Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Hello! This is a preapproval to unblock package python-urllib3 1.26.5-1. [ Reason ] The upload would fix CVE-2021-33503[¹] for bullseye. [ Impact ] CVE-2021-33503 is a DoS, and is reproducible during parsing of an URL. [ Tests ] Unfortunately automated tests are not yet enabled, I tested manually with the following: >>> from urllib3.util.url import parse_url >>> URL = "https://" + ("@" * 10000) + "[" >>> parse_url(URL) Using 1.26.4-1 there is a CPU spike that is not reproducible in 1.26.5-1 [ Risks ] The code for the fix is trivial, I packaged the new release because when I looked at diff between the 2 tags, there were: the fix for CVE-2021-33503, some fix for deprecation warnings emitted in Python 3.10 and docstrings changes (mostly spaces removed). In the debdiff attached there is a huge part that is due metadata stuff. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] If this upload it's not OK due the freeze, it's not a problem, I can branch[²] python-urllib3 1.26.4-1 and release a python-urllib3 1.26.4-2 with only the fix. My ETA is this week for this (I will also do the same for buster.) Please tell me if the unblock of python-urllib3/1.26.5-1 is feasible. Many thanks! Kind regards, [¹] https://security-tracker.debian.org/tracker/CVE-2021-33503 [²] Unfortunately I already pushed the new upstream release on salsa. -- Daniele Tricoli 'eriol' https://mornie.org
diff -Nru python-urllib3-1.26.4/CHANGES.rst python-urllib3-1.26.5/CHANGES.rst --- python-urllib3-1.26.4/CHANGES.rst 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/CHANGES.rst 2021-05-26 19:01:29.000000000 +0200 @@ -1,6 +1,15 @@ Changes ======= +1.26.5 (2021-05-26) +------------------- + +* Fixed deprecation warnings emitted in Python 3.10. +* Updated vendored ``six`` library to 1.16.0. +* Improved performance of URL parser when splitting + the authority component. + + 1.26.4 (2021-03-15) ------------------- diff -Nru python-urllib3-1.26.4/debian/changelog python-urllib3-1.26.5/debian/changelog --- python-urllib3-1.26.4/debian/changelog 2021-05-12 02:30:00.000000000 +0200 +++ python-urllib3-1.26.5/debian/changelog 2021-06-15 00:41:10.000000000 +0200 @@ -1,3 +1,12 @@ +python-urllib3 (1.26.5-1) unstable; urgency=medium + + * New upstream version 1.26.5 + - CVE-2021-33503: Catastrophic backtracking in URL authority parser when + passed URL containing many @ characters. (Closes: #989848) + * Refresh patches. + + -- Daniele Tricoli <eriol@debian.org> Tue, 15 Jun 2021 00:41:10 +0200 + python-urllib3 (1.26.4-1) unstable; urgency=medium * Team upload. diff -Nru python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch python-urllib3-1.26.5/debian/patches/01_do-not-use-embedded-python-six.patch --- python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch 2021-05-12 02:30:00.000000000 +0200 +++ python-urllib3-1.26.5/debian/patches/01_do-not-use-embedded-python-six.patch 2021-06-15 00:41:10.000000000 +0200 @@ -44,7 +44,7 @@ 35 files changed, 49 insertions(+), 49 deletions(-) diff --git a/dummyserver/handlers.py b/dummyserver/handlers.py -index c047094..c0e9330 100644 +index c90c2fc..f8bdf25 100644 --- a/dummyserver/handlers.py +++ b/dummyserver/handlers.py @@ -14,9 +14,9 @@ from io import BytesIO @@ -76,7 +76,7 @@ __all__ = ["RecentlyUsedContainer", "HTTPHeaderDict"] diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py -index 45580b7..1cddda4 100644 +index efa19af..638a8aa 100644 --- a/src/urllib3/connection.py +++ b/src/urllib3/connection.py @@ -9,9 +9,9 @@ import warnings @@ -93,7 +93,7 @@ try: # Compiled with SSL? diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py -index 4708c5b..8dbbc5c 100644 +index 4018321..a9c0908 100644 --- a/src/urllib3/connectionpool.py +++ b/src/urllib3/connectionpool.py @@ -33,8 +33,8 @@ from .exceptions import ( @@ -147,7 +147,7 @@ log = getLogger(__name__) diff --git a/src/urllib3/contrib/pyopenssl.py b/src/urllib3/contrib/pyopenssl.py -index 0cabab1..c1d52e3 100644 +index def83af..e081163 100644 --- a/src/urllib3/contrib/pyopenssl.py +++ b/src/urllib3/contrib/pyopenssl.py @@ -75,7 +75,7 @@ import ssl @@ -156,9 +156,9 @@ from .. import util -from ..packages import six +import six + from ..util.ssl_ import PROTOCOL_TLS_CLIENT __all__ = ["inject_into_urllib3", "extract_from_urllib3"] - diff --git a/src/urllib3/exceptions.py b/src/urllib3/exceptions.py index cba6f3f..053758e 100644 --- a/src/urllib3/exceptions.py @@ -241,7 +241,7 @@ log = logging.getLogger(__name__) diff --git a/src/urllib3/util/connection.py b/src/urllib3/util/connection.py -index cd57455..0332f37 100644 +index bdc240c..c0d69c8 100644 --- a/src/urllib3/util/connection.py +++ b/src/urllib3/util/connection.py @@ -5,7 +5,7 @@ import socket @@ -294,7 +294,7 @@ def is_fp_closed(obj): diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py -index d25a41b..e11f585 100644 +index 180e82b..998ae23 100644 --- a/src/urllib3/util/retry.py +++ b/src/urllib3/util/retry.py @@ -17,7 +17,7 @@ from ..exceptions import ( @@ -307,7 +307,7 @@ log = logging.getLogger(__name__) diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py -index 236aa8e..709f703 100644 +index 134ec10..12720f9 100644 --- a/src/urllib3/util/ssl_.py +++ b/src/urllib3/util/ssl_.py @@ -13,7 +13,7 @@ from ..exceptions import ( @@ -320,7 +320,7 @@ SSLContext = None diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py -index 6ff238f..101819b 100644 +index 81a03da..6fd2b2d 100644 --- a/src/urllib3/util/url.py +++ b/src/urllib3/util/url.py @@ -4,7 +4,7 @@ import re @@ -333,7 +333,7 @@ url_attrs = ["scheme", "auth", "host", "port", "path", "query", "fragment"] diff --git a/test/__init__.py b/test/__init__.py -index c03cfac..6c7cacd 100644 +index 3675f48..89693d2 100644 --- a/test/__init__.py +++ b/test/__init__.py @@ -16,7 +16,7 @@ except ImportError: @@ -441,7 +441,7 @@ from urllib3.util.response import is_fp_closed from urllib3.util.retry import RequestHistory, Retry diff --git a/test/test_retry.py b/test/test_retry.py -index cc36089..23153ee 100644 +index 8ff4cbd..f2698f0 100644 --- a/test/test_retry.py +++ b/test/test_retry.py @@ -11,8 +11,8 @@ from urllib3.exceptions import ( @@ -456,7 +456,7 @@ from urllib3.util.retry import RequestHistory, Retry diff --git a/test/test_retry_deprecated.py b/test/test_retry_deprecated.py -index 0c8de37..670bb43 100644 +index c001e3d..9079654 100644 --- a/test/test_retry_deprecated.py +++ b/test/test_retry_deprecated.py @@ -12,8 +12,8 @@ from urllib3.exceptions import ( @@ -471,7 +471,7 @@ from urllib3.util.retry import RequestHistory, Retry diff --git a/test/test_util.py b/test/test_util.py -index 827df42..145c4d2 100644 +index 88409e2..1dce178 100644 --- a/test/test_util.py +++ b/test/test_util.py @@ -19,7 +19,7 @@ from urllib3.exceptions import ( @@ -484,7 +484,7 @@ from urllib3.util import is_fp_closed from urllib3.util.connection import _has_ipv6, allowed_gai_family, create_connection diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py -index f6a6618..304199f 100644 +index 8ea2cce..c083616 100644 --- a/test/with_dummyserver/test_connectionpool.py +++ b/test/with_dummyserver/test_connectionpool.py @@ -28,8 +28,8 @@ from urllib3.exceptions import ( @@ -499,7 +499,7 @@ from urllib3.util.retry import RequestHistory, Retry from urllib3.util.timeout import Timeout diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py -index 92e23c9..7e8f1c4 100644 +index ed50990..f7e7a36 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -42,7 +42,7 @@ from urllib3.exceptions import ( @@ -512,7 +512,7 @@ from .. import has_alpn diff --git a/test/with_dummyserver/test_socketlevel.py b/test/with_dummyserver/test_socketlevel.py -index 7c06875..1fe1531 100644 +index 6e57d67..7bb5827 100644 --- a/test/with_dummyserver/test_socketlevel.py +++ b/test/with_dummyserver/test_socketlevel.py @@ -17,7 +17,7 @@ from urllib3.exceptions import ( diff -Nru python-urllib3-1.26.4/debian/patches/02_require-cert-verification.patch python-urllib3-1.26.5/debian/patches/02_require-cert-verification.patch --- python-urllib3-1.26.4/debian/patches/02_require-cert-verification.patch 2021-05-12 02:30:00.000000000 +0200 +++ python-urllib3-1.26.5/debian/patches/02_require-cert-verification.patch 2021-06-15 00:41:10.000000000 +0200 @@ -13,7 +13,7 @@ 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py -index 8dbbc5c..79041de 100644 +index a9c0908..4d7a08f 100644 --- a/src/urllib3/connectionpool.py +++ b/src/urllib3/connectionpool.py @@ -874,6 +874,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): diff -Nru python-urllib3-1.26.4/dev-requirements.txt python-urllib3-1.26.5/dev-requirements.txt --- python-urllib3-1.26.4/dev-requirements.txt 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/dev-requirements.txt 2021-05-26 19:01:29.000000000 +0200 @@ -5,7 +5,8 @@ PySocks==1.7.1 # https://github.com/Anorov/PySocks/issues/131 win-inet-pton==1.1.0 -pytest==4.6.9 +pytest==4.6.9; python_version<"3.10" +pytest==6.2.4; python_version>="3.10" pytest-timeout==1.3.4 pytest-freezegun==0.4.2 flaky==3.6.1 diff -Nru python-urllib3-1.26.4/dummyserver/handlers.py python-urllib3-1.26.5/dummyserver/handlers.py --- python-urllib3-1.26.4/dummyserver/handlers.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/dummyserver/handlers.py 2021-05-26 19:01:29.000000000 +0200 @@ -62,27 +62,27 @@ """ def get(self): - """ Handle GET requests """ + """Handle GET requests""" self._call_method() def post(self): - """ Handle POST requests """ + """Handle POST requests""" self._call_method() def put(self): - """ Handle PUT requests """ + """Handle PUT requests""" self._call_method() def options(self): - """ Handle OPTIONS requests """ + """Handle OPTIONS requests""" self._call_method() def head(self): - """ Handle HEAD requests """ + """Handle HEAD requests""" self._call_method() def _call_method(self): - """ Call the correct method in this class based on the incoming URI """ + """Call the correct method in this class based on the incoming URI""" req = self.request req.params = {} for k, v in req.arguments.items(): diff -Nru python-urllib3-1.26.4/dummyserver/server.py python-urllib3-1.26.5/dummyserver/server.py --- python-urllib3-1.26.4/dummyserver/server.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/dummyserver/server.py 2021-05-26 19:01:29.000000000 +0200 @@ -40,7 +40,7 @@ def _resolves_to_ipv6(host): - """ Returns True if the system resolves host to an IPv6 address by default. """ + """Returns True if the system resolves host to an IPv6 address by default.""" resolves_to_ipv6 = False try: for res in socket.getaddrinfo(host, None, socket.AF_UNSPEC): @@ -54,7 +54,7 @@ def _has_ipv6(host): - """ Returns True if the system can bind an IPv6 address. """ + """Returns True if the system can bind an IPv6 address.""" sock = None has_ipv6 = False diff -Nru python-urllib3-1.26.4/PKG-INFO python-urllib3-1.26.5/PKG-INFO --- python-urllib3-1.26.4/PKG-INFO 2021-03-15 16:03:55.002221800 +0100 +++ python-urllib3-1.26.5/PKG-INFO 2021-05-26 19:02:03.421620600 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: urllib3 -Version: 1.26.4 +Version: 1.26.5 Summary: HTTP library with thread-safe connection pooling, file post, and more. Home-page: https://urllib3.readthedocs.io/ Author: Andrey Petrov @@ -9,1328 +9,6 @@ Project-URL: Documentation, https://urllib3.readthedocs.io/ Project-URL: Code, https://github.com/urllib3/urllib3 Project-URL: Issue tracker, https://github.com/urllib3/urllib3/issues -Description: - urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the - Python ecosystem already uses urllib3 and you should too. - urllib3 brings many critical features that are missing from the Python - standard libraries: - - - Thread safety. - - Connection pooling. - - Client-side SSL/TLS verification. - - File uploads with multipart encoding. - - Helpers for retrying requests and dealing with HTTP redirects. - - Support for gzip, deflate, and brotli encoding. - - Proxy support for HTTP and SOCKS. - - 100% test coverage. - - urllib3 is powerful and easy to use: - - .. code-block:: python - - >>> import urllib3 - >>> http = urllib3.PoolManager() - >>> r = http.request('GET', 'http://httpbin.org/robots.txt') - >>> r.status - 200 - >>> r.data - 'User-agent: *\nDisallow: /deny\n' - - - Installing - ---------- - - urllib3 can be installed with `pip <https://pip.pypa.io>`_:: - - $ python -m pip install urllib3 - - Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: - - $ git clone git://github.com/urllib3/urllib3.git - $ python setup.py install - - - Documentation - ------------- - - urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. - - - Contributing - ------------ - - urllib3 happily accepts contributions. Please see our - `contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ - for some tips on getting started. - - - Security Disclosures - -------------------- - - To report a security vulnerability, please use the - `Tidelift security contact <https://tidelift.com/security>`_. - Tidelift will coordinate the fix and disclosure with maintainers. - - - Maintainers - ----------- - - - `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) - - `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) - - `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) - - `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) - - `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) - - `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) - - `@shazow <https://github.com/shazow>`__ (Andrey Petrov) - - 👋 - - - Sponsorship - ----------- - - If your company benefits from this library, please consider `sponsoring its - development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. - - - For Enterprise - -------------- - - .. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png - :width: 75 - :alt: Tidelift - - .. list-table:: - :widths: 10 100 - - * - |tideliftlogo| - - Professional support for urllib3 is available as part of the `Tidelift - Subscription`_. Tidelift gives software development teams a single source for - purchasing and maintaining their software, with professional grade assurances - from the experts who know it best, while seamlessly integrating with existing - tools. - - .. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme - - - Changes - ======= - - 1.26.4 (2021-03-15) - ------------------- - - * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy - during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. - - - 1.26.3 (2021-01-26) - ------------------- - - * Fixed bytes and string comparison issue with headers (Pull #2141) - - * Changed ``ProxySchemeUnknown`` error message to be - more actionable if the user supplies a proxy URL without - a scheme. (Pull #2107) - - - 1.26.2 (2020-11-12) - ------------------- - - * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't - be imported properly on Python 2.7.8 and earlier (Pull #2052) - - - 1.26.1 (2020-11-11) - ------------------- - - * Fixed an issue where two ``User-Agent`` headers would be sent if a - ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) - - - 1.26.0 (2020-11-10) - ------------------- - - * **NOTE: urllib3 v2.0 will drop support for Python 2**. - `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. - - * Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) - - * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that - still wish to use TLS earlier than 1.2 without a deprecation warning - should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) - **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** - - * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` - and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, - ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` - (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** - - * Added default ``User-Agent`` header to every request (Pull #1750) - - * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, - and ``Host`` headers from being automatically emitted with requests (Pull #2018) - - * Collapse ``transfer-encoding: chunked`` request data and framing into - the same ``socket.send()`` call (Pull #1906) - - * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) - - * Properly terminate SecureTransport connections when CA verification fails (Pull #1977) - - * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` - to SecureTransport (Pull #1903) - - * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) - - * Suppress ``BrokenPipeError`` when writing request body after the server - has closed the socket (Pull #1524) - - * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") - into an ``urllib3.exceptions.SSLError`` (Pull #1939) - - - 1.25.11 (2020-10-19) - -------------------- - - * Fix retry backoff time parsed from ``Retry-After`` header when given - in the HTTP date format. The HTTP date was parsed as the local timezone - rather than accounting for the timezone in the HTTP date (typically - UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) - - * Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` - environment variable was set to the empty string. Now ``SSLContext.keylog_file`` - is not set in this situation (Pull #2016) - - - 1.25.10 (2020-07-22) - -------------------- - - * Added support for ``SSLKEYLOGFILE`` environment variable for - logging TLS session keys with use with programs like - Wireshark for decrypting captured web traffic (Pull #1867) - - * Fixed loading of SecureTransport libraries on macOS Big Sur - due to the new dynamic linker cache (Pull #1905) - - * Collapse chunked request bodies data and framing into one - call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) - - * Don't insert ``None`` into ``ConnectionPool`` if the pool - was empty when requesting a connection (Pull #1866) - - * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) - - - 1.25.9 (2020-04-16) - ------------------- - - * Added ``InvalidProxyConfigurationWarning`` which is raised when - erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently - support connecting to HTTPS proxies but will soon be able to - and we would like users to migrate properly without much breakage. - - See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ - for more information on how to fix your proxy config. (Pull #1851) - - * Drain connection after ``PoolManager`` redirect (Pull #1817) - - * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) - - * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) - - * Allow the CA certificate data to be passed as a string (Pull #1804) - - * Raise ``ValueError`` if method contains control characters (Pull #1800) - - * Add ``__repr__`` to ``Timeout`` (Pull #1795) - - - 1.25.8 (2020-01-20) - ------------------- - - * Drop support for EOL Python 3.4 (Pull #1774) - - * Optimize _encode_invalid_chars (Pull #1787) - - - 1.25.7 (2019-11-11) - ------------------- - - * Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) - - * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) - - * Fix issue where URL fragment was sent within the request target. (Pull #1732) - - * Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) - - * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) - - - 1.25.6 (2019-09-24) - ------------------- - - * Fix issue where tilde (``~``) characters were incorrectly - percent-encoded in the path. (Pull #1692) - - - 1.25.5 (2019-09-19) - ------------------- - - * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which - caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. - (Issue #1682) - - - 1.25.4 (2019-09-19) - ------------------- - - * Propagate Retry-After header settings to subsequent retries. (Pull #1607) - - * Fix edge case where Retry-After header was still respected even when - explicitly opted out of. (Pull #1607) - - * Remove dependency on ``rfc3986`` for URL parsing. - - * Fix issue where URLs containing invalid characters within ``Url.auth`` would - raise an exception instead of percent-encoding those characters. - - * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses - work well with BufferedReaders and other ``io`` module features. (Pull #1652) - - * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) - - - 1.25.3 (2019-05-23) - ------------------- - - * Change ``HTTPSConnection`` to load system CA certificates - when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are - unspecified. (Pull #1608, Issue #1603) - - * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) - - - 1.25.2 (2019-04-28) - ------------------- - - * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) - - * Change ``parse_url`` to percent-encode invalid characters within the - path, query, and target components. (Pull #1586) - - - 1.25.1 (2019-04-24) - ------------------- - - * Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) - - * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) - - - 1.25 (2019-04-22) - ----------------- - - * Require and validate certificates by default when using HTTPS (Pull #1507) - - * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) - - * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use - encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) - - * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` - implementations. (Pull #1496) - - * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) - - * Fixed issue where OpenSSL would block if an encrypted client private key was - given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) - - * Added support for Brotli content encoding. It is enabled automatically if - ``brotlipy`` package is installed which can be requested with - ``urllib3[brotli]`` extra. (Pull #1532) - - * Drop ciphers using DSS key exchange from default TLS cipher suites. - Improve default ciphers when using SecureTransport. (Pull #1496) - - * Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) - - 1.24.3 (2019-05-01) - ------------------- - - * Apply fix for CVE-2019-9740. (Pull #1591) - - 1.24.2 (2019-04-17) - ------------------- - - * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or - ``ssl_context`` parameters are specified. - - * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) - - * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) - - - 1.24.1 (2018-11-02) - ------------------- - - * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) - - * Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) - - - 1.24 (2018-10-16) - ----------------- - - * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) - - * Test against Python 3.7 on AppVeyor. (Pull #1453) - - * Early-out ipv6 checks when running on App Engine. (Pull #1450) - - * Change ambiguous description of backoff_factor (Pull #1436) - - * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) - - * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). - - * Add a server_hostname parameter to HTTPSConnection which allows for - overriding the SNI hostname sent in the handshake. (Pull #1397) - - * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) - - * Fixed bug where responses with header Content-Type: message/* erroneously - raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) - - * Move urllib3 to src/urllib3 (Pull #1409) - - - 1.23 (2018-06-04) - ----------------- - - * Allow providing a list of headers to strip from requests when redirecting - to a different host. Defaults to the ``Authorization`` header. Different - headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) - - * Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). - - * Dropped Python 3.3 support. (Pull #1242) - - * Put the connection back in the pool when calling stream() or read_chunked() on - a chunked HEAD response. (Issue #1234) - - * Fixed pyOpenSSL-specific ssl client authentication issue when clients - attempted to auth via certificate + chain (Issue #1060) - - * Add the port to the connectionpool connect print (Pull #1251) - - * Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) - - * ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) - - * Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) - - * Added support for auth info in url for SOCKS proxy (Pull #1363) - - - 1.22 (2017-07-20) - ----------------- - - * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via - IPv6 proxy. (Issue #1222) - - * Made the connection pool retry on ``SSLError``. The original ``SSLError`` - is available on ``MaxRetryError.reason``. (Issue #1112) - - * Drain and release connection before recursing on retry/redirect. Fixes - deadlocks with a blocking connectionpool. (Issue #1167) - - * Fixed compatibility for cookiejar. (Issue #1229) - - * pyopenssl: Use vendored version of ``six``. (Issue #1231) - - - 1.21.1 (2017-05-02) - ------------------- - - * Fixed SecureTransport issue that would cause long delays in response body - delivery. (Pull #1154) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``socket_options`` flag to the ``PoolManager``. (Issue #1165) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. - (Pull #1157) - - - 1.21 (2017-04-25) - ----------------- - - * Improved performance of certain selector system calls on Python 3.5 and - later. (Pull #1095) - - * Resolved issue where the PyOpenSSL backend would not wrap SysCallError - exceptions appropriately when sending data. (Pull #1125) - - * Selectors now detects a monkey-patched select module after import for modules - that patch the select module like eventlet, greenlet. (Pull #1128) - - * Reduced memory consumption when streaming zlib-compressed responses - (as opposed to raw deflate streams). (Pull #1129) - - * Connection pools now use