 (2019-04-17)
- -------------------
-
- * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or
- ``ssl_context`` parameters are specified.
-
- * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
-
- * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
-
-
- 1.24.1 (2018-11-02)
- -------------------
-
- * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467)
-
- * Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462)
-
-
- 1.24 (2018-10-16)
- -----------------
-
- * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
-
- * Test against Python 3.7 on AppVeyor. (Pull #1453)
-
- * Early-out ipv6 checks when running on App Engine. (Pull #1450)
-
- * Change ambiguous description of backoff_factor (Pull #1436)
-
- * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
-
- * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
-
- * Add a server_hostname parameter to HTTPSConnection which allows for
- overriding the SNI hostname sent in the handshake. (Pull #1397)
-
- * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
-
- * Fixed bug where responses with header Content-Type: message/* erroneously
- raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
-
- * Move urllib3 to src/urllib3 (Pull #1409)
-
-
- 1.23 (2018-06-04)
- -----------------
-
- * Allow providing a list of headers to strip from requests when redirecting
- to a different host. Defaults to the ``Authorization`` header. Different
- headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316)
-
- * Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247).
-
- * Dropped Python 3.3 support. (Pull #1242)
-
- * Put the connection back in the pool when calling stream() or read_chunked() on
- a chunked HEAD response. (Issue #1234)
-
- * Fixed pyOpenSSL-specific ssl client authentication issue when clients
- attempted to auth via certificate + chain (Issue #1060)
-
- * Add the port to the connectionpool connect print (Pull #1251)
-
- * Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380)
-
- * ``read_chunked()`` on a closed response returns no chunks. (Issue #1088)
-
- * Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359)
-
- * Added support for auth info in url for SOCKS proxy (Pull #1363)
-
-
- 1.22 (2017-07-20)
- -----------------
-
- * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via
- IPv6 proxy. (Issue #1222)
-
- * Made the connection pool retry on ``SSLError``. The original ``SSLError``
- is available on ``MaxRetryError.reason``. (Issue #1112)
-
- * Drain and release connection before recursing on retry/redirect. Fixes
- deadlocks with a blocking connectionpool. (Issue #1167)
-
- * Fixed compatibility for cookiejar. (Issue #1229)
-
- * pyopenssl: Use vendored version of ``six``. (Issue #1231)
-
-
- 1.21.1 (2017-05-02)
- -------------------
-
- * Fixed SecureTransport issue that would cause long delays in response body
- delivery. (Pull #1154)
-
- * Fixed regression in 1.21 that threw exceptions when users passed the
- ``socket_options`` flag to the ``PoolManager``. (Issue #1165)
-
- * Fixed regression in 1.21 that threw exceptions when users passed the
- ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``.
- (Pull #1157)
-
-
- 1.21 (2017-04-25)
- -----------------
-
- * Improved performance of certain selector system calls on Python 3.5 and
- later. (Pull #1095)
-
- * Resolved issue where the PyOpenSSL backend would not wrap SysCallError
- exceptions appropriately when sending data. (Pull #1125)
-
- * Selectors now detects a monkey-patched select module after import for modules
- that patch the select module like eventlet, greenlet. (Pull #1128)
-
- * Reduced memory consumption when streaming zlib-compressed responses
- (as opposed to raw deflate streams). (Pull #1129)
-
- * Connection pools now use the entire request context when constructing the
- pool key. (Pull #1016)
-
- * ``PoolManager.connection_from_*`` methods now accept a new keyword argument,
- ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``.
- (Pull #1016)
-
- * Add retry counter for ``status_forcelist``. (Issue #1147)
-
- * Added ``contrib`` module for using SecureTransport on macOS:
- ``urllib3.contrib.securetransport``. (Pull #1122)
-
- * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes:
- for schemes it does not recognise, it assumes they are case-sensitive and
- leaves them unchanged.
- (Issue #1080)
-
-
- 1.20 (2017-01-19)
- -----------------
-
- * Added support for waiting for I/O using selectors other than select,
- improving urllib3's behaviour with large numbers of concurrent connections.
- (Pull #1001)
-
- * Updated the date for the system clock check. (Issue #1005)
-
- * ConnectionPools now correctly consider hostnames to be case-insensitive.
- (Issue #1032)
-
- * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module
- to fail when it is injected, rather than at first use. (Pull #1063)
-
- * Outdated versions of cryptography now cause the PyOpenSSL contrib module
- to fail when it is injected, rather than at first use. (Issue #1044)
-
- * Automatically attempt to rewind a file-like body object when a request is
- retried or redirected. (Pull #1039)
-
- * Fix some bugs that occur when modules incautiously patch the queue module.
- (Pull #1061)
-
- * Prevent retries from occurring on read timeouts for which the request method
- was not in the method whitelist. (Issue #1059)
-
- * Changed the PyOpenSSL contrib module to lazily load idna to avoid
- unnecessarily bloating the memory of programs that don't need it. (Pull
- #1076)
-
- * Add support for IPv6 literals with zone identifiers. (Pull #1013)
-
- * Added support for socks5h:// and socks4a:// schemes when working with SOCKS
- proxies, and controlled remote DNS appropriately. (Issue #1035)
-
-
- 1.19.1 (2016-11-16)
- -------------------
-
- * Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025)
-
-
- 1.19 (2016-11-03)
- -----------------
-
- * urllib3 now respects Retry-After headers on 413, 429, and 503 responses when
- using the default retry logic. (Pull #955)
-
- * Remove markers from setup.py to assist ancient setuptools versions. (Issue
- #986)
-
- * Disallow superscripts and other integerish things in URL ports. (Issue #989)
-
- * Allow urllib3's HTTPResponse.stream() method to continue to work with
- non-httplib underlying FPs. (Pull #990)
-
- * Empty filenames in multipart headers are now emitted as such, rather than
- being suppressed. (Issue #1015)
-
- * Prefer user-supplied Host headers on chunked uploads. (Issue #1009)
-
-
- 1.18.1 (2016-10-27)
- -------------------
-
- * CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with
- PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This
- release fixes a vulnerability whereby urllib3 in the above configuration
- would silently fail to validate TLS certificates due to erroneously setting
- invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous
- flags do not cause a problem in OpenSSL versions before 1.1.0, which
- interprets the presence of any flag as requesting certificate validation.
-
- There is no PR for this patch, as it was prepared for simultaneous disclosure
- and release. The master branch received the same fix in Pull #1010.
-
-
- 1.18 (2016-09-26)
- -----------------
-
- * Fixed incorrect message for IncompleteRead exception. (Pull #973)
-
- * Accept ``iPAddress`` subject alternative name fields in TLS certificates.
- (Issue #258)
-
- * Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3.
- (Issue #977)
-
- * Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979)
-
-
- 1.17 (2016-09-06)
- -----------------
-
- * Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835)
-
- * ConnectionPool debug log now includes scheme, host, and port. (Issue #897)
-
- * Substantially refactored documentation. (Issue #887)
-
- * Used URLFetch default timeout on AppEngine, rather than hardcoding our own.
- (Issue #858)
-
- * Normalize the scheme and host in the URL parser (Issue #833)
-
- * ``HTTPResponse`` contains the last ``Retry`` object, which now also
- contains retries history. (Issue #848)
-
- * Timeout can no longer be set as boolean, and must be greater than zero.
- (Pull #924)
-
- * Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We
- now use cryptography and idna, both of which are already dependencies of
- PyOpenSSL. (Pull #930)
-
- * Fixed infinite loop in ``stream`` when amt=None. (Issue #928)
-
- * Try to use the operating system's certificates when we are using an
- ``SSLContext``. (Pull #941)
-
- * Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to
- ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947)
-
- * Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958)
-
- * Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958)
-
- * Implemented ``length_remaining`` to determine remaining content
- to be read. (Pull #949)
-
- * Implemented ``enforce_content_length`` to enable exceptions when
- incomplete data chunks are received. (Pull #949)
-
- * Dropped connection start, dropped connection reset, redirect, forced retry,
- and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967)
-
-
- 1.16 (2016-06-11)
- -----------------
-
- * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840)
-
- * Provide ``key_fn_by_scheme`` pool keying mechanism that can be
- overridden. (Issue #830)
-
- * Normalize scheme and host to lowercase for pool keys, and include
- ``source_address``. (Issue #830)
-
- * Cleaner exception chain in Python 3 for ``_make_request``.
- (Issue #861)
-
- * Fixed installing ``urllib3[socks]`` extra. (Issue #864)
-
- * Fixed signature of ``ConnectionPool.close`` so it can actually safely be
- called by subclasses. (Issue #873)
-
- * Retain ``release_conn`` state across retries. (Issues #651, #866)
-
- * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to
- ``HTTPResponse`` but can be replaced with a subclass. (Issue #879)
-
-
- 1.15.1 (2016-04-11)
- -------------------
-
- * Fix packaging to include backports module. (Issue #841)
-
-
- 1.15 (2016-04-06)
- -----------------
-
- * Added Retry(raise_on_status=False). (Issue #720)
-
- * Always use setuptools, no more distutils fallback. (Issue #785)
-
- * Dropped support for Python 3.2. (Issue #786)
-
- * Chunked transfer encoding when requesting with ``chunked=True``.
- (Issue #790)
-
- * Fixed regression with IPv6 port parsing. (Issue #801)
-
- * Append SNIMissingWarning messages to allow users to specify it in
- the PYTHONWARNINGS environment variable. (Issue #816)
-
- * Handle unicode headers in Py2. (Issue #818)
-
- * Log certificate when there is a hostname mismatch. (Issue #820)
-
- * Preserve order of request/response headers. (Issue #821)
-
-
- 1.14 (2015-12-29)
- -----------------
-
- * contrib: SOCKS proxy support! (Issue #762)
-
- * Fixed AppEngine handling of transfer-encoding header and bug
- in Timeout defaults checking. (Issue #763)
-
-
- 1.13.1 (2015-12-18)
- -------------------
-
- * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761)
-
-
- 1.13 (2015-12-14)
- -----------------
-
- * Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706)
-
- * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717)
-
- * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
-
- * Close connections more defensively on exception. (Issue #734)
-
- * Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without
- repeatedly flushing the decoder, to function better on Jython. (Issue #743)
-
- * Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758)
-
-
- 1.12 (2015-09-03)
- -----------------
-
- * Rely on ``six`` for importing ``httplib`` to work around
- conflicts with other Python 3 shims. (Issue #688)
-
- * Add support for directories of certificate authorities, as supported by
- OpenSSL. (Issue #701)
-
- * New exception: ``NewConnectionError``, raised when we fail to establish
- a new connection, usually ``ECONNREFUSED`` socket error.
-
-
- 1.11 (2015-07-21)
- -----------------
-
- * When ``ca_certs`` is given, ``cert_reqs`` defaults to
- ``'CERT_REQUIRED'``. (Issue #650)
-
- * ``pip install urllib3[secure]`` will install Certifi and
- PyOpenSSL as dependencies. (Issue #678)
-
- * Made ``HTTPHeaderDict`` usable as a ``headers`` input value
- (Issues #632, #679)
-
- * Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_
- which has an ``AppEngineManager`` for using ``URLFetch`` in a
- Google AppEngine environment. (Issue #664)
-
- * Dev: Added test suite for AppEngine. (Issue #631)
-
- * Fix performance regression when using PyOpenSSL. (Issue #626)
-
- * Passing incorrect scheme (e.g. ``foo://``) will raise
- ``ValueError`` instead of ``AssertionError`` (backwards
- compatible for now, but please migrate). (Issue #640)
-
- * Fix pools not getting replenished when an error occurs during a
- request using ``release_conn=False``. (Issue #644)
-
- * Fix pool-default headers not applying for url-encoded requests
- like GET. (Issue #657)
-
- * log.warning in Python 3 when headers are skipped due to parsing
- errors. (Issue #642)
-
- * Close and discard connections if an error occurs during read.
- (Issue #660)
-
- * Fix host parsing for IPv6 proxies. (Issue #668)
-
- * Separate warning type SubjectAltNameWarning, now issued once
- per host. (Issue #671)
-
- * Fix ``httplib.IncompleteRead`` not getting converted to
- ``ProtocolError`` when using ``HTTPResponse.stream()``
- (Issue #674)
-
- 1.10.4 (2015-05-03)
- -------------------
-
- * Migrate tests to Tornado 4. (Issue #594)
-
- * Append default warning configuration rather than overwrite.
- (Issue #603)
-
- * Fix streaming decoding regression. (Issue #595)
-
- * Fix chunked requests losing state across keep-alive connections.
- (Issue #599)
-
- * Fix hanging when chunked HEAD response has no body. (Issue #605)
-
-
- 1.10.3 (2015-04-21)
- -------------------
-
- * Emit ``InsecurePlatformWarning`` when SSLContext object is missing.
- (Issue #558)
-
- * Fix regression of duplicate header keys being discarded.
- (Issue #563)
-
- * ``Response.stream()`` returns a generator for chunked responses.
- (Issue #560)
-
- * Set upper-bound timeout when waiting for a socket in PyOpenSSL.
- (Issue #585)
-
- * Work on platforms without `ssl` module for plain HTTP requests.
- (Issue #587)
-
- * Stop relying on the stdlib's default cipher list. (Issue #588)
-
-
- 1.10.2 (2015-02-25)
- -------------------
-
- * Fix file descriptor leakage on retries. (Issue #548)
-
- * Removed RC4 from default cipher list. (Issue #551)
-
- * Header performance improvements. (Issue #544)
-
- * Fix PoolManager not obeying redirect retry settings. (Issue #553)
-
-
- 1.10.1 (2015-02-10)
- -------------------
-
- * Pools can be used as context managers. (Issue #545)
-
- * Don't re-use connections which experienced an SSLError. (Issue #529)
-
- * Don't fail when gzip decoding an empty stream. (Issue #535)
-
- * Add sha256 support for fingerprint verification. (Issue #540)
-
- * Fixed handling of header values containing commas. (Issue #533)
-
-
- 1.10 (2014-12-14)
- -----------------
-
- * Disabled SSLv3. (Issue #473)
-
- * Add ``Url.url`` property to return the composed url string. (Issue #394)
-
- * Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412)
-
- * ``MaxRetryError.reason`` will always be an exception, not string.
- (Issue #481)
-
- * Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
-
- * Py3: Use ``ssl.create_default_context()`` when available. (Issue #473)
-
- * Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request.
- (Issue #496)
-
- * Emit ``SecurityWarning`` when certificate has no ``subjectAltName``.
- (Issue #499)
-
- * Close and discard sockets which experienced SSL-related errors.
- (Issue #501)
-
- * Handle ``body`` param in ``.request(...)``. (Issue #513)
-
- * Respect timeout with HTTPS proxy. (Issue #505)
-
- * PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
-
-
- 1.9.1 (2014-09-13)
- ------------------
-
- * Apply socket arguments before binding. (Issue #427)
-
- * More careful checks if fp-like object is closed. (Issue #435)
-
- * Fixed packaging issues of some development-related files not
- getting included. (Issue #440)
-
- * Allow performing *only* fingerprint verification. (Issue #444)
-
- * Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445)
-
- * Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
-
- * Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3.
- (Issue #443)
-
-
-
- 1.9 (2014-07-04)
- ----------------
-
- * Shuffled around development-related files. If you're maintaining a distro
- package of urllib3, you may need to tweak things. (Issue #415)
-
- * Unverified HTTPS requests will trigger a warning on the first request. See
- our new `security documentation
- <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details.
- (Issue #426)
-
- * New retry logic and ``urllib3.util.retry.Retry`` configuration object.
- (Issue #326)
-
- * All raised exceptions should now wrapped in a
- ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326)
-
- * All errors during a retry-enabled request should be wrapped in
- ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions
- which were previously exempt. Underlying error is accessible from the
- ``.reason`` property. (Issue #326)
-
- * ``urllib3.exceptions.ConnectionError`` renamed to
- ``urllib3.exceptions.ProtocolError``. (Issue #326)
-
- * Errors during response read (such as IncompleteRead) are now wrapped in
- ``urllib3.exceptions.ProtocolError``. (Issue #418)
-
- * Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``.
- (Issue #417)
-
- * Catch read timeouts over SSL connections as
- ``urllib3.exceptions.ReadTimeoutError``. (Issue #419)
-
- * Apply socket arguments before connecting. (Issue #427)
-
-
- 1.8.3 (2014-06-23)
- ------------------
-
- * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
-
- * Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393)
-
- * Wrap ``socket.timeout`` exception with
- ``urllib3.exceptions.ReadTimeoutError``. (Issue #399)
-
- * Fixed proxy-related bug where connections were being reused incorrectly.
- (Issues #366, #369)
-
- * Added ``socket_options`` keyword parameter which allows to define
- ``setsockopt`` configuration of new sockets. (Issue #397)
-
- * Removed ``HTTPConnection.tcp_nodelay`` in favor of
- ``HTTPConnection.default_socket_options``. (Issue #397)
-
- * Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411)
-
-
- 1.8.2 (2014-04-17)
- ------------------
-
- * Fix ``urllib3.util`` not being included in the package.
-
-
- 1.8.1 (2014-04-17)
- ------------------
-
- * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356)
-
- * Don't install ``dummyserver`` into ``site-packages`` as it's only needed
- for the test suite. (Issue #362)
-
- * Added support for specifying ``source_address``. (Issue #352)
-
-
- 1.8 (2014-03-04)
- ----------------
-
- * Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in
- username, and blank ports like 'hostname:').
-
- * New ``urllib3.connection`` module which contains all the HTTPConnection
- objects.
-
- * Several ``urllib3.util.Timeout``-related fixes. Also changed constructor
- signature to a more sensible order. [Backwards incompatible]
- (Issues #252, #262, #263)
-
- * Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274)
-
- * Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which
- returns the number of bytes read so far. (Issue #277)
-
- * Support for platforms without threading. (Issue #289)
-
- * Expand default-port comparison in ``HTTPConnectionPool.is_same_host``
- to allow a pool with no specified port to be considered equal to to an
- HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305)
-
- * Improved default SSL/TLS settings to avoid vulnerabilities.
- (Issue #309)
-
- * Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors.
- (Issue #310)
-
- * Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests
- will send the entire HTTP request ~200 milliseconds faster; however, some of
- the resulting TCP packets will be smaller. (Issue #254)
-
- * Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl``
- from the default 64 to 1024 in a single certificate. (Issue #318)
-
- * Headers are now passed and stored as a custom
- ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``.
- (Issue #329, #333)
-
- * Headers no longer lose their case on Python 3. (Issue #236)
-
- * ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA
- certificates on inject. (Issue #332)
-
- * Requests with ``retries=False`` will immediately raise any exceptions without
- wrapping them in ``MaxRetryError``. (Issue #348)
-
- * Fixed open socket leak with SSL-related failures. (Issue #344, #348)
-
-
- 1.7.1 (2013-09-25)
- ------------------
-
- * Added granular timeout support with new ``urllib3.util.Timeout`` class.
- (Issue #231)
-
- * Fixed Python 3.4 support. (Issue #238)
-
-
- 1.7 (2013-08-14)
- ----------------
-
- * More exceptions are now pickle-able, with tests. (Issue #174)
-
- * Fixed redirecting with relative URLs in Location header. (Issue #178)
-
- * Support for relative urls in ``Location: ...`` header. (Issue #179)
-
- * ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus
- file-like functionality. (Issue #187)
-
- * Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will
- skip hostname verification for SSL connections. (Issue #194)
-
- * New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a
- generator wrapped around ``.read(...)``. (Issue #198)
-
- * IPv6 url parsing enforces brackets around the hostname. (Issue #199)
-
- * Fixed thread race condition in
- ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204)
-
- * ``ProxyManager`` requests now include non-default port in ``Host: ...``
- header. (Issue #217)
-
- * Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139)
-
- * New ``RequestField`` object can be passed to the ``fields=...`` param which
- can specify headers. (Issue #220)
-
- * Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails.
- (Issue #221)
-
- * Use international headers when posting file names. (Issue #119)
-
- * Improved IPv6 support. (Issue #203)
-
-
- 1.6 (2013-04-25)
- ----------------
-
- * Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156)
-
- * ``ProxyManager`` automatically adds ``Host: ...`` header if not given.
-
- * Improved SSL-related code. ``cert_req`` now optionally takes a string like
- "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23"
- The string values reflect the suffix of the respective constant variable.
- (Issue #130)
-
- * Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly
- closed proxy connections and larger read buffers. (Issue #135)
-
- * Ensure the connection is closed if no data is received, fixes connection leak
- on some platforms. (Issue #133)
-
- * Added SNI support for SSL/TLS connections on Py32+. (Issue #89)
-
- * Tests fixed to be compatible with Py26 again. (Issue #125)
-
- * Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant
- to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109)
-
- * Allow an explicit content type to be specified when encoding file fields.
- (Issue #126)
-
- * Exceptions are now pickleable, with tests. (Issue #101)
-
- * Fixed default headers not getting passed in some cases. (Issue #99)
-
- * Treat "content-encoding" header value as case-insensitive, per RFC 2616
- Section 3.5. (Issue #110)
-
- * "Connection Refused" SocketErrors will get retried rather than raised.
- (Issue #92)
-
- * Updated vendored ``six``, no longer overrides the global ``six`` module
- namespace. (Issue #113)
-
- * ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding
- the exception that prompted the final retry. If ``reason is None`` then it
- was due to a redirect. (Issue #92, #114)
-
- * Fixed ``PoolManager.urlopen()`` from not redirecting more than once.