the entire request context when constructing the - pool key. (Pull #1016) - - * ``PoolManager.connection_from_*`` methods now accept a new keyword argument, - ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. - (Pull #1016) - - * Add retry counter for ``status_forcelist``. (Issue #1147) - - * Added ``contrib`` module for using SecureTransport on macOS: - ``urllib3.contrib.securetransport``. (Pull #1122) - - * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: - for schemes it does not recognise, it assumes they are case-sensitive and - leaves them unchanged. - (Issue #1080) - - - 1.20 (2017-01-19) - ----------------- - - * Added support for waiting for I/O using selectors other than select, - improving urllib3's behaviour with large numbers of concurrent connections. - (Pull #1001) - - * Updated the date for the system clock check. (Issue #1005) - - * ConnectionPools now correctly consider hostnames to be case-insensitive. - (Issue #1032) - - * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Pull #1063) - - * Outdated versions of cryptography now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Issue #1044) - - * Automatically attempt to rewind a file-like body object when a request is - retried or redirected. (Pull #1039) - - * Fix some bugs that occur when modules incautiously patch the queue module. - (Pull #1061) - - * Prevent retries from occurring on read timeouts for which the request method - was not in the method whitelist. (Issue #1059) - - * Changed the PyOpenSSL contrib module to lazily load idna to avoid - unnecessarily bloating the memory of programs that don't need it. (Pull - #1076) - - * Add support for IPv6 literals with zone identifiers. (Pull #1013) - - * Added support for socks5h:// and socks4a:// schemes when working with SOCKS - proxies, and controlled remote DNS appropriately. (Issue #1035) - - - 1.19.1 (2016-11-16) - ------------------- - - * Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) - - - 1.19 (2016-11-03) - ----------------- - - * urllib3 now respects Retry-After headers on 413, 429, and 503 responses when - using the default retry logic. (Pull #955) - - * Remove markers from setup.py to assist ancient setuptools versions. (Issue - #986) - - * Disallow superscripts and other integerish things in URL ports. (Issue #989) - - * Allow urllib3's HTTPResponse.stream() method to continue to work with - non-httplib underlying FPs. (Pull #990) - - * Empty filenames in multipart headers are now emitted as such, rather than - being suppressed. (Issue #1015) - - * Prefer user-supplied Host headers on chunked uploads. (Issue #1009) - - - 1.18.1 (2016-10-27) - ------------------- - - * CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with - PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This - release fixes a vulnerability whereby urllib3 in the above configuration - would silently fail to validate TLS certificates due to erroneously setting - invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous - flags do not cause a problem in OpenSSL versions before 1.1.0, which - interprets the presence of any flag as requesting certificate validation. - - There is no PR for this patch, as it was prepared for simultaneous disclosure - and release. The master branch received the same fix in Pull #1010. - - - 1.18 (2016-09-26) - ----------------- - - * Fixed incorrect message for IncompleteRead exception. (Pull #973) - - * Accept ``iPAddress`` subject alternative name fields in TLS certificates. - (Issue #258) - - * Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. - (Issue #977) - - * Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) - - - 1.17 (2016-09-06) - ----------------- - - * Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) - - * ConnectionPool debug log now includes scheme, host, and port. (Issue #897) - - * Substantially refactored documentation. (Issue #887) - - * Used URLFetch default timeout on AppEngine, rather than hardcoding our own. - (Issue #858) - - * Normalize the scheme and host in the URL parser (Issue #833) - - * ``HTTPResponse`` contains the last ``Retry`` object, which now also - contains retries history. (Issue #848) - - * Timeout can no longer be set as boolean, and must be greater than zero. - (Pull #924) - - * Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We - now use cryptography and idna, both of which are already dependencies of - PyOpenSSL. (Pull #930) - - * Fixed infinite loop in ``stream`` when amt=None. (Issue #928) - - * Try to use the operating system's certificates when we are using an - ``SSLContext``. (Pull #941) - - * Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to - ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) - - * Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) - - * Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) - - * Implemented ``length_remaining`` to determine remaining content - to be read. (Pull #949) - - * Implemented ``enforce_content_length`` to enable exceptions when - incomplete data chunks are received. (Pull #949) - - * Dropped connection start, dropped connection reset, redirect, forced retry, - and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) - - - 1.16 (2016-06-11) - ----------------- - - * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) - - * Provide ``key_fn_by_scheme`` pool keying mechanism that can be - overridden. (Issue #830) - - * Normalize scheme and host to lowercase for pool keys, and include - ``source_address``. (Issue #830) - - * Cleaner exception chain in Python 3 for ``_make_request``. - (Issue #861) - - * Fixed installing ``urllib3[socks]`` extra. (Issue #864) - - * Fixed signature of ``ConnectionPool.close`` so it can actually safely be - called by subclasses. (Issue #873) - - * Retain ``release_conn`` state across retries. (Issues #651, #866) - - * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to - ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) - - - 1.15.1 (2016-04-11) - ------------------- - - * Fix packaging to include backports module. (Issue #841) - - - 1.15 (2016-04-06) - ----------------- - - * Added Retry(raise_on_status=False). (Issue #720) - - * Always use setuptools, no more distutils fallback. (Issue #785) - - * Dropped support for Python 3.2. (Issue #786) - - * Chunked transfer encoding when requesting with ``chunked=True``. - (Issue #790) - - * Fixed regression with IPv6 port parsing. (Issue #801) - - * Append SNIMissingWarning messages to allow users to specify it in - the PYTHONWARNINGS environment variable. (Issue #816) - - * Handle unicode headers in Py2. (Issue #818) - - * Log certificate when there is a hostname mismatch. (Issue #820) - - * Preserve order of request/response headers. (Issue #821) - - - 1.14 (2015-12-29) - ----------------- - - * contrib: SOCKS proxy support! (Issue #762) - - * Fixed AppEngine handling of transfer-encoding header and bug - in Timeout defaults checking. (Issue #763) - - - 1.13.1 (2015-12-18) - ------------------- - - * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) - - - 1.13 (2015-12-14) - ----------------- - - * Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) - - * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) - - * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) - - * Close connections more defensively on exception. (Issue #734) - - * Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without - repeatedly flushing the decoder, to function better on Jython. (Issue #743) - - * Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) - - - 1.12 (2015-09-03) - ----------------- - - * Rely on ``six`` for importing ``httplib`` to work around - conflicts with other Python 3 shims. (Issue #688) - - * Add support for directories of certificate authorities, as supported by - OpenSSL. (Issue #701) - - * New exception: ``NewConnectionError``, raised when we fail to establish - a new connection, usually ``ECONNREFUSED`` socket error. - - - 1.11 (2015-07-21) - ----------------- - - * When ``ca_certs`` is given, ``cert_reqs`` defaults to - ``'CERT_REQUIRED'``. (Issue #650) - - * ``pip install urllib3[secure]`` will install Certifi and - PyOpenSSL as dependencies. (Issue #678) - - * Made ``HTTPHeaderDict`` usable as a ``headers`` input value - (Issues #632, #679) - - * Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ - which has an ``AppEngineManager`` for using ``URLFetch`` in a - Google AppEngine environment. (Issue #664) - - * Dev: Added test suite for AppEngine. (Issue #631) - - * Fix performance regression when using PyOpenSSL. (Issue #626) - - * Passing incorrect scheme (e.g. ``foo://``) will raise - ``ValueError`` instead of ``AssertionError`` (backwards - compatible for now, but please migrate). (Issue #640) - - * Fix pools not getting replenished when an error occurs during a - request using ``release_conn=False``. (Issue #644) - - * Fix pool-default headers not applying for url-encoded requests - like GET. (Issue #657) - - * log.warning in Python 3 when headers are skipped due to parsing - errors. (Issue #642) - - * Close and discard connections if an error occurs during read. - (Issue #660) - - * Fix host parsing for IPv6 proxies. (Issue #668) - - * Separate warning type SubjectAltNameWarning, now issued once - per host. (Issue #671) - - * Fix ``httplib.IncompleteRead`` not getting converted to - ``ProtocolError`` when using ``HTTPResponse.stream()`` - (Issue #674) - - 1.10.4 (2015-05-03) - ------------------- - - * Migrate tests to Tornado 4. (Issue #594) - - * Append default warning configuration rather than overwrite. - (Issue #603) - - * Fix streaming decoding regression. (Issue #595) - - * Fix chunked requests losing state across keep-alive connections. - (Issue #599) - - * Fix hanging when chunked HEAD response has no body. (Issue #605) - - - 1.10.3 (2015-04-21) - ------------------- - - * Emit ``InsecurePlatformWarning`` when SSLContext object is missing. - (Issue #558) - - * Fix regression of duplicate header keys being discarded. - (Issue #563) - - * ``Response.stream()`` returns a generator for chunked responses. - (Issue #560) - - * Set upper-bound timeout when waiting for a socket in PyOpenSSL. - (Issue #585) - - * Work on platforms without `ssl` module for plain HTTP requests. - (Issue #587) - - * Stop relying on the stdlib's default cipher list. (Issue #588) - - - 1.10.2 (2015-02-25) - ------------------- - - * Fix file descriptor leakage on retries. (Issue #548) - - * Removed RC4 from default cipher list. (Issue #551) - - * Header performance improvements. (Issue #544) - - * Fix PoolManager not obeying redirect retry settings. (Issue #553) - - - 1.10.1 (2015-02-10) - ------------------- - - * Pools can be used as context managers. (Issue #545) - - * Don't re-use connections which experienced an SSLError. (Issue #529) - - * Don't fail when gzip decoding an empty stream. (Issue #535) - - * Add sha256 support for fingerprint verification. (Issue #540) - - * Fixed handling of header values containing commas. (Issue #533) - - - 1.10 (2014-12-14) - ----------------- - - * Disabled SSLv3. (Issue #473) - - * Add ``Url.url`` property to return the composed url string. (Issue #394) - - * Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) - - * ``MaxRetryError.reason`` will always be an exception, not string. - (Issue #481) - - * Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) - - * Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) - - * Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. - (Issue #496) - - * Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. - (Issue #499) - - * Close and discard sockets which experienced SSL-related errors. - (Issue #501) - - * Handle ``body`` param in ``.request(...)``. (Issue #513) - - * Respect timeout with HTTPS proxy. (Issue #505) - - * PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) - - - 1.9.1 (2014-09-13) - ------------------ - - * Apply socket arguments before binding. (Issue #427) - - * More careful checks if fp-like object is closed. (Issue #435) - - * Fixed packaging issues of some development-related files not - getting included. (Issue #440) - - * Allow performing *only* fingerprint verification. (Issue #444) - - * Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) - - * Fixed PyOpenSSL compatibility with PyPy. (Issue #450) - - * Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. - (Issue #443) - - - - 1.9 (2014-07-04) - ---------------- - - * Shuffled around development-related files. If you're maintaining a distro - package of urllib3, you may need to tweak things. (Issue #415) - - * Unverified HTTPS requests will trigger a warning on the first request. See - our new `security documentation - <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. - (Issue #426) - - * New retry logic and ``urllib3.util.retry.Retry`` configuration object. - (Issue #326) - - * All raised exceptions should now wrapped in a - ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) - - * All errors during a retry-enabled request should be wrapped in - ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions - which were previously exempt. Underlying error is accessible from the - ``.reason`` property. (Issue #326) - - * ``urllib3.exceptions.ConnectionError`` renamed to - ``urllib3.exceptions.ProtocolError``. (Issue #326) - - * Errors during response read (such as IncompleteRead) are now wrapped in - ``urllib3.exceptions.ProtocolError``. (Issue #418) - - * Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. - (Issue #417) - - * Catch read timeouts over SSL connections as - ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) - - * Apply socket arguments before connecting. (Issue #427) - - - 1.8.3 (2014-06-23) - ------------------ - - * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) - - * Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) - - * Wrap ``socket.timeout`` exception with - ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) - - * Fixed proxy-related bug where connections were being reused incorrectly. - (Issues #366, #369) - - * Added ``socket_options`` keyword parameter which allows to define - ``setsockopt`` configuration of new sockets. (Issue #397) - - * Removed ``HTTPConnection.tcp_nodelay`` in favor of - ``HTTPConnection.default_socket_options``. (Issue #397) - - * Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) - - - 1.8.2 (2014-04-17) - ------------------ - - * Fix ``urllib3.util`` not being included in the package. - - - 1.8.1 (2014-04-17) - ------------------ - - * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) - - * Don't install ``dummyserver`` into ``site-packages`` as it's only needed - for the test suite. (Issue #362) - - * Added support for specifying ``source_address``. (Issue #352) - - - 1.8 (2014-03-04) - ---------------- - - * Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in - username, and blank ports like 'hostname:'). - - * New ``urllib3.connection`` module which contains all the HTTPConnection - objects. - - * Several ``urllib3.util.Timeout``-related fixes. Also changed constructor - signature to a more sensible order. [Backwards incompatible] - (Issues #252, #262, #263) - - * Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) - - * Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which - returns the number of bytes read so far. (Issue #277) - - * Support for platforms without threading. (Issue #289) - - * Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` - to allow a pool with no specified port to be considered equal to to an - HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) - - * Improved default SSL/TLS settings to avoid vulnerabilities. - (Issue #309) - - * Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. - (Issue #310) - - * Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests - will send the entire HTTP request ~200 milliseconds faster; however, some of - the resulting TCP packets will be smaller. (Issue #254) - - * Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` - from the default 64 to 1024 in a single certificate. (Issue #318) - - * Headers are now passed and stored as a custom - ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. - (Issue #329, #333) - - * Headers no longer lose their case on Python 3. (Issue #236) - - * ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA - certificates on inject. (Issue #332) - - * Requests with ``retries=False`` will immediately raise any exceptions without - wrapping them in ``MaxRetryError``. (Issue #348) - - * Fixed open socket leak with SSL-related failures. (Issue #344, #348) - - - 1.7.1 (2013-09-25) - ------------------ - - * Added granular timeout support with new ``urllib3.util.Timeout`` class. - (Issue #231) - - * Fixed Python 3.4 support. (Issue #238) - - - 1.7 (2013-08-14) - ---------------- - - * More exceptions are now pickle-able, with tests. (Issue #174) - - * Fixed redirecting with relative URLs in Location header. (Issue #178) - - * Support for relative urls in ``Location: ...`` header. (Issue #179) - - * ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus - file-like functionality. (Issue #187) - - * Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will - skip hostname verification for SSL connections. (Issue #194) - - * New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a - generator wrapped around ``.read(...)``. (Issue #198) - - * IPv6 url parsing enforces brackets around the hostname. (Issue #199) - - * Fixed thread race condition in - ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) - - * ``ProxyManager`` requests now include non-default port in ``Host: ...`` - header. (Issue #217) - - * Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) - - * New ``RequestField`` object can be passed to the ``fields=...`` param which - can specify headers. (Issue #220) - - * Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. - (Issue #221) - - * Use international headers when posting file names. (Issue #119) - - * Improved IPv6 support. (Issue #203) - - - 1.6 (2013-04-25) - ---------------- - - * Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) - - * ``ProxyManager`` automatically adds ``Host: ...`` header if not given. - - * Improved SSL-related code. ``cert_req`` now optionally takes a string like - "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" - The string values reflect the suffix of the respective constant variable. - (Issue #130) - - * Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly - closed proxy connections and larger read buffers. (Issue #135) - - * Ensure the connection is closed if no data is received, fixes connection leak - on some platforms. (Issue #133) - - * Added SNI support for SSL/TLS connections on Py32+. (Issue #89) - - * Tests fixed to be compatible with Py26 again. (Issue #125) - - * Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant - to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) - - * Allow an explicit content type to be specified when encoding file fields. - (Issue #126) - - * Exceptions are now pickleable, with tests. (Issue #101) - - * Fixed default headers not getting passed in some cases. (Issue #99) - - * Treat "content-encoding" header value as case-insensitive, per RFC 2616 - Section 3.5. (Issue #110) - - * "Connection Refused" SocketErrors will get retried rather than raised. - (Issue #92) - - * Updated vendored ``six``, no longer overrides the global ``six`` module - namespace. (Issue #113) - - * ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding - the exception that prompted the final retry. If ``reason is None`` then it - was due to a redirect. (Issue #92, #114) - - * Fixed ``PoolManager.urlopen()`` from not redirecting more than once. - (Issue #149) - - * Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters - that are not files. (Issue #111) - - * Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) - - * Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or - against an arbitrary hostname (when connecting by IP or for misconfigured - servers). (Issue #140) - - * Streaming decompression support. (Issue #159) - - - 1.5 (2012-08-02) - ---------------- - - * Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug - logging in urllib3. - - * Native full URL parsing (including auth, path, query, fragment) available in - ``urllib3.util.parse_url(url)``. - - * Built-in redirect will switch method to 'GET' if status code is 303. - (Issue #11) - - * ``urllib3.PoolManager`` strips the scheme and host before sending the request - uri. (Issue #8) - - * New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, - based on the Content-Type header, fails. - - * Fixed bug with pool depletion and leaking connections (Issue #76). Added - explicit connection closing on pool eviction. Added - ``urllib3.PoolManager.clear()``. - - * 99% -> 100% unit test coverage. - - - 1.4 (2012-06-16) - ---------------- - - * Minor AppEngine-related fixes. - - * Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. - - * Improved url parsing. (Issue #73) - - * IPv6 url support. (Issue #72) - - - 1.3 (2012-03-25) - ---------------- - - * Removed pre-1.0 deprecated API. - - * Refactored helpers into a ``urllib3.util`` submodule. - - * Fixed multipart encoding to support list-of-tuples for keys with multiple - values. (Issue #48) - - * Fixed multiple Set-Cookie headers in response not getting merged properly in - Python 3. (Issue #53) - - * AppEngine support with Py27. (Issue #61) - - * Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs - bytes. - - - 1.2.2 (2012-02-06) - ------------------ - - * Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) - - - 1.2.1 (2012-02-05) - ------------------ - - * Fixed another bug related to when ``ssl`` module is not available. (Issue #41) - - * Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` - which inherits from ``ValueError``. - - - 1.2 (2012-01-29) - ---------------- - - * Added Python 3 support (tested on 3.2.2) - - * Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) - - * Use ``select.poll`` instead of ``select.select`` for platforms that support - it. - - * Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive - connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. - - * Fixed ``ImportError`` during install when ``ssl`` module is not available. - (Issue #41) - - * Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not - completing properly. (Issue #28, uncovered by Issue #10 in v1.1) - - * Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + - ``eventlet``. Removed extraneous unsupported dummyserver testing backends. - Added socket-level tests. - - * More tests. Achievement Unlocked: 99% Coverage. - - - 1.1 (2012-01-07) - ---------------- - - * Refactored ``dummyserver`` to its own root namespace module (used for - testing). - - * Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in - Py32's ``ssl_match_hostname``. (Issue #25) - - * Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) - - * Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue - #27) - - * Fixed timeout-related bugs. (Issues #17, #23) - - - 1.0.2 (2011-11-04) - ------------------ - - * Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if - you're using the object manually. (Thanks pyos) - - * Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by - wrapping the access log in a mutex. (Thanks @christer) - - * Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and - ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. - - - 1.0.1 (2011-10-10) - ------------------ - - * Fixed a bug where the same connection would get returned into the pool twice, - causing extraneous "HttpConnectionPool is full" log warnings. - - - 1.0 (2011-10-08) - ---------------- - - * Added ``PoolManager`` with LRU expiration of connections (tested and - documented). - * Added ``ProxyManager`` (needs tests, docs, and confirmation that it works - with HTTPS proxies). - * Added optional partial-read support for responses when - ``preload_content=False``. You can now make requests and just read the headers - without loading the content. - * Made response decoding optional (default on, same as before). - * Added optional explicit boundary string for ``encode_multipart_formdata``. - * Convenience request methods are now inherited from ``RequestMethods``. Old - helpers like ``get_url`` and ``post_url`` should be abandoned in favour of - the new ``request(method, url, ...)