- (Issue #149)
-
- * Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters
- that are not files. (Issue #111)
-
- * Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122)
-
- * Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or
- against an arbitrary hostname (when connecting by IP or for misconfigured
- servers). (Issue #140)
-
- * Streaming decompression support. (Issue #159)
-
-
- 1.5 (2012-08-02)
- ----------------
-
- * Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug
- logging in urllib3.
-
- * Native full URL parsing (including auth, path, query, fragment) available in
- ``urllib3.util.parse_url(url)``.
-
- * Built-in redirect will switch method to 'GET' if status code is 303.
- (Issue #11)
-
- * ``urllib3.PoolManager`` strips the scheme and host before sending the request
- uri. (Issue #8)
-
- * New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding,
- based on the Content-Type header, fails.
-
- * Fixed bug with pool depletion and leaking connections (Issue #76). Added
- explicit connection closing on pool eviction. Added
- ``urllib3.PoolManager.clear()``.
-
- * 99% -> 100% unit test coverage.
-
-
- 1.4 (2012-06-16)
- ----------------
-
- * Minor AppEngine-related fixes.
-
- * Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``.
-
- * Improved url parsing. (Issue #73)
-
- * IPv6 url support. (Issue #72)
-
-
- 1.3 (2012-03-25)
- ----------------
-
- * Removed pre-1.0 deprecated API.
-
- * Refactored helpers into a ``urllib3.util`` submodule.
-
- * Fixed multipart encoding to support list-of-tuples for keys with multiple
- values. (Issue #48)
-
- * Fixed multiple Set-Cookie headers in response not getting merged properly in
- Python 3. (Issue #53)
-
- * AppEngine support with Py27. (Issue #61)
-
- * Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs
- bytes.
-
-
- 1.2.2 (2012-02-06)
- ------------------
-
- * Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47)
-
-
- 1.2.1 (2012-02-05)
- ------------------
-
- * Fixed another bug related to when ``ssl`` module is not available. (Issue #41)
-
- * Location parsing errors now raise ``urllib3.exceptions.LocationParseError``
- which inherits from ``ValueError``.
-
-
- 1.2 (2012-01-29)
- ----------------
-
- * Added Python 3 support (tested on 3.2.2)
-
- * Dropped Python 2.5 support (tested on 2.6.7, 2.7.2)
-
- * Use ``select.poll`` instead of ``select.select`` for platforms that support
- it.
-
- * Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive
- connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``.
-
- * Fixed ``ImportError`` during install when ``ssl`` module is not available.
- (Issue #41)
-
- * Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not
- completing properly. (Issue #28, uncovered by Issue #10 in v1.1)
-
- * Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` +
- ``eventlet``. Removed extraneous unsupported dummyserver testing backends.
- Added socket-level tests.
-
- * More tests. Achievement Unlocked: 99% Coverage.
-
-
- 1.1 (2012-01-07)
- ----------------
-
- * Refactored ``dummyserver`` to its own root namespace module (used for
- testing).
-
- * Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in
- Py32's ``ssl_match_hostname``. (Issue #25)
-
- * Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10)
-
- * Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue
- #27)
-
- * Fixed timeout-related bugs. (Issues #17, #23)
-
-
- 1.0.2 (2011-11-04)
- ------------------
-
- * Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if
- you're using the object manually. (Thanks pyos)
-
- * Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by
- wrapping the access log in a mutex. (Thanks @christer)
-
- * Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and
- ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code.
-
-
- 1.0.1 (2011-10-10)
- ------------------
-
- * Fixed a bug where the same connection would get returned into the pool twice,
- causing extraneous "HttpConnectionPool is full" log warnings.
-
-
- 1.0 (2011-10-08)
- ----------------
-
- * Added ``PoolManager`` with LRU expiration of connections (tested and
- documented).
- * Added ``ProxyManager`` (needs tests, docs, and confirmation that it works
- with HTTPS proxies).
- * Added optional partial-read support for responses when
- ``preload_content=False``. You can now make requests and just read the headers
- without loading the content.
- * Made response decoding optional (default on, same as before).
- * Added optional explicit boundary string for ``encode_multipart_formdata``.
- * Convenience request methods are now inherited from ``RequestMethods``. Old
- helpers like ``get_url`` and ``post_url`` should be abandoned in favour of
- the new ``request(method, url, ...)``.
- * Refactored code to be even more decoupled, reusable, and extendable.
- * License header added to ``.py`` files.
- * Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code
- and docs in ``docs/`` and on https://urllib3.readthedocs.io/.
- * Embettered all the things!
- * Started writing this file.
-
-
- 0.4.1 (2011-07-17)
- ------------------
-
- * Minor bug fixes, code cleanup.
-
-
- 0.4 (2011-03-01)
- ----------------
-
- * Better unicode support.
- * Added ``VerifiedHTTPSConnection``.
- * Added ``NTLMConnectionPool`` in contrib.
- * Minor improvements.
-
-
- 0.3.1 (2010-07-13)
- ------------------
-
- * Added ``assert_host_name`` optional parameter. Now compatible with proxies.
-
-
- 0.3 (2009-12-10)
- ----------------
-
- * Added HTTPS support.
- * Minor bug fixes.
- * Refactored, broken backwards compatibility with 0.2.
- * API to be treated as stable from this version forward.
-
-
- 0.2 (2008-11-17)
- ----------------
-
- * Added unit tests.
- * Bug fixes.
-
-
- 0.1 (2008-11-16)
- ----------------
-
- * First release.
-
Keywords: urllib httplib threadsafe filepost http https ssl pooling
Platform: UNKNOWN
Classifier: Environment :: Web Environment
@@ -1355,3 +33,1337 @@
Provides-Extra: brotli
Provides-Extra: secure
Provides-Extra: socks
+License-File: LICENSE.txt
+
+
+urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the
+Python ecosystem already uses urllib3 and you should too.
+urllib3 brings many critical features that are missing from the Python
+standard libraries:
+
+- Thread safety.
+- Connection pooling.
+- Client-side SSL/TLS verification.
+- File uploads with multipart encoding.
+- Helpers for retrying requests and dealing with HTTP redirects.
+- Support for gzip, deflate, and brotli encoding.
+- Proxy support for HTTP and SOCKS.
+- 100% test coverage.
+
+urllib3 is powerful and easy to use:
+
+.. code-block:: python
+
+ >>> import urllib3
+ >>> http = urllib3.PoolManager()
+ >>> r = http.request('GET', 'http://httpbin.org/robots.txt')
+ >>> r.status
+ 200
+ >>> r.data
+ 'User-agent: *\nDisallow: /deny\n'
+
+
+Installing
+----------
+
+urllib3 can be installed with `pip <https://pip.pypa.io>`_::
+
+ $ python -m pip install urllib3
+
+Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_::
+
+ $ git clone git://github.com/urllib3/urllib3.git
+ $ python setup.py install
+
+
+Documentation
+-------------
+
+urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_.
+
+
+Contributing
+------------
+
+urllib3 happily accepts contributions. Please see our
+`contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_
+for some tips on getting started.
+
+
+Security Disclosures
+--------------------
+
+To report a security vulnerability, please use the
+`Tidelift security contact <https://tidelift.com/security>`_.
+Tidelift will coordinate the fix and disclosure with maintainers.
+
+
+Maintainers
+-----------
+
+- `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson)
+- `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet)
+- `@theacodes <https://github.com/theacodes>`__ (Thea Flowers)
+- `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro)
+- `@lukasa <https://github.com/lukasa>`__ (Cory Benfield)
+- `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco)
+- `@shazow <https://github.com/shazow>`__ (Andrey Petrov)
+
+👋
+
+
+Sponsorship
+-----------
+
+If your company benefits from this library, please consider `sponsoring its
+development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_.
+
+
+For Enterprise
+--------------
+
+.. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png
+ :width: 75
+ :alt: Tidelift
+
+.. list-table::
+ :widths: 10 100
+
+ * - |tideliftlogo|
+ - Professional support for urllib3 is available as part of the `Tidelift
+ Subscription`_. Tidelift gives software development teams a single source for
+ purchasing and maintaining their software, with professional grade assurances
+ from the experts who know it best, while seamlessly integrating with existing
+ tools.
+
+.. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme
+
+
+Changes
+=======
+
+1.26.5 (2021-05-26)
+-------------------
+
+* Fixed deprecation warnings emitted in Python 3.10.
+* Updated vendored ``six`` library to 1.16.0.
+* Improved performance of URL parser when splitting
+ the authority component.
+
+
+1.26.4 (2021-03-15)
+-------------------
+
+* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
+ during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
+
+
+1.26.3 (2021-01-26)
+-------------------
+
+* Fixed bytes and string comparison issue with headers (Pull #2141)
+
+* Changed ``ProxySchemeUnknown`` error message to be
+ more actionable if the user supplies a proxy URL without
+ a scheme. (Pull #2107)
+
+
+1.26.2 (2020-11-12)
+-------------------
+
+* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't
+ be imported properly on Python 2.7.8 and earlier (Pull #2052)
+
+
+1.26.1 (2020-11-11)
+-------------------
+
+* Fixed an issue where two ``User-Agent`` headers would be sent if a
+ ``User-Agent`` header key is passed as ``bytes`` (Pull #2047)
+
+
+1.26.0 (2020-11-10)
+-------------------
+
+* **NOTE: urllib3 v2.0 will drop support for Python 2**.
+ `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_.
+
+* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
+
+* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
+ still wish to use TLS earlier than 1.2 without a deprecation warning
+ should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002)
+ **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail**
+
+* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
+ and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
+ ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
+ (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
+
+* Added default ``User-Agent`` header to every request (Pull #1750)
+
+* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
+ and ``Host`` headers from being automatically emitted with requests (Pull #2018)
+
+* Collapse ``transfer-encoding: chunked`` request data and framing into
+ the same ``socket.send()`` call (Pull #1906)
+
+* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894)
+
+* Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
+
+* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
+ to SecureTransport (Pull #1903)
+
+* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
+
+* Suppress ``BrokenPipeError`` when writing request body after the server
+ has closed the socket (Pull #1524)
+
+* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC")
+ into an ``urllib3.exceptions.SSLError`` (Pull #1939)
+
+
+1.25.11 (2020-10-19)
+--------------------
+
+* Fix retry backoff time parsed from ``Retry-After`` header when given
+ in the HTTP date format. The HTTP date was parsed as the local timezone
+ rather than accounting for the timezone in the HTTP date (typically
+ UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949)
+
+* Fix issue where an error would be raised when the ``SSLKEYLOGFILE``
+ environment variable was set to the empty string. Now ``SSLContext.keylog_file``
+ is not set in this situation (Pull #2016)
+
+
+1.25.10 (2020-07-22)
+--------------------
+
+* Added support for ``SSLKEYLOGFILE`` environment variable for
+ logging TLS session keys with use with programs like
+ Wireshark for decrypting captured web traffic (Pull #1867)
+
+* Fixed loading of SecureTransport libraries on macOS Big Sur
+ due to the new dynamic linker cache (Pull #1905)
+
+* Collapse chunked request bodies data and framing into one
+ call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
+
+* Don't insert ``None`` into ``ConnectionPool`` if the pool
+ was empty when requesting a connection (Pull #1866)
+
+* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
+
+
+1.25.9 (2020-04-16)
+-------------------
+
+* Added ``InvalidProxyConfigurationWarning`` which is raised when
+ erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
+ support connecting to HTTPS proxies but will soon be able to
+ and we would like users to migrate properly without much breakage.
+
+ See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_
+ for more information on how to fix your proxy config. (Pull #1851)
+
+* Drain connection after ``PoolManager`` redirect (Pull #1817)
+
+* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
+
+* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
+
+* Allow the CA certificate data to be passed as a string (Pull #1804)
+
+* Raise ``ValueError`` if method contains control characters (Pull #1800)
+
+* Add ``__repr__`` to ``Timeout`` (Pull #1795)
+
+
+1.25.8 (2020-01-20)
+-------------------
+
+* Drop support for EOL Python 3.4 (Pull #1774)
+
+* Optimize _encode_invalid_chars (Pull #1787)
+
+
+1.25.7 (2019-11-11)
+-------------------
+
+* Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734)
+
+* Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470)
+
+* Fix issue where URL fragment was sent within the request target. (Pull #1732)
+
+* Fix issue where an empty query section in a URL would fail to parse. (Pull #1732)
+
+* Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703)
+
+
+1.25.6 (2019-09-24)
+-------------------
+
+* Fix issue where tilde (``~``) characters were incorrectly
+ percent-encoded in the path. (Pull #1692)
+
+
+1.25.5 (2019-09-19)
+-------------------
+
+* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which
+ caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``.
+ (Issue #1682)
+
+
+1.25.4 (2019-09-19)
+-------------------
+
+* Propagate Retry-After header settings to subsequent retries. (Pull #1607)
+
+* Fix edge case where Retry-After header was still respected even when
+ explicitly opted out of. (Pull #1607)
+
+* Remove dependency on ``rfc3986`` for URL parsing.
+
+* Fix issue where URLs containing invalid characters within ``Url.auth`` would
+ raise an exception instead of percent-encoding those characters.
+
+* Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses
+ work well with BufferedReaders and other ``io`` module features. (Pull #1652)
+
+* Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673)
+
+
+1.25.3 (2019-05-23)
+-------------------
+
+* Change ``HTTPSConnection`` to load system CA certificates
+ when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are
+ unspecified. (Pull #1608, Issue #1603)
+
+* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
+
+
+1.25.2 (2019-04-28)
+-------------------
+
+* Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583)
+
+* Change ``parse_url`` to percent-encode invalid characters within the
+ path, query, and target components. (Pull #1586)
+
+
+1.25.1 (2019-04-24)
+-------------------
+
+* Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579)
+
+* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
+
+
+1.25 (2019-04-22)
+-----------------
+
+* Require and validate certificates by default when using HTTPS (Pull #1507)
+
+* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487)
+
+* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
+ encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489)
+
+* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
+ implementations. (Pull #1496)
+
+* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492)
+
+* Fixed issue where OpenSSL would block if an encrypted client private key was
+ given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489)
+
+* Added support for Brotli content encoding. It is enabled automatically if
+ ``brotlipy`` package is installed which can be requested with
+ ``urllib3[brotli]`` extra. (Pull #1532)
+
+* Drop ciphers using DSS key exchange from default TLS cipher suites.
+ Improve default ciphers when using SecureTransport. (Pull #1496)
+
+* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483)
+
+1.24.3 (2019-05-01)
+-------------------
+
+* Apply fix for CVE-2019-9740. (Pull #1591)
+
+1.24.2 (2019-04-17)
+-------------------
+
+* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or
+ ``ssl_context`` parameters are specified.
+
+* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
+
+* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
+
+
+1.24.1 (2018-11-02)
+-------------------
+
+* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467)
+
+* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462)
+
+
+1.24 (2018-10-16)
+-----------------
+
+* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
+
+* Test against Python 3.7 on AppVeyor. (Pull #1453)
+
+* Early-out ipv6 checks when running on App Engine. (Pull #1450)
+
+* Change ambiguous description of backoff_factor (Pull #1436)
+
+* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
+
+* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
+
+* Add a server_hostname parameter to HTTPSConnection which allows for
+ overriding the SNI hostname sent in the handshake. (Pull #1397)
+
+* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
+
+* Fixed bug where responses with header Content-Type: message/* erroneously
+ raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
+
+* Move urllib3 to src/urllib3 (Pull #1409)
+
+
+1.23 (2018-06-04)
+-----------------
+
+* Allow providing a list of headers to strip from requests when redirecting
+ to a different host. Defaults to the ``Authorization`` header. Different
+ headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316)
+
+* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247).
+
+* Dropped Python 3.3 support. (Pull #1242)
+
+* Put the connection back in the pool when calling stream() or read_chunked() on
+ a chunked HEAD response. (Issue #1234)
+
+* Fixed pyOpenSSL-specific ssl client authentication issue when clients
+ attempted to auth via certificate + chain (Issue #1060)
+
+* Add the port to the connectionpool connect print (Pull #1251)
+
+* Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380)
+
+* ``read_chunked()`` on a closed response returns no chunks. (Issue #1088)
+
+* Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359)
+
+* Added support for auth info in url for SOCKS proxy (Pull #1363)
+
+
+1.22 (2017-07-20)
+-----------------
+
+* Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via
+ IPv6 proxy. (Issue #1222)
+
+* Made the connection pool retry on ``SSLError``. The original ``SSLError``
+ is available on ``MaxRetryError.reason``. (Issue #1112)
+
+* Drain and release connection before recursing on retry/redirect. Fixes
+ deadlocks with a blocking connectionpool. (Issue #1167)
+
+* Fixed compatibility for cookiejar. (Issue #1229)
+
+* pyopenssl: Use vendored version of ``six``. (Issue #1231)
+
+
+1.21.1 (2017-05-02)
+-------------------
+
+* Fixed SecureTransport issue that would cause long delays in response body
+ delivery. (Pull #1154)
+
+* Fixed regression in 1.21 that threw exceptions when users passed the
+ ``socket_options`` flag to the ``PoolManager``. (Issue #1165)
+
+* Fixed regression in 1.21 that threw exceptions when users passed the
+ ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``.
+ (Pull #1157)
+
+
+1.21 (2017-04-25)
+-----------------
+
+* Improved performance of certain selector system calls on Python 3.5 and
+ later. (Pull #1095)
+
+* Resolved issue where the PyOpenSSL backend would not wrap SysCallError
+ exceptions appropriately when sending data. (Pull #1125)
+
+* Selectors now detects a monkey-patched select module after import for modules
+ that patch the select module like eventlet, greenlet. (Pull #1128)
+
+* Reduced memory consumption when streaming zlib-compressed responses
+ (as opposed to raw deflate streams). (Pull #1129)
+
+* Connection pools now use the entire request context when constructing the
+ pool key. (Pull #1016)
+
+* ``PoolManager.connection_from_*`` methods now accept a new keyword argument,
+ ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``.
+ (Pull #1016)
+
+* Add retry counter for ``status_forcelist``. (Issue #1147)
+
+* Added ``contrib`` module for using SecureTransport on macOS:
+ ``urllib3.contrib.securetransport``. (Pull #1122)
+
+* urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes:
+ for schemes it does not recognise, it assumes they are case-sensitive and
+ leaves them unchanged.
+ (Issue #1080)
+
+
+1.20 (2017-01-19)
+-----------------
+
+* Added support for waiting for I/O using selectors other than select,
+ improving urllib3's behaviour with large numbers of concurrent connections.
+ (Pull #1001)
+
+* Updated the date for the system clock check. (Issue #1005)
+
+* ConnectionPools now correctly consider hostnames to be case-insensitive.
+ (Issue #1032)
+
+* Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module
+ to fail when it is injected, rather than at first use. (Pull #1063)
+
+* Outdated versions of cryptography now cause the PyOpenSSL contrib module
+ to fail when it is injected, rather than at first use. (Issue #1044)
+
+* Automatically attempt to rewind a file-like body object when a request is
+ retried or redirected. (Pull #1039)
+
+* Fix some bugs that occur when modules incautiously patch the queue module.
+ (Pull #1061)
+
+* Prevent retries from occurring on read timeouts for which the request method
+ was not in the method whitelist. (Issue #1059)
+
+* Changed the PyOpenSSL contrib module to lazily load idna to avoid
+ unnecessarily bloating the memory of programs that don't need it. (Pull
+ #1076)
+
+* Add support for IPv6 literals with zone identifiers. (Pull #1013)
+
+* Added support for socks5h:// and socks4a:// schemes when working with SOCKS
+ proxies, and controlled remote DNS appropriately. (Issue #1035)
+
+
+1.19.1 (2016-11-16)
+-------------------
+
+* Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025)
+
+
+1.19 (2016-11-03)
+-----------------
+
+* urllib3 now respects Retry-After headers on 413, 429, and 503 responses when
+ using the default retry logic. (Pull #955)
+
+* Remove markers from setup.py to assist ancient setuptools versions. (Issue
+ #986)
+
+* Disallow superscripts and other integerish things in URL ports. (Issue #989)
+
+* Allow urllib3's HTTPResponse.stream() method to continue to work with
+ non-httplib underlying FPs. (Pull #990)
+
+* Empty filenames in multipart headers are now emitted as such, rather than
+ being suppressed. (Issue #1015)
+
+* Prefer user-supplied Host headers on chunked uploads. (Issue #1009)
+
+
+1.18.1 (2016-10-27)
+-------------------
+
+* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with
+ PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This
+ release fixes a vulnerability whereby urllib3 in the above configuration
+ would silently fail to validate TLS certificates due to erroneously setting
+ invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous
+ flags do not cause a problem in OpenSSL versions before 1.1.0, which
+ interprets the presence of any flag as requesting certificate validation.
+
+ There is no PR for this patch, as it was prepared for simultaneous disclosure
+ and release. The master branch received the same fix in Pull #1010.
+
+
+1.18 (2016-09-26)
+-----------------
+
+* Fixed incorrect message for IncompleteRead exception. (Pull #973)
+
+* Accept ``iPAddress`` subject alternative name fields in TLS certificates.
+ (Issue #258)
+
+* Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3.
+ (Issue #977)
+
+* Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979)
+
+
+1.17 (2016-09-06)
+-----------------
+
+* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835)
+
+* ConnectionPool debug log now includes scheme, host, and port. (Issue #897)
+
+* Substantially refactored documentation. (Issue #887)
+
+* Used URLFetch default timeout on AppEngine, rather than hardcoding our own.
+ (Issue #858)
+
+* Normalize the scheme and host in the URL parser (Issue #833)
+
+* ``HTTPResponse`` contains the last ``Retry`` object, which now also
+ contains retries history. (Issue #848)
+
+* Timeout can no longer be set as boolean, and must be greater than zero.
+ (Pull #924)
+
+* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We
+ now use cryptography and idna, both of which are already dependencies of
+ PyOpenSSL. (Pull #930)
+
+* Fixed infinite loop in ``stream`` when amt=None. (Issue #928)
+
+* Try to use the operating system's certificates when we are using an
+ ``SSLContext``. (Pull #941)
+
+* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to
+ ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947)
+
+* Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958)
+
+* Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958)
+
+* Implemented ``length_remaining`` to determine remaining content
+ to be read. (Pull #949)
+
+* Implemented ``enforce_content_length`` to enable exceptions when
+ incomplete data chunks are received. (Pull #949)
+
+* Dropped connection start, dropped connection reset, redirect, forced retry,
+ and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967)
+
+
+1.16 (2016-06-11)
+-----------------
+
+* Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840)
+
+* Provide ``key_fn_by_scheme`` pool keying mechanism that can be
+ overridden. (Issue #830)
+
+* Normalize scheme and host to lowercase for pool keys, and include
+ ``source_address``. (Issue #830)
+
+* Cleaner exception chain in Python 3 for ``_make_request``.
+ (Issue #861)
+
+* Fixed installing ``urllib3[socks]`` extra. (Issue #864)
+
+* Fixed signature of ``ConnectionPool.close`` so it can actually safely be
+ called by subclasses. (Issue #873)
+
+* Retain ``release_conn`` state across retries. (Issues #651, #866)
+
+* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to
+ ``HTTPResponse`` but can be replaced with a subclass. (Issue #879)
+
+
+1.15.1 (2016-04-11)
+-------------------
+
+* Fix packaging to include backports module. (Issue #841)
+
+
+1.15 (2016-04-06)
+-----------------
+
+* Added Retry(raise_on_status=False). (Issue #720)
+
+* Always use setuptools, no more distutils fallback. (Issue #785)
+
+* Dropped support for Python 3.2. (Issue #786)
+
+* Chunked transfer encoding when requesting with ``chunked=True``.
+ (Issue #790)
+
+* Fixed regression with IPv6 port parsing. (Issue #801)
+
+* Append SNIMissingWarning messages to allow users to specify it in
+ the PYTHONWARNINGS environment variable. (Issue #816)
+
+* Handle unicode headers in Py2. (Issue #818)
+
+* Log certificate when there is a hostname mismatch. (Issue #820)
+
+* Preserve order of request/response headers. (Issue #821)
+
+
+1.14 (2015-12-29)
+-----------------
+
+* contrib: SOCKS proxy support! (Issue #762)
+
+* Fixed AppEngine handling of transfer-encoding header and bug
+ in Timeout defaults checking. (Issue #763)
+
+
+1.13.1 (2015-12-18)
+-------------------
+
+* Fixed regression in IPv6 + SSL for match_hostname. (Issue #761)
+
+
+1.13 (2015-12-14)
+-----------------
+
+* Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706)
+
+* pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717)
+
+* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
+
+* Close connections more defensively on exception. (Issue #734)
+
+* Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without
+ repeatedly flushing the decoder, to function better on Jython. (Issue #743)
+
+* Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758)
+
+
+1.12 (2015-09-03)
+-----------------
+
+* Rely on ``six`` for importing ``httplib`` to work around
+ conflicts with other Python 3 shims. (Issue #688)
+
+* Add support for directories of certificate authorities, as supported by
+ OpenSSL. (Issue #701)
+
+* New exception: ``NewConnectionError``, raised when we fail to establish
+ a new connection, usually ``ECONNREFUSED`` socket error.
+
+
+1.11 (2015-07-21)
+-----------------
+
+* When ``ca_certs`` is given, ``cert_reqs`` defaults to
+ ``'CERT_REQUIRED'``. (Issue #650)
+
+* ``pip install urllib3[secure]`` will install Certifi and
+ PyOpenSSL as dependencies. (Issue #678)
+
+* Made ``HTTPHeaderDict`` usable as a ``headers`` input value
+ (Issues #632, #679)
+
+* Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_
+ which has an ``AppEngineManager`` for using ``URLFetch`` in a
+ Google AppEngine environment. (Issue #664)
+
+* Dev: Added test suite for AppEngine. (Issue #631)
+
+* Fix performance regression when using PyOpenSSL. (Issue #626)
+
+* Passing incorrect scheme (e.g. ``foo://``) will raise
+ ``ValueError`` instead of ``AssertionError`` (backwards
+ compatible for now, but please migrate). (Issue #640)
+
+* Fix pools not getting replenished when an error occurs during a
+ request using ``release_conn=False``. (Issue #644)
+
+* Fix pool-default headers not applying for url-encoded requests
+ like GET. (Issue #657)
+
+* log.warning in Python 3 when headers are skipped due to parsing
+ errors. (Issue #642)
+
+* Close and discard connections if an error occurs during read.
+ (Issue #660)
+
+* Fix host parsing for IPv6 proxies. (Issue #668)
+
+* Separate warning type SubjectAltNameWarning, now issued once
+ per host. (Issue #671)
+
+* Fix ``httplib.IncompleteRead`` not getting converted to
+ ``ProtocolError`` when using ``HTTPResponse.stream()``
+ (Issue #674)
+
+1.10.4 (2015-05-03)
+-------------------
+
+* Migrate tests to Tornado 4. (Issue #594)
+
+* Append default warning configuration rather than overwrite.
+ (Issue #603)
+
+* Fix streaming decoding regression. (Issue #595)
+
+* Fix chunked requests losing state across keep-alive connections.
+ (Issue #599)
+
+* Fix hanging when chunked HEAD response has no body. (Issue #605)
+
+
+1.10.3 (2015-04-21)
+-------------------
+
+* Emit ``InsecurePlatformWarning`` when SSLContext object is missing.
+ (Issue #558)
+
+* Fix regression of duplicate header keys being discarded.
+ (Issue #563)
+
+* ``Response.stream()`` returns a generator for chunked responses.
+ (Issue #560)
+
+* Set upper-bound timeout when waiting for a socket in PyOpenSSL.
+ (Issue #585)
+
+* Work on platforms without `ssl` module for plain HTTP requests.
+ (Issue #587)
+
+* Stop relying on the stdlib's default cipher list. (Issue #588)
+
+
+1.10.2 (2015-02-25)
+-------------------
+
+* Fix file descriptor leakage on retries. (Issue #548)
+
+* Removed RC4 from default cipher list. (Issue #551)
+
+* Header performance improvements. (Issue #544)
+
+* Fix PoolManager not obeying redirect retry settings. (Issue #553)
+
+
+1.10.1 (2015-02-10)
+-------------------
+
+* Pools can be used as context managers. (Issue #545)
+
+* Don't re-use connections which experienced an SSLError. (Issue #529)
+
+* Don't fail when gzip decoding an empty stream. (Issue #535)
+
+* Add sha256 support for fingerprint verification. (Issue #540)
+
+* Fixed handling of header values containing commas. (Issue #533)
+
+
+1.10 (2014-12-14)
+-----------------
+
+* Disabled SSLv3. (Issue #473)
+
+* Add ``Url.url`` property to return the composed url string. (Issue #394)
+
+* Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412)
+
+* ``MaxRetryError.reason`` will always be an exception, not string.
+ (Issue #481)
+
+* Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
+
+* Py3: Use ``ssl.create_default_context()`` when available. (Issue #473)
+
+* Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request.
+ (Issue #496)
+
+* Emit ``SecurityWarning`` when certificate has no ``subjectAltName``.
+ (Issue #499)
+
+* Close and discard sockets which experienced SSL-related errors.
+ (Issue #501)
+
+* Handle ``body`` param in ``.request(...)``. (Issue #513)
+
+* Respect timeout with HTTPS proxy. (Issue #505)
+
+* PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
+
+
+1.9.1 (2014-09-13)
+------------------
+
+* Apply socket arguments before binding. (Issue #427)
+
+* More careful checks if fp-like object is closed. (Issue #435)
+
+* Fixed packaging issues of some development-related files not
+ getting included. (Issue #440)
+
+* Allow performing *only* fingerprint verification. (Issue #444)
+
+* Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445)
+
+* Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
+
+* Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3.
+ (Issue #443)
+
+
+
+1.9 (2014-07-04)
+----------------
+
+* Shuffled around development-related files. If you're maintaining a distro
+ package of urllib3, you may need to tweak things. (Issue #415)
+
+* Unverified HTTPS requests will trigger a warning on the first request. See
+ our new `security documentation
+ <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details.
+ (Issue #426)
+
+* New retry logic and ``urllib3.util.retry.Retry`` configuration object.
+ (Issue #326)
+
+* All raised exceptions should now wrapped in a
+ ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326)
+
+* All errors during a retry-enabled request should be wrapped in
+ ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions
+ which were previously exempt. Underlying error is accessible from the
+ ``.reason`` property. (Issue #326)
+
+* ``urllib3.exceptions.ConnectionError`` renamed to
+ ``urllib3.exceptions.ProtocolError``. (Issue #326)
+
+* Errors during response read (such as IncompleteRead) are now wrapped in
+ ``urllib3.exceptions.ProtocolError``. (Issue #418)
+
+* Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``.
+ (Issue #417)
+
+* Catch read timeouts over SSL connections as
+ ``urllib3.exceptions.ReadTimeoutError``. (Issue #419)
+
+* Apply socket arguments before connecting. (Issue #427)
+
+
+1.8.3 (2014-06-23)
+------------------
+
+* Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
+
+* Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393)
+
+* Wrap ``socket.timeout`` exception with
+ ``urllib3.exceptions.ReadTimeoutError``. (Issue #399)
+
+* Fixed proxy-related bug where connections were being reused incorrectly.
+ (Issues #366, #369)
+
+* Added ``socket_options`` keyword parameter which allows to define
+ ``setsockopt`` configuration of new sockets. (Issue #397)
+
+* Removed ``HTTPConnection.tcp_nodelay`` in favor of
+ ``HTTPConnection.default_socket_options``. (Issue #397)
+
+* Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411)
+
+
+1.8.2 (2014-04-17)
+------------------
+
+* Fix ``urllib3.util`` not being included in the package.
+
+
+1.8.1 (2014-04-17)
+------------------
+
+* Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356)
+
+* Don't install ``dummyserver`` into ``site-packages`` as it's only needed
+ for the test suite. (Issue #362)
+
+* Added support for specifying ``source_address``. (Issue #352)
+
+
+1.8 (2014-03-04)
+----------------
+
+* Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in
+ username, and blank ports like 'hostname:').
+
+* New ``urllib3.connection`` module which contains all the HTTPConnection
+ objects.
+
+* Several ``urllib3.util.Timeout``-related fixes. Also changed constructor
+ signature to a more sensible order. [Backwards incompatible]
+ (Issues #252, #262, #263)
+
+* Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274)
+
+* Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which
+ returns the number of bytes read so far. (Issue #277)
+
+* Support for platforms without threading. (Issue #289)
+
+* Expand default-port comparison in ``HTTPConnectionPool.is_same_host``
+ to allow a pool with no specified port to be considered equal to to an
+ HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305)
+
+* Improved default SSL/TLS settings to avoid vulnerabilities.
+ (Issue #309)
+
+* Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors.
+ (Issue #310)
+
+* Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests
+ will send the entire HTTP request ~200 milliseconds faster; however, some of
+ the resulting TCP packets will be smaller. (Issue #254)
+
+* Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl``
+ from the default 64 to 1024 in a single certificate. (Issue #318)
+
+* Headers are now passed and stored as a custom
+ ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``.
+ (Issue #329, #333)
+
+* Headers no longer lose their case on Python 3. (Issue #236)
+
+* ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA
+ certificates on inject. (Issue #332)
+
+* Requests with ``retries=False`` will immediately raise any exceptions without
+ wrapping them in ``MaxRetryError``. (Issue #348)
+
+* Fixed open socket leak with SSL-related failures. (Issue #344, #348)
+
+
+1.7.1 (2013-09-25)
+------------------
+
+* Added granular timeout support with new ``urllib3.util.Timeout`` class.
+ (Issue #231)
+
+* Fixed Python 3.4 support. (Issue #238)
+
+
+1.7 (2013-08-14)
+----------------
+
+* More exceptions are now pickle-able, with tests. (Issue #174)
+
+* Fixed redirecting with relative URLs in Location header. (Issue #178)
+
+* Support for relative urls in ``Location: ...`` header. (Issue #179)
+
+* ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus
+ file-like functionality. (Issue #187)
+
+* Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will
+ skip hostname verification for SSL connections. (Issue #194)
+
+* New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a
+ generator wrapped around ``.read(...)``. (Issue #198)
+
+* IPv6 url parsing enforces brackets around the hostname. (Issue #199)
+
+* Fixed thread race condition in
+ ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204)
+
+* ``ProxyManager`` requests now include non-default port in ``Host: ...``
+ header. (Issue #217)
+
+* Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139)
+
+* New ``RequestField`` object can be passed to the ``fields=...`` param which
+ can specify headers. (Issue #220)
+
+* Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails.
+ (Issue #221)
+
+* Use international headers when posting file names. (Issue #119)
+
+* Improved IPv6 support. (Issue #203)
+
+
+1.6 (2013-04-25)
+----------------
+
+* Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156)
+
+* ``ProxyManager`` automatically adds ``Host: ...`` header if not given.
+
+* Improved SSL-related code. ``cert_req`` now optionally takes a string like
+ "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23"
+ The string values reflect the suffix of the respective constant variable.
+ (Issue #130)
+
+* Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly
+ closed proxy connections and larger read buffers. (Issue #135)
+
+* Ensure the connection is closed if no data is received, fixes connection leak
+ on some platforms. (Issue #133)
+
+* Added SNI support for SSL/TLS connections on Py32+. (Issue #89)
+
+* Tests fixed to be compatible with Py26 again. (Issue #125)
+
+* Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant
+ to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109)
+
+* Allow an explicit content type to be specified when encoding file fields.
+ (Issue #126)
+
+* Exceptions are now pickleable, with tests. (Issue #101)
+
+* Fixed default headers not getting passed in some cases. (Issue #99)
+
+* Treat "content-encoding" header value as case-insensitive, per RFC 2616
+ Section 3.5. (Issue #110)
+
+* "Connection Refused" SocketErrors will get retried rather than raised.
+ (Issue #92)
+
+* Updated vendored ``six``, no longer overrides the global ``six`` module
+ namespace. (Issue #113)
+
+* ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding
+ the exception that prompted the final retry. If ``reason is None`` then it
+ was due to a redirect. (Issue #92, #114)
+
+* Fixed ``PoolManager.urlopen()`` from not redirecting more than once.
+ (Issue #149)
+
+* Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters
+ that are not files. (Issue #111)
+
+* Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122)
+
+* Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or
+ against an arbitrary hostname (when connecting by IP or for misconfigured
+ servers). (Issue #140)
+
+* Streaming decompression support. (Issue #159)
+
+
+1.5 (2012-08-02)
+----------------
+
+* Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug
+ logging in urllib3.
+
+* Native full URL parsing (including auth, path, query, fragment) available in
+ ``urllib3.util.parse_url(url)``.
+
+* Built-in redirect will switch method to 'GET' if status code is 303.
+ (Issue #11)
+
+* ``urllib3.PoolManager`` strips the scheme and host before sending the request
+ uri. (Issue #8)
+
+* New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding,
+ based on the Content-Type header, fails.
+
+* Fixed bug with pool depletion and leaking connections (Issue #76). Added
+ explicit connection closing on pool eviction. Added
+ ``urllib3.PoolManager.clear()``.
+
+* 99% -> 100% unit test coverage.
+
+
+1.4 (2012-06-16)
+----------------
+
+* Minor AppEngine-related fixes.
+
+* Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``.
+
+* Improved url parsing. (Issue #73)
+
+* IPv6 url support. (Issue #72)
+
+
+1.3 (2012-03-25)
+----------------
+
+* Removed pre-1.0 deprecated API.
+
+* Refactored helpers into a ``urllib3.util`` submodule.
+
+* Fixed multipart encoding to support list-of-tuples for keys with multiple
+ values. (Issue #48)
+
+* Fixed multiple Set-Cookie headers in response not getting merged properly in
+ Python 3. (Issue #53)
+
+* AppEngine support with Py27. (Issue #61)
+
+* Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs
+ bytes.
+
+
+1.2.2 (2012-02-06)
+------------------
+
+* Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47)
+
+
+1.2.1 (2012-02-05)
+------------------
+
+* Fixed another bug related to when ``ssl`` module is not available. (Issue #41)
+
+* Location parsing errors now raise ``urllib3.exceptions.LocationParseError``
+ which inherits from ``ValueError``.
+
+
+1.2 (2012-01-29)
+----------------
+
+* Added Python 3 support (tested on 3.2.2)
+
+* Dropped Python 2.5 support (tested on 2.6.7, 2.7.2)
+
+* Use ``select.poll`` instead of ``select.select`` for platforms that support
+ it.
+
+* Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive
+ connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``.
+
+* Fixed ``ImportError`` during install when ``ssl`` module is not available.
+ (Issue #41)
+
+* Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not
+ completing properly. (Issue #28, uncovered by Issue #10 in v1.1)
+
+* Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` +
+ ``eventlet``. Removed extraneous unsupported dummyserver testing backends.
+ Added socket-level tests.
+
+* More tests. Achievement Unlocked: 99% Coverage.
+
+
+1.1 (2012-01-07)
+----------------
+
+* Refactored ``dummyserver`` to its own root namespace module (used for
+ testing).
+
+* Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in
+ Py32's ``ssl_match_hostname``. (Issue #25)
+
+* Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10)
+
+* Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue
+ #27)
+
+* Fixed timeout-related bugs. (Issues #17, #23)
+
+
+1.0.2 (2011-11-04)
+------------------
+
+* Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if
+ you're using the object manually. (Thanks pyos)
+
+* Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by
+ wrapping the access log in a mutex. (Thanks @christer)
+
+* Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and
+ ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code.
+
+
+1.0.1 (2011-10-10)
+------------------
+
+* Fixed a bug where the same connection would get returned into the pool twice,
+ causing extraneous "HttpConnectionPool is full" log warnings.
+
+
+1.0 (2011-10-08)
+----------------
+
+* Added ``PoolManager`` with LRU expiration of connections (tested and
+ documented).
+* Added ``ProxyManager`` (needs tests, docs, and confirmation that it works
+ with HTTPS proxies).
+* Added optional partial-read support for responses when
+ ``preload_content=False``. You can now make requests and just read the headers
+ without loading the content.
+* Made response decoding optional (default on, same as before).
+* Added optional explicit boundary string for ``encode_multipart_formdata``.
+* Convenience request methods are now inherited from ``RequestMethods``. Old
+ helpers like ``get_url`` and ``post_url`` should be abandoned in favour of
+ the new ``request(method, url, ...)``.
+* Refactored code to be even more decoupled, reusable, and extendable.
+* License header added to ``.py`` files.
+* Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code
+ and docs in ``docs/`` and on https://urllib3.readthedocs.io/.
+* Embettered all the things!
+* Started writing this file.
+
+
+0.4.1 (2011-07-17)
+------------------
+
+* Minor bug fixes, code cleanup.
+
+
+0.4 (2011-03-01)
+----------------
+
+* Better unicode support.
+* Added ``VerifiedHTTPSConnection``.
+* Added ``NTLMConnectionPool`` in contrib.
+* Minor improvements.
+
+
+0.3.1 (2010-07-13)
+------------------
+
+* Added ``assert_host_name`` optional parameter. Now compatible with proxies.
+
+
+0.3 (2009-12-10)
+----------------
+
+* Added HTTPS support.
+* Minor bug fixes.
+* Refactored, broken backwards compatibility with 0.2.
+* API to be treated as stable from this version forward.
+
+
+0.2 (2008-11-17)
+----------------
+
+* Added unit tests.
+* Bug fixes.
+
+
+0.1 (2008-11-16)
+----------------
+
+* First release.