``. - * Refactored code to be even more decoupled, reusable, and extendable. - * License header added to ``.py`` files. - * Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code - and docs in ``docs/`` and on https://urllib3.readthedocs.io/. - * Embettered all the things! - * Started writing this file. - - - 0.4.1 (2011-07-17) - ------------------ - - * Minor bug fixes, code cleanup. - - - 0.4 (2011-03-01) - ---------------- - - * Better unicode support. - * Added ``VerifiedHTTPSConnection``. - * Added ``NTLMConnectionPool`` in contrib. - * Minor improvements. - - - 0.3.1 (2010-07-13) - ------------------ - - * Added ``assert_host_name`` optional parameter. Now compatible with proxies. - - - 0.3 (2009-12-10) - ---------------- - - * Added HTTPS support. - * Minor bug fixes. - * Refactored, broken backwards compatibility with 0.2. - * API to be treated as stable from this version forward. - - - 0.2 (2008-11-17) - ---------------- - - * Added unit tests. - * Bug fixes. - - - 0.1 (2008-11-16) - ---------------- - - * First release. - Keywords: urllib httplib threadsafe filepost http https ssl pooling Platform: UNKNOWN Classifier: Environment :: Web Environment @@ -1355,3 +33,1337 @@ Provides-Extra: brotli Provides-Extra: secure Provides-Extra: socks +License-File: LICENSE.txt + + +urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the +Python ecosystem already uses urllib3 and you should too. +urllib3 brings many critical features that are missing from the Python +standard libraries: + +- Thread safety. +- Connection pooling. +- Client-side SSL/TLS verification. +- File uploads with multipart encoding. +- Helpers for retrying requests and dealing with HTTP redirects. +- Support for gzip, deflate, and brotli encoding. +- Proxy support for HTTP and SOCKS. +- 100% test coverage. + +urllib3 is powerful and easy to use: + +.. code-block:: python + + >>> import urllib3 + >>> http = urllib3.PoolManager() + >>> r = http.request('GET', 'http://httpbin.org/robots.txt') + >>> r.status + 200 + >>> r.data + 'User-agent: *\nDisallow: /deny\n' + + +Installing +---------- + +urllib3 can be installed with `pip <https://pip.pypa.io>`_:: + + $ python -m pip install urllib3 + +Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: + + $ git clone git://github.com/urllib3/urllib3.git + $ python setup.py install + + +Documentation +------------- + +urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. + + +Contributing +------------ + +urllib3 happily accepts contributions. Please see our +`contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ +for some tips on getting started. + + +Security Disclosures +-------------------- + +To report a security vulnerability, please use the +`Tidelift security contact <https://tidelift.com/security>`_. +Tidelift will coordinate the fix and disclosure with maintainers. + + +Maintainers +----------- + +- `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) +- `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) +- `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) +- `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) +- `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) +- `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) +- `@shazow <https://github.com/shazow>`__ (Andrey Petrov) + +👋 + + +Sponsorship +----------- + +If your company benefits from this library, please consider `sponsoring its +development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. + + +For Enterprise +-------------- + +.. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png + :width: 75 + :alt: Tidelift + +.. list-table:: + :widths: 10 100 + + * - |tideliftlogo| + - Professional support for urllib3 is available as part of the `Tidelift + Subscription`_. Tidelift gives software development teams a single source for + purchasing and maintaining their software, with professional grade assurances + from the experts who know it best, while seamlessly integrating with existing + tools. + +.. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme + + +Changes +======= + +1.26.5 (2021-05-26) +------------------- + +* Fixed deprecation warnings emitted in Python 3.10. +* Updated vendored ``six`` library to 1.16.0. +* Improved performance of URL parser when splitting + the authority component. + + +1.26.4 (2021-03-15) +------------------- + +* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy + during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. + + +1.26.3 (2021-01-26) +------------------- + +* Fixed bytes and string comparison issue with headers (Pull #2141) + +* Changed ``ProxySchemeUnknown`` error message to be + more actionable if the user supplies a proxy URL without + a scheme. (Pull #2107) + + +1.26.2 (2020-11-12) +------------------- + +* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't + be imported properly on Python 2.7.8 and earlier (Pull #2052) + + +1.26.1 (2020-11-11) +------------------- + +* Fixed an issue where two ``User-Agent`` headers would be sent if a + ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) + + +1.26.0 (2020-11-10) +------------------- + +* **NOTE: urllib3 v2.0 will drop support for Python 2**. + `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. + +* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) + +* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that + still wish to use TLS earlier than 1.2 without a deprecation warning + should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) + **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** + +* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` + and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, + ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` + (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** + +* Added default ``User-Agent`` header to every request (Pull #1750) + +* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, + and ``Host`` headers from being automatically emitted with requests (Pull #2018) + +* Collapse ``transfer-encoding: chunked`` request data and framing into + the same ``socket.send()`` call (Pull #1906) + +* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) + +* Properly terminate SecureTransport connections when CA verification fails (Pull #1977) + +* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` + to SecureTransport (Pull #1903) + +* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) + +* Suppress ``BrokenPipeError`` when writing request body after the server + has closed the socket (Pull #1524) + +* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") + into an ``urllib3.exceptions.SSLError`` (Pull #1939) + + +1.25.11 (2020-10-19) +-------------------- + +* Fix retry backoff time parsed from ``Retry-After`` header when given + in the HTTP date format. The HTTP date was parsed as the local timezone + rather than accounting for the timezone in the HTTP date (typically + UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) + +* Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` + environment variable was set to the empty string. Now ``SSLContext.keylog_file`` + is not set in this situation (Pull #2016) + + +1.25.10 (2020-07-22) +-------------------- + +* Added support for ``SSLKEYLOGFILE`` environment variable for + logging TLS session keys with use with programs like + Wireshark for decrypting captured web traffic (Pull #1867) + +* Fixed loading of SecureTransport libraries on macOS Big Sur + due to the new dynamic linker cache (Pull #1905) + +* Collapse chunked request bodies data and framing into one + call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) + +* Don't insert ``None`` into ``ConnectionPool`` if the pool + was empty when requesting a connection (Pull #1866) + +* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) + + +1.25.9 (2020-04-16) +------------------- + +* Added ``InvalidProxyConfigurationWarning`` which is raised when + erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently + support connecting to HTTPS proxies but will soon be able to + and we would like users to migrate properly without much breakage. + + See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ + for more information on how to fix your proxy config. (Pull #1851) + +* Drain connection after ``PoolManager`` redirect (Pull #1817) + +* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) + +* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) + +* Allow the CA certificate data to be passed as a string (Pull #1804) + +* Raise ``ValueError`` if method contains control characters (Pull #1800) + +* Add ``__repr__`` to ``Timeout`` (Pull #1795) + + +1.25.8 (2020-01-20) +------------------- + +* Drop support for EOL Python 3.4 (Pull #1774) + +* Optimize _encode_invalid_chars (Pull #1787) + + +1.25.7 (2019-11-11) +------------------- + +* Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) + +* Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) + +* Fix issue where URL fragment was sent within the request target. (Pull #1732) + +* Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) + +* Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) + + +1.25.6 (2019-09-24) +------------------- + +* Fix issue where tilde (``~``) characters were incorrectly + percent-encoded in the path. (Pull #1692) + + +1.25.5 (2019-09-19) +------------------- + +* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which + caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. + (Issue #1682) + + +1.25.4 (2019-09-19) +------------------- + +* Propagate Retry-After header settings to subsequent retries. (Pull #1607) + +* Fix edge case where Retry-After header was still respected even when + explicitly opted out of. (Pull #1607) + +* Remove dependency on ``rfc3986`` for URL parsing. + +* Fix issue where URLs containing invalid characters within ``Url.auth`` would + raise an exception instead of percent-encoding those characters. + +* Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses + work well with BufferedReaders and other ``io`` module features. (Pull #1652) + +* Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) + + +1.25.3 (2019-05-23) +------------------- + +* Change ``HTTPSConnection`` to load system CA certificates + when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are + unspecified. (Pull #1608, Issue #1603) + +* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) + + +1.25.2 (2019-04-28) +------------------- + +* Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) + +* Change ``parse_url`` to percent-encode invalid characters within the + path, query, and target components. (Pull #1586) + + +1.25.1 (2019-04-24) +------------------- + +* Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) + +* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) + + +1.25 (2019-04-22) +----------------- + +* Require and validate certificates by default when using HTTPS (Pull #1507) + +* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) + +* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use + encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) + +* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` + implementations. (Pull #1496) + +* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) + +* Fixed issue where OpenSSL would block if an encrypted client private key was + given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) + +* Added support for Brotli content encoding. It is enabled automatically if + ``brotlipy`` package is installed which can be requested with + ``urllib3[brotli]`` extra. (Pull #1532) + +* Drop ciphers using DSS key exchange from default TLS cipher suites. + Improve default ciphers when using SecureTransport. (Pull #1496) + +* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) + +1.24.3 (2019-05-01) +------------------- + +* Apply fix for CVE-2019-9740. (Pull #1591) + +1.24.2 (2019-04-17) +------------------- + +* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or + ``ssl_context`` parameters are specified. + +* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) + +* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) + + +1.24.1 (2018-11-02) +------------------- + +* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) + +* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) + + +1.24 (2018-10-16) +----------------- + +* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) + +* Test against Python 3.7 on AppVeyor. (Pull #1453) + +* Early-out ipv6 checks when running on App Engine. (Pull #1450) + +* Change ambiguous description of backoff_factor (Pull #1436) + +* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) + +* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). + +* Add a server_hostname parameter to HTTPSConnection which allows for + overriding the SNI hostname sent in the handshake. (Pull #1397) + +* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) + +* Fixed bug where responses with header Content-Type: message/* erroneously + raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) + +* Move urllib3 to src/urllib3 (Pull #1409) + + +1.23 (2018-06-04) +----------------- + +* Allow providing a list of headers to strip from requests when redirecting + to a different host. Defaults to the ``Authorization`` header. Different + headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) + +* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). + +* Dropped Python 3.3 support. (Pull #1242) + +* Put the connection back in the pool when calling stream() or read_chunked() on + a chunked HEAD response. (Issue #1234) + +* Fixed pyOpenSSL-specific ssl client authentication issue when clients + attempted to auth via certificate + chain (Issue #1060) + +* Add the port to the connectionpool connect print (Pull #1251) + +* Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) + +* ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) + +* Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) + +* Added support for auth info in url for SOCKS proxy (Pull #1363) + + +1.22 (2017-07-20) +----------------- + +* Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via + IPv6 proxy. (Issue #1222) + +* Made the connection pool retry on ``SSLError``. The original ``SSLError`` + is available on ``MaxRetryError.reason``. (Issue #1112) + +* Drain and release connection before recursing on retry/redirect. Fixes + deadlocks with a blocking connectionpool. (Issue #1167) + +* Fixed compatibility for cookiejar. (Issue #1229) + +* pyopenssl: Use vendored version of ``six``. (Issue #1231) + + +1.21.1 (2017-05-02) +------------------- + +* Fixed SecureTransport issue that would cause long delays in response body + delivery. (Pull #1154) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``socket_options`` flag to the ``PoolManager``. (Issue #1165) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. + (Pull #1157) + + +1.21 (2017-04-25) +----------------- + +* Improved performance of certain selector system calls on Python 3.5 and + later. (Pull #1095) + +* Resolved issue where the PyOpenSSL backend would not wrap SysCallError + exceptions appropriately when sending data. (Pull #1125) + +* Selectors now detects a monkey-patched select module after import for modules + that patch the select module like eventlet, greenlet. (Pull #1128) + +* Reduced memory consumption when streaming zlib-compressed responses + (as opposed to raw deflate streams). (Pull #1129) + +* Connection pools now use the entire request context when constructing the + pool key. (Pull #1016) + +* ``PoolManager.connection_from_*`` methods now accept a new keyword argument, + ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. + (Pull #1016) + +* Add retry counter for ``status_forcelist``. (Issue #1147) + +* Added ``contrib`` module for using SecureTransport on macOS: + ``urllib3.contrib.securetransport``. (Pull #1122) + +* urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: + for schemes it does not recognise, it assumes they are case-sensitive and + leaves them unchanged. + (Issue #1080) + + +1.20 (2017-01-19) +----------------- + +* Added support for waiting for I/O using selectors other than select, + improving urllib3's behaviour with large numbers of concurrent connections. + (Pull #1001) + +* Updated the date for the system clock check. (Issue #1005) + +* ConnectionPools now correctly consider hostnames to be case-insensitive. + (Issue #1032) + +* Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Pull #1063) + +* Outdated versions of cryptography now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Issue #1044) + +* Automatically attempt to rewind a file-like body object when a request is + retried or redirected. (Pull #1039) + +* Fix some bugs that occur when modules incautiously patch the queue module. + (Pull #1061) + +* Prevent retries from occurring on read timeouts for which the request method + was not in the method whitelist. (Issue #1059) + +* Changed the PyOpenSSL contrib module to lazily load idna to avoid + unnecessarily bloating the memory of programs that don't need it. (Pull + #1076) + +* Add support for IPv6 literals with zone identifiers. (Pull #1013) + +* Added support for socks5h:// and socks4a:// schemes when working with SOCKS + proxies, and controlled remote DNS appropriately. (Issue #1035) + + +1.19.1 (2016-11-16) +------------------- + +* Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) + + +1.19 (2016-11-03) +----------------- + +* urllib3 now respects Retry-After headers on 413, 429, and 503 responses when + using the default retry logic. (Pull #955) + +* Remove markers from setup.py to assist ancient setuptools versions. (Issue + #986) + +* Disallow superscripts and other integerish things in URL ports. (Issue #989) + +* Allow urllib3's HTTPResponse.stream() method to continue to work with + non-httplib underlying FPs. (Pull #990) + +* Empty filenames in multipart headers are now emitted as such, rather than + being suppressed. (Issue #1015) + +* Prefer user-supplied Host headers on chunked uploads. (Issue #1009) + + +1.18.1 (2016-10-27) +------------------- + +* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with + PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This + release fixes a vulnerability whereby urllib3 in the above configuration + would silently fail to validate TLS certificates due to erroneously setting + invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous + flags do not cause a problem in OpenSSL versions before 1.1.0, which + interprets the presence of any flag as requesting certificate validation. + + There is no PR for this patch, as it was prepared for simultaneous disclosure + and release. The master branch received the same fix in Pull #1010. + + +1.18 (2016-09-26) +----------------- + +* Fixed incorrect message for IncompleteRead exception. (Pull #973) + +* Accept ``iPAddress`` subject alternative name fields in TLS certificates. + (Issue #258) + +* Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. + (Issue #977) + +* Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) + + +1.17 (2016-09-06) +----------------- + +* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) + +* ConnectionPool debug log now includes scheme, host, and port. (Issue #897) + +* Substantially refactored documentation. (Issue #887) + +* Used URLFetch default timeout on AppEngine, rather than hardcoding our own. + (Issue #858) + +* Normalize the scheme and host in the URL parser (Issue #833) + +* ``HTTPResponse`` contains the last ``Retry`` object, which now also + contains retries history. (Issue #848) + +* Timeout can no longer be set as boolean, and must be greater than zero. + (Pull #924) + +* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We + now use cryptography and idna, both of which are already dependencies of + PyOpenSSL. (Pull #930) + +* Fixed infinite loop in ``stream`` when amt=None. (Issue #928) + +* Try to use the operating system's certificates when we are using an + ``SSLContext``. (Pull #941) + +* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to + ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) + +* Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) + +* Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) + +* Implemented ``length_remaining`` to determine remaining content + to be read. (Pull #949) + +* Implemented ``enforce_content_length`` to enable exceptions when + incomplete data chunks are received. (Pull #949) + +* Dropped connection start, dropped connection reset, redirect, forced retry, + and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) + + +1.16 (2016-06-11) +----------------- + +* Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) + +* Provide ``key_fn_by_scheme`` pool keying mechanism that can be + overridden. (Issue #830) + +* Normalize scheme and host to lowercase for pool keys, and include + ``source_address``. (Issue #830) + +* Cleaner exception chain in Python 3 for ``_make_request``. + (Issue #861) + +* Fixed installing ``urllib3[socks]`` extra. (Issue #864) + +* Fixed signature of ``ConnectionPool.close`` so it can actually safely be + called by subclasses. (Issue #873) + +* Retain ``release_conn`` state across retries. (Issues #651, #866) + +* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to + ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) + + +1.15.1 (2016-04-11) +------------------- + +* Fix packaging to include backports module. (Issue #841) + + +1.15 (2016-04-06) +----------------- + +* Added Retry(raise_on_status=False). (Issue #720) + +* Always use setuptools, no more distutils fallback. (Issue #785) + +* Dropped support for Python 3.2. (Issue #786) + +* Chunked transfer encoding when requesting with ``chunked=True``. + (Issue #790) + +* Fixed regression with IPv6 port parsing. (Issue #801) + +* Append SNIMissingWarning messages to allow users to specify it in + the PYTHONWARNINGS environment variable. (Issue #816) + +* Handle unicode headers in Py2. (Issue #818) + +* Log certificate when there is a hostname mismatch. (Issue #820) + +* Preserve order of request/response headers. (Issue #821) + + +1.14 (2015-12-29) +----------------- + +* contrib: SOCKS proxy support! (Issue #762) + +* Fixed AppEngine handling of transfer-encoding header and bug + in Timeout defaults checking. (Issue #763) + + +1.13.1 (2015-12-18) +------------------- + +* Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) + + +1.13 (2015-12-14) +----------------- + +* Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) + +* pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) + +* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) + +* Close connections more defensively on exception. (Issue #734) + +* Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without + repeatedly flushing the decoder, to function better on Jython. (Issue #743) + +* Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) + + +1.12 (2015-09-03) +----------------- + +* Rely on ``six`` for importing ``httplib`` to work around + conflicts with other Python 3 shims. (Issue #688) + +* Add support for directories of certificate authorities, as supported by + OpenSSL. (Issue #701) + +* New exception: ``NewConnectionError``, raised when we fail to establish + a new connection, usually ``ECONNREFUSED`` socket error. + + +1.11 (2015-07-21) +----------------- + +* When ``ca_certs`` is given, ``cert_reqs`` defaults to + ``'CERT_REQUIRED'``. (Issue #650) + +* ``pip install urllib3[secure]`` will install Certifi and + PyOpenSSL as dependencies. (Issue #678) + +* Made ``HTTPHeaderDict`` usable as a ``headers`` input value + (Issues #632, #679) + +* Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ + which has an ``AppEngineManager`` for using ``URLFetch`` in a + Google AppEngine environment. (Issue #664) + +* Dev: Added test suite for AppEngine. (Issue #631) + +* Fix performance regression when using PyOpenSSL. (Issue #626) + +* Passing incorrect scheme (e.g. ``foo://``) will raise + ``ValueError`` instead of ``AssertionError`` (backwards + compatible for now, but please migrate). (Issue #640) + +* Fix pools not getting replenished when an error occurs during a + request using ``release_conn=False``. (Issue #644) + +* Fix pool-default headers not applying for url-encoded requests + like GET. (Issue #657) + +* log.warning in Python 3 when headers are skipped due to parsing + errors. (Issue #642) + +* Close and discard connections if an error occurs during read. + (Issue #660) + +* Fix host parsing for IPv6 proxies. (Issue #668) + +* Separate warning type SubjectAltNameWarning, now issued once + per host. (Issue #671) + +* Fix ``httplib.IncompleteRead`` not getting converted to + ``ProtocolError`` when using ``HTTPResponse.stream()`` + (Issue #674) + +1.10.4 (2015-05-03) +------------------- + +* Migrate tests to Tornado 4. (Issue #594) + +* Append default warning configuration rather than overwrite. + (Issue #603) + +* Fix streaming decoding regression. (Issue #595) + +* Fix chunked requests losing state across keep-alive connections. + (Issue #599) + +* Fix hanging when chunked HEAD response has no body. (Issue #605) + + +1.10.3 (2015-04-21) +------------------- + +* Emit ``InsecurePlatformWarning`` when SSLContext object is missing. + (Issue #558) + +* Fix regression of duplicate header keys being discarded. + (Issue #563) + +* ``Response.stream()`` returns a generator for chunked responses. + (Issue #560) + +* Set upper-bound timeout when waiting for a socket in PyOpenSSL. + (Issue #585) + +* Work on platforms without `ssl` module for plain HTTP requests. + (Issue #587) + +* Stop relying on the stdlib's default cipher list. (Issue #588) + + +1.10.2 (2015-02-25) +------------------- + +* Fix file descriptor leakage on retries. (Issue #548) + +* Removed RC4 from default cipher list. (Issue #551) + +* Header performance improvements. (Issue #544) + +* Fix PoolManager not obeying redirect retry settings. (Issue #553) + + +1.10.1 (2015-02-10) +------------------- + +* Pools can be used as context managers. (Issue #545) + +* Don't re-use connections which experienced an SSLError. (Issue #529) + +* Don't fail when gzip decoding an empty stream. (Issue #535) + +* Add sha256 support for fingerprint verification. (Issue #540) + +* Fixed handling of header values containing commas. (Issue #533) + + +1.10 (2014-12-14) +----------------- + +* Disabled SSLv3. (Issue #473) + +* Add ``Url.url`` property to return the composed url string. (Issue #394) + +* Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) + +* ``MaxRetryError.reason`` will always be an exception, not string. + (Issue #481) + +* Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) + +* Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) + +* Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. + (Issue #496) + +* Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. + (Issue #499) + +* Close and discard sockets which experienced SSL-related errors. + (Issue #501) + +* Handle ``body`` param in ``.request(...)