+
+
diff -Nru python-urllib3-1.26.4/src/urllib3/connectionpool.py python-urllib3-1.26.5/src/urllib3/connectionpool.py
--- python-urllib3-1.26.4/src/urllib3/connectionpool.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/connectionpool.py 2021-05-26 19:01:29.000000000 +0200
@@ -318,7 +318,7 @@
pass
def _get_timeout(self, timeout):
- """ Helper that always returns a :class:`urllib3.util.Timeout` """
+ """Helper that always returns a :class:`urllib3.util.Timeout`"""
if timeout is _Default:
return self.timeout.clone()
diff -Nru python-urllib3-1.26.4/src/urllib3/connection.py python-urllib3-1.26.5/src/urllib3/connection.py
--- python-urllib3-1.26.4/src/urllib3/connection.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/connection.py 2021-05-26 19:01:29.000000000 +0200
@@ -201,7 +201,7 @@
self._prepare_conn(conn)
def putrequest(self, method, url, *args, **kwargs):
- """"""
+ """ """
# Empty docstring because the indentation of CPython's implementation
# is broken but we don't want this method in our documentation.
match = _CONTAINS_CONTROL_CHAR_RE.search(method)
@@ -214,7 +214,7 @@
return _HTTPConnection.putrequest(self, method, url, *args, **kwargs)
def putheader(self, header, *values):
- """"""
+ """ """
if not any(isinstance(v, str) and v == SKIP_HEADER for v in values):
_HTTPConnection.putheader(self, header, *values)
elif six.ensure_str(header.lower()) not in SKIPPABLE_HEADERS:
diff -Nru python-urllib3-1.26.4/src/urllib3/contrib/pyopenssl.py python-urllib3-1.26.5/src/urllib3/contrib/pyopenssl.py
--- python-urllib3-1.26.4/src/urllib3/contrib/pyopenssl.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/contrib/pyopenssl.py 2021-05-26 19:01:29.000000000 +0200
@@ -76,6 +76,7 @@
from .. import util
from ..packages import six
+from ..util.ssl_ import PROTOCOL_TLS_CLIENT
__all__ = ["inject_into_urllib3", "extract_from_urllib3"]
@@ -85,6 +86,7 @@
# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
util.PROTOCOL_TLS: OpenSSL.SSL.SSLv23_METHOD,
+ PROTOCOL_TLS_CLIENT: OpenSSL.SSL.SSLv23_METHOD,
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
diff -Nru python-urllib3-1.26.4/src/urllib3/contrib/securetransport.py python-urllib3-1.26.5/src/urllib3/contrib/securetransport.py
--- python-urllib3-1.26.4/src/urllib3/contrib/securetransport.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/contrib/securetransport.py 2021-05-26 19:01:29.000000000 +0200
@@ -67,6 +67,7 @@
import six
from .. import util
+from ..util.ssl_ import PROTOCOL_TLS_CLIENT
from ._securetransport.bindings import CoreFoundation, Security, SecurityConst
from ._securetransport.low_level import (
_assert_no_error,
@@ -154,7 +155,8 @@
# TLSv1 and a high of TLSv1.2. For everything else, we pin to that version.
# TLSv1 to 1.2 are supported on macOS 10.8+
_protocol_to_min_max = {
- util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12)
+ util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12),
+ PROTOCOL_TLS_CLIENT: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12),
}
if hasattr(ssl, "PROTOCOL_SSLv2"):
diff -Nru python-urllib3-1.26.4/src/urllib3/packages/six.py python-urllib3-1.26.5/src/urllib3/packages/six.py
--- python-urllib3-1.26.4/src/urllib3/packages/six.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/packages/six.py 2021-05-26 19:01:29.000000000 +0200
@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2019 Benjamin Peterson
+# Copyright (c) 2010-2020 Benjamin Peterson
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
import types
__author__ = "Benjamin Peterson <benjamin@python.org>"
-__version__ = "1.12.0"
+__version__ = "1.16.0"
# Useful for very coarse version differentiation.
@@ -71,6 +71,11 @@
MAXSIZE = int((1 << 63) - 1)
del X
+if PY34:
+ from importlib.util import spec_from_loader
+else:
+ spec_from_loader = None
+
def _add_doc(func, doc):
"""Add documentation to a function."""
@@ -182,6 +187,11 @@
return self
return None
+ def find_spec(self, fullname, path, target=None):
+ if fullname in self.known_modules:
+ return spec_from_loader(fullname, self)
+ return None
+
def __get_module(self, fullname):
try:
return self.known_modules[fullname]
@@ -220,6 +230,12 @@
get_source = get_code # same as get_code
+ def create_module(self, spec):
+ return self.load_module(spec.name)
+
+ def exec_module(self, module):
+ pass
+
_importer = _SixMetaPathImporter(__name__)
@@ -260,9 +276,19 @@
),
MovedModule("builtins", "__builtin__"),
MovedModule("configparser", "ConfigParser"),
+ MovedModule(
+ "collections_abc",
+ "collections",
+ "collections.abc" if sys.version_info >= (3, 3) else "collections",
+ ),
MovedModule("copyreg", "copy_reg"),
MovedModule("dbm_gnu", "gdbm", "dbm.gnu"),
- MovedModule("_dummy_thread", "dummy_thread", "_dummy_thread"),
+ MovedModule("dbm_ndbm", "dbm", "dbm.ndbm"),
+ MovedModule(
+ "_dummy_thread",
+ "dummy_thread",
+ "_dummy_thread" if sys.version_info < (3, 9) else "_thread",
+ ),
MovedModule("http_cookiejar", "cookielib", "http.cookiejar"),
MovedModule("http_cookies", "Cookie", "http.cookies"),
MovedModule("html_entities", "htmlentitydefs", "html.entities"),
@@ -307,7 +333,9 @@
]
# Add windows specific modules.
if sys.platform == "win32":
- _moved_attributes += [MovedModule("winreg", "_winreg")]
+ _moved_attributes += [
+ MovedModule("winreg", "_winreg"),
+ ]
for attr in _moved_attributes:
setattr(_MovedItems, attr.name, attr)
@@ -476,7 +504,7 @@
_urllib_robotparser_moved_attributes = [
- MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser")
+ MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser"),
]
for attr in _urllib_robotparser_moved_attributes:
setattr(Module_six_moves_urllib_robotparser, attr.name, attr)
@@ -678,9 +706,11 @@
if sys.version_info[1] <= 1:
_assertRaisesRegex = "assertRaisesRegexp"
_assertRegex = "assertRegexpMatches"
+ _assertNotRegex = "assertNotRegexpMatches"
else:
_assertRaisesRegex = "assertRaisesRegex"
_assertRegex = "assertRegex"
+ _assertNotRegex = "assertNotRegex"
else:
def b(s):
@@ -707,6 +737,7 @@
_assertCountEqual = "assertItemsEqual"
_assertRaisesRegex = "assertRaisesRegexp"
_assertRegex = "assertRegexpMatches"
+ _assertNotRegex = "assertNotRegexpMatches"
_add_doc(b, """Byte literal""")
_add_doc(u, """Text literal""")
@@ -723,6 +754,10 @@
return getattr(self, _assertRegex)(*args, **kwargs)
+def assertNotRegex(self, *args, **kwargs):
+ return getattr(self, _assertNotRegex)(*args, **kwargs)
+
+
if PY3:
exec_ = getattr(moves.builtins, "exec")
@@ -762,18 +797,7 @@
)
-if sys.version_info[:2] == (3, 2):
- exec_(
- """def raise_from(value, from_value):
- try:
- if from_value is None:
- raise value
- raise value from from_value
- finally:
- value = None
-"""
- )
-elif sys.version_info[:2] > (3, 2):
+if sys.version_info[:2] > (3,):
exec_(
"""def raise_from(value, from_value):
try:
@@ -863,19 +887,41 @@
_add_doc(reraise, """Reraise an exception.""")
if sys.version_info[0:2] < (3, 4):
+ # This does exactly the same what the :func:`py3:functools.update_wrapper`
+ # function does on Python versions after 3.2. It sets the ``__wrapped__``
+ # attribute on ``wrapper`` object and it doesn't raise an error if any of
+ # the attributes mentioned in ``assigned`` and ``updated`` are missing on
+ # ``wrapped`` object.
+ def _update_wrapper(
+ wrapper,
+ wrapped,
+ assigned=functools.WRAPPER_ASSIGNMENTS,
+ updated=functools.WRAPPER_UPDATES,
+ ):
+ for attr in assigned:
+ try:
+ value = getattr(wrapped, attr)
+ except AttributeError:
+ continue
+ else:
+ setattr(wrapper, attr, value)
+ for attr in updated:
+ getattr(wrapper, attr).update(getattr(wrapped, attr, {}))
+ wrapper.__wrapped__ = wrapped
+ return wrapper
+
+ _update_wrapper.__doc__ = functools.update_wrapper.__doc__
def wraps(
wrapped,
assigned=functools.WRAPPER_ASSIGNMENTS,
updated=functools.WRAPPER_UPDATES,
):
- def wrapper(f):
- f = functools.wraps(wrapped, assigned, updated)(f)
- f.__wrapped__ = wrapped
- return f
-
- return wrapper
+ return functools.partial(
+ _update_wrapper, wrapped=wrapped, assigned=assigned, updated=updated
+ )
+ wraps.__doc__ = functools.wraps.__doc__
else:
wraps = functools.wraps
@@ -888,7 +934,15 @@
# the actual metaclass.
class metaclass(type):
def __new__(cls, name, this_bases, d):
- return meta(name, bases, d)
+ if sys.version_info[:2] >= (3, 7):
+ # This version introduced PEP 560 that requires a bit
+ # of extra care (we mimic what is done by __build_class__).
+ resolved_bases = types.resolve_bases(bases)
+ if resolved_bases is not bases:
+ d["__orig_bases__"] = bases
+ else:
+ resolved_bases = bases
+ return meta(name, resolved_bases, d)
@classmethod
def __prepare__(cls, name, this_bases):
@@ -928,12 +982,11 @@
- `str` -> encoded to `bytes`
- `bytes` -> `bytes`
"""
+ if isinstance(s, binary_type):
+ return s
if isinstance(s, text_type):
return s.encode(encoding, errors)
- elif isinstance(s, binary_type):
- return s
- else:
- raise TypeError("not expecting type '%s'" % type(s))
+ raise TypeError("not expecting type '%s'" % type(s))
def ensure_str(s, encoding="utf-8", errors="strict"):
@@ -947,12 +1000,15 @@
- `str` -> `str`
- `bytes` -> decoded to `str`
"""
- if not isinstance(s, (text_type, binary_type)):
- raise TypeError("not expecting type '%s'" % type(s))
+ # Optimization: Fast return for the common case.
+ if type(s) is str:
+ return s
if PY2 and isinstance(s, text_type):
- s = s.encode(encoding, errors)
+ return s.encode(encoding, errors)
elif PY3 and isinstance(s, binary_type):
- s = s.decode(encoding, errors)
+ return s.decode(encoding, errors)
+ elif not isinstance(s, (text_type, binary_type)):
+ raise TypeError("not expecting type '%s'" % type(s))
return s
@@ -977,7 +1033,7 @@
def python_2_unicode_compatible(klass):
"""
- A decorator that defines __unicode__ and __str__ methods under Python 2.
+ A class decorator that defines __unicode__ and __str__ methods under Python 2.
Under Python 3 it does nothing.
To support Python 2 and 3 with a single code base, define a __str__ method
diff -Nru python-urllib3-1.26.4/src/urllib3/packages/ssl_match_hostname/__init__.py python-urllib3-1.26.5/src/urllib3/packages/ssl_match_hostname/__init__.py
--- python-urllib3-1.26.4/src/urllib3/packages/ssl_match_hostname/__init__.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/packages/ssl_match_hostname/__init__.py 2021-05-26 19:01:29.000000000 +0200
@@ -1,9 +1,11 @@
import sys
try:
- # Our match_hostname function is the same as 3.5's, so we only want to
+ # Our match_hostname function is the same as 3.10's, so we only want to
# import the match_hostname function if it's at least that good.
- if sys.version_info < (3, 5):
+ # We also fallback on Python 3.10+ because our code doesn't emit
+ # deprecation warnings and is the same as Python 3.10 otherwise.
+ if sys.version_info < (3, 5) or sys.version_info >= (3, 10):
raise ImportError("Fallback to vendored code")
from ssl import CertificateError, match_hostname
diff -Nru python-urllib3-1.26.4/src/urllib3/util/connection.py python-urllib3-1.26.5/src/urllib3/util/connection.py
--- python-urllib3-1.26.4/src/urllib3/util/connection.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/util/connection.py 2021-05-26 19:01:29.000000000 +0200
@@ -118,7 +118,7 @@
def _has_ipv6(host):
- """ Returns True if the system can bind an IPv6 address. """
+ """Returns True if the system can bind an IPv6 address."""
sock = None
has_ipv6 = False
diff -Nru python-urllib3-1.26.4/src/urllib3/util/retry.py python-urllib3-1.26.5/src/urllib3/util/retry.py
--- python-urllib3-1.26.4/src/urllib3/util/retry.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/util/retry.py 2021-05-26 19:01:29.000000000 +0200
@@ -321,7 +321,7 @@
@classmethod
def from_int(cls, retries, redirect=True, default=None):
- """ Backwards-compatibility for the old retries format."""
+ """Backwards-compatibility for the old retries format."""
if retries is None:
retries = default if default is not None else cls.DEFAULT
@@ -374,7 +374,7 @@
return seconds
def get_retry_after(self, response):
- """ Get the value of Retry-After in seconds. """
+ """Get the value of Retry-After in seconds."""
retry_after = response.getheader("Retry-After")
@@ -468,7 +468,7 @@
)
def is_exhausted(self):
- """ Are we out of retries? """
+ """Are we out of retries?"""
retry_counts = (
self.total,
self.connect,
diff -Nru python-urllib3-1.26.4/src/urllib3/util/ssl_.py python-urllib3-1.26.5/src/urllib3/util/ssl_.py
--- python-urllib3-1.26.4/src/urllib3/util/ssl_.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/util/ssl_.py 2021-05-26 19:01:29.000000000 +0200
@@ -71,6 +71,11 @@
except ImportError:
PROTOCOL_SSLv23 = PROTOCOL_TLS = 2
+try:
+ from ssl import PROTOCOL_TLS_CLIENT
+except ImportError:
+ PROTOCOL_TLS_CLIENT = PROTOCOL_TLS
+
try:
from ssl import OP_NO_COMPRESSION, OP_NO_SSLv2, OP_NO_SSLv3
@@ -278,7 +283,11 @@
Constructed SSLContext object with specified options
:rtype: SSLContext
"""
- context = SSLContext(ssl_version or PROTOCOL_TLS)
+ # PROTOCOL_TLS is deprecated in Python 3.10
+ if not ssl_version or ssl_version == PROTOCOL_TLS:
+ ssl_version = PROTOCOL_TLS_CLIENT
+
+ context = SSLContext(ssl_version)
context.set_ciphers(ciphers or DEFAULT_CIPHERS)
@@ -313,13 +322,25 @@
) is not None:
context.post_handshake_auth = True
- context.verify_mode = cert_reqs
- if (
- getattr(context, "check_hostname", None) is not None
- ): # Platform-specific: Python 3.2
- # We do our own verification, including fingerprints and alternative
- # hostnames. So disable it here
- context.check_hostname = False
+ def disable_check_hostname():
+ if (
+ getattr(context, "check_hostname", None) is not None
+ ): # Platform-specific: Python 3.2
+ # We do our own verification, including fingerprints and alternative
+ # hostnames. So disable it here
+ context.check_hostname = False
+
+ # The order of the below lines setting verify_mode and check_hostname
+ # matter due to safe-guards SSLContext has to prevent an SSLContext with
+ # check_hostname=True, verify_mode=NONE/OPTIONAL. This is made even more
+ # complex because we don't know whether PROTOCOL_TLS_CLIENT will be used
+ # or not so we don't know the initial state of the freshly created SSLContext.
+ if cert_reqs == ssl.CERT_REQUIRED:
+ context.verify_mode = cert_reqs
+ disable_check_hostname()
+ else:
+ disable_check_hostname()
+ context.verify_mode = cert_reqs
# Enable logging of TLS session keys via defacto standard environment variable
# 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values.
diff -Nru python-urllib3-1.26.4/src/urllib3/util/ssltransport.py python-urllib3-1.26.5/src/urllib3/util/ssltransport.py
--- python-urllib3-1.26.4/src/urllib3/util/ssltransport.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/util/ssltransport.py 2021-05-26 19:01:29.000000000 +0200
@@ -193,7 +193,7 @@
raise
def _ssl_io_loop(self, func, *args):
- """ Performs an I/O loop between incoming/outgoing and the socket."""
+ """Performs an I/O loop between incoming/outgoing and the socket."""
should_loop = True
ret = None
diff -Nru python-urllib3-1.26.4/src/urllib3/util/url.py python-urllib3-1.26.5/src/urllib3/util/url.py
--- python-urllib3-1.26.4/src/urllib3/util/url.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/util/url.py 2021-05-26 19:01:29.000000000 +0200
@@ -63,12 +63,12 @@
BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$")
ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$")
-SUBAUTHORITY_PAT = (u"^(?:(.*)@)?(%s|%s|%s)(?::([0-9]{0,5}))?$") % (
+_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % (
REG_NAME_PAT,
IPV4_PAT,
IPV6_ADDRZ_PAT,
)
-SUBAUTHORITY_RE = re.compile(SUBAUTHORITY_PAT, re.UNICODE | re.DOTALL)
+_HOST_PORT_RE = re.compile(_HOST_PORT_PAT, re.UNICODE | re.DOTALL)
UNRESERVED_CHARS = set(
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-~"
@@ -365,7 +365,9 @@
scheme = scheme.lower()
if authority:
- auth, host, port = SUBAUTHORITY_RE.match(authority).groups()
+ auth, _, host_port = authority.rpartition("@")
+ auth = auth or None
+ host, port = _HOST_PORT_RE.match(host_port).groups()
if auth and normalize_uri:
auth = _encode_invalid_chars(auth, USERINFO_CHARS)
if port == "":
diff -Nru python-urllib3-1.26.4/src/urllib3/_version.py python-urllib3-1.26.5/src/urllib3/_version.py
--- python-urllib3-1.26.4/src/urllib3/_version.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3/_version.py 2021-05-26 19:01:29.000000000 +0200
@@ -1,2 +1,2 @@
# This file is protected via CODEOWNERS
-__version__ = "1.26.4"
+__version__ = "1.26.5"
diff -Nru python-urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO python-urllib3-1.26.5/src/urllib3.egg-info/PKG-INFO
--- python-urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO 2021-03-15 16:03:54.000000000 +0100
+++ python-urllib3-1.26.5/src/urllib3.egg-info/PKG-INFO 2021-05-26 19:02:03.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: urllib3
-Version: 1.26.4
+Version: 1.26.5
Summary: HTTP library with thread-safe connection pooling, file post, and more.
Home-page: https://urllib3.readthedocs.io/
Author: Andrey Petrov
@@ -9,1328 +9,6 @@
Project-URL: Documentation, https://urllib3.readthedocs.io/
Project-URL: Code, https://github.com/urllib3/urllib3
Project-URL: Issue tracker, https://github.com/urllib3/urllib3/issues
-Description:
- urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the
- Python ecosystem already uses urllib3 and you should too.
- urllib3 brings many critical features that are missing from the Python
- standard libraries:
-
- - Thread safety.
- - Connection pooling.
- - Client-side SSL/TLS verification.
- - File uploads with multipart encoding.
- - Helpers for retrying requests and dealing with HTTP redirects.
- - Support for gzip, deflate, and brotli encoding.
- - Proxy support for HTTP and SOCKS.
- - 100% test coverage.
-
- urllib3 is powerful and easy to use:
-
- .. code-block:: python
-
- >>> import urllib3
- >>> http = urllib3.PoolManager()
- >>> r = http.request('GET', 'http://httpbin.org/robots.txt')
- >>> r.status
- 200
- >>> r.data
- 'User-agent: *\nDisallow: /deny\n'
-
-
- Installing
- ----------
-
- urllib3 can be installed with `pip <https://pip.pypa.io>`_::
-
- $ python -m pip install urllib3
-
- Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_::
-
- $ git clone git://github.com/urllib3/urllib3.git
- $ python setup.py install
-
-
- Documentation
- -------------
-
- urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_.
-
-
- Contributing
- ------------
-
- urllib3 happily accepts contributions. Please see our
- `contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_
- for some tips on getting started.
-
-
- Security Disclosures
- --------------------
-
- To report a security vulnerability, please use the
- `Tidelift security contact <https://tidelift.com/security>`_.
- Tidelift will coordinate the fix and disclosure with maintainers.
-
-
- Maintainers
- -----------
-
- - `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson)
- - `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet)
- - `@theacodes <https://github.com/theacodes>`__ (Thea Flowers)
- - `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro)
- - `@lukasa <https://github.com/lukasa>`__ (Cory Benfield)
- - `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco)
- - `@shazow <https://github.com/shazow>`__ (Andrey Petrov)
-
- 👋
-
-
- Sponsorship
- -----------
-
- If your company benefits from this library, please consider `sponsoring its
- development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_.
-
-
- For Enterprise
- --------------
-
- .. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png
- :width: 75
- :alt: Tidelift
-
- .. list-table::
- :widths: 10 100
-
- * - |tideliftlogo|
- - Professional support for urllib3 is available as part of the `Tidelift
- Subscription`_. Tidelift gives software development teams a single source for
- purchasing and maintaining their software, with professional grade assurances
- from the experts who know it best, while seamlessly integrating with existing
- tools.
-
- .. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme
-
-
- Changes
- =======
-
- 1.26.4 (2021-03-15)
- -------------------
-
- * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
- during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
-
-
- 1.26.3 (2021-01-26)
- -------------------
-
- * Fixed bytes and string comparison issue with headers (Pull #2141)
-
- * Changed ``ProxySchemeUnknown`` error message to be
- more actionable if the user supplies a proxy URL without
- a scheme. (Pull #2107)
-
-
- 1.26.2 (2020-11-12)
- -------------------
-
- * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't
- be imported properly on Python 2.7.8 and earlier (Pull #2052)
-
-
- 1.26.1 (2020-11-11)
- -------------------
-
- * Fixed an issue where two ``User-Agent`` headers would be sent if a
- ``User-Agent`` header key is passed as ``bytes`` (Pull #2047)
-
-
- 1.26.0 (2020-11-10)
- -------------------
-
- * **NOTE: urllib3 v2.0 will drop support for Python 2**.