``. (Issue #513) + +* Respect timeout with HTTPS proxy. (Issue #505) + +* PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) + + +1.9.1 (2014-09-13) +------------------ + +* Apply socket arguments before binding. (Issue #427) + +* More careful checks if fp-like object is closed. (Issue #435) + +* Fixed packaging issues of some development-related files not + getting included. (Issue #440) + +* Allow performing *only* fingerprint verification. (Issue #444) + +* Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) + +* Fixed PyOpenSSL compatibility with PyPy. (Issue #450) + +* Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. + (Issue #443) + + + +1.9 (2014-07-04) +---------------- + +* Shuffled around development-related files. If you're maintaining a distro + package of urllib3, you may need to tweak things. (Issue #415) + +* Unverified HTTPS requests will trigger a warning on the first request. See + our new `security documentation + <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. + (Issue #426) + +* New retry logic and ``urllib3.util.retry.Retry`` configuration object. + (Issue #326) + +* All raised exceptions should now wrapped in a + ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) + +* All errors during a retry-enabled request should be wrapped in + ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions + which were previously exempt. Underlying error is accessible from the + ``.reason`` property. (Issue #326) + +* ``urllib3.exceptions.ConnectionError`` renamed to + ``urllib3.exceptions.ProtocolError``. (Issue #326) + +* Errors during response read (such as IncompleteRead) are now wrapped in + ``urllib3.exceptions.ProtocolError``. (Issue #418) + +* Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. + (Issue #417) + +* Catch read timeouts over SSL connections as + ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) + +* Apply socket arguments before connecting. (Issue #427) + + +1.8.3 (2014-06-23) +------------------ + +* Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) + +* Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) + +* Wrap ``socket.timeout`` exception with + ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) + +* Fixed proxy-related bug where connections were being reused incorrectly. + (Issues #366, #369) + +* Added ``socket_options`` keyword parameter which allows to define + ``setsockopt`` configuration of new sockets. (Issue #397) + +* Removed ``HTTPConnection.tcp_nodelay`` in favor of + ``HTTPConnection.default_socket_options``. (Issue #397) + +* Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) + + +1.8.2 (2014-04-17) +------------------ + +* Fix ``urllib3.util`` not being included in the package. + + +1.8.1 (2014-04-17) +------------------ + +* Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) + +* Don't install ``dummyserver`` into ``site-packages`` as it's only needed + for the test suite. (Issue #362) + +* Added support for specifying ``source_address``. (Issue #352) + + +1.8 (2014-03-04) +---------------- + +* Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in + username, and blank ports like 'hostname:'). + +* New ``urllib3.connection`` module which contains all the HTTPConnection + objects. + +* Several ``urllib3.util.Timeout``-related fixes. Also changed constructor + signature to a more sensible order. [Backwards incompatible] + (Issues #252, #262, #263) + +* Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) + +* Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which + returns the number of bytes read so far. (Issue #277) + +* Support for platforms without threading. (Issue #289) + +* Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` + to allow a pool with no specified port to be considered equal to to an + HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) + +* Improved default SSL/TLS settings to avoid vulnerabilities. + (Issue #309) + +* Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. + (Issue #310) + +* Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests + will send the entire HTTP request ~200 milliseconds faster; however, some of + the resulting TCP packets will be smaller. (Issue #254) + +* Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` + from the default 64 to 1024 in a single certificate. (Issue #318) + +* Headers are now passed and stored as a custom + ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. + (Issue #329, #333) + +* Headers no longer lose their case on Python 3. (Issue #236) + +* ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA + certificates on inject. (Issue #332) + +* Requests with ``retries=False`` will immediately raise any exceptions without + wrapping them in ``MaxRetryError``. (Issue #348) + +* Fixed open socket leak with SSL-related failures. (Issue #344, #348) + + +1.7.1 (2013-09-25) +------------------ + +* Added granular timeout support with new ``urllib3.util.Timeout`` class. + (Issue #231) + +* Fixed Python 3.4 support. (Issue #238) + + +1.7 (2013-08-14) +---------------- + +* More exceptions are now pickle-able, with tests. (Issue #174) + +* Fixed redirecting with relative URLs in Location header. (Issue #178) + +* Support for relative urls in ``Location: ...`` header. (Issue #179) + +* ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus + file-like functionality. (Issue #187) + +* Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will + skip hostname verification for SSL connections. (Issue #194) + +* New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a + generator wrapped around ``.read(...)``. (Issue #198) + +* IPv6 url parsing enforces brackets around the hostname. (Issue #199) + +* Fixed thread race condition in + ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) + +* ``ProxyManager`` requests now include non-default port in ``Host: ...`` + header. (Issue #217) + +* Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) + +* New ``RequestField`` object can be passed to the ``fields=...`` param which + can specify headers. (Issue #220) + +* Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. + (Issue #221) + +* Use international headers when posting file names. (Issue #119) + +* Improved IPv6 support. (Issue #203) + + +1.6 (2013-04-25) +---------------- + +* Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) + +* ``ProxyManager`` automatically adds ``Host: ...`` header if not given. + +* Improved SSL-related code. ``cert_req`` now optionally takes a string like + "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" + The string values reflect the suffix of the respective constant variable. + (Issue #130) + +* Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly + closed proxy connections and larger read buffers. (Issue #135) + +* Ensure the connection is closed if no data is received, fixes connection leak + on some platforms. (Issue #133) + +* Added SNI support for SSL/TLS connections on Py32+. (Issue #89) + +* Tests fixed to be compatible with Py26 again. (Issue #125) + +* Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant + to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) + +* Allow an explicit content type to be specified when encoding file fields. + (Issue #126) + +* Exceptions are now pickleable, with tests. (Issue #101) + +* Fixed default headers not getting passed in some cases. (Issue #99) + +* Treat "content-encoding" header value as case-insensitive, per RFC 2616 + Section 3.5. (Issue #110) + +* "Connection Refused" SocketErrors will get retried rather than raised. + (Issue #92) + +* Updated vendored ``six``, no longer overrides the global ``six`` module + namespace. (Issue #113) + +* ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding + the exception that prompted the final retry. If ``reason is None`` then it + was due to a redirect. (Issue #92, #114) + +* Fixed ``PoolManager.urlopen()`` from not redirecting more than once. + (Issue #149) + +* Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters + that are not files. (Issue #111) + +* Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) + +* Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or + against an arbitrary hostname (when connecting by IP or for misconfigured + servers). (Issue #140) + +* Streaming decompression support. (Issue #159) + + +1.5 (2012-08-02) +---------------- + +* Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug + logging in urllib3. + +* Native full URL parsing (including auth, path, query, fragment) available in + ``urllib3.util.parse_url(url)``. + +* Built-in redirect will switch method to 'GET' if status code is 303. + (Issue #11) + +* ``urllib3.PoolManager`` strips the scheme and host before sending the request + uri. (Issue #8) + +* New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, + based on the Content-Type header, fails. + +* Fixed bug with pool depletion and leaking connections (Issue #76). Added + explicit connection closing on pool eviction. Added + ``urllib3.PoolManager.clear()``. + +* 99% -> 100% unit test coverage. + + +1.4 (2012-06-16) +---------------- + +* Minor AppEngine-related fixes. + +* Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. + +* Improved url parsing. (Issue #73) + +* IPv6 url support. (Issue #72) + + +1.3 (2012-03-25) +---------------- + +* Removed pre-1.0 deprecated API. + +* Refactored helpers into a ``urllib3.util`` submodule. + +* Fixed multipart encoding to support list-of-tuples for keys with multiple + values. (Issue #48) + +* Fixed multiple Set-Cookie headers in response not getting merged properly in + Python 3. (Issue #53) + +* AppEngine support with Py27. (Issue #61) + +* Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs + bytes. + + +1.2.2 (2012-02-06) +------------------ + +* Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) + + +1.2.1 (2012-02-05) +------------------ + +* Fixed another bug related to when ``ssl`` module is not available. (Issue #41) + +* Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` + which inherits from ``ValueError``. + + +1.2 (2012-01-29) +---------------- + +* Added Python 3 support (tested on 3.2.2) + +* Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) + +* Use ``select.poll`` instead of ``select.select`` for platforms that support + it. + +* Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive + connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. + +* Fixed ``ImportError`` during install when ``ssl`` module is not available. + (Issue #41) + +* Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not + completing properly. (Issue #28, uncovered by Issue #10 in v1.1) + +* Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + + ``eventlet``. Removed extraneous unsupported dummyserver testing backends. + Added socket-level tests. + +* More tests. Achievement Unlocked: 99% Coverage. + + +1.1 (2012-01-07) +---------------- + +* Refactored ``dummyserver`` to its own root namespace module (used for + testing). + +* Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in + Py32's ``ssl_match_hostname``. (Issue #25) + +* Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) + +* Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue + #27) + +* Fixed timeout-related bugs. (Issues #17, #23) + + +1.0.2 (2011-11-04) +------------------ + +* Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if + you're using the object manually. (Thanks pyos) + +* Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by + wrapping the access log in a mutex. (Thanks @christer) + +* Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and + ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. + + +1.0.1 (2011-10-10) +------------------ + +* Fixed a bug where the same connection would get returned into the pool twice, + causing extraneous "HttpConnectionPool is full" log warnings. + + +1.0 (2011-10-08) +---------------- + +* Added ``PoolManager`` with LRU expiration of connections (tested and + documented). +* Added ``ProxyManager`` (needs tests, docs, and confirmation that it works + with HTTPS proxies). +* Added optional partial-read support for responses when + ``preload_content=False``. You can now make requests and just read the headers + without loading the content. +* Made response decoding optional (default on, same as before). +* Added optional explicit boundary string for ``encode_multipart_formdata``. +* Convenience request methods are now inherited from ``RequestMethods``. Old + helpers like ``get_url`` and ``post_url`` should be abandoned in favour of + the new ``request(method, url, ...)``. +* Refactored code to be even more decoupled, reusable, and extendable. +* License header added to ``.py`` files. +* Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code + and docs in ``docs/`` and on https://urllib3.readthedocs.io/. +* Embettered all the things! +* Started writing this file. + + +0.4.1 (2011-07-17) +------------------ + +* Minor bug fixes, code cleanup. + + +0.4 (2011-03-01) +---------------- + +* Better unicode support. +* Added ``VerifiedHTTPSConnection``. +* Added ``NTLMConnectionPool`` in contrib. +* Minor improvements. + + +0.3.1 (2010-07-13) +------------------ + +* Added ``assert_host_name`` optional parameter. Now compatible with proxies. + + +0.3 (2009-12-10) +---------------- + +* Added HTTPS support. +* Minor bug fixes. +* Refactored, broken backwards compatibility with 0.2. +* API to be treated as stable from this version forward. + + +0.2 (2008-11-17) +---------------- + +* Added unit tests. +* Bug fixes. + + +0.1 (2008-11-16) +---------------- + +* First release. + + diff -Nru python-urllib3-1.26.4/src/urllib3/connectionpool.py python-urllib3-1.26.5/src/urllib3/connectionpool.py --- python-urllib3-1.26.4/src/urllib3/connectionpool.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/connectionpool.py 2021-05-26 19:01:29.000000000 +0200 @@ -318,7 +318,7 @@ pass def _get_timeout(self, timeout): - """ Helper that always returns a :class:`urllib3.util.Timeout` """ + """Helper that always returns a :class:`urllib3.util.Timeout`""" if timeout is _Default: return self.timeout.clone() diff -Nru python-urllib3-1.26.4/src/urllib3/connection.py python-urllib3-1.26.5/src/urllib3/connection.py --- python-urllib3-1.26.4/src/urllib3/connection.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/connection.py 2021-05-26 19:01:29.000000000 +0200 @@ -201,7 +201,7 @@ self._prepare_conn(conn) def putrequest(self, method, url, *args, **kwargs): - """""" + """ """ # Empty docstring because the indentation of CPython's implementation # is broken but we don't want this method in our documentation. match = _CONTAINS_CONTROL_CHAR_RE.search(method) @@ -214,7 +214,7 @@ return _HTTPConnection.putrequest(self, method, url, *args, **kwargs) def putheader(self, header, *values): - """""" + """ """ if not any(isinstance(v, str) and v == SKIP_HEADER for v in values): _HTTPConnection.putheader(self, header, *values) elif six.ensure_str(header.lower()) not in SKIPPABLE_HEADERS: diff -Nru python-urllib3-1.26.4/src/urllib3/contrib/pyopenssl.py python-urllib3-1.26.5/src/urllib3/contrib/pyopenssl.py --- python-urllib3-1.26.4/src/urllib3/contrib/pyopenssl.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/contrib/pyopenssl.py 2021-05-26 19:01:29.000000000 +0200 @@ -76,6 +76,7 @@ from .. import util from ..packages import six +from ..util.ssl_ import PROTOCOL_TLS_CLIENT __all__ = ["inject_into_urllib3", "extract_from_urllib3"] @@ -85,6 +86,7 @@ # Map from urllib3 to PyOpenSSL compatible parameter-values. _openssl_versions = { util.PROTOCOL_TLS: OpenSSL.SSL.SSLv23_METHOD, + PROTOCOL_TLS_CLIENT: OpenSSL.SSL.SSLv23_METHOD, ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, } diff -Nru python-urllib3-1.26.4/src/urllib3/contrib/securetransport.py python-urllib3-1.26.5/src/urllib3/contrib/securetransport.py --- python-urllib3-1.26.4/src/urllib3/contrib/securetransport.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/contrib/securetransport.py 2021-05-26 19:01:29.000000000 +0200 @@ -67,6 +67,7 @@ import six from .. import util +from ..util.ssl_ import PROTOCOL_TLS_CLIENT from ._securetransport.bindings import CoreFoundation, Security, SecurityConst from ._securetransport.low_level import ( _assert_no_error, @@ -154,7 +155,8 @@ # TLSv1 and a high of TLSv1.2. For everything else, we pin to that version. # TLSv1 to 1.2 are supported on macOS 10.8+ _protocol_to_min_max = { - util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12) + util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12), + PROTOCOL_TLS_CLIENT: (SecurityConst.kTLSProtocol1, SecurityConst.kTLSProtocol12), } if hasattr(ssl, "PROTOCOL_SSLv2"): diff -Nru python-urllib3-1.26.4/src/urllib3/packages/six.py python-urllib3-1.26.5/src/urllib3/packages/six.py --- python-urllib3-1.26.4/src/urllib3/packages/six.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/packages/six.py 2021-05-26 19:01:29.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (c) 2010-2019 Benjamin Peterson +# Copyright (c) 2010-2020 Benjamin Peterson # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ import types __author__ = "Benjamin Peterson <benjamin@python.org>" -__version__ = "1.12.0" +__version__ = "1.16.0" # Useful for very coarse version differentiation. @@ -71,6 +71,11 @@ MAXSIZE = int((1 << 63) - 1) del X +if PY34: + from importlib.util import spec_from_loader +else: + spec_from_loader = None + def _add_doc(func, doc): """Add documentation to a function.""" @@ -182,6 +187,11 @@ return self return None + def find_spec(self, fullname, path, target=None): + if fullname in self.known_modules: + return spec_from_loader(fullname, self) + return None + def __get_module(self, fullname): try: return self.known_modules[fullname] @@ -220,6 +230,12 @@ get_source = get_code # same as get_code + def create_module(self, spec): + return self.load_module(spec.name) + + def exec_module(self, module): + pass + _importer = _SixMetaPathImporter(__name__) @@ -260,9 +276,19 @@ ), MovedModule("builtins", "__builtin__"), MovedModule("configparser", "ConfigParser"), + MovedModule( + "collections_abc", + "collections", + "collections.abc" if sys.version_info >= (3, 3) else "collections", + ), MovedModule("copyreg", "copy_reg"), MovedModule("dbm_gnu", "gdbm", "dbm.gnu"), - MovedModule("_dummy_thread", "dummy_thread", "_dummy_thread"), + MovedModule("dbm_ndbm", "dbm", "dbm.ndbm"), + MovedModule( + "_dummy_thread", + "dummy_thread", + "_dummy_thread" if sys.version_info < (3, 9) else "_thread", + ), MovedModule("http_cookiejar", "cookielib", "http.cookiejar"), MovedModule("http_cookies", "Cookie", "http.cookies"), MovedModule("html_entities", "htmlentitydefs", "html.entities"), @@ -307,7 +333,9 @@ ] # Add windows specific modules. if sys.platform == "win32": - _moved_attributes += [MovedModule("winreg", "_winreg")] + _moved_attributes += [ + MovedModule("winreg", "_winreg"), + ] for attr in _moved_attributes: setattr(_MovedItems, attr.name, attr) @@ -476,7 +504,7 @@ _urllib_robotparser_moved_attributes = [ - MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser") + MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser"), ] for attr in _urllib_robotparser_moved_attributes: setattr(Module_six_moves_urllib_robotparser, attr.name, attr) @@ -678,9 +706,11 @@ if sys.version_info[1] <= 1: _assertRaisesRegex = "assertRaisesRegexp" _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" else: _assertRaisesRegex = "assertRaisesRegex" _assertRegex = "assertRegex" + _assertNotRegex = "assertNotRegex" else: def b(s): @@ -707,6 +737,7 @@ _assertCountEqual = "assertItemsEqual" _assertRaisesRegex = "assertRaisesRegexp" _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" _add_doc(b, """Byte literal""") _add_doc(u, """Text literal""") @@ -723,6 +754,10 @@ return getattr(self, _assertRegex)(*args, **kwargs) +def assertNotRegex(self, *args, **kwargs): + return getattr(self, _assertNotRegex)(*args, **kwargs) + + if PY3: exec_ = getattr(moves.builtins, "exec") @@ -762,18 +797,7 @@ ) -if sys.version_info[:2] == (3, 2): - exec_( - """def raise_from(value, from_value): - try: - if from_value is None: - raise value - raise value from from_value - finally: - value = None -""" - ) -elif sys.version_info[:2] > (3, 2): +if sys.version_info[:2] > (3,): exec_( """def raise_from(value, from_value): try: @@ -863,19 +887,41 @@ _add_doc(reraise, """Reraise an exception.""") if sys.version_info[0:2] < (3, 4): + # This does exactly the same what the :func:`py3:functools.update_wrapper` + # function does on Python versions after 3.2. It sets the ``__wrapped__`` + # attribute on ``wrapper`` object and it doesn't raise an error if any of + # the attributes mentioned in ``assigned`` and ``updated`` are missing on + # ``wrapped`` object. + def _update_wrapper( + wrapper, + wrapped, + assigned=functools.WRAPPER_ASSIGNMENTS, + updated=functools.WRAPPER_UPDATES, + ): + for attr in assigned: + try: + value = getattr(wrapped, attr) + except AttributeError: + continue + else: + setattr(wrapper, attr, value) + for attr in updated: + getattr(wrapper, attr).update(getattr(wrapped, attr, {})) + wrapper.__wrapped__ = wrapped + return wrapper + + _update_wrapper.__doc__ = functools.update_wrapper.__doc__ def wraps( wrapped, assigned=functools.WRAPPER_ASSIGNMENTS, updated=functools.WRAPPER_UPDATES, ): - def wrapper(f): - f = functools.wraps(wrapped, assigned, updated)(f) - f.__wrapped__ = wrapped - return f - - return wrapper + return functools.partial( + _update_wrapper, wrapped=wrapped, assigned=assigned, updated=updated + ) + wraps.__doc__ = functools.wraps.__doc__ else: wraps = functools.wraps @@ -888,7 +934,15 @@ # the actual metaclass. class metaclass(type): def __new__(cls, name, this_bases, d): - return meta(name, bases, d) + if sys.version_info[:2] >= (3, 7): + # This version introduced PEP 560 that requires a bit + # of extra care (we mimic what is done by __build_class__). + resolved_bases = types.resolve_bases(bases) + if resolved_bases is not bases: + d["__orig_bases__"] = bases + else: + resolved_bases = bases + return meta(name, resolved_bases, d) @classmethod def __prepare__(cls, name, this_bases): @@ -928,12 +982,11 @@ - `str` -> encoded to `bytes` - `bytes` -> `bytes` """ + if isinstance(s, binary_type): + return s if isinstance(s, text_type): return s.encode(encoding, errors) - elif isinstance(s, binary_type): - return s - else: - raise TypeError("not expecting type '%s'" % type(s)) + raise TypeError("not expecting type '%s'" % type(s)) def ensure_str(s, encoding="utf-8", errors="strict"): @@ -947,12 +1000,15 @@ - `str` -> `str` - `bytes` -> decoded to `str` """ - if not isinstance(s, (text_type, binary_type)): - raise TypeError("not expecting type '%s'" % type(s)) + # Optimization: Fast return for the common case. + if type(s) is str: + return s if PY2 and isinstance(s, text_type): - s = s.encode(encoding, errors) + return s.encode(encoding, errors) elif PY3 and isinstance(s, binary_type): - s = s.decode(encoding, errors) + return s.decode(encoding, errors) + elif not isinstance(s, (text_type, binary_type)): + raise TypeError("not expecting type '%s'" % type(s)) return s @@ -977,7 +1033,7 @@ def python_2_unicode_compatible(klass): """ - A decorator that defines __unicode__ and __str__ methods under Python 2. + A class decorator that defines __unicode__ and __str__ methods under Python 2. Under Python 3 it does nothing. To support Python 2 and 3 with a single code base, define a __str__ method diff -Nru python-urllib3-1.26.4/src/urllib3/packages/ssl_match_hostname/__init__.py python-urllib3-1.26.5/src/urllib3/packages/ssl_match_hostname/__init__.py --- python-urllib3-1.26.4/src/urllib3/packages/ssl_match_hostname/__init__.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/packages/ssl_match_hostname/__init__.py 2021-05-26 19:01:29.000000000 +0200 @@ -1,9 +1,11 @@ import sys try: - # Our match_hostname function is the same as 3.5's, so we only want to + # Our match_hostname function is the same as 3.10's, so we only want to # import the match_hostname function if it's at least that good. - if sys.version_info < (3, 5): + # We also fallback on Python 3.10+ because our code doesn't emit + # deprecation warnings and is the same as Python 3.10 otherwise. + if sys.version_info < (3, 5) or sys.version_info >= (3, 10): raise ImportError("Fallback to vendored code") from ssl import CertificateError, match_hostname diff -Nru python-urllib3-1.26.4/src/urllib3/util/connection.py python-urllib3-1.26.5/src/urllib3/util/connection.py --- python-urllib3-1.26.4/src/urllib3/util/connection.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/connection.py 2021-05-26 19:01:29.000000000 +0200 @@ -118,7 +118,7 @@ def _has_ipv6(host): - """ Returns True if the system can bind an IPv6 address. """ + """Returns True if the system can bind an IPv6 address.""" sock = None has_ipv6 = False diff -Nru python-urllib3-1.26.4/src/urllib3/util/retry.py python-urllib3-1.26.5/src/urllib3/util/retry.py --- python-urllib3-1.26.4/src/urllib3/util/retry.