- `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_.
-
- * Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
-
- * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
- still wish to use TLS earlier than 1.2 without a deprecation warning
- should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002)
- **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail**
-
- * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
- and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
- ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
- (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
-
- * Added default ``User-Agent`` header to every request (Pull #1750)
-
- * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
- and ``Host`` headers from being automatically emitted with requests (Pull #2018)
-
- * Collapse ``transfer-encoding: chunked`` request data and framing into
- the same ``socket.send()`` call (Pull #1906)
-
- * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894)
-
- * Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
-
- * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
- to SecureTransport (Pull #1903)
-
- * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
-
- * Suppress ``BrokenPipeError`` when writing request body after the server
- has closed the socket (Pull #1524)
-
- * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC")
- into an ``urllib3.exceptions.SSLError`` (Pull #1939)
-
-
- 1.25.11 (2020-10-19)
- --------------------
-
- * Fix retry backoff time parsed from ``Retry-After`` header when given
- in the HTTP date format. The HTTP date was parsed as the local timezone
- rather than accounting for the timezone in the HTTP date (typically
- UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949)
-
- * Fix issue where an error would be raised when the ``SSLKEYLOGFILE``
- environment variable was set to the empty string. Now ``SSLContext.keylog_file``
- is not set in this situation (Pull #2016)
-
-
- 1.25.10 (2020-07-22)
- --------------------
-
- * Added support for ``SSLKEYLOGFILE`` environment variable for
- logging TLS session keys with use with programs like
- Wireshark for decrypting captured web traffic (Pull #1867)
-
- * Fixed loading of SecureTransport libraries on macOS Big Sur
- due to the new dynamic linker cache (Pull #1905)
-
- * Collapse chunked request bodies data and framing into one
- call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
-
- * Don't insert ``None`` into ``ConnectionPool`` if the pool
- was empty when requesting a connection (Pull #1866)
-
- * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
-
-
- 1.25.9 (2020-04-16)
- -------------------
-
- * Added ``InvalidProxyConfigurationWarning`` which is raised when
- erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
- support connecting to HTTPS proxies but will soon be able to
- and we would like users to migrate properly without much breakage.
-
- See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_
- for more information on how to fix your proxy config. (Pull #1851)
-
- * Drain connection after ``PoolManager`` redirect (Pull #1817)
-
- * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
-
- * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
-
- * Allow the CA certificate data to be passed as a string (Pull #1804)
-
- * Raise ``ValueError`` if method contains control characters (Pull #1800)
-
- * Add ``__repr__`` to ``Timeout`` (Pull #1795)
-
-
- 1.25.8 (2020-01-20)
- -------------------
-
- * Drop support for EOL Python 3.4 (Pull #1774)
-
- * Optimize _encode_invalid_chars (Pull #1787)
-
-
- 1.25.7 (2019-11-11)
- -------------------
-
- * Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734)
-
- * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470)
-
- * Fix issue where URL fragment was sent within the request target. (Pull #1732)
-
- * Fix issue where an empty query section in a URL would fail to parse. (Pull #1732)
-
- * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703)
-
-
- 1.25.6 (2019-09-24)
- -------------------
-
- * Fix issue where tilde (``~``) characters were incorrectly
- percent-encoded in the path. (Pull #1692)
-
-
- 1.25.5 (2019-09-19)
- -------------------
-
- * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which
- caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``.
- (Issue #1682)
-
-
- 1.25.4 (2019-09-19)
- -------------------
-
- * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
-
- * Fix edge case where Retry-After header was still respected even when
- explicitly opted out of. (Pull #1607)
-
- * Remove dependency on ``rfc3986`` for URL parsing.
-
- * Fix issue where URLs containing invalid characters within ``Url.auth`` would
- raise an exception instead of percent-encoding those characters.
-
- * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses
- work well with BufferedReaders and other ``io`` module features. (Pull #1652)
-
- * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673)
-
-
- 1.25.3 (2019-05-23)
- -------------------
-
- * Change ``HTTPSConnection`` to load system CA certificates
- when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are
- unspecified. (Pull #1608, Issue #1603)
-
- * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
-
-
- 1.25.2 (2019-04-28)
- -------------------
-
- * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583)
-
- * Change ``parse_url`` to percent-encode invalid characters within the
- path, query, and target components. (Pull #1586)
-
-
- 1.25.1 (2019-04-24)
- -------------------
-
- * Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579)
-
- * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
-
-
- 1.25 (2019-04-22)
- -----------------
-
- * Require and validate certificates by default when using HTTPS (Pull #1507)
-
- * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487)
-
- * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
- encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489)
-
- * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
- implementations. (Pull #1496)
-
- * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492)
-
- * Fixed issue where OpenSSL would block if an encrypted client private key was
- given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489)
-
- * Added support for Brotli content encoding. It is enabled automatically if
- ``brotlipy`` package is installed which can be requested with
- ``urllib3[brotli]`` extra. (Pull #1532)
-
- * Drop ciphers using DSS key exchange from default TLS cipher suites.
- Improve default ciphers when using SecureTransport. (Pull #1496)
-
- * Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483)
-
- 1.24.3 (2019-05-01)
- -------------------
-
- * Apply fix for CVE-2019-9740. (Pull #1591)
-
- 1.24.2 (2019-04-17)
- -------------------
-
- * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or
- ``ssl_context`` parameters are specified.
-
- * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
-
- * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
-
-
- 1.24.1 (2018-11-02)
- -------------------
-
- * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467)
-
- * Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462)
-
-
- 1.24 (2018-10-16)
- -----------------
-
- * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
-
- * Test against Python 3.7 on AppVeyor. (Pull #1453)
-
- * Early-out ipv6 checks when running on App Engine. (Pull #1450)
-
- * Change ambiguous description of backoff_factor (Pull #1436)
-
- * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
-
- * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
-
- * Add a server_hostname parameter to HTTPSConnection which allows for
- overriding the SNI hostname sent in the handshake. (Pull #1397)
-
- * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
-
- * Fixed bug where responses with header Content-Type: message/* erroneously
- raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
-
- * Move urllib3 to src/urllib3 (Pull #1409)
-
-
- 1.23 (2018-06-04)
- -----------------
-
- * Allow providing a list of headers to strip from requests when redirecting
- to a different host. Defaults to the ``Authorization`` header. Different
- headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316)
-
- * Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247).
-
- * Dropped Python 3.3 support. (Pull #1242)
-
- * Put the connection back in the pool when calling stream() or read_chunked() on
- a chunked HEAD response. (Issue #1234)
-
- * Fixed pyOpenSSL-specific ssl client authentication issue when clients
- attempted to auth via certificate + chain (Issue #1060)
-
- * Add the port to the connectionpool connect print (Pull #1251)
-
- * Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380)
-
- * ``read_chunked()`` on a closed response returns no chunks. (Issue #1088)
-
- * Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359)
-
- * Added support for auth info in url for SOCKS proxy (Pull #1363)
-
-
- 1.22 (2017-07-20)
- -----------------
-
- * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via
- IPv6 proxy. (Issue #1222)
-
- * Made the connection pool retry on ``SSLError``. The original ``SSLError``
- is available on ``MaxRetryError.reason``. (Issue #1112)
-
- * Drain and release connection before recursing on retry/redirect. Fixes
- deadlocks with a blocking connectionpool. (Issue #1167)
-
- * Fixed compatibility for cookiejar. (Issue #1229)
-
- * pyopenssl: Use vendored version of ``six``. (Issue #1231)
-
-
- 1.21.1 (2017-05-02)
- -------------------
-
- * Fixed SecureTransport issue that would cause long delays in response body
- delivery. (Pull #1154)
-
- * Fixed regression in 1.21 that threw exceptions when users passed the
- ``socket_options`` flag to the ``PoolManager``. (Issue #1165)
-
- * Fixed regression in 1.21 that threw exceptions when users passed the
- ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``.
- (Pull #1157)
-
-
- 1.21 (2017-04-25)
- -----------------
-
- * Improved performance of certain selector system calls on Python 3.5 and
- later. (Pull #1095)
-
- * Resolved issue where the PyOpenSSL backend would not wrap SysCallError
- exceptions appropriately when sending data. (Pull #1125)
-
- * Selectors now detects a monkey-patched select module after import for modules
- that patch the select module like eventlet, greenlet. (Pull #1128)
-
- * Reduced memory consumption when streaming zlib-compressed responses
- (as opposed to raw deflate streams). (Pull #1129)
-
- * Connection pools now use the entire request context when constructing the
- pool key. (Pull #1016)
-
- * ``PoolManager.connection_from_*`` methods now accept a new keyword argument,
- ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``.
- (Pull #1016)
-
- * Add retry counter for ``status_forcelist``. (Issue #1147)
-
- * Added ``contrib`` module for using SecureTransport on macOS:
- ``urllib3.contrib.securetransport``. (Pull #1122)
-
- * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes:
- for schemes it does not recognise, it assumes they are case-sensitive and
- leaves them unchanged.
- (Issue #1080)
-
-
- 1.20 (2017-01-19)
- -----------------
-
- * Added support for waiting for I/O using selectors other than select,
- improving urllib3's behaviour with large numbers of concurrent connections.
- (Pull #1001)
-
- * Updated the date for the system clock check. (Issue #1005)
-
- * ConnectionPools now correctly consider hostnames to be case-insensitive.
- (Issue #1032)
-
- * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module
- to fail when it is injected, rather than at first use. (Pull #1063)
-
- * Outdated versions of cryptography now cause the PyOpenSSL contrib module
- to fail when it is injected, rather than at first use. (Issue #1044)
-
- * Automatically attempt to rewind a file-like body object when a request is
- retried or redirected. (Pull #1039)
-
- * Fix some bugs that occur when modules incautiously patch the queue module.
- (Pull #1061)
-
- * Prevent retries from occurring on read timeouts for which the request method
- was not in the method whitelist. (Issue #1059)
-
- * Changed the PyOpenSSL contrib module to lazily load idna to avoid
- unnecessarily bloating the memory of programs that don't need it. (Pull
- #1076)
-
- * Add support for IPv6 literals with zone identifiers. (Pull #1013)
-
- * Added support for socks5h:// and socks4a:// schemes when working with SOCKS
- proxies, and controlled remote DNS appropriately. (Issue #1035)
-
-
- 1.19.1 (2016-11-16)
- -------------------
-
- * Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025)
-
-
- 1.19 (2016-11-03)
- -----------------
-
- * urllib3 now respects Retry-After headers on 413, 429, and 503 responses when
- using the default retry logic. (Pull #955)
-
- * Remove markers from setup.py to assist ancient setuptools versions. (Issue
- #986)
-
- * Disallow superscripts and other integerish things in URL ports. (Issue #989)
-
- * Allow urllib3's HTTPResponse.stream() method to continue to work with
- non-httplib underlying FPs. (Pull #990)
-
- * Empty filenames in multipart headers are now emitted as such, rather than
- being suppressed. (Issue #1015)
-
- * Prefer user-supplied Host headers on chunked uploads. (Issue #1009)
-
-
- 1.18.1 (2016-10-27)
- -------------------
-
- * CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with
- PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This
- release fixes a vulnerability whereby urllib3 in the above configuration
- would silently fail to validate TLS certificates due to erroneously setting
- invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous
- flags do not cause a problem in OpenSSL versions before 1.1.0, which
- interprets the presence of any flag as requesting certificate validation.
-
- There is no PR for this patch, as it was prepared for simultaneous disclosure
- and release. The master branch received the same fix in Pull #1010.
-
-
- 1.18 (2016-09-26)
- -----------------
-
- * Fixed incorrect message for IncompleteRead exception. (Pull #973)
-
- * Accept ``iPAddress`` subject alternative name fields in TLS certificates.
- (Issue #258)
-
- * Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3.
- (Issue #977)
-
- * Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979)
-
-
- 1.17 (2016-09-06)
- -----------------
-
- * Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835)
-
- * ConnectionPool debug log now includes scheme, host, and port. (Issue #897)
-
- * Substantially refactored documentation. (Issue #887)
-
- * Used URLFetch default timeout on AppEngine, rather than hardcoding our own.
- (Issue #858)
-
- * Normalize the scheme and host in the URL parser (Issue #833)
-
- * ``HTTPResponse`` contains the last ``Retry`` object, which now also
- contains retries history. (Issue #848)
-
- * Timeout can no longer be set as boolean, and must be greater than zero.
- (Pull #924)
-
- * Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We
- now use cryptography and idna, both of which are already dependencies of
- PyOpenSSL. (Pull #930)
-
- * Fixed infinite loop in ``stream`` when amt=None. (Issue #928)
-
- * Try to use the operating system's certificates when we are using an
- ``SSLContext``. (Pull #941)
-
- * Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to
- ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947)
-
- * Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958)
-
- * Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958)
-
- * Implemented ``length_remaining`` to determine remaining content
- to be read. (Pull #949)
-
- * Implemented ``enforce_content_length`` to enable exceptions when
- incomplete data chunks are received. (Pull #949)
-
- * Dropped connection start, dropped connection reset, redirect, forced retry,
- and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967)
-
-
- 1.16 (2016-06-11)
- -----------------
-
- * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840)
-
- * Provide ``key_fn_by_scheme`` pool keying mechanism that can be
- overridden. (Issue #830)
-
- * Normalize scheme and host to lowercase for pool keys, and include
- ``source_address``. (Issue #830)
-
- * Cleaner exception chain in Python 3 for ``_make_request``.
- (Issue #861)
-
- * Fixed installing ``urllib3[socks]`` extra. (Issue #864)
-
- * Fixed signature of ``ConnectionPool.close`` so it can actually safely be
- called by subclasses. (Issue #873)
-
- * Retain ``release_conn`` state across retries. (Issues #651, #866)
-
- * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to
- ``HTTPResponse`` but can be replaced with a subclass. (Issue #879)
-
-
- 1.15.1 (2016-04-11)
- -------------------
-
- * Fix packaging to include backports module. (Issue #841)
-
-
- 1.15 (2016-04-06)
- -----------------
-
- * Added Retry(raise_on_status=False). (Issue #720)
-
- * Always use setuptools, no more distutils fallback. (Issue #785)
-
- * Dropped support for Python 3.2. (Issue #786)
-
- * Chunked transfer encoding when requesting with ``chunked=True``.
- (Issue #790)
-
- * Fixed regression with IPv6 port parsing. (Issue #801)
-
- * Append SNIMissingWarning messages to allow users to specify it in
- the PYTHONWARNINGS environment variable. (Issue #816)
-
- * Handle unicode headers in Py2. (Issue #818)
-
- * Log certificate when there is a hostname mismatch. (Issue #820)
-
- * Preserve order of request/response headers. (Issue #821)
-
-
- 1.14 (2015-12-29)
- -----------------
-
- * contrib: SOCKS proxy support! (Issue #762)
-
- * Fixed AppEngine handling of transfer-encoding header and bug
- in Timeout defaults checking. (Issue #763)
-
-
- 1.13.1 (2015-12-18)
- -------------------
-
- * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761)
-
-
- 1.13 (2015-12-14)
- -----------------
-
- * Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706)
-
- * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717)
-
- * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
-
- * Close connections more defensively on exception. (Issue #734)
-
- * Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without
- repeatedly flushing the decoder, to function better on Jython. (Issue #743)
-
- * Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758)
-
-
- 1.12 (2015-09-03)
- -----------------
-
- * Rely on ``six`` for importing ``httplib`` to work around
- conflicts with other Python 3 shims. (Issue #688)
-
- * Add support for directories of certificate authorities, as supported by
- OpenSSL. (Issue #701)
-
- * New exception: ``NewConnectionError``, raised when we fail to establish
- a new connection, usually ``ECONNREFUSED`` socket error.
-
-
- 1.11 (2015-07-21)
- -----------------
-
- * When ``ca_certs`` is given, ``cert_reqs`` defaults to
- ``'CERT_REQUIRED'``. (Issue #650)
-
- * ``pip install urllib3[secure]`` will install Certifi and
- PyOpenSSL as dependencies. (Issue #678)
-
- * Made ``HTTPHeaderDict`` usable as a ``headers`` input value
- (Issues #632, #679)
-
- * Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_
- which has an ``AppEngineManager`` for using ``URLFetch`` in a
- Google AppEngine environment. (Issue #664)
-
- * Dev: Added test suite for AppEngine. (Issue #631)
-
- * Fix performance regression when using PyOpenSSL. (Issue #626)
-
- * Passing incorrect scheme (e.g. ``foo://``) will raise
- ``ValueError`` instead of ``AssertionError`` (backwards
- compatible for now, but please migrate). (Issue #640)
-
- * Fix pools not getting replenished when an error occurs during a
- request using ``release_conn=False``. (Issue #644)
-
- * Fix pool-default headers not applying for url-encoded requests
- like GET. (Issue #657)
-
- * log.warning in Python 3 when headers are skipped due to parsing
- errors. (Issue #642)
-
- * Close and discard connections if an error occurs during read.
- (Issue #660)
-
- * Fix host parsing for IPv6 proxies. (Issue #668)
-
- * Separate warning type SubjectAltNameWarning, now issued once
- per host. (Issue #671)
-
- * Fix ``httplib.IncompleteRead`` not getting converted to
- ``ProtocolError`` when using ``HTTPResponse.stream()``
- (Issue #674)
-
- 1.10.4 (2015-05-03)
- -------------------
-
- * Migrate tests to Tornado 4. (Issue #594)
-
- * Append default warning configuration rather than overwrite.
- (Issue #603)
-
- * Fix streaming decoding regression. (Issue #595)
-
- * Fix chunked requests losing state across keep-alive connections.
- (Issue #599)
-
- * Fix hanging when chunked HEAD response has no body. (Issue #605)
-
-
- 1.10.3 (2015-04-21)
- -------------------
-
- * Emit ``InsecurePlatformWarning`` when SSLContext object is missing.
- (Issue #558)
-
- * Fix regression of duplicate header keys being discarded.
- (Issue #563)
-
- * ``Response.stream()`` returns a generator for chunked responses.
- (Issue #560)
-
- * Set upper-bound timeout when waiting for a socket in PyOpenSSL.
- (Issue #585)
-
- * Work on platforms without `ssl` module for plain HTTP requests.
- (Issue #587)
-
- * Stop relying on the stdlib's default cipher list. (Issue #588)
-
-
- 1.10.2 (2015-02-25)
- -------------------
-
- * Fix file descriptor leakage on retries. (Issue #548)
-
- * Removed RC4 from default cipher list. (Issue #551)
-
- * Header performance improvements. (Issue #544)
-
- * Fix PoolManager not obeying redirect retry settings. (Issue #553)
-
-
- 1.10.1 (2015-02-10)
- -------------------
-
- * Pools can be used as context managers. (Issue #545)
-
- * Don't re-use connections which experienced an SSLError. (Issue #529)
-
- * Don't fail when gzip decoding an empty stream. (Issue #535)
-
- * Add sha256 support for fingerprint verification. (Issue #540)
-
- * Fixed handling of header values containing commas. (Issue #533)
-
-
- 1.10 (2014-12-14)
- -----------------
-
- * Disabled SSLv3. (Issue #473)
-
- * Add ``Url.url`` property to return the composed url string. (Issue #394)
-
- * Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412)
-
- * ``MaxRetryError.reason`` will always be an exception, not string.
- (Issue #481)
-
- * Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
-
- * Py3: Use ``ssl.create_default_context()`` when available. (Issue #473)
-
- * Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request.
- (Issue #496)
-
- * Emit ``SecurityWarning`` when certificate has no ``subjectAltName``.
- (Issue #499)
-
- * Close and discard sockets which experienced SSL-related errors.
- (Issue #501)
-
- * Handle ``body`` param in ``.request(...)``. (Issue #513)
-
- * Respect timeout with HTTPS proxy. (Issue #505)
-
- * PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
-
-
- 1.9.1 (2014-09-13)
- ------------------
-
- * Apply socket arguments before binding. (Issue #427)
-
- * More careful checks if fp-like object is closed. (Issue #435)
-
- * Fixed packaging issues of some development-related files not
- getting included. (Issue #440)
-
- * Allow performing *only* fingerprint verification. (Issue #444)
-
- * Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445)
-
- * Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
-
- * Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3.
- (Issue #443)
-
-
-
- 1.9 (2014-07-04)
- ----------------
-
- * Shuffled around development-related files. If you're maintaining a distro
- package of urllib3, you may need to tweak things. (Issue #415)
-
- * Unverified HTTPS requests will trigger a warning on the first request. See
- our new `security documentation
- <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details.
- (Issue #426)
-
- * New retry logic and ``urllib3.util.retry.Retry`` configuration object.
- (Issue #326)
-
- * All raised exceptions should now wrapped in a
- ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326)
-
- * All errors during a retry-enabled request should be wrapped in
- ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions
- which were previously exempt. Underlying error is accessible from the
- ``.reason`` property. (Issue #326)
-
- * ``urllib3.exceptions.ConnectionError`` renamed to
- ``urllib3.exceptions.ProtocolError``. (Issue #326)
-
- * Errors during response read (such as IncompleteRead) are now wrapped in
- ``urllib3.exceptions.ProtocolError``. (Issue #418)
-
- * Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``.