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/retry.py 2021-05-26 19:01:29.000000000 +0200 @@ -321,7 +321,7 @@ @classmethod def from_int(cls, retries, redirect=True, default=None): - """ Backwards-compatibility for the old retries format.""" + """Backwards-compatibility for the old retries format.""" if retries is None: retries = default if default is not None else cls.DEFAULT @@ -374,7 +374,7 @@ return seconds def get_retry_after(self, response): - """ Get the value of Retry-After in seconds. """ + """Get the value of Retry-After in seconds.""" retry_after = response.getheader("Retry-After") @@ -468,7 +468,7 @@ ) def is_exhausted(self): - """ Are we out of retries? """ + """Are we out of retries?""" retry_counts = ( self.total, self.connect, diff -Nru python-urllib3-1.26.4/src/urllib3/util/ssl_.py python-urllib3-1.26.5/src/urllib3/util/ssl_.py --- python-urllib3-1.26.4/src/urllib3/util/ssl_.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/ssl_.py 2021-05-26 19:01:29.000000000 +0200 @@ -71,6 +71,11 @@ except ImportError: PROTOCOL_SSLv23 = PROTOCOL_TLS = 2 +try: + from ssl import PROTOCOL_TLS_CLIENT +except ImportError: + PROTOCOL_TLS_CLIENT = PROTOCOL_TLS + try: from ssl import OP_NO_COMPRESSION, OP_NO_SSLv2, OP_NO_SSLv3 @@ -278,7 +283,11 @@ Constructed SSLContext object with specified options :rtype: SSLContext """ - context = SSLContext(ssl_version or PROTOCOL_TLS) + # PROTOCOL_TLS is deprecated in Python 3.10 + if not ssl_version or ssl_version == PROTOCOL_TLS: + ssl_version = PROTOCOL_TLS_CLIENT + + context = SSLContext(ssl_version) context.set_ciphers(ciphers or DEFAULT_CIPHERS) @@ -313,13 +322,25 @@ ) is not None: context.post_handshake_auth = True - context.verify_mode = cert_reqs - if ( - getattr(context, "check_hostname", None) is not None - ): # Platform-specific: Python 3.2 - # We do our own verification, including fingerprints and alternative - # hostnames. So disable it here - context.check_hostname = False + def disable_check_hostname(): + if ( + getattr(context, "check_hostname", None) is not None + ): # Platform-specific: Python 3.2 + # We do our own verification, including fingerprints and alternative + # hostnames. So disable it here + context.check_hostname = False + + # The order of the below lines setting verify_mode and check_hostname + # matter due to safe-guards SSLContext has to prevent an SSLContext with + # check_hostname=True, verify_mode=NONE/OPTIONAL. This is made even more + # complex because we don't know whether PROTOCOL_TLS_CLIENT will be used + # or not so we don't know the initial state of the freshly created SSLContext. + if cert_reqs == ssl.CERT_REQUIRED: + context.verify_mode = cert_reqs + disable_check_hostname() + else: + disable_check_hostname() + context.verify_mode = cert_reqs # Enable logging of TLS session keys via defacto standard environment variable # 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values. diff -Nru python-urllib3-1.26.4/src/urllib3/util/ssltransport.py python-urllib3-1.26.5/src/urllib3/util/ssltransport.py --- python-urllib3-1.26.4/src/urllib3/util/ssltransport.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/ssltransport.py 2021-05-26 19:01:29.000000000 +0200 @@ -193,7 +193,7 @@ raise def _ssl_io_loop(self, func, *args): - """ Performs an I/O loop between incoming/outgoing and the socket.""" + """Performs an I/O loop between incoming/outgoing and the socket.""" should_loop = True ret = None diff -Nru python-urllib3-1.26.4/src/urllib3/util/url.py python-urllib3-1.26.5/src/urllib3/util/url.py --- python-urllib3-1.26.4/src/urllib3/util/url.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/util/url.py 2021-05-26 19:01:29.000000000 +0200 @@ -63,12 +63,12 @@ BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$") ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$") -SUBAUTHORITY_PAT = (u"^(?:(.*)@)?(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( +_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( REG_NAME_PAT, IPV4_PAT, IPV6_ADDRZ_PAT, ) -SUBAUTHORITY_RE = re.compile(SUBAUTHORITY_PAT, re.UNICODE | re.DOTALL) +_HOST_PORT_RE = re.compile(_HOST_PORT_PAT, re.UNICODE | re.DOTALL) UNRESERVED_CHARS = set( "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-~" @@ -365,7 +365,9 @@ scheme = scheme.lower() if authority: - auth, host, port = SUBAUTHORITY_RE.match(authority).groups() + auth, _, host_port = authority.rpartition("@") + auth = auth or None + host, port = _HOST_PORT_RE.match(host_port).groups() if auth and normalize_uri: auth = _encode_invalid_chars(auth, USERINFO_CHARS) if port == "": diff -Nru python-urllib3-1.26.4/src/urllib3/_version.py python-urllib3-1.26.5/src/urllib3/_version.py --- python-urllib3-1.26.4/src/urllib3/_version.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3/_version.py 2021-05-26 19:01:29.000000000 +0200 @@ -1,2 +1,2 @@ # This file is protected via CODEOWNERS -__version__ = "1.26.4" +__version__ = "1.26.5" diff -Nru python-urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO python-urllib3-1.26.5/src/urllib3.egg-info/PKG-INFO --- python-urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO 2021-03-15 16:03:54.000000000 +0100 +++ python-urllib3-1.26.5/src/urllib3.egg-info/PKG-INFO 2021-05-26 19:02:03.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: urllib3 -Version: 1.26.4 +Version: 1.26.5 Summary: HTTP library with thread-safe connection pooling, file post, and more. Home-page: https://urllib3.readthedocs.io/ Author: Andrey Petrov @@ -9,1328 +9,6 @@ Project-URL: Documentation, https://urllib3.readthedocs.io/ Project-URL: Code, https://github.com/urllib3/urllib3 Project-URL: Issue tracker, https://github.com/urllib3/urllib3/issues -Description: - urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the - Python ecosystem already uses urllib3 and you should too. - urllib3 brings many critical features that are missing from the Python - standard libraries: - - - Thread safety. - - Connection pooling. - - Client-side SSL/TLS verification. - - File uploads with multipart encoding. - - Helpers for retrying requests and dealing with HTTP redirects. - - Support for gzip, deflate, and brotli encoding. - - Proxy support for HTTP and SOCKS. - - 100% test coverage. - - urllib3 is powerful and easy to use: - - .. code-block:: python - - >>> import urllib3 - >>> http = urllib3.PoolManager() - >>> r = http.request('GET', 'http://httpbin.org/robots.txt') - >>> r.status - 200 - >>> r.data - 'User-agent: *\nDisallow: /deny\n' - - - Installing - ---------- - - urllib3 can be installed with `pip <https://pip.pypa.io>`_:: - - $ python -m pip install urllib3 - - Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: - - $ git clone git://github.com/urllib3/urllib3.git - $ python setup.py install - - - Documentation - ------------- - - urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. - - - Contributing - ------------ - - urllib3 happily accepts contributions. Please see our - `contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ - for some tips on getting started. - - - Security Disclosures - -------------------- - - To report a security vulnerability, please use the - `Tidelift security contact <https://tidelift.com/security>`_. - Tidelift will coordinate the fix and disclosure with maintainers. - - - Maintainers - ----------- - - - `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) - - `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) - - `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) - - `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) - - `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) - - `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) - - `@shazow <https://github.com/shazow>`__ (Andrey Petrov) - - 👋 - - - Sponsorship - ----------- - - If your company benefits from this library, please consider `sponsoring its - development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. - - - For Enterprise - -------------- - - .. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png - :width: 75 - :alt: Tidelift - - .. list-table:: - :widths: 10 100 - - * - |tideliftlogo| - - Professional support for urllib3 is available as part of the `Tidelift - Subscription`_. Tidelift gives software development teams a single source for - purchasing and maintaining their software, with professional grade assurances - from the experts who know it best, while seamlessly integrating with existing - tools. - - .. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme - - - Changes - ======= - - 1.26.4 (2021-03-15) - ------------------- - - * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy - during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. - - - 1.26.3 (2021-01-26) - ------------------- - - * Fixed bytes and string comparison issue with headers (Pull #2141) - - * Changed ``ProxySchemeUnknown`` error message to be - more actionable if the user supplies a proxy URL without - a scheme. (Pull #2107) - - - 1.26.2 (2020-11-12) - ------------------- - - * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't - be imported properly on Python 2.7.8 and earlier (Pull #2052) - - - 1.26.1 (2020-11-11) - ------------------- - - * Fixed an issue where two ``User-Agent`` headers would be sent if a - ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) - - - 1.26.0 (2020-11-10) - ------------------- - - * **NOTE: urllib3 v2.0 will drop support for Python 2**. - `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. - - * Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) - - * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that - still wish to use TLS earlier than 1.2 without a deprecation warning - should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) - **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** - - * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` - and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, - ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` - (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** - - * Added default ``User-Agent`` header to every request (Pull #1750) - - * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, - and ``Host`` headers from being automatically emitted with requests (Pull #2018) - - * Collapse ``transfer-encoding: chunked`` request data and framing into - the same ``socket.send()`` call (Pull #1906) - - * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) - - * Properly terminate SecureTransport connections when CA verification fails (Pull #1977) - - * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` - to SecureTransport (Pull #1903) - - * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) - - * Suppress ``BrokenPipeError`` when writing request body after the server - has closed the socket (Pull #1524) - - * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") - into an ``urllib3.exceptions.SSLError`` (Pull #1939) - - - 1.25.11 (2020-10-19) - -------------------- - - * Fix retry backoff time parsed from ``Retry-After`` header when given - in the HTTP date format. The HTTP date was parsed as the local timezone - rather than accounting for the timezone in the HTTP date (typically - UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) - - * Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` - environment variable was set to the empty string. Now ``SSLContext.keylog_file`` - is not set in this situation (Pull #2016) - - - 1.25.10 (2020-07-22) - -------------------- - - * Added support for ``SSLKEYLOGFILE`` environment variable for - logging TLS session keys with use with programs like - Wireshark for decrypting captured web traffic (Pull #1867) - - * Fixed loading of SecureTransport libraries on macOS Big Sur - due to the new dynamic linker cache (Pull #1905) - - * Collapse chunked request bodies data and framing into one - call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) - - * Don't insert ``None`` into ``ConnectionPool`` if the pool - was empty when requesting a connection (Pull #1866) - - * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) - - - 1.25.9 (2020-04-16) - ------------------- - - * Added ``InvalidProxyConfigurationWarning`` which is raised when - erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently - support connecting to HTTPS proxies but will soon be able to - and we would like users to migrate properly without much breakage. - - See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ - for more information on how to fix your proxy config. (Pull #1851) - - * Drain connection after ``PoolManager`` redirect (Pull #1817) - - * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) - - * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) - - * Allow the CA certificate data to be passed as a string (Pull #1804) - - * Raise ``ValueError`` if method contains control characters (Pull #1800) - - * Add ``__repr__`` to ``Timeout`` (Pull #1795) - - - 1.25.8 (2020-01-20) - ------------------- - - * Drop support for EOL Python 3.4 (Pull #1774) - - * Optimize _encode_invalid_chars (Pull #1787) - - - 1.25.7 (2019-11-11) - ------------------- - - * Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) - - * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) - - * Fix issue where URL fragment was sent within the request target. (Pull #1732) - - * Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) - - * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) - - - 1.25.6 (2019-09-24) - ------------------- - - * Fix issue where tilde (``~``) characters were incorrectly - percent-encoded in the path. (Pull #1692) - - - 1.25.5 (2019-09-19) - ------------------- - - * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which - caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. - (Issue #1682) - - - 1.25.4 (2019-09-19) - ------------------- - - * Propagate Retry-After header settings to subsequent retries. (Pull #1607) - - * Fix edge case where Retry-After header was still respected even when - explicitly opted out of. (Pull #1607) - - * Remove dependency on ``rfc3986`` for URL parsing. - - * Fix issue where URLs containing invalid characters within ``Url.auth`` would - raise an exception instead of percent-encoding those characters. - - * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses - work well with BufferedReaders and other ``io`` module features. (Pull #1652) - - * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) - - - 1.25.3 (2019-05-23) - ------------------- - - * Change ``HTTPSConnection`` to load system CA certificates - when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are - unspecified. (Pull #1608, Issue #1603) - - * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) - - - 1.25.2 (2019-04-28) - ------------------- - - * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) - - * Change ``parse_url`` to percent-encode invalid characters within the - path, query, and target components. (Pull #1586) - - - 1.25.1 (2019-04-24) - ------------------- - - * Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) - - * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) - - - 1.25 (2019-04-22) - ----------------- - - * Require and validate certificates by default when using HTTPS (Pull #1507) - - * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) - - * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use - encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) - - * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` - implementations. (Pull #1496) - - * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) - - * Fixed issue where OpenSSL would block if an encrypted client private key was - given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) - - * Added support for Brotli content encoding. It is enabled automatically if - ``brotlipy`` package is installed which can be requested with - ``urllib3[brotli]`` extra. (Pull #1532) - - * Drop ciphers using DSS key exchange from default TLS cipher suites. - Improve default ciphers when using SecureTransport. (Pull #1496) - - * Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) - - 1.24.3 (2019-05-01) - ------------------- - - * Apply fix for CVE-2019-9740. (Pull #1591) - - 1.24.2 (2019-04-17) - ------------------- - - * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or - ``ssl_context`` parameters are specified. - - * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) - - * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) - - - 1.24.1 (2018-11-02) - ------------------- - - * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) - - * Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) - - - 1.24 (2018-10-16) - ----------------- - - * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) - - * Test against Python 3.7 on AppVeyor. (Pull #1453) - - * Early-out ipv6 checks when running on App Engine. (Pull #1450) - - * Change ambiguous description of backoff_factor (Pull #1436) - - * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) - - * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). - - * Add a server_hostname parameter to HTTPSConnection which allows for - overriding the SNI hostname sent in the handshake. (Pull #1397) - - * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) - - * Fixed bug where responses with header Content-Type: message/* erroneously - raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) - - * Move urllib3 to src/urllib3 (Pull #1409) - - - 1.23 (2018-06-04) - ----------------- - - * Allow providing a list of headers to strip from requests when redirecting - to a different host. Defaults to the ``Authorization`` header. Different - headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) - - * Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). - - * Dropped Python 3.3 support. (Pull #1242) - - * Put the connection back in the pool when calling stream() or read_chunked() on - a chunked HEAD response. (Issue #1234) - - * Fixed pyOpenSSL-specific ssl client authentication issue when clients - attempted to auth via certificate + chain (Issue #1060) - - * Add the port to the connectionpool connect print (Pull #1251) - - * Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) - - * ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) - - * Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) - - * Added support for auth info in url for SOCKS proxy (Pull #1363) - - - 1.22 (2017-07-20) - ----------------- - - * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via - IPv6 proxy. (Issue #1222) - - * Made the connection pool retry on ``SSLError``. The original ``SSLError`` - is available on ``MaxRetryError.reason``. (Issue #1112) - - * Drain and release connection before recursing on retry/redirect. Fixes - deadlocks with a blocking connectionpool. (Issue #1167) - - * Fixed compatibility for cookiejar. (Issue #1229) - - * pyopenssl: Use vendored version of ``six``. (Issue #1231) - - - 1.21.1 (2017-05-02) - ------------------- - - * Fixed SecureTransport issue that would cause long delays in response body - delivery. (Pull #1154) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``socket_options`` flag to the ``PoolManager``. (Issue #1165) - - * Fixed regression in 1.21 that threw exceptions when users passed the - ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. - (Pull #1157) - - - 1.21 (2017-04-25) - ----------------- - - * Improved performance of certain selector system calls on Python 3.5 and - later. (Pull #1095) - - * Resolved issue where the PyOpenSSL backend would not wrap SysCallError - exceptions appropriately when sending data. (Pull #1125) - - * Selectors now detects a monkey-patched select module after import for modules - that patch the select module like eventlet, greenlet. (Pull #1128) - - * Reduced memory consumption when streaming zlib-compressed responses - (as opposed to raw deflate streams). (Pull #1129) - - * Connection pools now use the entire request context when constructing the - pool key. (Pull #1016) - - * ``PoolManager.connection_from_*`` methods now accept a new keyword argument, - ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. - (Pull #1016) - - * Add retry counter for ``status_forcelist``. (Issue #1147) - - * Added ``contrib`` module for using SecureTransport on macOS: - ``urllib3.contrib.securetransport``. (Pull #1122) - - * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: - for schemes it does not recognise, it assumes they are case-sensitive and - leaves them unchanged. - (Issue #1080) - - - 1.20 (2017-01-19) - ----------------- - - * Added support for waiting for I/O using selectors other than select, - improving urllib3's behaviour with large numbers of concurrent connections. - (Pull #1001) - - * Updated the date for the system clock check. (Issue #1005) - - * ConnectionPools now correctly consider hostnames to be case-insensitive. - (Issue #1032) - - * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Pull #1063) - - * Outdated versions of cryptography now cause the PyOpenSSL contrib module - to fail when it is injected, rather than at first use. (Issue #1044) - - * Automatically attempt to rewind a file-like body object when a request is - retried or redirected. (Pull #1039) - - * Fix some bugs that occur when modules incautiously patch the queue module. - (Pull #1061) - - * Prevent retries from occurring on read timeouts for which the request method - was not in the method whitelist. (Issue #1059) - - * Changed the PyOpenSSL contrib module to lazily load idna to avoid - unnecessarily bloating the memory of programs that don't need it. (Pull - #1076) - - * Add support for IPv6 literals with zone identifiers. (Pull #1013) - - * Added support for socks5h:// and socks4a:// schemes when working with SOCKS - proxies, and controlled remote DNS appropriately. (Issue #1035) - - - 1.19.1 (2016-11-16) - ------------------- - - * Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) - - - 1.19 (2016-11-03) - ----------------- - - * urllib3 now respects Retry-After headers on 413, 429, and 503 responses when - using the default retry logic. (Pull #955) - - * Remove markers from setup.py to assist ancient setuptools versions. (Issue - #986) - - * Disallow superscripts and other integerish things in URL ports. (Issue #989) - - * Allow urllib3's HTTPResponse.stream() method to continue to work with - non-httplib underlying FPs. (Pull #990) - - * Empty filenames in multipart headers are now emitted as such, rather than - being suppressed. (Issue #1015) - - * Prefer user-supplied Host headers on chunked uploads. (Issue #1009) - - - 1.18.1 (2016-10-27) - ------------------- - - * CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with - PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This - release fixes a vulnerability whereby urllib3 in the above configuration - would silently fail to validate TLS certificates due to erroneously setting - invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous - flags do not cause a problem in OpenSSL versions before 1.1.0, which - interprets the presence of any flag as requesting certificate validation. - - There is no PR for this patch, as it was prepared for simultaneous disclosure - and release. The master branch received the same fix in Pull #1010. - - - 1.18 (2016-09-26) - ----------------- - - * Fixed incorrect message for IncompleteRead exception. (Pull #973) - - * Accept ``iPAddress`` subject alternative name fields in TLS certificates. - (Issue #258) - - * Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. - (Issue #977) - - * Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) - - - 1.17 (2016-09-06) - ----------------- - - * Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) - - * ConnectionPool debug log now includes scheme, host, and port. (Issue #897) - - * Substantially refactored documentation. (Issue #887) - - * Used URLFetch default timeout on AppEngine, rather than hardcoding our own. - (Issue #858) - - * Normalize the scheme and host in the URL parser (Issue #833) - - * ``HTTPResponse`` contains the last ``Retry`` object, which now also - contains retries history. (Issue #848) - - * Timeout can no longer be set as boolean, and must be greater than zero. - (Pull #924) - - * Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We - now use cryptography and idna, both of which are already dependencies of - PyOpenSSL. (Pull #930) - - * Fixed infinite loop in ``stream`` when amt=None. (Issue #928) - - * Try to use the operating system's certificates when we are using an - ``SSLContext``. (Pull #941) - - * Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to - ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) - - * Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) - - * Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) - - * Implemented ``length_remaining`` to determine remaining content - to be read. (Pull #949) - - * Implemented ``enforce_content_length`` to enable exceptions when - incomplete data chunks are received. (Pull #949) - - * Dropped connection start, dropped connection reset, redirect, forced retry, - and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) - - - 1.16 (2016-06-11) - ----------------- - - * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) - - * Provide ``key_fn_by_scheme`` pool keying mechanism that can be - overridden. (Issue #830) - - * Normalize scheme and host to lowercase for pool keys, and include - ``source_address``. (Issue #830) - - * Cleaner exception chain in Python 3 for ``_make_request``. - (Issue #861) - - * Fixed installing ``urllib3[socks]`` extra. (Issue #864) - - * Fixed signature of ``ConnectionPool.close`` so it can actually safely be - called by subclasses. (Issue #873) - - * Retain ``release_conn`` state across retries. (Issues #651, #866) - - * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to - ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) - - - 1.15.1 (2016-04-11) - ------------------- - - * Fix