- (Issue #417)
-
- * Catch read timeouts over SSL connections as
- ``urllib3.exceptions.ReadTimeoutError``. (Issue #419)
-
- * Apply socket arguments before connecting. (Issue #427)
-
-
- 1.8.3 (2014-06-23)
- ------------------
-
- * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
-
- * Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393)
-
- * Wrap ``socket.timeout`` exception with
- ``urllib3.exceptions.ReadTimeoutError``. (Issue #399)
-
- * Fixed proxy-related bug where connections were being reused incorrectly.
- (Issues #366, #369)
-
- * Added ``socket_options`` keyword parameter which allows to define
- ``setsockopt`` configuration of new sockets. (Issue #397)
-
- * Removed ``HTTPConnection.tcp_nodelay`` in favor of
- ``HTTPConnection.default_socket_options``. (Issue #397)
-
- * Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411)
-
-
- 1.8.2 (2014-04-17)
- ------------------
-
- * Fix ``urllib3.util`` not being included in the package.
-
-
- 1.8.1 (2014-04-17)
- ------------------
-
- * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356)
-
- * Don't install ``dummyserver`` into ``site-packages`` as it's only needed
- for the test suite. (Issue #362)
-
- * Added support for specifying ``source_address``. (Issue #352)
-
-
- 1.8 (2014-03-04)
- ----------------
-
- * Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in
- username, and blank ports like 'hostname:').
-
- * New ``urllib3.connection`` module which contains all the HTTPConnection
- objects.
-
- * Several ``urllib3.util.Timeout``-related fixes. Also changed constructor
- signature to a more sensible order. [Backwards incompatible]
- (Issues #252, #262, #263)
-
- * Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274)
-
- * Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which
- returns the number of bytes read so far. (Issue #277)
-
- * Support for platforms without threading. (Issue #289)
-
- * Expand default-port comparison in ``HTTPConnectionPool.is_same_host``
- to allow a pool with no specified port to be considered equal to to an
- HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305)
-
- * Improved default SSL/TLS settings to avoid vulnerabilities.
- (Issue #309)
-
- * Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors.
- (Issue #310)
-
- * Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests
- will send the entire HTTP request ~200 milliseconds faster; however, some of
- the resulting TCP packets will be smaller. (Issue #254)
-
- * Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl``
- from the default 64 to 1024 in a single certificate. (Issue #318)
-
- * Headers are now passed and stored as a custom
- ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``.
- (Issue #329, #333)
-
- * Headers no longer lose their case on Python 3. (Issue #236)
-
- * ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA
- certificates on inject. (Issue #332)
-
- * Requests with ``retries=False`` will immediately raise any exceptions without
- wrapping them in ``MaxRetryError``. (Issue #348)
-
- * Fixed open socket leak with SSL-related failures. (Issue #344, #348)
-
-
- 1.7.1 (2013-09-25)
- ------------------
-
- * Added granular timeout support with new ``urllib3.util.Timeout`` class.
- (Issue #231)
-
- * Fixed Python 3.4 support. (Issue #238)
-
-
- 1.7 (2013-08-14)
- ----------------
-
- * More exceptions are now pickle-able, with tests. (Issue #174)
-
- * Fixed redirecting with relative URLs in Location header. (Issue #178)
-
- * Support for relative urls in ``Location: ...`` header. (Issue #179)
-
- * ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus
- file-like functionality. (Issue #187)
-
- * Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will
- skip hostname verification for SSL connections. (Issue #194)
-
- * New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a
- generator wrapped around ``.read(...)``. (Issue #198)
-
- * IPv6 url parsing enforces brackets around the hostname. (Issue #199)
-
- * Fixed thread race condition in
- ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204)
-
- * ``ProxyManager`` requests now include non-default port in ``Host: ...``
- header. (Issue #217)
-
- * Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139)
-
- * New ``RequestField`` object can be passed to the ``fields=...`` param which
- can specify headers. (Issue #220)
-
- * Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails.
- (Issue #221)
-
- * Use international headers when posting file names. (Issue #119)
-
- * Improved IPv6 support. (Issue #203)
-
-
- 1.6 (2013-04-25)
- ----------------
-
- * Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156)
-
- * ``ProxyManager`` automatically adds ``Host: ...`` header if not given.
-
- * Improved SSL-related code. ``cert_req`` now optionally takes a string like
- "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23"
- The string values reflect the suffix of the respective constant variable.
- (Issue #130)
-
- * Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly
- closed proxy connections and larger read buffers. (Issue #135)
-
- * Ensure the connection is closed if no data is received, fixes connection leak
- on some platforms. (Issue #133)
-
- * Added SNI support for SSL/TLS connections on Py32+. (Issue #89)
-
- * Tests fixed to be compatible with Py26 again. (Issue #125)
-
- * Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant
- to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109)
-
- * Allow an explicit content type to be specified when encoding file fields.
- (Issue #126)
-
- * Exceptions are now pickleable, with tests. (Issue #101)
-
- * Fixed default headers not getting passed in some cases. (Issue #99)
-
- * Treat "content-encoding" header value as case-insensitive, per RFC 2616
- Section 3.5. (Issue #110)
-
- * "Connection Refused" SocketErrors will get retried rather than raised.
- (Issue #92)
-
- * Updated vendored ``six``, no longer overrides the global ``six`` module
- namespace. (Issue #113)
-
- * ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding
- the exception that prompted the final retry. If ``reason is None`` then it
- was due to a redirect. (Issue #92, #114)
-
- * Fixed ``PoolManager.urlopen()`` from not redirecting more than once.
- (Issue #149)
-
- * Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters
- that are not files. (Issue #111)
-
- * Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122)
-
- * Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or
- against an arbitrary hostname (when connecting by IP or for misconfigured
- servers). (Issue #140)
-
- * Streaming decompression support. (Issue #159)
-
-
- 1.5 (2012-08-02)
- ----------------
-
- * Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug
- logging in urllib3.
-
- * Native full URL parsing (including auth, path, query, fragment) available in
- ``urllib3.util.parse_url(url)``.
-
- * Built-in redirect will switch method to 'GET' if status code is 303.
- (Issue #11)
-
- * ``urllib3.PoolManager`` strips the scheme and host before sending the request
- uri. (Issue #8)
-
- * New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding,
- based on the Content-Type header, fails.
-
- * Fixed bug with pool depletion and leaking connections (Issue #76). Added
- explicit connection closing on pool eviction. Added
- ``urllib3.PoolManager.clear()``.
-
- * 99% -> 100% unit test coverage.
-
-
- 1.4 (2012-06-16)
- ----------------
-
- * Minor AppEngine-related fixes.
-
- * Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``.
-
- * Improved url parsing. (Issue #73)
-
- * IPv6 url support. (Issue #72)
-
-
- 1.3 (2012-03-25)
- ----------------
-
- * Removed pre-1.0 deprecated API.
-
- * Refactored helpers into a ``urllib3.util`` submodule.
-
- * Fixed multipart encoding to support list-of-tuples for keys with multiple
- values. (Issue #48)
-
- * Fixed multiple Set-Cookie headers in response not getting merged properly in
- Python 3. (Issue #53)
-
- * AppEngine support with Py27. (Issue #61)
-
- * Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs
- bytes.
-
-
- 1.2.2 (2012-02-06)
- ------------------
-
- * Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47)
-
-
- 1.2.1 (2012-02-05)
- ------------------
-
- * Fixed another bug related to when ``ssl`` module is not available. (Issue #41)
-
- * Location parsing errors now raise ``urllib3.exceptions.LocationParseError``
- which inherits from ``ValueError``.
-
-
- 1.2 (2012-01-29)
- ----------------
-
- * Added Python 3 support (tested on 3.2.2)
-
- * Dropped Python 2.5 support (tested on 2.6.7, 2.7.2)
-
- * Use ``select.poll`` instead of ``select.select`` for platforms that support
- it.
-
- * Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive
- connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``.
-
- * Fixed ``ImportError`` during install when ``ssl`` module is not available.
- (Issue #41)
-
- * Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not
- completing properly. (Issue #28, uncovered by Issue #10 in v1.1)
-
- * Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` +
- ``eventlet``. Removed extraneous unsupported dummyserver testing backends.
- Added socket-level tests.
-
- * More tests. Achievement Unlocked: 99% Coverage.
-
-
- 1.1 (2012-01-07)
- ----------------
-
- * Refactored ``dummyserver`` to its own root namespace module (used for
- testing).
-
- * Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in
- Py32's ``ssl_match_hostname``. (Issue #25)
-
- * Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10)
-
- * Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue
- #27)
-
- * Fixed timeout-related bugs. (Issues #17, #23)
-
-
- 1.0.2 (2011-11-04)
- ------------------
-
- * Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if
- you're using the object manually. (Thanks pyos)
-
- * Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by
- wrapping the access log in a mutex. (Thanks @christer)
-
- * Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and
- ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code.
-
-
- 1.0.1 (2011-10-10)
- ------------------
-
- * Fixed a bug where the same connection would get returned into the pool twice,
- causing extraneous "HttpConnectionPool is full" log warnings.
-
-
- 1.0 (2011-10-08)
- ----------------
-
- * Added ``PoolManager`` with LRU expiration of connections (tested and
- documented).
- * Added ``ProxyManager`` (needs tests, docs, and confirmation that it works
- with HTTPS proxies).
- * Added optional partial-read support for responses when
- ``preload_content=False``. You can now make requests and just read the headers
- without loading the content.
- * Made response decoding optional (default on, same as before).
- * Added optional explicit boundary string for ``encode_multipart_formdata``.
- * Convenience request methods are now inherited from ``RequestMethods``. Old
- helpers like ``get_url`` and ``post_url`` should be abandoned in favour of
- the new ``request(method, url, ...)``.
- * Refactored code to be even more decoupled, reusable, and extendable.
- * License header added to ``.py`` files.
- * Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code
- and docs in ``docs/`` and on https://urllib3.readthedocs.io/.
- * Embettered all the things!
- * Started writing this file.
-
-
- 0.4.1 (2011-07-17)
- ------------------
-
- * Minor bug fixes, code cleanup.
-
-
- 0.4 (2011-03-01)
- ----------------
-
- * Better unicode support.
- * Added ``VerifiedHTTPSConnection``.
- * Added ``NTLMConnectionPool`` in contrib.
- * Minor improvements.
-
-
- 0.3.1 (2010-07-13)
- ------------------
-
- * Added ``assert_host_name`` optional parameter. Now compatible with proxies.
-
-
- 0.3 (2009-12-10)
- ----------------
-
- * Added HTTPS support.
- * Minor bug fixes.
- * Refactored, broken backwards compatibility with 0.2.
- * API to be treated as stable from this version forward.
-
-
- 0.2 (2008-11-17)
- ----------------
-
- * Added unit tests.
- * Bug fixes.
-
-
- 0.1 (2008-11-16)
- ----------------
-
- * First release.
-
Keywords: urllib httplib threadsafe filepost http https ssl pooling
Platform: UNKNOWN
Classifier: Environment :: Web Environment
@@ -1355,3 +33,1337 @@
Provides-Extra: brotli
Provides-Extra: secure
Provides-Extra: socks
+License-File: LICENSE.txt
+
+
+urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the
+Python ecosystem already uses urllib3 and you should too.
+urllib3 brings many critical features that are missing from the Python
+standard libraries:
+
+- Thread safety.
+- Connection pooling.
+- Client-side SSL/TLS verification.
+- File uploads with multipart encoding.
+- Helpers for retrying requests and dealing with HTTP redirects.
+- Support for gzip, deflate, and brotli encoding.
+- Proxy support for HTTP and SOCKS.
+- 100% test coverage.
+
+urllib3 is powerful and easy to use:
+
+.. code-block:: python
+
+ >>> import urllib3
+ >>> http = urllib3.PoolManager()
+ >>> r = http.request('GET', 'http://httpbin.org/robots.txt')
+ >>> r.status
+ 200
+ >>> r.data
+ 'User-agent: *\nDisallow: /deny\n'
+
+
+Installing
+----------
+
+urllib3 can be installed with `pip <https://pip.pypa.io>`_::
+
+ $ python -m pip install urllib3
+
+Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_::
+
+ $ git clone git://github.com/urllib3/urllib3.git
+ $ python setup.py install
+
+
+Documentation
+-------------
+
+urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_.
+
+
+Contributing
+------------
+
+urllib3 happily accepts contributions. Please see our
+`contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_
+for some tips on getting started.
+
+
+Security Disclosures
+--------------------
+
+To report a security vulnerability, please use the
+`Tidelift security contact <https://tidelift.com/security>`_.
+Tidelift will coordinate the fix and disclosure with maintainers.
+
+
+Maintainers
+-----------
+
+- `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson)
+- `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet)
+- `@theacodes <https://github.com/theacodes>`__ (Thea Flowers)
+- `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro)
+- `@lukasa <https://github.com/lukasa>`__ (Cory Benfield)
+- `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco)
+- `@shazow <https://github.com/shazow>`__ (Andrey Petrov)
+
+👋
+
+
+Sponsorship
+-----------
+
+If your company benefits from this library, please consider `sponsoring its
+development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_.
+
+
+For Enterprise
+--------------
+
+.. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png
+ :width: 75
+ :alt: Tidelift
+
+.. list-table::
+ :widths: 10 100
+
+ * - |tideliftlogo|
+ - Professional support for urllib3 is available as part of the `Tidelift
+ Subscription`_. Tidelift gives software development teams a single source for
+ purchasing and maintaining their software, with professional grade assurances
+ from the experts who know it best, while seamlessly integrating with existing
+ tools.
+
+.. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme
+
+
+Changes
+=======
+
+1.26.5 (2021-05-26)
+-------------------
+
+* Fixed deprecation warnings emitted in Python 3.10.
+* Updated vendored ``six`` library to 1.16.0.
+* Improved performance of URL parser when splitting
+ the authority component.
+
+
+1.26.4 (2021-03-15)
+-------------------
+
+* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
+ during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
+
+
+1.26.3 (2021-01-26)
+-------------------
+
+* Fixed bytes and string comparison issue with headers (Pull #2141)
+
+* Changed ``ProxySchemeUnknown`` error message to be
+ more actionable if the user supplies a proxy URL without
+ a scheme. (Pull #2107)
+
+
+1.26.2 (2020-11-12)
+-------------------
+
+* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't
+ be imported properly on Python 2.7.8 and earlier (Pull #2052)
+
+
+1.26.1 (2020-11-11)
+-------------------
+
+* Fixed an issue where two ``User-Agent`` headers would be sent if a
+ ``User-Agent`` header key is passed as ``bytes`` (Pull #2047)
+
+
+1.26.0 (2020-11-10)
+-------------------
+
+* **NOTE: urllib3 v2.0 will drop support for Python 2**.
+ `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_.
+
+* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
+
+* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
+ still wish to use TLS earlier than 1.2 without a deprecation warning
+ should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002)
+ **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail**
+
+* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
+ and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
+ ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
+ (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
+
+* Added default ``User-Agent`` header to every request (Pull #1750)
+
+* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
+ and ``Host`` headers from being automatically emitted with requests (Pull #2018)
+
+* Collapse ``transfer-encoding: chunked`` request data and framing into
+ the same ``socket.send()`` call (Pull #1906)
+
+* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894)
+
+* Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
+
+* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
+ to SecureTransport (Pull #1903)
+
+* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
+
+* Suppress ``BrokenPipeError`` when writing request body after the server
+ has closed the socket (Pull #1524)
+
+* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC")
+ into an ``urllib3.exceptions.SSLError`` (Pull #1939)
+
+
+1.25.11 (2020-10-19)
+--------------------
+
+* Fix retry backoff time parsed from ``Retry-After`` header when given
+ in the HTTP date format. The HTTP date was parsed as the local timezone
+ rather than accounting for the timezone in the HTTP date (typically
+ UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949)
+
+* Fix issue where an error would be raised when the ``SSLKEYLOGFILE``
+ environment variable was set to the empty string. Now ``SSLContext.keylog_file``
+ is not set in this situation (Pull #2016)
+
+
+1.25.10 (2020-07-22)
+--------------------
+
+* Added support for ``SSLKEYLOGFILE`` environment variable for
+ logging TLS session keys with use with programs like
+ Wireshark for decrypting captured web traffic (Pull #1867)
+
+* Fixed loading of SecureTransport libraries on macOS Big Sur
+ due to the new dynamic linker cache (Pull #1905)
+
+* Collapse chunked request bodies data and framing into one
+ call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
+
+* Don't insert ``None`` into ``ConnectionPool`` if the pool
+ was empty when requesting a connection (Pull #1866)
+
+* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
+
+
+1.25.9 (2020-04-16)
+-------------------
+
+* Added ``InvalidProxyConfigurationWarning`` which is raised when
+ erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
+ support connecting to HTTPS proxies but will soon be able to
+ and we would like users to migrate properly without much breakage.
+
+ See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_
+ for more information on how to fix your proxy config. (Pull #1851)
+
+* Drain connection after ``PoolManager`` redirect (Pull #1817)
+
+* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
+
+* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
+
+* Allow the CA certificate data to be passed as a string (Pull #1804)
+
+* Raise ``ValueError`` if method contains control characters (Pull #1800)
+
+* Add ``__repr__`` to ``Timeout`` (Pull #1795)
+
+
+1.25.8 (2020-01-20)
+-------------------
+
+* Drop support for EOL Python 3.4 (Pull #1774)
+
+* Optimize _encode_invalid_chars (Pull #1787)
+
+
+1.25.7 (2019-11-11)
+-------------------
+
+* Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734)
+
+* Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470)
+
+* Fix issue where URL fragment was sent within the request target. (Pull #1732)
+
+* Fix issue where an empty query section in a URL would fail to parse. (Pull #1732)
+
+* Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703)
+
+
+1.25.6 (2019-09-24)
+-------------------
+
+* Fix issue where tilde (``~``) characters were incorrectly
+ percent-encoded in the path. (Pull #1692)
+
+
+1.25.5 (2019-09-19)
+-------------------
+
+* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which
+ caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``.
+ (Issue #1682)
+
+
+1.25.4 (2019-09-19)
+-------------------
+
+* Propagate Retry-After header settings to subsequent retries. (Pull #1607)
+
+* Fix edge case where Retry-After header was still respected even when
+ explicitly opted out of. (Pull #1607)
+
+* Remove dependency on ``rfc3986`` for URL parsing.
+
+* Fix issue where URLs containing invalid characters within ``Url.auth`` would
+ raise an exception instead of percent-encoding those characters.
+
+* Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses
+ work well with BufferedReaders and other ``io`` module features. (Pull #1652)
+
+* Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673)
+
+
+1.25.3 (2019-05-23)
+-------------------
+
+* Change ``HTTPSConnection`` to load system CA certificates
+ when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are
+ unspecified. (Pull #1608, Issue #1603)
+
+* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
+
+
+1.25.2 (2019-04-28)
+-------------------
+
+* Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583)
+
+* Change ``parse_url`` to percent-encode invalid characters within the
+ path, query, and target components. (Pull #1586)
+
+
+1.25.1 (2019-04-24)
+-------------------
+
+* Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579)
+
+* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
+
+
+1.25 (2019-04-22)
+-----------------
+
+* Require and validate certificates by default when using HTTPS (Pull #1507)
+
+* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487)
+
+* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
+ encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489)
+
+* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
+ implementations. (Pull #1496)
+
+* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492)
+
+* Fixed issue where OpenSSL would block if an encrypted client private key was
+ given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489)
+
+* Added support for Brotli content encoding. It is enabled automatically if
+ ``brotlipy`` package is installed which can be requested with
+ ``urllib3[brotli]`` extra. (Pull #1532)
+
+* Drop ciphers using DSS key exchange from default TLS cipher suites.
+ Improve default ciphers when using SecureTransport. (Pull #1496)
+
+* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483)
+
+1.24.3 (2019-05-01)
+-------------------
+
+* Apply fix for CVE-2019-9740. (Pull #1591)
+
+1.24.2 (2019-04-17)
+-------------------
+
+* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or
+ ``ssl_context`` parameters are specified.
+
+* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
+
+* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
+
+
+1.24.1 (2018-11-02)
+-------------------
+
+* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467)
+
+* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462)
+
+
+1.24 (2018-10-16)
+-----------------
+
+* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
+
+* Test against Python 3.7 on AppVeyor. (Pull #1453)
+
+* Early-out ipv6 checks when running on App Engine. (Pull #1450)
+
+* Change ambiguous description of backoff_factor (Pull #1436)
+
+* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
+
+* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
+
+* Add a server_hostname parameter to HTTPSConnection which allows for
+ overriding the SNI hostname sent in the handshake. (Pull #1397)
+
+* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
+
+* Fixed bug where responses with header Content-Type: message/* erroneously
+ raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
+
+* Move urllib3 to src/urllib3 (Pull #1409)
+
+
+1.23 (2018-06-04)
+-----------------
+
+* Allow providing a list of headers to strip from requests when redirecting
+ to a different host. Defaults to the ``Authorization`` header. Different
+ headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316)
+
+* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247).
+
+* Dropped Python 3.3 support. (Pull #1242)
+
+* Put the connection back in the pool when calling stream() or read_chunked() on
+ a chunked HEAD response. (Issue #1234)
+
+* Fixed pyOpenSSL-specific ssl client authentication issue when clients
+ attempted to auth via certificate + chain (Issue #1060)
+
+* Add the port to the connectionpool connect print (Pull #1251)
+
+* Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380)
+
+* ``read_chunked()`` on a closed response returns no chunks. (Issue #1088)
+
+* Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359)
+
+* Added support for auth info in url for SOCKS proxy (Pull #1363)
+
+
+1.22 (2017-07-20)
+-----------------
+
+* Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via
+ IPv6 proxy. (Issue #1222)
+
+* Made the connection pool retry on ``SSLError``. The original ``SSLError``
+ is available on ``MaxRetryError.reason``. (Issue #1112)
+
+* Drain and release connection before recursing on retry/redirect. Fixes
+ deadlocks with a blocking connectionpool. (Issue #1167)
+
+* Fixed compatibility for cookiejar. (Issue #1229)
+
+* pyopenssl: Use vendored version of ``six``. (Issue #1231)
+
+
+1.21.1 (2017-05-02)
+-------------------
+
+* Fixed SecureTransport issue that would cause long delays in response body
+ delivery. (Pull #1154)
+
+* Fixed regression in 1.21 that threw exceptions when users passed the
+ ``socket_options`` flag to the ``PoolManager``. (Issue #1165)
+
+* Fixed regression in 1.21 that threw exceptions when users passed the
+ ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``.
+ (Pull #1157)
+
+
+1.21 (2017-04-25)
+-----------------
+
+* Improved performance of certain selector system calls on Python 3.5 and
+ later. (Pull #1095)
+
+* Resolved issue where the PyOpenSSL backend would not wrap SysCallError
+ exceptions appropriately when sending data. (Pull #1125)
+
+* Selectors now detects a monkey-patched select module after import for modules
+ that patch the select module like eventlet, greenlet. (Pull #1128)
+
+* Reduced memory consumption when streaming zlib-compressed responses
+ (as opposed to raw deflate streams). (Pull #1129)
+
+* Connection pools now use the entire request context when constructing the
+ pool key. (Pull #1016)
+
+* ``PoolManager.connection_from_*`` methods now accept a new keyword argument,
+ ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``.
+ (Pull #1016)
+
+* Add retry counter for ``status_forcelist``. (Issue #1147)
+
+* Added ``contrib`` module for using SecureTransport on macOS:
+ ``urllib3.contrib.securetransport``. (Pull #1122)
+
+* urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes:
+ for schemes it does not recognise, it assumes they are case-sensitive and
+ leaves them unchanged.
+ (Issue #1080)
+
+
+1.20 (2017-01-19)
+-----------------
+
+* Added support for waiting for I/O using selectors other than select,
+ improving urllib3's behaviour with large numbers of concurrent connections.
+ (Pull #1001)
+
+* Updated the date for the system clock check. (Issue #1005)
+
+* ConnectionPools now correctly consider hostnames to be case-insensitive.
+ (Issue #1032)
+
+* Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module
+ to fail when it is injected, rather than at first use. (Pull #1063)
+
+* Outdated versions of cryptography now cause the PyOpenSSL contrib module
+ to fail when it is injected, rather than at first use. (Issue #1044)
+
+* Automatically attempt to rewind a file-like body object when a request is
+ retried or redirected. (Pull #1039)
+
+* Fix some bugs that occur when modules incautiously patch the queue module.
+ (Pull #1061)
+
+* Prevent retries from occurring on read timeouts for which the request method
+ was not in the method whitelist. (Issue #1059)
+
+* Changed the PyOpenSSL contrib module to lazily load idna to avoid
+ unnecessarily bloating the memory of programs that don't need it. (Pull
+ #1076)
+
+* Add support for IPv6 literals with zone identifiers. (Pull #1013)
+
+* Added support for socks5h:// and socks4a:// schemes when working with SOCKS
+ proxies, and controlled remote DNS appropriately. (Issue #1035)
+
+
+1.19.1 (2016-11-16)
+-------------------
+
+* Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025)
+
+
+1.19 (2016-11-03)
+-----------------
+
+* urllib3 now respects Retry-After headers on 413, 429, and 503 responses when
+ using the default retry logic. (Pull #955)
+
+* Remove markers from setup.py to assist ancient setuptools versions. (Issue
+ #986)
+
+* Disallow superscripts and other integerish things in URL ports. (Issue #989)
+
+* Allow urllib3's HTTPResponse.stream() method to continue to work with
+ non-httplib underlying FPs. (Pull #990)
+
+* Empty filenames in multipart headers are now emitted as such, rather than
+ being suppressed. (Issue #1015)
+
+* Prefer user-supplied Host headers on chunked uploads. (Issue #1009)
+
+
+1.18.1 (2016-10-27)
+-------------------
+
+* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with
+ PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This
+ release fixes a vulnerability whereby urllib3 in the above configuration
+ would silently fail to validate TLS certificates due to erroneously setting
+ invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous
+ flags do not cause a problem in OpenSSL versions before 1.1.0, which
+ interprets the presence of any flag as requesting certificate validation.
+
+ There is no PR for this patch, as it was prepared for simultaneous disclosure
+ and release. The master branch received the same fix in Pull #1010.
+
+
+1.18 (2016-09-26)
+-----------------
+
+* Fixed incorrect message for IncompleteRead exception. (Pull #973)
+
+* Accept ``iPAddress`` subject alternative name fields in TLS certificates.
+ (Issue #258)
+
+* Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3.
+ (Issue #977)
+
+* Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979)
+
+
+1.17 (2016-09-06)
+-----------------
+
+* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835)
+
+* ConnectionPool debug log now includes scheme, host, and port. (Issue #897)
+
+* Substantially refactored documentation. (Issue #887)
+
+* Used URLFetch default timeout on AppEngine, rather than hardcoding our own.
+ (Issue #858)
+
+* Normalize the scheme and host in the URL parser (Issue #833)
+
+* ``HTTPResponse`` contains the last ``Retry`` object, which now also
+ contains retries history. (Issue #848)
+
+* Timeout can no longer be set as boolean, and must be greater than zero.
+ (Pull #924)
+
+* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We
+ now use cryptography and idna, both of which are already dependencies of
+ PyOpenSSL. (Pull #930)
+
+* Fixed infinite loop in ``stream`` when amt=None. (Issue #928)
+
+* Try to use the operating system's certificates when we are using an
+ ``SSLContext``. (Pull #941)
+
+* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to
+ ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947)
+
+* Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958)
+
+* Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958)
+
+* Implemented ``length_remaining`` to determine remaining content
+ to be read. (Pull #949)
+
+* Implemented ``enforce_content_length`` to enable exceptions when
+ incomplete data chunks are received. (Pull #949)
+
+* Dropped connection start, dropped connection reset, redirect, forced retry,
+ and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967)
+
+
+1.16 (2016-06-11)
+-----------------
+
+* Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840)
+
+* Provide ``key_fn_by_scheme`` pool keying mechanism that can be
+ overridden. (Issue #830)
+
+* Normalize scheme and host to lowercase for pool keys, and include
+ ``source_address``. (Issue #830)
+
+* Cleaner exception chain in Python 3 for ``_make_request``.
+ (Issue #861)
+
+* Fixed installing ``urllib3[socks]`` extra. (Issue #864)
+
+* Fixed signature of ``ConnectionPool.close`` so it can actually safely be
+ called by subclasses. (Issue #873)
+
+* Retain ``release_conn`` state across retries. (Issues #651, #866)
+
+* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to
+ ``HTTPResponse`` but can be replaced with a subclass. (Issue #879)
+
+
+1.15.1 (2016-04-11)
+-------------------
+
+* Fix packaging to include backports module. (Issue #841)
+
+
+1.15 (2016-04-06)
+-----------------
+
+* Added Retry(raise_on_status=False). (Issue #720)
+
+* Always use setuptools, no more distutils fallback. (Issue #785)
+
+* Dropped support for Python 3.2. (Issue #786)
+
+* Chunked transfer encoding when requesting with ``chunked=True``.
+ (Issue #790)
+
+* Fixed regression with IPv6 port parsing. (Issue #801)
+
+* Append SNIMissingWarning messages to allow users to specify it in
+ the PYTHONWARNINGS environment variable. (Issue #816)
+
+* Handle unicode headers in Py2. (Issue #818)
+
+* Log certificate when there is a hostname mismatch. (Issue #820)
+
+* Preserve order of request/response headers. (Issue #821)
+
+
+1.14 (2015-12-29)
+-----------------
+
+* contrib: SOCKS proxy support! (Issue #762)
+
+* Fixed AppEngine handling of transfer-encoding header and bug
+ in Timeout defaults checking. (Issue #763)
+
+
+1.13.1 (2015-12-18)
+-------------------
+
+* Fixed regression in IPv6 + SSL for match_hostname. (Issue #761)
+
+
+1.13 (2015-12-14)
+-----------------
+
+* Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706)
+
+* pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717)
+
+* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
+
+* Close connections more defensively on exception. (Issue #734)
+
+* Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without
+ repeatedly flushing the decoder, to function better on Jython. (Issue #743)
+
+* Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758)
+
+
+1.12 (2015-09-03)
+-----------------
+
+* Rely on ``six`` for importing ``httplib`` to work around
+ conflicts with other Python 3 shims. (Issue #688)
+
+* Add support for directories of certificate authorities, as supported by
+ OpenSSL. (Issue #701)
+
+* New exception: ``NewConnectionError``, raised when we fail to establish
+ a new connection, usually ``ECONNREFUSED`` socket error.
+
+
+1.11 (2015-07-21)
+-----------------
+
+* When ``ca_certs`` is given, ``cert_reqs`` defaults to
+ ``'CERT_REQUIRED'``. (Issue #650)
+
+* ``pip install urllib3[secure]`` will install Certifi and
+ PyOpenSSL as dependencies. (Issue #678)
+
+* Made ``HTTPHeaderDict`` usable as a ``headers`` input value
+ (Issues #632, #679)
+
+* Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_
+ which has an ``AppEngineManager`` for using ``URLFetch`` in a
+ Google AppEngine environment. (Issue #664)
+
+* Dev: Added test suite for AppEngine. (Issue #631)
+
+* Fix performance regression when using PyOpenSSL. (Issue #626)
+
+* Passing incorrect scheme (e.g. ``foo://``) will raise
+ ``ValueError`` instead of ``AssertionError`` (backwards
+ compatible for now, but please migrate). (Issue #640)
+
+* Fix pools not getting replenished when an error occurs during a
+ request using ``release_conn=False``. (Issue #644)
+
+* Fix pool-default headers not applying for url-encoded requests
+ like GET. (Issue #657)
+
+* log.warning in Python 3 when headers are skipped due to parsing
+ errors. (Issue #642)
+
+* Close and discard connections if an error occurs during read.
+ (Issue #660)
+
+* Fix host parsing for IPv6 proxies. (Issue #668)
+
+* Separate warning type SubjectAltNameWarning, now issued once
+ per host. (Issue #671)
+
+* Fix ``httplib.IncompleteRead`` not getting converted to
+ ``ProtocolError`` when using ``HTTPResponse.stream()``
+ (Issue #674)
+
+1.10.4 (2015-05-03)
+-------------------
+
+* Migrate tests to Tornado 4. (Issue #594)
+
+* Append default warning configuration rather than overwrite.
+ (Issue #603)
+
+* Fix streaming decoding regression. (Issue #595)
+
+* Fix chunked requests losing state across keep-alive connections.
+ (Issue #599)
+
+* Fix hanging when chunked HEAD response has no body. (Issue #605)
+
+
+1.10.3 (2015-04-21)
+-------------------
+
+* Emit ``InsecurePlatformWarning`` when SSLContext object is missing.
+ (Issue #558)
+
+* Fix regression of duplicate header keys being discarded.
+ (Issue #563)
+
+* ``Response.stream()`` returns a generator for chunked responses.
+ (Issue #560)
+
+* Set upper-bound timeout when waiting for a socket in PyOpenSSL.
+ (Issue #585)
+
+* Work on platforms without `ssl` module for plain HTTP requests.
+ (Issue #587)
+
+* Stop relying on the stdlib's default cipher list. (Issue #588)
+
+
+1.10.2 (2015-02-25)
+-------------------
+
+* Fix file descriptor leakage on retries. (Issue #548)
+
+* Removed RC4 from default cipher list. (Issue #551)
+
+* Header performance improvements. (Issue #544)
+
+* Fix PoolManager not obeying redirect retry settings. (Issue #553)
+
+
+1.10.1 (2015-02-10)
+-------------------
+
+* Pools can be used as context managers. (Issue #545)
+
+* Don't re-use connections which experienced an SSLError. (Issue #529)
+
+* Don't fail when gzip decoding an empty stream. (Issue #535)
+
+* Add sha256 support for fingerprint verification. (Issue #540)
+
+* Fixed handling of header values containing commas. (Issue #533)
+
+
+1.10 (2014-12-14)
+-----------------
+
+* Disabled SSLv3. (Issue #473)
+
+* Add ``Url.url`` property to return the composed url string. (Issue #394)
+
+* Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412)
+
+* ``MaxRetryError.reason`` will always be an exception, not string.
+ (Issue #481)
+
+* Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
+
+* Py3: Use ``ssl.create_default_context()`` when available. (Issue #473)
+
+* Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request.
+ (Issue #496)
+
+* Emit ``SecurityWarning`` when certificate has no ``subjectAltName``.
+ (Issue #499)
+
+* Close and discard sockets which experienced SSL-related errors.
+ (Issue #501)
+
+* Handle ``body`` param in ``.request(...)``. (Issue #513)
+
+* Respect timeout with HTTPS proxy. (Issue #505)
+
+* PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
+
+
+1.9.1 (2014-09-13)
+------------------
+
+* Apply socket arguments before binding. (Issue #427)
+
+* More careful checks if fp-like object is closed. (Issue #435)
+
+* Fixed packaging issues of some development-related files not
+ getting included. (Issue #440)
+
+* Allow performing *only* fingerprint verification. (Issue #444)
+
+* Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445)
+
+* Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
+
+* Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3.
+ (Issue #443)
+
+
+
+1.9 (2014-07-04)
+----------------
+
+* Shuffled around development-related files. If you're maintaining a distro
+ package of urllib3, you may need to tweak things. (Issue #415)
+
+* Unverified HTTPS requests will trigger a warning on the first request. See
+ our new `security documentation
+ <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details.
+ (Issue #426)
+
+* New retry logic and ``urllib3.util.retry.Retry`` configuration object.
+ (Issue #326)
+
+* All raised exceptions should now wrapped in a
+ ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326)
+
+* All errors during a retry-enabled request should be wrapped in
+ ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions
+ which were previously exempt. Underlying error is accessible from the
+ ``.reason`` property. (Issue #326)
+
+* ``urllib3.exceptions.ConnectionError`` renamed to
+ ``urllib3.exceptions.ProtocolError``. (Issue #326)
+
+* Errors during response read (such as IncompleteRead) are now wrapped in
+ ``urllib3.exceptions.ProtocolError``. (Issue #418)
+
+* Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``.
+ (Issue #417)
+
+* Catch read timeouts over SSL connections as
+ ``urllib3.exceptions.ReadTimeoutError``. (Issue #419)
+
+* Apply socket arguments before connecting. (Issue #427)
+
+
+1.8.3 (2014-06-23)
+------------------
+
+* Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
+
+* Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393)
+
+* Wrap ``socket.timeout`` exception with
+ ``urllib3.exceptions.ReadTimeoutError``. (Issue #399)
+
+* Fixed proxy-related bug where connections were being reused incorrectly.
+ (Issues #366, #369)
+
+* Added ``socket_options`` keyword parameter which allows to define
+ ``setsockopt`` configuration of new sockets. (Issue #397)
+
+* Removed ``HTTPConnection.tcp_nodelay`` in favor of
+ ``HTTPConnection.default_socket_options``. (Issue #397)
+
+* Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411)
+
+
+1.8.2 (2014-04-17)
+------------------
+
+* Fix ``urllib3.util`` not being included in the package.
+
+
+1.8.1 (2014-04-17)
+------------------
+
+* Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356)
+
+* Don't install ``dummyserver`` into ``site-packages`` as it's only needed
+ for the test suite. (Issue #362)
+
+* Added support for specifying ``source_address``. (Issue #352)
+
+
+1.8 (2014-03-04)
+----------------
+
+* Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in
+ username, and blank ports like 'hostname:').
+
+* New ``urllib3.connection`` module which contains all the HTTPConnection
+ objects.
+
+* Several ``urllib3.util.Timeout``-related fixes. Also changed constructor
+ signature to a more sensible order. [Backwards incompatible]
+ (Issues #252, #262, #263)
+
+* Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274)
+
+* Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which
+ returns the number of bytes read so far. (Issue #277)
+
+* Support for platforms without threading. (Issue #289)
+
+* Expand default-port comparison in ``HTTPConnectionPool.is_same_host``
+ to allow a pool with no specified port to be considered equal to to an
+ HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305)
+
+* Improved default SSL/TLS settings to avoid vulnerabilities.
+ (Issue #309)
+
+* Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors.
+ (Issue #310)
+
+* Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests
+ will send the entire HTTP request ~200 milliseconds faster; however, some of
+ the resulting TCP packets will be smaller. (Issue #254)
+
+* Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl``
+ from the default 64 to 1024 in a single certificate. (Issue #318)
+
+* Headers are now passed and stored as a custom
+ ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``.
+ (Issue #329, #333)
+
+* Headers no longer lose their case on Python 3. (Issue #236)
+
+* ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA
+ certificates on inject. (Issue #332)
+
+* Requests with ``retries=False`` will immediately raise any exceptions without
+ wrapping them in ``MaxRetryError``. (Issue #348)
+
+* Fixed open socket leak with SSL-related failures. (Issue #344, #348)
+
+
+1.7.1 (2013-09-25)
+------------------
+
+* Added granular timeout support with new ``urllib3.util.Timeout`` class.
+ (Issue #231)
+
+* Fixed Python 3.4 support. (Issue #238)
+
+
+1.7 (2013-08-14)
+----------------
+
+* More exceptions are now pickle-able, with tests. (Issue #174)
+
+* Fixed redirecting with relative URLs in Location header. (Issue #178)
+
+* Support for relative urls in ``Location: ...`` header. (Issue #179)
+
+* ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus
+ file-like functionality. (Issue #187)
+
+* Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will
+ skip hostname verification for SSL connections. (Issue #194)
+
+* New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a
+ generator wrapped around ``.read(...)``. (Issue #198)
+
+* IPv6 url parsing enforces brackets around the hostname. (Issue #199)
+
+* Fixed thread race condition in
+ ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204)
+
+* ``ProxyManager`` requests now include non-default port in ``Host: ...``
+ header. (Issue #217)
+
+* Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139)
+
+* New ``RequestField`` object can be passed to the ``fields=...`` param which
+ can specify headers. (Issue #220)
+
+* Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails.
+ (Issue #221)
+
+* Use international headers when posting file names. (Issue #119)
+
+* Improved IPv6 support. (Issue #203)
+
+
+1.6 (2013-04-25)
+----------------
+
+* Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156)
+
+* ``ProxyManager`` automatically adds ``Host: ...`` header if not given.
+
+* Improved SSL-related code. ``cert_req`` now optionally takes a string like
+ "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23"
+ The string values reflect the suffix of the respective constant variable.
+ (Issue #130)
+
+* Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly
+ closed proxy connections and larger read buffers. (Issue #135)
+
+* Ensure the connection is closed if no data is received, fixes connection leak
+ on some platforms. (Issue #133)
+
+* Added SNI support for SSL/TLS connections on Py32+. (Issue #89)
+
+* Tests fixed to be compatible with Py26 again. (Issue #125)
+
+* Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant
+ to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109)
+
+* Allow an explicit content type to be specified when encoding file fields.
+ (Issue #126)
+
+* Exceptions are now pickleable, with tests. (Issue #101)
+
+* Fixed default headers not getting passed in some cases. (Issue #99)
+
+* Treat "content-encoding" header value as case-insensitive, per RFC 2616
+ Section 3.5. (Issue #110)
+
+* "Connection Refused" SocketErrors will get retried rather than raised.
+ (Issue #92)
+
+* Updated vendored ``six``, no longer overrides the global ``six`` module
+ namespace. (Issue #113)
+
+* ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding
+ the exception that prompted the final retry. If ``reason is None`` then it
+ was due to a redirect. (Issue #92, #114)
+
+* Fixed ``PoolManager.urlopen()`` from not redirecting more than once.
+ (Issue #149)
+
+* Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters
+ that are not files. (Issue #111)
+
+* Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122)
+
+* Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or
+ against an arbitrary hostname (when connecting by IP or for misconfigured
+ servers). (Issue #140)
+
+* Streaming decompression support. (Issue #159)
+
+
+1.5 (2012-08-02)
+----------------
+
+* Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug
+ logging in urllib3.
+
+* Native full URL parsing (including auth, path, query, fragment) available in
+ ``urllib3.util.parse_url(url)``.
+
+* Built-in redirect will switch method to 'GET' if status code is 303.
+ (Issue #11)
+
+* ``urllib3.PoolManager`` strips the scheme and host before sending the request
+ uri. (Issue #8)
+
+* New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding,
+ based on the Content-Type header, fails.
+
+* Fixed bug with pool depletion and leaking connections (Issue #76). Added
+ explicit connection closing on pool eviction. Added
+ ``urllib3.PoolManager.clear()``.
+
+* 99% -> 100% unit test coverage.