packaging to include backports module. (Issue #841) - - - 1.15 (2016-04-06) - ----------------- - - * Added Retry(raise_on_status=False). (Issue #720) - - * Always use setuptools, no more distutils fallback. (Issue #785) - - * Dropped support for Python 3.2. (Issue #786) - - * Chunked transfer encoding when requesting with ``chunked=True``. - (Issue #790) - - * Fixed regression with IPv6 port parsing. (Issue #801) - - * Append SNIMissingWarning messages to allow users to specify it in - the PYTHONWARNINGS environment variable. (Issue #816) - - * Handle unicode headers in Py2. (Issue #818) - - * Log certificate when there is a hostname mismatch. (Issue #820) - - * Preserve order of request/response headers. (Issue #821) - - - 1.14 (2015-12-29) - ----------------- - - * contrib: SOCKS proxy support! (Issue #762) - - * Fixed AppEngine handling of transfer-encoding header and bug - in Timeout defaults checking. (Issue #763) - - - 1.13.1 (2015-12-18) - ------------------- - - * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) - - - 1.13 (2015-12-14) - ----------------- - - * Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) - - * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) - - * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) - - * Close connections more defensively on exception. (Issue #734) - - * Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without - repeatedly flushing the decoder, to function better on Jython. (Issue #743) - - * Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) - - - 1.12 (2015-09-03) - ----------------- - - * Rely on ``six`` for importing ``httplib`` to work around - conflicts with other Python 3 shims. (Issue #688) - - * Add support for directories of certificate authorities, as supported by - OpenSSL. (Issue #701) - - * New exception: ``NewConnectionError``, raised when we fail to establish - a new connection, usually ``ECONNREFUSED`` socket error. - - - 1.11 (2015-07-21) - ----------------- - - * When ``ca_certs`` is given, ``cert_reqs`` defaults to - ``'CERT_REQUIRED'``. (Issue #650) - - * ``pip install urllib3[secure]`` will install Certifi and - PyOpenSSL as dependencies. (Issue #678) - - * Made ``HTTPHeaderDict`` usable as a ``headers`` input value - (Issues #632, #679) - - * Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ - which has an ``AppEngineManager`` for using ``URLFetch`` in a - Google AppEngine environment. (Issue #664) - - * Dev: Added test suite for AppEngine. (Issue #631) - - * Fix performance regression when using PyOpenSSL. (Issue #626) - - * Passing incorrect scheme (e.g. ``foo://``) will raise - ``ValueError`` instead of ``AssertionError`` (backwards - compatible for now, but please migrate). (Issue #640) - - * Fix pools not getting replenished when an error occurs during a - request using ``release_conn=False``. (Issue #644) - - * Fix pool-default headers not applying for url-encoded requests - like GET. (Issue #657) - - * log.warning in Python 3 when headers are skipped due to parsing - errors. (Issue #642) - - * Close and discard connections if an error occurs during read. - (Issue #660) - - * Fix host parsing for IPv6 proxies. (Issue #668) - - * Separate warning type SubjectAltNameWarning, now issued once - per host. (Issue #671) - - * Fix ``httplib.IncompleteRead`` not getting converted to - ``ProtocolError`` when using ``HTTPResponse.stream()`` - (Issue #674) - - 1.10.4 (2015-05-03) - ------------------- - - * Migrate tests to Tornado 4. (Issue #594) - - * Append default warning configuration rather than overwrite. - (Issue #603) - - * Fix streaming decoding regression. (Issue #595) - - * Fix chunked requests losing state across keep-alive connections. - (Issue #599) - - * Fix hanging when chunked HEAD response has no body. (Issue #605) - - - 1.10.3 (2015-04-21) - ------------------- - - * Emit ``InsecurePlatformWarning`` when SSLContext object is missing. - (Issue #558) - - * Fix regression of duplicate header keys being discarded. - (Issue #563) - - * ``Response.stream()`` returns a generator for chunked responses. - (Issue #560) - - * Set upper-bound timeout when waiting for a socket in PyOpenSSL. - (Issue #585) - - * Work on platforms without `ssl` module for plain HTTP requests. - (Issue #587) - - * Stop relying on the stdlib's default cipher list. (Issue #588) - - - 1.10.2 (2015-02-25) - ------------------- - - * Fix file descriptor leakage on retries. (Issue #548) - - * Removed RC4 from default cipher list. (Issue #551) - - * Header performance improvements. (Issue #544) - - * Fix PoolManager not obeying redirect retry settings. (Issue #553) - - - 1.10.1 (2015-02-10) - ------------------- - - * Pools can be used as context managers. (Issue #545) - - * Don't re-use connections which experienced an SSLError. (Issue #529) - - * Don't fail when gzip decoding an empty stream. (Issue #535) - - * Add sha256 support for fingerprint verification. (Issue #540) - - * Fixed handling of header values containing commas. (Issue #533) - - - 1.10 (2014-12-14) - ----------------- - - * Disabled SSLv3. (Issue #473) - - * Add ``Url.url`` property to return the composed url string. (Issue #394) - - * Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) - - * ``MaxRetryError.reason`` will always be an exception, not string. - (Issue #481) - - * Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) - - * Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) - - * Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. - (Issue #496) - - * Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. - (Issue #499) - - * Close and discard sockets which experienced SSL-related errors. - (Issue #501) - - * Handle ``body`` param in ``.request(...)``. (Issue #513) - - * Respect timeout with HTTPS proxy. (Issue #505) - - * PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) - - - 1.9.1 (2014-09-13) - ------------------ - - * Apply socket arguments before binding. (Issue #427) - - * More careful checks if fp-like object is closed. (Issue #435) - - * Fixed packaging issues of some development-related files not - getting included. (Issue #440) - - * Allow performing *only* fingerprint verification. (Issue #444) - - * Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) - - * Fixed PyOpenSSL compatibility with PyPy. (Issue #450) - - * Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. - (Issue #443) - - - - 1.9 (2014-07-04) - ---------------- - - * Shuffled around development-related files. If you're maintaining a distro - package of urllib3, you may need to tweak things. (Issue #415) - - * Unverified HTTPS requests will trigger a warning on the first request. See - our new `security documentation - <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. - (Issue #426) - - * New retry logic and ``urllib3.util.retry.Retry`` configuration object. - (Issue #326) - - * All raised exceptions should now wrapped in a - ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) - - * All errors during a retry-enabled request should be wrapped in - ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions - which were previously exempt. Underlying error is accessible from the - ``.reason`` property. (Issue #326) - - * ``urllib3.exceptions.ConnectionError`` renamed to - ``urllib3.exceptions.ProtocolError``. (Issue #326) - - * Errors during response read (such as IncompleteRead) are now wrapped in - ``urllib3.exceptions.ProtocolError``. (Issue #418) - - * Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. - (Issue #417) - - * Catch read timeouts over SSL connections as - ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) - - * Apply socket arguments before connecting. (Issue #427) - - - 1.8.3 (2014-06-23) - ------------------ - - * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) - - * Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) - - * Wrap ``socket.timeout`` exception with - ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) - - * Fixed proxy-related bug where connections were being reused incorrectly. - (Issues #366, #369) - - * Added ``socket_options`` keyword parameter which allows to define - ``setsockopt`` configuration of new sockets. (Issue #397) - - * Removed ``HTTPConnection.tcp_nodelay`` in favor of - ``HTTPConnection.default_socket_options``. (Issue #397) - - * Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) - - - 1.8.2 (2014-04-17) - ------------------ - - * Fix ``urllib3.util`` not being included in the package. - - - 1.8.1 (2014-04-17) - ------------------ - - * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) - - * Don't install ``dummyserver`` into ``site-packages`` as it's only needed - for the test suite. (Issue #362) - - * Added support for specifying ``source_address``. (Issue #352) - - - 1.8 (2014-03-04) - ---------------- - - * Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in - username, and blank ports like 'hostname:'). - - * New ``urllib3.connection`` module which contains all the HTTPConnection - objects. - - * Several ``urllib3.util.Timeout``-related fixes. Also changed constructor - signature to a more sensible order. [Backwards incompatible] - (Issues #252, #262, #263) - - * Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) - - * Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which - returns the number of bytes read so far. (Issue #277) - - * Support for platforms without threading. (Issue #289) - - * Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` - to allow a pool with no specified port to be considered equal to to an - HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) - - * Improved default SSL/TLS settings to avoid vulnerabilities. - (Issue #309) - - * Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. - (Issue #310) - - * Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests - will send the entire HTTP request ~200 milliseconds faster; however, some of - the resulting TCP packets will be smaller. (Issue #254) - - * Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` - from the default 64 to 1024 in a single certificate. (Issue #318) - - * Headers are now passed and stored as a custom - ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. - (Issue #329, #333) - - * Headers no longer lose their case on Python 3. (Issue #236) - - * ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA - certificates on inject. (Issue #332) - - * Requests with ``retries=False`` will immediately raise any exceptions without - wrapping them in ``MaxRetryError``. (Issue #348) - - * Fixed open socket leak with SSL-related failures. (Issue #344, #348) - - - 1.7.1 (2013-09-25) - ------------------ - - * Added granular timeout support with new ``urllib3.util.Timeout`` class. - (Issue #231) - - * Fixed Python 3.4 support. (Issue #238) - - - 1.7 (2013-08-14) - ---------------- - - * More exceptions are now pickle-able, with tests. (Issue #174) - - * Fixed redirecting with relative URLs in Location header. (Issue #178) - - * Support for relative urls in ``Location: ...`` header. (Issue #179) - - * ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus - file-like functionality. (Issue #187) - - * Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will - skip hostname verification for SSL connections. (Issue #194) - - * New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a - generator wrapped around ``.read(...)``. (Issue #198) - - * IPv6 url parsing enforces brackets around the hostname. (Issue #199) - - * Fixed thread race condition in - ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) - - * ``ProxyManager`` requests now include non-default port in ``Host: ...`` - header. (Issue #217) - - * Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) - - * New ``RequestField`` object can be passed to the ``fields=...`` param which - can specify headers. (Issue #220) - - * Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. - (Issue #221) - - * Use international headers when posting file names. (Issue #119) - - * Improved IPv6 support. (Issue #203) - - - 1.6 (2013-04-25) - ---------------- - - * Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) - - * ``ProxyManager`` automatically adds ``Host: ...`` header if not given. - - * Improved SSL-related code. ``cert_req`` now optionally takes a string like - "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" - The string values reflect the suffix of the respective constant variable. - (Issue #130) - - * Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly - closed proxy connections and larger read buffers. (Issue #135) - - * Ensure the connection is closed if no data is received, fixes connection leak - on some platforms. (Issue #133) - - * Added SNI support for SSL/TLS connections on Py32+. (Issue #89) - - * Tests fixed to be compatible with Py26 again. (Issue #125) - - * Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant - to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) - - * Allow an explicit content type to be specified when encoding file fields. - (Issue #126) - - * Exceptions are now pickleable, with tests. (Issue #101) - - * Fixed default headers not getting passed in some cases. (Issue #99) - - * Treat "content-encoding" header value as case-insensitive, per RFC 2616 - Section 3.5. (Issue #110) - - * "Connection Refused" SocketErrors will get retried rather than raised. - (Issue #92) - - * Updated vendored ``six``, no longer overrides the global ``six`` module - namespace. (Issue #113) - - * ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding - the exception that prompted the final retry. If ``reason is None`` then it - was due to a redirect. (Issue #92, #114) - - * Fixed ``PoolManager.urlopen()`` from not redirecting more than once. - (Issue #149) - - * Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters - that are not files. (Issue #111) - - * Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) - - * Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or - against an arbitrary hostname (when connecting by IP or for misconfigured - servers). (Issue #140) - - * Streaming decompression support. (Issue #159) - - - 1.5 (2012-08-02) - ---------------- - - * Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug - logging in urllib3. - - * Native full URL parsing (including auth, path, query, fragment) available in - ``urllib3.util.parse_url(url)``. - - * Built-in redirect will switch method to 'GET' if status code is 303. - (Issue #11) - - * ``urllib3.PoolManager`` strips the scheme and host before sending the request - uri. (Issue #8) - - * New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, - based on the Content-Type header, fails. - - * Fixed bug with pool depletion and leaking connections (Issue #76). Added - explicit connection closing on pool eviction. Added - ``urllib3.PoolManager.clear()``. - - * 99% -> 100% unit test coverage. - - - 1.4 (2012-06-16) - ---------------- - - * Minor AppEngine-related fixes. - - * Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. - - * Improved url parsing. (Issue #73) - - * IPv6 url support. (Issue #72) - - - 1.3 (2012-03-25) - ---------------- - - * Removed pre-1.0 deprecated API. - - * Refactored helpers into a ``urllib3.util`` submodule. - - * Fixed multipart encoding to support list-of-tuples for keys with multiple - values. (Issue #48) - - * Fixed multiple Set-Cookie headers in response not getting merged properly in - Python 3. (Issue #53) - - * AppEngine support with Py27. (Issue #61) - - * Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs - bytes. - - - 1.2.2 (2012-02-06) - ------------------ - - * Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) - - - 1.2.1 (2012-02-05) - ------------------ - - * Fixed another bug related to when ``ssl`` module is not available. (Issue #41) - - * Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` - which inherits from ``ValueError``. - - - 1.2 (2012-01-29) - ---------------- - - * Added Python 3 support (tested on 3.2.2) - - * Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) - - * Use ``select.poll`` instead of ``select.select`` for platforms that support - it. - - * Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive - connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. - - * Fixed ``ImportError`` during install when ``ssl`` module is not available. - (Issue #41) - - * Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not - completing properly. (Issue #28, uncovered by Issue #10 in v1.1) - - * Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + - ``eventlet``. Removed extraneous unsupported dummyserver testing backends. - Added socket-level tests. - - * More tests. Achievement Unlocked: 99% Coverage. - - - 1.1 (2012-01-07) - ---------------- - - * Refactored ``dummyserver`` to its own root namespace module (used for - testing). - - * Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in - Py32's ``ssl_match_hostname``. (Issue #25) - - * Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) - - * Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue - #27) - - * Fixed timeout-related bugs. (Issues #17, #23) - - - 1.0.2 (2011-11-04) - ------------------ - - * Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if - you're using the object manually. (Thanks pyos) - - * Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by - wrapping the access log in a mutex. (Thanks @christer) - - * Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and - ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. - - - 1.0.1 (2011-10-10) - ------------------ - - * Fixed a bug where the same connection would get returned into the pool twice, - causing extraneous "HttpConnectionPool is full" log warnings. - - - 1.0 (2011-10-08) - ---------------- - - * Added ``PoolManager`` with LRU expiration of connections (tested and - documented). - * Added ``ProxyManager`` (needs tests, docs, and confirmation that it works - with HTTPS proxies). - * Added optional partial-read support for responses when - ``preload_content=False``. You can now make requests and just read the headers - without loading the content. - * Made response decoding optional (default on, same as before). - * Added optional explicit boundary string for ``encode_multipart_formdata``. - * Convenience request methods are now inherited from ``RequestMethods``. Old - helpers like ``get_url`` and ``post_url`` should be abandoned in favour of - the new ``request(method, url, ...)``. - * Refactored code to be even more decoupled, reusable, and extendable. - * License header added to ``.py`` files. - * Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code - and docs in ``docs/`` and on https://urllib3.readthedocs.io/. - * Embettered all the things! - * Started writing this file. - - - 0.4.1 (2011-07-17) - ------------------ - - * Minor bug fixes, code cleanup. - - - 0.4 (2011-03-01) - ---------------- - - * Better unicode support. - * Added ``VerifiedHTTPSConnection``. - * Added ``NTLMConnectionPool`` in contrib. - * Minor improvements. - - - 0.3.1 (2010-07-13) - ------------------ - - * Added ``assert_host_name`` optional parameter. Now compatible with proxies. - - - 0.3 (2009-12-10) - ---------------- - - * Added HTTPS support. - * Minor bug fixes. - * Refactored, broken backwards compatibility with 0.2. - * API to be treated as stable from this version forward. - - - 0.2 (2008-11-17) - ---------------- - - * Added unit tests. - * Bug fixes. - - - 0.1 (2008-11-16) - ---------------- - - * First release. - Keywords: urllib httplib threadsafe filepost http https ssl pooling Platform: UNKNOWN Classifier: Environment :: Web Environment @@ -1355,3 +33,1337 @@ Provides-Extra: brotli Provides-Extra: secure Provides-Extra: socks +License-File: LICENSE.txt + + +urllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the +Python ecosystem already uses urllib3 and you should too. +urllib3 brings many critical features that are missing from the Python +standard libraries: + +- Thread safety. +- Connection pooling. +- Client-side SSL/TLS verification. +- File uploads with multipart encoding. +- Helpers for retrying requests and dealing with HTTP redirects. +- Support for gzip, deflate, and brotli encoding. +- Proxy support for HTTP and SOCKS. +- 100% test coverage. + +urllib3 is powerful and easy to use: + +.. code-block:: python + + >>> import urllib3 + >>> http = urllib3.PoolManager() + >>> r = http.request('GET', 'http://httpbin.org/robots.txt') + >>> r.status + 200 + >>> r.data + 'User-agent: *\nDisallow: /deny\n' + + +Installing +---------- + +urllib3 can be installed with `pip <https://pip.pypa.io>`_:: + + $ python -m pip install urllib3 + +Alternatively, you can grab the latest source code from `GitHub <https://github.com/urllib3/urllib3>`_:: + + $ git clone git://github.com/urllib3/urllib3.git + $ python setup.py install + + +Documentation +------------- + +urllib3 has usage and reference documentation at `urllib3.readthedocs.io <https://urllib3.readthedocs.io>`_. + + +Contributing +------------ + +urllib3 happily accepts contributions. Please see our +`contributing documentation <https://urllib3.readthedocs.io/en/latest/contributing.html>`_ +for some tips on getting started. + + +Security Disclosures +-------------------- + +To report a security vulnerability, please use the +`Tidelift security contact <https://tidelift.com/security>`_. +Tidelift will coordinate the fix and disclosure with maintainers. + + +Maintainers +----------- + +- `@sethmlarson <https://github.com/sethmlarson>`__ (Seth M. Larson) +- `@pquentin <https://github.com/pquentin>`__ (Quentin Pradet) +- `@theacodes <https://github.com/theacodes>`__ (Thea Flowers) +- `@haikuginger <https://github.com/haikuginger>`__ (Jess Shapiro) +- `@lukasa <https://github.com/lukasa>`__ (Cory Benfield) +- `@sigmavirus24 <https://github.com/sigmavirus24>`__ (Ian Stapleton Cordasco) +- `@shazow <https://github.com/shazow>`__ (Andrey Petrov) + +👋 + + +Sponsorship +----------- + +If your company benefits from this library, please consider `sponsoring its +development <https://urllib3.readthedocs.io/en/latest/sponsors.html>`_. + + +For Enterprise +-------------- + +.. |tideliftlogo| image:: https://nedbatchelder.com/pix/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White_small.png + :width: 75 + :alt: Tidelift + +.. list-table:: + :widths: 10 100 + + * - |tideliftlogo| + - Professional support for urllib3 is available as part of the `Tidelift + Subscription`_. Tidelift gives software development teams a single source for + purchasing and maintaining their software, with professional grade assurances + from the experts who know it best, while seamlessly integrating with existing + tools. + +.. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme + + +Changes +======= + +1.26.5 (2021-05-26) +------------------- + +* Fixed deprecation warnings emitted in Python 3.10. +* Updated vendored ``six`` library to 1.16.0. +* Improved performance of URL parser when splitting + the authority component. + + +1.26.4 (2021-03-15) +------------------- + +* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy + during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. + + +1.26.3 (2021-01-26) +------------------- + +* Fixed bytes and string comparison issue with headers (Pull #2141) + +* Changed ``ProxySchemeUnknown`` error message to be + more actionable if the user supplies a proxy URL without + a scheme. (Pull #2107) + + +1.26.2 (2020-11-12) +------------------- + +* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't + be imported properly on Python 2.7.8 and earlier (Pull #2052) + + +1.26.1 (2020-11-11) +------------------- + +* Fixed an issue where two ``User-Agent`` headers would be sent if a + ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) + + +1.26.0 (2020-11-10) +------------------- + +* **NOTE: urllib3 v2.0 will drop support for Python 2**. + `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. + +* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) + +* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that + still wish to use TLS earlier than 1.2 without a deprecation warning + should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) + **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** + +* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` + and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, + ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` + (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** + +* Added default ``User-Agent`` header to every request (Pull #1750) + +* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, + and ``Host`` headers from being automatically emitted with requests (Pull #2018) + +* Collapse ``transfer-encoding: chunked`` request data and framing into + the same ``socket.send()`` call (Pull #1906) + +* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) + +* Properly terminate SecureTransport connections when CA verification fails (Pull #1977) + +* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` + to SecureTransport (Pull #1903) + +* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) + +* Suppress ``BrokenPipeError`` when writing request body after the server + has closed the socket (Pull #1524) + +* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") + into an ``urllib3.exceptions.SSLError`` (Pull #1939) + + +1.25.11 (2020-10-19) +-------------------- + +* Fix retry backoff time parsed from ``Retry-After`` header when given + in the HTTP date format. The HTTP date was parsed as the local timezone + rather than accounting for the timezone in the HTTP date (typically + UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) + +* Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` + environment variable was set to the empty string. Now ``SSLContext.keylog_file`` + is not set in this situation (Pull #2016) + + +1.25.10 (2020-07-22) +-------------------- + +* Added support for ``SSLKEYLOGFILE`` environment variable for + logging TLS session keys with use with programs like + Wireshark for decrypting captured web traffic (Pull #1867) + +* Fixed loading of SecureTransport libraries on macOS Big Sur + due to the new dynamic linker cache (Pull #1905) + +* Collapse chunked request bodies data and framing into one + call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) + +* Don't insert ``None`` into ``ConnectionPool`` if the pool + was empty when requesting a connection (Pull #1866) + +* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) + + +1.25.9 (2020-04-16) +------------------- + +* Added ``InvalidProxyConfigurationWarning`` which is raised when + erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently + support connecting to HTTPS proxies but will soon be able to + and we would like users to migrate properly without much breakage. + + See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ + for more information on how to fix your proxy config. (Pull #1851) + +* Drain connection after ``PoolManager`` redirect (Pull #1817) + +* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) + +* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) + +* Allow the CA certificate data to be passed as a string (Pull #1804) + +* Raise ``ValueError`` if method contains control characters (Pull #1800) + +* Add ``__repr__`` to ``Timeout`` (Pull #1795) + + +1.25.8 (2020-01-20) +------------------- + +* Drop support for EOL Python 3.4 (Pull #1774) + +* Optimize _encode_invalid_chars (Pull #1787) + + +1.25.7 (2019-11-11) +------------------- + +* Preserve ``chunked`` parameter on retries (Pull #1715, Pull #1734) + +* Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull #1704, Issue #1470) + +* Fix issue where URL fragment was sent within the request target. (Pull #1732) + +* Fix issue where an empty query section in a URL would fail to parse. (Pull #1732) + +* Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull #1703) + + +1.25.6 (2019-09-24) +------------------- + +* Fix issue where tilde (``~``) characters were incorrectly + percent-encoded in the path. (Pull #1692) + + +1.25.5 (2019-09-19) +------------------- + +* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which + caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. + (Issue #1682) + + +1.25.4 (2019-09-19) +------------------- + +* Propagate Retry-After header settings to subsequent retries. (Pull #1607) + +* Fix edge case where Retry-After header was still respected even when + explicitly opted out of. (Pull #1607) + +* Remove dependency on ``rfc3986`` for URL parsing. + +* Fix issue where URLs containing invalid characters within ``Url.auth`` would + raise an exception instead of percent-encoding those characters. + +* Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses + work well with BufferedReaders and other ``io`` module features. (Pull #1652) + +* Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull #1673) + + +1.25.3 (2019-05-23) +------------------- + +* Change ``HTTPSConnection`` to load system CA certificates + when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are + unspecified. (Pull #1608, Issue #1603) + +* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) + + +1.25.2 (2019-04-28) +------------------- + +* Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull #1583) + +* Change ``parse_url`` to percent-encode invalid characters within the + path, query, and target components. (Pull #1586) + + +1.25.1 (2019-04-24) +------------------- + +* Add support for Google's ``Brotli`` package. (Pull #1572, Pull #1579) + +* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) + + +1.25 (2019-04-22) +----------------- + +* Require and validate certificates by default when using HTTPS (Pull #1507) + +* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull #1487) + +* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use + encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull #1489) + +* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` + implementations. (Pull #1496) + +* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, Pull #1492) + +* Fixed issue where OpenSSL would block if an encrypted client private key was + given and no password was given. Instead an ``SSLError`` is raised. (Pull #1489) + +* Added support for Brotli content encoding. It is enabled automatically if + ``brotlipy`` package is installed which can be requested with + ``urllib3[brotli]`` extra. (Pull #1532) + +* Drop ciphers using DSS key exchange from default TLS cipher suites. + Improve default ciphers when using SecureTransport. (Pull #1496) + +* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue #1483) + +1.24.3 (2019-05-01) +------------------- + +* Apply fix for CVE-2019-9740. (Pull #1591) + +1.24.2 (2019-04-17) +------------------- + +* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or + ``ssl_context`` parameters are specified. + +* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) + +* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) + + +1.24.1 (2018-11-02) +------------------- + +* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) + +* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462) + + +1.24 (2018-10-16) +----------------- + +* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) + +* Test against Python 3.7 on AppVeyor. (Pull #1453) + +* Early-out ipv6 checks when running on App Engine. (Pull #1450) + +* Change ambiguous description of backoff_factor (Pull #1436) + +* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) + +* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). + +* Add a server_hostname parameter to HTTPSConnection which allows for + overriding the SNI hostname sent in the handshake. (Pull #1397) + +* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) + +* Fixed bug where responses with header Content-Type: message/* erroneously + raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) + +* Move urllib3 to src/urllib3 (Pull #1409) + + +1.23 (2018-06-04) +----------------- + +* Allow providing a list of headers to strip from requests when redirecting + to a different host. Defaults to the ``Authorization`` header. Different + headers can be set via ``Retry.remove_headers_on_redirect``. (Issue #1316) + +* Fix ``util.selectors._fileobj_to_fd`` to accept ``long`` (Issue #1247). + +* Dropped Python 3.3 support. (Pull #1242) + +* Put the connection back in the pool when calling stream() or read_chunked() on + a chunked HEAD response. (Issue #1234) + +* Fixed pyOpenSSL-specific ssl client authentication issue when clients + attempted to auth via certificate + chain (Issue #1060) + +* Add the port to the connectionpool connect print (Pull #1251) + +* Don't use the ``uuid`` module to create multipart data boundaries. (Pull #1380) + +* ``read_chunked()`` on a closed response returns no chunks. (Issue #1088) + +* Add Python 2.6 support to ``contrib.securetransport`` (Pull #1359) + +* Added support for auth info in url for SOCKS proxy (Pull #1363) + + +1.22 (2017-07-20) +----------------- + +* Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via + IPv6 proxy. (Issue #1222) + +* Made the connection pool retry on ``SSLError``. The original ``SSLError`` + is available on ``MaxRetryError.reason``. (Issue #1112) + +* Drain and release connection before recursing on retry/redirect. Fixes + deadlocks with a blocking connectionpool. (Issue #1167) + +* Fixed compatibility for cookiejar. (Issue #1229) + +* pyopenssl: Use vendored version of ``six``. (Issue #1231) + + +1.21.1 (2017-05-02) +------------------- + +* Fixed SecureTransport issue that would cause long delays in response body + delivery. (Pull #1154) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``socket_options`` flag to the ``PoolManager``. (Issue #1165) + +* Fixed regression in 1.21 that threw exceptions when users passed the + ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. + (Pull #1157) + + +1.21 (2017-04-25) +----------------- + +* Improved performance of certain selector system calls on Python 3.5 and + later. (Pull #1095) + +* Resolved issue where the PyOpenSSL backend would not wrap SysCallError + exceptions appropriately when sending data. (Pull #1125) + +* Selectors now detects a monkey-patched select module after import for modules + that patch the select module like eventlet, greenlet. (Pull #1128) + +* Reduced memory consumption when streaming zlib-compressed responses + (as opposed to raw deflate streams). (Pull #1129) + +* Connection pools now use the entire request context when constructing the + pool key. (Pull #1016) + +* ``PoolManager.connection_from_*`` methods now accept a new keyword argument, + ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. + (Pull #1016) + +* Add retry counter for ``status_forcelist``. (Issue #1147) + +* Added ``contrib`` module for using SecureTransport on macOS: + ``urllib3.contrib.securetransport``. (Pull #1122) + +* urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: + for schemes it does not recognise, it assumes they are case-sensitive and + leaves them unchanged. + (Issue #1080) + + +1.20 (2017-01-19) +----------------- + +* Added support for waiting for I/O using selectors other than select, + improving urllib3's behaviour with large numbers of concurrent connections. + (Pull #1001) + +* Updated the date for the system clock check. (Issue #1005) + +* ConnectionPools now correctly consider hostnames to be case-insensitive. + (Issue #1032) + +* Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Pull #1063) + +* Outdated versions of cryptography now cause the PyOpenSSL contrib module + to fail when it is injected, rather than at first use. (Issue #1044) + +* Automatically attempt to rewind a file-like body object when a request is + retried or redirected. (Pull #1039) + +* Fix some bugs that occur when modules incautiously patch the queue module. + (Pull #1061) + +* Prevent retries from occurring on read timeouts for which the request method + was not in the method whitelist. (Issue #1059) + +* Changed the PyOpenSSL contrib module to lazily load idna to avoid + unnecessarily bloating the memory of programs that don't need it. (Pull + #1076) + +* Add support for IPv6 literals with zone identifiers. (Pull #1013) + +* Added support for socks5h:// and socks4a:// schemes when working with SOCKS + proxies, and controlled remote DNS appropriately. (Issue #1035) + + +1.19.1 (2016-11-16) +------------------- + +* Fixed AppEngine import that didn't function on Python 3.5. (Pull #1025) + + +1.19 (2016-11-03) +----------------- + +* urllib3 now respects Retry-After headers on 413, 429, and 503 responses when + using the default retry logic. (Pull #955) + +* Remove markers from setup.py to assist ancient setuptools versions. (Issue + #986) + +* Disallow superscripts and other integerish things in URL ports. (Issue #989) + +* Allow urllib3's HTTPResponse.stream() method to continue to work with + non-httplib underlying FPs. (Pull #990) + +* Empty filenames in multipart headers are now emitted as such, rather than + being suppressed. (Issue #1015) + +* Prefer user-supplied Host headers on chunked uploads. (Issue #1009) + + +1.18.1 (2016-10-27) +------------------- + +* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with + PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This + release fixes a vulnerability whereby urllib3 in the above configuration + would silently fail to validate TLS certificates due to erroneously setting + invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous + flags do not cause a problem in OpenSSL versions before 1.1.0, which + interprets the presence of any flag as requesting certificate validation. + + There is no PR for this patch, as it was prepared for simultaneous disclosure + and release. The master branch received the same fix in Pull #1010. + + +1.18 (2016-09-26) +----------------- + +* Fixed incorrect message for IncompleteRead exception. (Pull #973) + +* Accept ``iPAddress`` subject alternative name fields in TLS certificates. + (Issue #258) + +* Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3. + (Issue #977) + +* Fixed handling of wildcard certificates when using PyOpenSSL. (Issue #979) + + +1.17 (2016-09-06) +----------------- + +* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue #835) + +* ConnectionPool debug log now includes scheme, host, and port. (Issue #897) + +* Substantially refactored documentation. (Issue #887) + +* Used URLFetch default timeout on AppEngine, rather than hardcoding our own. + (Issue #858) + +* Normalize the scheme and host in the URL parser (Issue #833) + +* ``HTTPResponse`` contains the last ``Retry`` object, which now also + contains retries history. (Issue #848) + +* Timeout can no longer be set as boolean, and must be greater than zero. + (Pull #924) + +* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We + now use cryptography and idna, both of which are already dependencies of + PyOpenSSL. (Pull #930) + +* Fixed infinite loop in ``stream`` when amt=None. (Issue #928) + +* Try to use the operating system's certificates when we are using an + ``SSLContext``. (Pull #941) + +* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to + ChaCha20, but ChaCha20 is then preferred to everything else. (Pull #947) + +* Updated cipher suite list to remove 3DES-based cipher suites. (Pull #958) + +* Removed the cipher suite fallback to allow HIGH ciphers. (Pull #958) + +* Implemented ``length_remaining`` to determine remaining content + to be read. (Pull #949) + +* Implemented ``enforce_content_length`` to enable exceptions when + incomplete data chunks are received. (Pull #949) + +* Dropped connection start, dropped connection reset, redirect, forced retry, + and new HTTPS connection log levels to DEBUG, from INFO. (Pull #967) + + +1.16 (2016-06-11) +----------------- + +* Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) + +* Provide ``key_fn_by_scheme`` pool keying mechanism that can be + overridden. (Issue #830) + +* Normalize scheme and host to lowercase for pool keys, and include + ``source_address``. (Issue #830) + +* Cleaner exception chain in Python 3 for ``_make_request``. + (Issue #861) + +* Fixed installing ``urllib3[socks]`` extra. (Issue #864) + +* Fixed signature of ``ConnectionPool.close`` so it can actually safely be + called by subclasses. (Issue #873) + +* Retain ``release_conn`` state across retries. (Issues #651, #866) + +* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to + ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) + + +1.15.1 (2016-04-11) +------------------- + +* Fix packaging to include backports module. (Issue #841) + + +1.15 (2016-04-06) +----------------- + +* Added Retry(raise_on_status=False). (Issue #720) + +* Always use setuptools, no more distutils fallback. (Issue #785) + +* Dropped support for Python 3.2. (Issue #786) + +* Chunked transfer encoding when requesting with ``chunked=True``. + (Issue #790) + +* Fixed regression with IPv6 port parsing. (Issue #801) + +* Append SNIMissingWarning messages to allow users to specify it in + the PYTHONWARNINGS environment variable. (Issue #816) + +* Handle unicode headers in Py2. (Issue #818) + +* Log certificate when there is a hostname mismatch. (Issue #820) + +* Preserve order of request/response headers. (Issue #821) + + +1.14 (2015-12-29) +----------------- + +* contrib: SOCKS proxy support! (Issue #762) + +* Fixed AppEngine handling of transfer-encoding header and bug + in Timeout defaults checking. (Issue #763) + + +1.13.1 (2015-12-18) +------------------- + +* Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) + + +1.13 (2015-12-14) +----------------- + +* Fixed ``pip install urllib3[secure]`` on modern pip. (Issue #706) + +* pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) + +* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) + +* Close connections more defensively on exception. (Issue #734) + +* Adjusted ``read_chunked`` to handle gzipped, chunk-encoded bodies without + repeatedly flushing the decoder, to function better on Jython. (Issue #743) + +* Accept ``ca_cert_dir`` for SSL-related PoolManager configuration. (Issue #758) + + +1.12 (2015-09-03) +----------------- + +* Rely on ``six`` for importing ``httplib`` to work around + conflicts with other Python 3 shims. (Issue #688) + +* Add support for directories of certificate authorities, as supported by + OpenSSL. (Issue #701) + +* New exception: ``NewConnectionError``, raised when we fail to establish + a new connection, usually ``ECONNREFUSED`` socket error. + + +1.11 (2015-07-21) +----------------- + +* When ``ca_certs`` is given, ``cert_reqs`` defaults to + ``'CERT_REQUIRED'``. (Issue #650) + +* ``pip install urllib3[secure]`` will install Certifi and + PyOpenSSL as dependencies. (Issue #678) + +* Made ``HTTPHeaderDict`` usable as a ``headers`` input value + (Issues #632, #679) + +* Added `urllib3.contrib.appengine <https://urllib3.readthedocs.io/en/latest/contrib.html#google-app-engine>`_ + which has an ``AppEngineManager`` for using ``URLFetch`` in a + Google AppEngine environment. (Issue #664) + +* Dev: Added test suite for AppEngine. (Issue #631) + +* Fix performance regression when using PyOpenSSL. (Issue #626) + +* Passing incorrect scheme (e.g. ``foo://``) will raise + ``ValueError`` instead of ``AssertionError`` (backwards + compatible for now, but please migrate). (Issue #640) + +* Fix pools not getting replenished when an error occurs during a + request using ``release_conn=False``. (Issue #644) + +* Fix pool-default headers not applying for url-encoded requests + like GET. (Issue #657) + +* log.warning in Python 3 when headers are skipped due to parsing + errors. (Issue #642) + +* Close and discard connections if an error occurs during read. + (Issue #660) + +* Fix host parsing for IPv6 proxies. (Issue #668) + +* Separate warning type SubjectAltNameWarning, now issued once + per host. (Issue #671) + +* Fix ``httplib.IncompleteRead`` not getting converted to + ``ProtocolError`` when using ``HTTPResponse.stream()`` + (Issue #674) + +1.10.4 (2015-05-03) +------------------- + +* Migrate tests to Tornado 4. (Issue #594) + +* Append default warning configuration rather than overwrite. + (Issue #603) + +* Fix streaming decoding regression. (Issue #595) + +* Fix chunked requests losing state across keep-alive connections. + (Issue #599) + +* Fix hanging when chunked HEAD response has no body. (Issue #605) + + +1.10.3 (2015-04-21) +------------------- + +* Emit ``InsecurePlatformWarning`` when SSLContext object is missing. + (Issue #558) + +* Fix regression of duplicate header keys being discarded. + (Issue #563) + +* ``Response.stream()`` returns a generator for chunked responses. + (Issue #560) + +* Set upper-bound timeout when waiting for a socket in PyOpenSSL. + (Issue #585) + +* Work on platforms without `ssl` module for plain HTTP requests. + (Issue #587) + +* Stop relying on the stdlib's default cipher list. (Issue #588) + + +1.10.2 (2015-02-25) +------------------- + +* Fix file descriptor leakage on retries. (Issue #548) + +* Removed RC4 from default cipher list. (Issue #551) + +* Header performance improvements. (Issue #544) + +* Fix PoolManager not obeying redirect retry settings. (Issue #553) + + +1.10.1 (2015-02-10) +------------------- + +* Pools can be used as context managers. (Issue #545) + +* Don't re-use connections which experienced an SSLError. (Issue #529) + +* Don't fail when gzip decoding an empty stream. (Issue #535) + +* Add sha256 support for fingerprint verification. (Issue #540) + +* Fixed handling of header values containing commas. (Issue #533) + + +1.10 (2014-12-14) +----------------- + +* Disabled SSLv3. (Issue #473) + +* Add ``Url.url`` property to return the composed url string. (Issue #394) + +* Fixed PyOpenSSL + gevent ``WantWriteError``. (Issue #412) + +* ``MaxRetryError.reason`` will always be an exception, not string. + (Issue #481) + +* Fixed SSL-related timeouts not being detected as timeouts. (Issue #492) + +* Py3: Use ``ssl.create_default_context()`` when available. (Issue #473) + +* Emit ``InsecureRequestWarning`` for *every* insecure HTTPS request. + (Issue #496) + +* Emit ``SecurityWarning`` when certificate has no ``subjectAltName``. + (Issue #499) + +* Close and discard sockets which experienced SSL-related errors. + (Issue #501) + +* Handle ``body`` param in ``.request(...)``. (Issue #513) + +* Respect timeout with HTTPS proxy. (Issue #505) + +* PyOpenSSL: Handle ZeroReturnError exception. (Issue #520) + + +1.9.1 (2014-09-13) +------------------ + +* Apply socket arguments before binding. (Issue #427) + +* More careful checks if fp-like object is closed. (Issue #435) + +* Fixed packaging issues of some development-related files not + getting included. (Issue #440) + +* Allow performing *only* fingerprint verification. (Issue #444) + +* Emit ``SecurityWarning`` if system clock is waaay off. (Issue #445) + +* Fixed PyOpenSSL compatibility with PyPy. (Issue #450) + +* Fixed ``BrokenPipeError`` and ``ConnectionError`` handling in Py3. + (Issue #443) + + + +1.9 (2014-07-04) +---------------- + +* Shuffled around development-related files. If you're maintaining a distro + package of urllib3, you may need to tweak things. (Issue #415) + +* Unverified HTTPS requests will trigger a warning on the first request. See + our new `security documentation + <https://urllib3.readthedocs.io/en/latest/security.html>`_ for details. + (Issue #426) + +* New retry logic and ``urllib3.util.retry.Retry`` configuration object. + (Issue #326) + +* All raised exceptions should now wrapped in a + ``urllib3.exceptions.HTTPException``-extending exception. (Issue #326) + +* All errors during a retry-enabled request should be wrapped in + ``urllib3.exceptions.MaxRetryError``, including timeout-related exceptions + which were previously exempt. Underlying error is accessible from the + ``.reason`` property. (Issue #326) + +* ``urllib3.exceptions.ConnectionError`` renamed to + ``urllib3.exceptions.ProtocolError``. (Issue #326) + +* Errors during response read (such as IncompleteRead) are now wrapped in + ``urllib3.exceptions.ProtocolError``. (Issue #418) + +* Requesting an empty host will raise ``urllib3.exceptions.LocationValueError``. + (Issue #417) + +* Catch read timeouts over SSL connections as + ``urllib3.exceptions.ReadTimeoutError``. (Issue #419) + +* Apply socket arguments before connecting. (Issue #427) + + +1.8.3 (2014-06-23) +------------------ + +* Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) + +* Add ``disable_cache`` option to ``urllib3.util.make_headers``. (Issue #393) + +* Wrap ``socket.timeout`` exception with + ``urllib3.exceptions.ReadTimeoutError``. (Issue #399) + +* Fixed proxy-related bug where connections were being reused incorrectly. + (Issues #366, #369) + +* Added ``socket_options`` keyword parameter which allows to define + ``setsockopt`` configuration of new sockets. (Issue #397) + +* Removed ``HTTPConnection.tcp_nodelay`` in favor of + ``HTTPConnection.default_socket_options``. (Issue #397) + +* Fixed ``TypeError`` bug in Python 2.6.4. (Issue #411) + + +1.8.2 (2014-04-17) +------------------ + +* Fix ``urllib3.util`` not being included in the package. + + +1.8.1 (2014-04-17) +------------------ + +* Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) + +* Don't install ``dummyserver`` into ``site-packages`` as it's only needed + for the test suite. (Issue #362) + +* Added support for specifying ``source_address``. (Issue #352) + + +1.8 (2014-03-04) +---------------- + +* Improved url parsing in ``urllib3.util.parse_url`` (properly parse '@' in + username, and blank ports like 'hostname:'). + +* New ``urllib3.connection`` module which contains all the HTTPConnection + objects. + +* Several ``urllib3.util.Timeout``-related fixes. Also changed constructor + signature to a more sensible order. [Backwards incompatible] + (Issues #252, #262, #263) + +* Use ``backports.ssl_match_hostname`` if it's installed. (Issue #274) + +* Added ``.tell()`` method to ``urllib3.response.HTTPResponse`` which + returns the number of bytes read so far. (Issue #277) + +* Support for platforms without threading. (Issue #289) + +* Expand default-port comparison in ``HTTPConnectionPool.is_same_host`` + to allow a pool with no specified port to be considered equal to to an + HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) + +* Improved default SSL/TLS settings to avoid vulnerabilities. + (Issue #309) + +* Fixed ``urllib3.poolmanager.ProxyManager`` not retrying on connect errors. + (Issue #310) + +* Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests + will send the entire HTTP request ~200 milliseconds faster; however, some of + the resulting TCP packets will be smaller. (Issue #254) + +* Increased maximum number of SubjectAltNames in ``urllib3.contrib.pyopenssl`` + from the default 64 to 1024 in a single certificate. (Issue #318) + +* Headers are now passed and stored as a custom + ``urllib3.collections_.HTTPHeaderDict`` object rather than a plain ``dict``. + (Issue #329, #333) + +* Headers no longer lose their case on Python 3. (Issue #236) + +* ``urllib3.contrib.pyopenssl`` now uses the operating system's default CA + certificates on inject. (Issue #332) + +* Requests with ``retries=False`` will immediately raise any exceptions without + wrapping them in ``MaxRetryError``. (Issue #348) + +* Fixed open socket leak with SSL-related failures. (Issue #344, #348) + + +1.7.1 (2013-09-25) +------------------ + +* Added granular timeout support with new ``urllib3.util.Timeout`` class. + (Issue #231) + +* Fixed Python 3.4 support. (Issue #238) + + +1.7 (2013-08-14) +---------------- + +* More exceptions are now pickle-able, with tests. (Issue #174) + +* Fixed redirecting with relative URLs in Location header. (Issue #178) + +* Support for relative urls in ``Location: ...