+
+
+1.4 (2012-06-16)
+----------------
+
+* Minor AppEngine-related fixes.
+
+* Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``.
+
+* Improved url parsing. (Issue #73)
+
+* IPv6 url support. (Issue #72)
+
+
+1.3 (2012-03-25)
+----------------
+
+* Removed pre-1.0 deprecated API.
+
+* Refactored helpers into a ``urllib3.util`` submodule.
+
+* Fixed multipart encoding to support list-of-tuples for keys with multiple
+ values. (Issue #48)
+
+* Fixed multiple Set-Cookie headers in response not getting merged properly in
+ Python 3. (Issue #53)
+
+* AppEngine support with Py27. (Issue #61)
+
+* Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs
+ bytes.
+
+
+1.2.2 (2012-02-06)
+------------------
+
+* Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47)
+
+
+1.2.1 (2012-02-05)
+------------------
+
+* Fixed another bug related to when ``ssl`` module is not available. (Issue #41)
+
+* Location parsing errors now raise ``urllib3.exceptions.LocationParseError``
+ which inherits from ``ValueError``.
+
+
+1.2 (2012-01-29)
+----------------
+
+* Added Python 3 support (tested on 3.2.2)
+
+* Dropped Python 2.5 support (tested on 2.6.7, 2.7.2)
+
+* Use ``select.poll`` instead of ``select.select`` for platforms that support
+ it.
+
+* Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive
+ connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``.
+
+* Fixed ``ImportError`` during install when ``ssl`` module is not available.
+ (Issue #41)
+
+* Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not
+ completing properly. (Issue #28, uncovered by Issue #10 in v1.1)
+
+* Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` +
+ ``eventlet``. Removed extraneous unsupported dummyserver testing backends.
+ Added socket-level tests.
+
+* More tests. Achievement Unlocked: 99% Coverage.
+
+
+1.1 (2012-01-07)
+----------------
+
+* Refactored ``dummyserver`` to its own root namespace module (used for
+ testing).
+
+* Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in
+ Py32's ``ssl_match_hostname``. (Issue #25)
+
+* Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10)
+
+* Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue
+ #27)
+
+* Fixed timeout-related bugs. (Issues #17, #23)
+
+
+1.0.2 (2011-11-04)
+------------------
+
+* Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if
+ you're using the object manually. (Thanks pyos)
+
+* Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by
+ wrapping the access log in a mutex. (Thanks @christer)
+
+* Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and
+ ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code.
+
+
+1.0.1 (2011-10-10)
+------------------
+
+* Fixed a bug where the same connection would get returned into the pool twice,
+ causing extraneous "HttpConnectionPool is full" log warnings.
+
+
+1.0 (2011-10-08)
+----------------
+
+* Added ``PoolManager`` with LRU expiration of connections (tested and
+ documented).
+* Added ``ProxyManager`` (needs tests, docs, and confirmation that it works
+ with HTTPS proxies).
+* Added optional partial-read support for responses when
+ ``preload_content=False``. You can now make requests and just read the headers
+ without loading the content.
+* Made response decoding optional (default on, same as before).
+* Added optional explicit boundary string for ``encode_multipart_formdata``.
+* Convenience request methods are now inherited from ``RequestMethods``. Old
+ helpers like ``get_url`` and ``post_url`` should be abandoned in favour of
+ the new ``request(method, url, ...)``.
+* Refactored code to be even more decoupled, reusable, and extendable.
+* License header added to ``.py`` files.
+* Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code
+ and docs in ``docs/`` and on https://urllib3.readthedocs.io/.
+* Embettered all the things!
+* Started writing this file.
+
+
+0.4.1 (2011-07-17)
+------------------
+
+* Minor bug fixes, code cleanup.
+
+
+0.4 (2011-03-01)
+----------------
+
+* Better unicode support.
+* Added ``VerifiedHTTPSConnection``.
+* Added ``NTLMConnectionPool`` in contrib.
+* Minor improvements.
+
+
+0.3.1 (2010-07-13)
+------------------
+
+* Added ``assert_host_name`` optional parameter. Now compatible with proxies.
+
+
+0.3 (2009-12-10)
+----------------
+
+* Added HTTPS support.
+* Minor bug fixes.
+* Refactored, broken backwards compatibility with 0.2.
+* API to be treated as stable from this version forward.
+
+
+0.2 (2008-11-17)
+----------------
+
+* Added unit tests.
+* Bug fixes.
+
+
+0.1 (2008-11-16)
+----------------
+
+* First release.
+
+
diff -Nru python-urllib3-1.26.4/test/appengine/test_gae_manager.py python-urllib3-1.26.5/test/appengine/test_gae_manager.py
--- python-urllib3-1.26.4/test/appengine/test_gae_manager.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/appengine/test_gae_manager.py 2021-05-26 19:01:29.000000000 +0200
@@ -129,7 +129,7 @@
self.pool = MockPool(self.host, self.port, self.manager)
def test_default_method_whitelist_retried(self):
- """ urllib3 should retry methods in the default method whitelist """
+ """urllib3 should retry methods in the default method whitelist"""
retry = urllib3.util.retry.Retry(total=1, status_forcelist=[418])
# Use HEAD instead of OPTIONS, as URLFetch doesn't support OPTIONS
resp = self.pool.request(
diff -Nru python-urllib3-1.26.4/test/__init__.py python-urllib3-1.26.5/test/__init__.py
--- python-urllib3-1.26.4/test/__init__.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/__init__.py 2021-05-26 19:01:29.000000000 +0200
@@ -54,7 +54,7 @@
def _can_resolve(host):
- """ Returns True if the system can resolve host to an address. """
+ """Returns True if the system can resolve host to an address."""
try:
socket.getaddrinfo(host, None, socket.AF_UNSPEC)
return True
@@ -63,7 +63,7 @@
def has_alpn(ctx_cls=None):
- """ Detect if ALPN support is enabled. """
+ """Detect if ALPN support is enabled."""
ctx_cls = ctx_cls or util.SSLContext
ctx = ctx_cls(protocol=ssl_.PROTOCOL_TLS)
try:
diff -Nru python-urllib3-1.26.4/test/test_retry_deprecated.py python-urllib3-1.26.5/test/test_retry_deprecated.py
--- python-urllib3-1.26.4/test/test_retry_deprecated.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/test_retry_deprecated.py 2021-05-26 19:01:29.000000000 +0200
@@ -28,7 +28,7 @@
class TestRetry(object):
def test_string(self):
- """ Retry string representation looks the way we expect """
+ """Retry string representation looks the way we expect"""
retry = Retry()
assert (
str(retry)
@@ -52,7 +52,7 @@
assert e.value.reason == error
def test_retry_higher_total_loses(self):
- """ A lower connect timeout than the total is honored """
+ """A lower connect timeout than the total is honored"""
error = ConnectTimeoutError()
retry = Retry(connect=2, total=3)
retry = retry.increment(error=error)
@@ -61,7 +61,7 @@
retry.increment(error=error)
def test_retry_higher_total_loses_vs_read(self):
- """ A lower read timeout than the total is honored """
+ """A lower read timeout than the total is honored"""
error = ReadTimeoutError(None, "/", "read timed out")
retry = Retry(read=2, total=3)
retry = retry.increment(method="GET", error=error)
@@ -70,7 +70,7 @@
retry.increment(method="GET", error=error)
def test_retry_total_none(self):
- """ if Total is none, connect error should take precedence """
+ """if Total is none, connect error should take precedence"""
error = ConnectTimeoutError()
retry = Retry(connect=2, total=None)
retry = retry.increment(error=error)
@@ -87,7 +87,7 @@
assert not retry.is_exhausted()
def test_retry_default(self):
- """ If no value is specified, should retry connects 3 times """
+ """If no value is specified, should retry connects 3 times"""
retry = Retry()
assert retry.total == 10
assert retry.connect is None
@@ -109,7 +109,7 @@
assert not Retry(False).raise_on_redirect
def test_retry_other(self):
- """ If an unexpected error is raised, should retry other times """
+ """If an unexpected error is raised, should retry other times"""
other_error = SSLError()
retry = Retry(connect=1)
retry = retry.increment(error=other_error)
@@ -123,7 +123,7 @@
assert e.value.reason == other_error
def test_retry_read_zero(self):
- """ No second chances on read timeouts, by default """
+ """No second chances on read timeouts, by default"""
error = ReadTimeoutError(None, "/", "read timed out")
retry = Retry(read=0)
with pytest.raises(MaxRetryError) as e:
@@ -142,7 +142,7 @@
)
def test_backoff(self):
- """ Backoff is computed correctly """
+ """Backoff is computed correctly"""
max_backoff = Retry.BACKOFF_MAX
retry = Retry(total=100, backoff_factor=0.2)
diff -Nru python-urllib3-1.26.4/test/test_retry.py python-urllib3-1.26.5/test/test_retry.py
--- python-urllib3-1.26.4/test/test_retry.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/test_retry.py 2021-05-26 19:01:29.000000000 +0200
@@ -26,7 +26,7 @@
class TestRetry(object):
def test_string(self):
- """ Retry string representation looks the way we expect """
+ """Retry string representation looks the way we expect"""
retry = Retry()
assert (
str(retry)
@@ -50,7 +50,7 @@
assert e.value.reason == error
def test_retry_higher_total_loses(self):
- """ A lower connect timeout than the total is honored """
+ """A lower connect timeout than the total is honored"""
error = ConnectTimeoutError()
retry = Retry(connect=2, total=3)
retry = retry.increment(error=error)
@@ -59,7 +59,7 @@
retry.increment(error=error)
def test_retry_higher_total_loses_vs_read(self):
- """ A lower read timeout than the total is honored """
+ """A lower read timeout than the total is honored"""
error = ReadTimeoutError(None, "/", "read timed out")
retry = Retry(read=2, total=3)
retry = retry.increment(method="GET", error=error)
@@ -68,7 +68,7 @@
retry.increment(method="GET", error=error)
def test_retry_total_none(self):
- """ if Total is none, connect error should take precedence """
+ """if Total is none, connect error should take precedence"""
error = ConnectTimeoutError()
retry = Retry(connect=2, total=None)
retry = retry.increment(error=error)
@@ -85,7 +85,7 @@
assert not retry.is_exhausted()
def test_retry_default(self):
- """ If no value is specified, should retry connects 3 times """
+ """If no value is specified, should retry connects 3 times"""
retry = Retry()
assert retry.total == 10
assert retry.connect is None
@@ -107,7 +107,7 @@
assert not Retry(False).raise_on_redirect
def test_retry_other(self):
- """ If an unexpected error is raised, should retry other times """
+ """If an unexpected error is raised, should retry other times"""
other_error = SSLError()
retry = Retry(connect=1)
retry = retry.increment(error=other_error)
@@ -121,7 +121,7 @@
assert e.value.reason == other_error
def test_retry_read_zero(self):
- """ No second chances on read timeouts, by default """
+ """No second chances on read timeouts, by default"""
error = ReadTimeoutError(None, "/", "read timed out")
retry = Retry(read=0)
with pytest.raises(MaxRetryError) as e:
@@ -140,7 +140,7 @@
)
def test_backoff(self):
- """ Backoff is computed correctly """
+ """Backoff is computed correctly"""
max_backoff = Retry.BACKOFF_MAX
retry = Retry(total=100, backoff_factor=0.2)
diff -Nru python-urllib3-1.26.4/test/test_ssltransport.py python-urllib3-1.26.5/test/test_ssltransport.py
--- python-urllib3-1.26.4/test/test_ssltransport.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/test_ssltransport.py 2021-05-26 19:01:29.000000000 +0200
@@ -101,7 +101,7 @@
@pytest.mark.timeout(PER_TEST_TIMEOUT)
def test_start_closed_socket(self):
- """ Errors generated from an unconnected socket should bubble up."""
+ """Errors generated from an unconnected socket should bubble up."""
sock = socket.socket(socket.AF_INET)
context = ssl.create_default_context()
sock.close()
@@ -110,7 +110,7 @@
@pytest.mark.timeout(PER_TEST_TIMEOUT)
def test_close_after_handshake(self):
- """ Socket errors should be bubbled up """
+ """Socket errors should be bubbled up"""
self.start_dummy_server()
sock = socket.create_connection((self.host, self.port))
@@ -123,7 +123,7 @@
@pytest.mark.timeout(PER_TEST_TIMEOUT)
def test_wrap_existing_socket(self):
- """ Validates a single TLS layer can be established. """
+ """Validates a single TLS layer can be established."""
self.start_dummy_server()
sock = socket.create_connection((self.host, self.port))
@@ -187,7 +187,7 @@
@pytest.mark.timeout(PER_TEST_TIMEOUT)
def test_ssl_object_attributes(self):
- """ Ensures common ssl attributes are exposed """
+ """Ensures common ssl attributes are exposed"""
self.start_dummy_server()
sock = socket.create_connection((self.host, self.port))
@@ -215,7 +215,7 @@
@pytest.mark.timeout(PER_TEST_TIMEOUT)
def test_socket_object_attributes(self):
- """ Ensures common socket attributes are exposed """
+ """Ensures common socket attributes are exposed"""
self.start_dummy_server()
sock = socket.create_connection((self.host, self.port))
@@ -258,6 +258,7 @@
)
self._read_write_loop(client_sock, upstream_sock)
upstream_sock.close()
+ client_sock.close()
self._start_server(proxy_handler)
@@ -286,6 +287,10 @@
if write_socket in writable:
try:
b = read_socket.recv(chunks)
+ if len(b) == 0:
+ # One of the sockets has EOFed, we return to close
+ # both.
+ return
write_socket.send(b)
except ssl.SSLEOFError:
# It's possible, depending on shutdown order, that we'll
@@ -335,6 +340,7 @@
request = consume_socket(ssock)
validate_request(request)
ssock.send(sample_response())
+ sock.close()
cls._start_server(socket_handler)
diff -Nru python-urllib3-1.26.4/test/test_util.py python-urllib3-1.26.5/test/test_util.py
--- python-urllib3-1.26.4/test/test_util.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/test_util.py 2021-05-26 19:01:29.000000000 +0200
@@ -438,6 +438,16 @@
fragment="hash",
),
),
+ # Tons of '@' causing backtracking
+ ("https://"; + ("@" * 10000) + "[", False),
+ (
+ "https://user:"; + ("@" * 10000) + "example.com",
+ Url(
+ scheme="https",
+ auth="user:" + ("%40" * 9999),
+ host="example.com",
+ ),
+ ),
]
@pytest.mark.parametrize("url, expected_url", url_vulnerabilities)
@@ -580,7 +590,7 @@
assert len(w) == 1
def _make_time_pass(self, seconds, timeout, time_mock):
- """ Make some time pass for the timeout object """
+ """Make some time pass for the timeout object"""
time_mock.return_value = TIMEOUT_EPOCH
timeout.start_connect()
time_mock.return_value = TIMEOUT_EPOCH + seconds
diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_connectionpool.py python-urllib3-1.26.5/test/with_dummyserver/test_connectionpool.py
--- python-urllib3-1.26.4/test/with_dummyserver/test_connectionpool.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/with_dummyserver/test_connectionpool.py 2021-05-26 19:01:29.000000000 +0200
@@ -284,7 +284,7 @@
assert r.status == 200, r.data
def test_nagle(self):
- """ Test that connections have TCP_NODELAY turned on """
+ """Test that connections have TCP_NODELAY turned on"""
# This test needs to be here in order to be run. socket.create_connection actually tries
# to connect to the host provided so we need a dummyserver to be running.
with HTTPConnectionPool(self.host, self.port) as pool:
@@ -354,7 +354,7 @@
s.close()
def test_connection_error_retries(self):
- """ ECONNREFUSED error should raise a connection error, with retries """
+ """ECONNREFUSED error should raise a connection error, with retries"""
port = find_unused_port()
with HTTPConnectionPool(self.host, port) as pool:
with pytest.raises(MaxRetryError) as e:
@@ -794,13 +794,13 @@
assert response.status == 200
def test_preserves_path_dot_segments(self):
- """ ConnectionPool preserves dot segments in the URI """
+ """ConnectionPool preserves dot segments in the URI"""
with HTTPConnectionPool(self.host, self.port) as pool:
response = pool.request("GET", "/echo_uri/seg0/../seg2")
assert response.data == b"/echo_uri/seg0/../seg2"
def test_default_user_agent_header(self):
- """ ConnectionPool has a default user agent """
+ """ConnectionPool has a default user agent"""
default_ua = _get_default_user_agent()
custom_ua = "I'm not a web scraper, what are you talking about?"
custom_ua2 = "Yet Another User Agent"
@@ -853,7 +853,7 @@
assert request_headers["User-Agent"] == "key"
def test_no_user_agent_header(self):
- """ ConnectionPool can suppress sending a user agent header """
+ """ConnectionPool can suppress sending a user agent header"""
custom_ua = "I'm not a web scraper, what are you talking about?"
with HTTPConnectionPool(self.host, self.port) as pool:
# Suppress user agent in the request headers.
@@ -1025,7 +1025,7 @@
pool.request("GET", "/redirect", fields={"target": "/"}, retries=0)
def test_disabled_retry(self):
- """ Disabled retries should disable redirect handling. """
+ """Disabled retries should disable redirect handling."""
with HTTPConnectionPool(self.host, self.port) as pool:
r = pool.request("GET", "/redirect", fields={"target": "/"}, retries=False)
assert r.status == 303
@@ -1045,7 +1045,7 @@
pool.request("GET", "/test", retries=False)
def test_read_retries(self):
- """ Should retry for status codes in the whitelist """
+ """Should retry for status codes in the whitelist"""
with HTTPConnectionPool(self.host, self.port) as pool:
retry = Retry(read=1, status_forcelist=[418])
resp = pool.request(
@@ -1057,7 +1057,7 @@
assert resp.status == 200
def test_read_total_retries(self):
- """ HTTP response w/ status code in the whitelist should be retried """
+ """HTTP response w/ status code in the whitelist should be retried"""
with HTTPConnectionPool(self.host, self.port) as pool:
headers = {"test-name": "test_read_total_retries"}
retry = Retry(total=1, status_forcelist=[418])
@@ -1079,7 +1079,7 @@
assert resp.status == 418
def test_default_method_whitelist_retried(self):
- """ urllib3 should retry methods in the default method whitelist """
+ """urllib3 should retry methods in the default method whitelist"""
with HTTPConnectionPool(self.host, self.port) as pool:
retry = Retry(total=1, status_forcelist=[418])
resp = pool.request(
@@ -1107,7 +1107,7 @@
assert resp.status == 418
def test_retry_reuse_safe(self):
- """ It should be possible to reuse a Retry object across requests """
+ """It should be possible to reuse a Retry object across requests"""
with HTTPConnectionPool(self.host, self.port) as pool:
headers = {"test-name": "test_retry_safe"}
retry = Retry(total=1, status_forcelist=[418])
diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_https.py python-urllib3-1.26.5/test/with_dummyserver/test_https.py
--- python-urllib3-1.26.4/test/with_dummyserver/test_https.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/with_dummyserver/test_https.py 2021-05-26 19:01:29.000000000 +0200
@@ -368,7 +368,7 @@
assert isinstance(cm.value.reason, SSLError)
def test_unverified_ssl(self):
- """ Test that bare HTTPSConnection can connect, make requests """
+ """Test that bare HTTPSConnection can connect, make requests"""
with HTTPSConnectionPool(self.host, self.port, cert_reqs=ssl.CERT_NONE) as pool:
with mock.patch("warnings.warn") as warn:
r = pool.request("GET", "/")
@@ -567,7 +567,7 @@
https_pool.request("GET", "/")
def test_tunnel(self):
- """ test the _tunnel behavior """
+ """test the _tunnel behavior"""
timeout = Timeout(total=None)
with HTTPSConnectionPool(
self.host, self.port, timeout=timeout, cert_reqs="CERT_NONE"
diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py python-urllib3-1.26.5/test/with_dummyserver/test_proxy_poolmanager.py
--- python-urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/with_dummyserver/test_proxy_poolmanager.py 2021-05-26 19:01:29.000000000 +0200
@@ -142,7 +142,7 @@
assert r.status == 200
def test_nagle_proxy(self):
- """ Test that proxy connections do not have TCP_NODELAY turned on """
+ """Test that proxy connections do not have TCP_NODELAY turned on"""
with ProxyManager(self.proxy_url) as http:
hc2 = http.connection_from_host(self.http_host, self.http_port)
conn = hc2._get_conn()
diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_socketlevel.py python-urllib3-1.26.5/test/with_dummyserver/test_socketlevel.py
--- python-urllib3-1.26.4/test/with_dummyserver/test_socketlevel.py 2021-03-15 16:03:47.000000000 +0100
+++ python-urllib3-1.26.5/test/with_dummyserver/test_socketlevel.py 2021-05-26 19:01:29.000000000 +0200
@@ -467,7 +467,7 @@
timed_out.set()
def test_https_connection_read_timeout(self):
- """ Handshake timeouts should fail with a Timeout"""
+ """Handshake timeouts should fail with a Timeout"""
timed_out = Event()
def socket_handler(listener):
@@ -630,7 +630,7 @@
response.read()
def test_retry_weird_http_version(self):
- """ Retry class should handle httplib.BadStatusLine errors properly """
+ """Retry class should handle httplib.BadStatusLine errors properly"""
def socket_handler(listener):
sock = listener.accept()[0]
Attachment:
signature.asc
Description: PGP signature