`` header. (Issue #179) + +* ``urllib3.response.HTTPResponse`` now inherits from ``io.IOBase`` for bonus + file-like functionality. (Issue #187) + +* Passing ``assert_hostname=False`` when creating a HTTPSConnectionPool will + skip hostname verification for SSL connections. (Issue #194) + +* New method ``urllib3.response.HTTPResponse.stream(...)`` which acts as a + generator wrapped around ``.read(...)``. (Issue #198) + +* IPv6 url parsing enforces brackets around the hostname. (Issue #199) + +* Fixed thread race condition in + ``urllib3.poolmanager.PoolManager.connection_from_host(...)`` (Issue #204) + +* ``ProxyManager`` requests now include non-default port in ``Host: ...`` + header. (Issue #217) + +* Added HTTPS proxy support in ``ProxyManager``. (Issue #170 #139) + +* New ``RequestField`` object can be passed to the ``fields=...`` param which + can specify headers. (Issue #220) + +* Raise ``urllib3.exceptions.ProxyError`` when connecting to proxy fails. + (Issue #221) + +* Use international headers when posting file names. (Issue #119) + +* Improved IPv6 support. (Issue #203) + + +1.6 (2013-04-25) +---------------- + +* Contrib: Optional SNI support for Py2 using PyOpenSSL. (Issue #156) + +* ``ProxyManager`` automatically adds ``Host: ...`` header if not given. + +* Improved SSL-related code. ``cert_req`` now optionally takes a string like + "REQUIRED" or "NONE". Same with ``ssl_version`` takes strings like "SSLv23" + The string values reflect the suffix of the respective constant variable. + (Issue #130) + +* Vendored ``socksipy`` now based on Anorov's fork which handles unexpectedly + closed proxy connections and larger read buffers. (Issue #135) + +* Ensure the connection is closed if no data is received, fixes connection leak + on some platforms. (Issue #133) + +* Added SNI support for SSL/TLS connections on Py32+. (Issue #89) + +* Tests fixed to be compatible with Py26 again. (Issue #125) + +* Added ability to choose SSL version by passing an ``ssl.PROTOCOL_*`` constant + to the ``ssl_version`` parameter of ``HTTPSConnectionPool``. (Issue #109) + +* Allow an explicit content type to be specified when encoding file fields. + (Issue #126) + +* Exceptions are now pickleable, with tests. (Issue #101) + +* Fixed default headers not getting passed in some cases. (Issue #99) + +* Treat "content-encoding" header value as case-insensitive, per RFC 2616 + Section 3.5. (Issue #110) + +* "Connection Refused" SocketErrors will get retried rather than raised. + (Issue #92) + +* Updated vendored ``six``, no longer overrides the global ``six`` module + namespace. (Issue #113) + +* ``urllib3.exceptions.MaxRetryError`` contains a ``reason`` property holding + the exception that prompted the final retry. If ``reason is None`` then it + was due to a redirect. (Issue #92, #114) + +* Fixed ``PoolManager.urlopen()`` from not redirecting more than once. + (Issue #149) + +* Don't assume ``Content-Type: text/plain`` for multi-part encoding parameters + that are not files. (Issue #111) + +* Pass `strict` param down to ``httplib.HTTPConnection``. (Issue #122) + +* Added mechanism to verify SSL certificates by fingerprint (md5, sha1) or + against an arbitrary hostname (when connecting by IP or for misconfigured + servers). (Issue #140) + +* Streaming decompression support. (Issue #159) + + +1.5 (2012-08-02) +---------------- + +* Added ``urllib3.add_stderr_logger()`` for quickly enabling STDERR debug + logging in urllib3. + +* Native full URL parsing (including auth, path, query, fragment) available in + ``urllib3.util.parse_url(url)``. + +* Built-in redirect will switch method to 'GET' if status code is 303. + (Issue #11) + +* ``urllib3.PoolManager`` strips the scheme and host before sending the request + uri. (Issue #8) + +* New ``urllib3.exceptions.DecodeError`` exception for when automatic decoding, + based on the Content-Type header, fails. + +* Fixed bug with pool depletion and leaking connections (Issue #76). Added + explicit connection closing on pool eviction. Added + ``urllib3.PoolManager.clear()``. + +* 99% -> 100% unit test coverage. + + +1.4 (2012-06-16) +---------------- + +* Minor AppEngine-related fixes. + +* Switched from ``mimetools.choose_boundary`` to ``uuid.uuid4()``. + +* Improved url parsing. (Issue #73) + +* IPv6 url support. (Issue #72) + + +1.3 (2012-03-25) +---------------- + +* Removed pre-1.0 deprecated API. + +* Refactored helpers into a ``urllib3.util`` submodule. + +* Fixed multipart encoding to support list-of-tuples for keys with multiple + values. (Issue #48) + +* Fixed multiple Set-Cookie headers in response not getting merged properly in + Python 3. (Issue #53) + +* AppEngine support with Py27. (Issue #61) + +* Minor ``encode_multipart_formdata`` fixes related to Python 3 strings vs + bytes. + + +1.2.2 (2012-02-06) +------------------ + +* Fixed packaging bug of not shipping ``test-requirements.txt``. (Issue #47) + + +1.2.1 (2012-02-05) +------------------ + +* Fixed another bug related to when ``ssl`` module is not available. (Issue #41) + +* Location parsing errors now raise ``urllib3.exceptions.LocationParseError`` + which inherits from ``ValueError``. + + +1.2 (2012-01-29) +---------------- + +* Added Python 3 support (tested on 3.2.2) + +* Dropped Python 2.5 support (tested on 2.6.7, 2.7.2) + +* Use ``select.poll`` instead of ``select.select`` for platforms that support + it. + +* Use ``Queue.LifoQueue`` instead of ``Queue.Queue`` for more aggressive + connection reusing. Configurable by overriding ``ConnectionPool.QueueCls``. + +* Fixed ``ImportError`` during install when ``ssl`` module is not available. + (Issue #41) + +* Fixed ``PoolManager`` redirects between schemes (such as HTTP -> HTTPS) not + completing properly. (Issue #28, uncovered by Issue #10 in v1.1) + +* Ported ``dummyserver`` to use ``tornado`` instead of ``webob`` + + ``eventlet``. Removed extraneous unsupported dummyserver testing backends. + Added socket-level tests. + +* More tests. Achievement Unlocked: 99% Coverage. + + +1.1 (2012-01-07) +---------------- + +* Refactored ``dummyserver`` to its own root namespace module (used for + testing). + +* Added hostname verification for ``VerifiedHTTPSConnection`` by vendoring in + Py32's ``ssl_match_hostname``. (Issue #25) + +* Fixed cross-host HTTP redirects when using ``PoolManager``. (Issue #10) + +* Fixed ``decode_content`` being ignored when set through ``urlopen``. (Issue + #27) + +* Fixed timeout-related bugs. (Issues #17, #23) + + +1.0.2 (2011-11-04) +------------------ + +* Fixed typo in ``VerifiedHTTPSConnection`` which would only present as a bug if + you're using the object manually. (Thanks pyos) + +* Made RecentlyUsedContainer (and consequently PoolManager) more thread-safe by + wrapping the access log in a mutex. (Thanks @christer) + +* Made RecentlyUsedContainer more dict-like (corrected ``__delitem__`` and + ``__getitem__`` behaviour), with tests. Shouldn't affect core urllib3 code. + + +1.0.1 (2011-10-10) +------------------ + +* Fixed a bug where the same connection would get returned into the pool twice, + causing extraneous "HttpConnectionPool is full" log warnings. + + +1.0 (2011-10-08) +---------------- + +* Added ``PoolManager`` with LRU expiration of connections (tested and + documented). +* Added ``ProxyManager`` (needs tests, docs, and confirmation that it works + with HTTPS proxies). +* Added optional partial-read support for responses when + ``preload_content=False``. You can now make requests and just read the headers + without loading the content. +* Made response decoding optional (default on, same as before). +* Added optional explicit boundary string for ``encode_multipart_formdata``. +* Convenience request methods are now inherited from ``RequestMethods``. Old + helpers like ``get_url`` and ``post_url`` should be abandoned in favour of + the new ``request(method, url, ...)``. +* Refactored code to be even more decoupled, reusable, and extendable. +* License header added to ``.py`` files. +* Embiggened the documentation: Lots of Sphinx-friendly docstrings in the code + and docs in ``docs/`` and on https://urllib3.readthedocs.io/. +* Embettered all the things! +* Started writing this file. + + +0.4.1 (2011-07-17) +------------------ + +* Minor bug fixes, code cleanup. + + +0.4 (2011-03-01) +---------------- + +* Better unicode support. +* Added ``VerifiedHTTPSConnection``. +* Added ``NTLMConnectionPool`` in contrib. +* Minor improvements. + + +0.3.1 (2010-07-13) +------------------ + +* Added ``assert_host_name`` optional parameter. Now compatible with proxies. + + +0.3 (2009-12-10) +---------------- + +* Added HTTPS support. +* Minor bug fixes. +* Refactored, broken backwards compatibility with 0.2. +* API to be treated as stable from this version forward. + + +0.2 (2008-11-17) +---------------- + +* Added unit tests. +* Bug fixes. + + +0.1 (2008-11-16) +---------------- + +* First release. + + diff -Nru python-urllib3-1.26.4/test/appengine/test_gae_manager.py python-urllib3-1.26.5/test/appengine/test_gae_manager.py --- python-urllib3-1.26.4/test/appengine/test_gae_manager.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/appengine/test_gae_manager.py 2021-05-26 19:01:29.000000000 +0200 @@ -129,7 +129,7 @@ self.pool = MockPool(self.host, self.port, self.manager) def test_default_method_whitelist_retried(self): - """ urllib3 should retry methods in the default method whitelist """ + """urllib3 should retry methods in the default method whitelist""" retry = urllib3.util.retry.Retry(total=1, status_forcelist=[418]) # Use HEAD instead of OPTIONS, as URLFetch doesn't support OPTIONS resp = self.pool.request( diff -Nru python-urllib3-1.26.4/test/__init__.py python-urllib3-1.26.5/test/__init__.py --- python-urllib3-1.26.4/test/__init__.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/__init__.py 2021-05-26 19:01:29.000000000 +0200 @@ -54,7 +54,7 @@ def _can_resolve(host): - """ Returns True if the system can resolve host to an address. """ + """Returns True if the system can resolve host to an address.""" try: socket.getaddrinfo(host, None, socket.AF_UNSPEC) return True @@ -63,7 +63,7 @@ def has_alpn(ctx_cls=None): - """ Detect if ALPN support is enabled. """ + """Detect if ALPN support is enabled.""" ctx_cls = ctx_cls or util.SSLContext ctx = ctx_cls(protocol=ssl_.PROTOCOL_TLS) try: diff -Nru python-urllib3-1.26.4/test/test_retry_deprecated.py python-urllib3-1.26.5/test/test_retry_deprecated.py --- python-urllib3-1.26.4/test/test_retry_deprecated.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_retry_deprecated.py 2021-05-26 19:01:29.000000000 +0200 @@ -28,7 +28,7 @@ class TestRetry(object): def test_string(self): - """ Retry string representation looks the way we expect """ + """Retry string representation looks the way we expect""" retry = Retry() assert ( str(retry) @@ -52,7 +52,7 @@ assert e.value.reason == error def test_retry_higher_total_loses(self): - """ A lower connect timeout than the total is honored """ + """A lower connect timeout than the total is honored""" error = ConnectTimeoutError() retry = Retry(connect=2, total=3) retry = retry.increment(error=error) @@ -61,7 +61,7 @@ retry.increment(error=error) def test_retry_higher_total_loses_vs_read(self): - """ A lower read timeout than the total is honored """ + """A lower read timeout than the total is honored""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=2, total=3) retry = retry.increment(method="GET", error=error) @@ -70,7 +70,7 @@ retry.increment(method="GET", error=error) def test_retry_total_none(self): - """ if Total is none, connect error should take precedence """ + """if Total is none, connect error should take precedence""" error = ConnectTimeoutError() retry = Retry(connect=2, total=None) retry = retry.increment(error=error) @@ -87,7 +87,7 @@ assert not retry.is_exhausted() def test_retry_default(self): - """ If no value is specified, should retry connects 3 times """ + """If no value is specified, should retry connects 3 times""" retry = Retry() assert retry.total == 10 assert retry.connect is None @@ -109,7 +109,7 @@ assert not Retry(False).raise_on_redirect def test_retry_other(self): - """ If an unexpected error is raised, should retry other times """ + """If an unexpected error is raised, should retry other times""" other_error = SSLError() retry = Retry(connect=1) retry = retry.increment(error=other_error) @@ -123,7 +123,7 @@ assert e.value.reason == other_error def test_retry_read_zero(self): - """ No second chances on read timeouts, by default """ + """No second chances on read timeouts, by default""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=0) with pytest.raises(MaxRetryError) as e: @@ -142,7 +142,7 @@ ) def test_backoff(self): - """ Backoff is computed correctly """ + """Backoff is computed correctly""" max_backoff = Retry.BACKOFF_MAX retry = Retry(total=100, backoff_factor=0.2) diff -Nru python-urllib3-1.26.4/test/test_retry.py python-urllib3-1.26.5/test/test_retry.py --- python-urllib3-1.26.4/test/test_retry.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_retry.py 2021-05-26 19:01:29.000000000 +0200 @@ -26,7 +26,7 @@ class TestRetry(object): def test_string(self): - """ Retry string representation looks the way we expect """ + """Retry string representation looks the way we expect""" retry = Retry() assert ( str(retry) @@ -50,7 +50,7 @@ assert e.value.reason == error def test_retry_higher_total_loses(self): - """ A lower connect timeout than the total is honored """ + """A lower connect timeout than the total is honored""" error = ConnectTimeoutError() retry = Retry(connect=2, total=3) retry = retry.increment(error=error) @@ -59,7 +59,7 @@ retry.increment(error=error) def test_retry_higher_total_loses_vs_read(self): - """ A lower read timeout than the total is honored """ + """A lower read timeout than the total is honored""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=2, total=3) retry = retry.increment(method="GET", error=error) @@ -68,7 +68,7 @@ retry.increment(method="GET", error=error) def test_retry_total_none(self): - """ if Total is none, connect error should take precedence """ + """if Total is none, connect error should take precedence""" error = ConnectTimeoutError() retry = Retry(connect=2, total=None) retry = retry.increment(error=error) @@ -85,7 +85,7 @@ assert not retry.is_exhausted() def test_retry_default(self): - """ If no value is specified, should retry connects 3 times """ + """If no value is specified, should retry connects 3 times""" retry = Retry() assert retry.total == 10 assert retry.connect is None @@ -107,7 +107,7 @@ assert not Retry(False).raise_on_redirect def test_retry_other(self): - """ If an unexpected error is raised, should retry other times """ + """If an unexpected error is raised, should retry other times""" other_error = SSLError() retry = Retry(connect=1) retry = retry.increment(error=other_error) @@ -121,7 +121,7 @@ assert e.value.reason == other_error def test_retry_read_zero(self): - """ No second chances on read timeouts, by default """ + """No second chances on read timeouts, by default""" error = ReadTimeoutError(None, "/", "read timed out") retry = Retry(read=0) with pytest.raises(MaxRetryError) as e: @@ -140,7 +140,7 @@ ) def test_backoff(self): - """ Backoff is computed correctly """ + """Backoff is computed correctly""" max_backoff = Retry.BACKOFF_MAX retry = Retry(total=100, backoff_factor=0.2) diff -Nru python-urllib3-1.26.4/test/test_ssltransport.py python-urllib3-1.26.5/test/test_ssltransport.py --- python-urllib3-1.26.4/test/test_ssltransport.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_ssltransport.py 2021-05-26 19:01:29.000000000 +0200 @@ -101,7 +101,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_start_closed_socket(self): - """ Errors generated from an unconnected socket should bubble up.""" + """Errors generated from an unconnected socket should bubble up.""" sock = socket.socket(socket.AF_INET) context = ssl.create_default_context() sock.close() @@ -110,7 +110,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_close_after_handshake(self): - """ Socket errors should be bubbled up """ + """Socket errors should be bubbled up""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -123,7 +123,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_wrap_existing_socket(self): - """ Validates a single TLS layer can be established. """ + """Validates a single TLS layer can be established.""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -187,7 +187,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_ssl_object_attributes(self): - """ Ensures common ssl attributes are exposed """ + """Ensures common ssl attributes are exposed""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -215,7 +215,7 @@ @pytest.mark.timeout(PER_TEST_TIMEOUT) def test_socket_object_attributes(self): - """ Ensures common socket attributes are exposed """ + """Ensures common socket attributes are exposed""" self.start_dummy_server() sock = socket.create_connection((self.host, self.port)) @@ -258,6 +258,7 @@ ) self._read_write_loop(client_sock, upstream_sock) upstream_sock.close() + client_sock.close() self._start_server(proxy_handler) @@ -286,6 +287,10 @@ if write_socket in writable: try: b = read_socket.recv(chunks) + if len(b) == 0: + # One of the sockets has EOFed, we return to close + # both. + return write_socket.send(b) except ssl.SSLEOFError: # It's possible, depending on shutdown order, that we'll @@ -335,6 +340,7 @@ request = consume_socket(ssock) validate_request(request) ssock.send(sample_response()) + sock.close() cls._start_server(socket_handler) diff -Nru python-urllib3-1.26.4/test/test_util.py python-urllib3-1.26.5/test/test_util.py --- python-urllib3-1.26.4/test/test_util.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/test_util.py 2021-05-26 19:01:29.000000000 +0200 @@ -438,6 +438,16 @@ fragment="hash", ), ), + # Tons of '@' causing backtracking + ("https://" + ("@" * 10000) + "[", False), + ( + "https://user:" + ("@" * 10000) + "example.com", + Url( + scheme="https", + auth="user:" + ("%40" * 9999), + host="example.com", + ), + ), ] @pytest.mark.parametrize("url, expected_url", url_vulnerabilities) @@ -580,7 +590,7 @@ assert len(w) == 1 def _make_time_pass(self, seconds, timeout, time_mock): - """ Make some time pass for the timeout object """ + """Make some time pass for the timeout object""" time_mock.return_value = TIMEOUT_EPOCH timeout.start_connect() time_mock.return_value = TIMEOUT_EPOCH + seconds diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_connectionpool.py python-urllib3-1.26.5/test/with_dummyserver/test_connectionpool.py --- python-urllib3-1.26.4/test/with_dummyserver/test_connectionpool.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_connectionpool.py 2021-05-26 19:01:29.000000000 +0200 @@ -284,7 +284,7 @@ assert r.status == 200, r.data def test_nagle(self): - """ Test that connections have TCP_NODELAY turned on """ + """Test that connections have TCP_NODELAY turned on""" # This test needs to be here in order to be run. socket.create_connection actually tries # to connect to the host provided so we need a dummyserver to be running. with HTTPConnectionPool(self.host, self.port) as pool: @@ -354,7 +354,7 @@ s.close() def test_connection_error_retries(self): - """ ECONNREFUSED error should raise a connection error, with retries """ + """ECONNREFUSED error should raise a connection error, with retries""" port = find_unused_port() with HTTPConnectionPool(self.host, port) as pool: with pytest.raises(MaxRetryError) as e: @@ -794,13 +794,13 @@ assert response.status == 200 def test_preserves_path_dot_segments(self): - """ ConnectionPool preserves dot segments in the URI """ + """ConnectionPool preserves dot segments in the URI""" with HTTPConnectionPool(self.host, self.port) as pool: response = pool.request("GET", "/echo_uri/seg0/../seg2") assert response.data == b"/echo_uri/seg0/../seg2" def test_default_user_agent_header(self): - """ ConnectionPool has a default user agent """ + """ConnectionPool has a default user agent""" default_ua = _get_default_user_agent() custom_ua = "I'm not a web scraper, what are you talking about?" custom_ua2 = "Yet Another User Agent" @@ -853,7 +853,7 @@ assert request_headers["User-Agent"] == "key" def test_no_user_agent_header(self): - """ ConnectionPool can suppress sending a user agent header """ + """ConnectionPool can suppress sending a user agent header""" custom_ua = "I'm not a web scraper, what are you talking about?" with HTTPConnectionPool(self.host, self.port) as pool: # Suppress user agent in the request headers. @@ -1025,7 +1025,7 @@ pool.request("GET", "/redirect", fields={"target": "/"}, retries=0) def test_disabled_retry(self): - """ Disabled retries should disable redirect handling. """ + """Disabled retries should disable redirect handling.""" with HTTPConnectionPool(self.host, self.port) as pool: r = pool.request("GET", "/redirect", fields={"target": "/"}, retries=False) assert r.status == 303 @@ -1045,7 +1045,7 @@ pool.request("GET", "/test", retries=False) def test_read_retries(self): - """ Should retry for status codes in the whitelist """ + """Should retry for status codes in the whitelist""" with HTTPConnectionPool(self.host, self.port) as pool: retry = Retry(read=1, status_forcelist=[418]) resp = pool.request( @@ -1057,7 +1057,7 @@ assert resp.status == 200 def test_read_total_retries(self): - """ HTTP response w/ status code in the whitelist should be retried """ + """HTTP response w/ status code in the whitelist should be retried""" with HTTPConnectionPool(self.host, self.port) as pool: headers = {"test-name": "test_read_total_retries"} retry = Retry(total=1, status_forcelist=[418]) @@ -1079,7 +1079,7 @@ assert resp.status == 418 def test_default_method_whitelist_retried(self): - """ urllib3 should retry methods in the default method whitelist """ + """urllib3 should retry methods in the default method whitelist""" with HTTPConnectionPool(self.host, self.port) as pool: retry = Retry(total=1, status_forcelist=[418]) resp = pool.request( @@ -1107,7 +1107,7 @@ assert resp.status == 418 def test_retry_reuse_safe(self): - """ It should be possible to reuse a Retry object across requests """ + """It should be possible to reuse a Retry object across requests""" with HTTPConnectionPool(self.host, self.port) as pool: headers = {"test-name": "test_retry_safe"} retry = Retry(total=1, status_forcelist=[418]) diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_https.py python-urllib3-1.26.5/test/with_dummyserver/test_https.py --- python-urllib3-1.26.4/test/with_dummyserver/test_https.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_https.py 2021-05-26 19:01:29.000000000 +0200 @@ -368,7 +368,7 @@ assert isinstance(cm.value.reason, SSLError) def test_unverified_ssl(self): - """ Test that bare HTTPSConnection can connect, make requests """ + """Test that bare HTTPSConnection can connect, make requests""" with HTTPSConnectionPool(self.host, self.port, cert_reqs=ssl.CERT_NONE) as pool: with mock.patch("warnings.warn") as warn: r = pool.request("GET", "/") @@ -567,7 +567,7 @@ https_pool.request("GET", "/") def test_tunnel(self): - """ test the _tunnel behavior """ + """test the _tunnel behavior""" timeout = Timeout(total=None) with HTTPSConnectionPool( self.host, self.port, timeout=timeout, cert_reqs="CERT_NONE" diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py python-urllib3-1.26.5/test/with_dummyserver/test_proxy_poolmanager.py --- python-urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_proxy_poolmanager.py 2021-05-26 19:01:29.000000000 +0200 @@ -142,7 +142,7 @@ assert r.status == 200 def test_nagle_proxy(self): - """ Test that proxy connections do not have TCP_NODELAY turned on """ + """Test that proxy connections do not have TCP_NODELAY turned on""" with ProxyManager(self.proxy_url) as http: hc2 = http.connection_from_host(self.http_host, self.http_port) conn = hc2._get_conn() diff -Nru python-urllib3-1.26.4/test/with_dummyserver/test_socketlevel.py python-urllib3-1.26.5/test/with_dummyserver/test_socketlevel.py --- python-urllib3-1.26.4/test/with_dummyserver/test_socketlevel.py 2021-03-15 16:03:47.000000000 +0100 +++ python-urllib3-1.26.5/test/with_dummyserver/test_socketlevel.py 2021-05-26 19:01:29.000000000 +0200 @@ -467,7 +467,7 @@ timed_out.set() def test_https_connection_read_timeout(self): - """ Handshake timeouts should fail with a Timeout""" + """Handshake timeouts should fail with a Timeout""" timed_out = Event() def socket_handler(listener): @@ -630,7 +630,7 @@ response.read() def test_retry_weird_http_version(self): - """ Retry class should handle httplib.BadStatusLine errors properly """ + """Retry class should handle httplib.BadStatusLine errors properly""" def socket_handler(listener): sock = listener.accept()[0]
Attachment:
signature.asc
Description: PGP signature